Computer Support Forum

ran all the steps in "Read & Run Me First malware removal guide," still have malware

Question: ran all the steps in "Read & Run Me First malware removal guide," still have malware

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.

Relevance 100%
Preferred Solution: ran all the steps in "Read & Run Me First malware removal guide," still have malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.

10 more replies
Relevance 128.47%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 124.41%

I went through all the suggested steps within the Malware Removal Guide and Windows XP Cleaning Procedure. My issue is the "Data Execution Protection" error from Windows only when opening Windows Explorer and only on one of the three accounts on this computer. I haven't noticed this error while using any other programs. After going through all the suggested steps, I am still having the same issue. Thank you very much for the help.

behappy7458
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have an issue

Re: ran all the steps in "Read & Run Me First malware removal guide," still have an i

Here are the other log files.

behappy7458
 

14 more replies
Relevance 123.83%

I have run through all "Read & Run Me First malware removal guide," steps except that I could not download RootRepeal. Attached are the four logs produced. Am running only NAV 2009 on Windows XP. However, after latest reboot "NAV has detected threats that require your attention - High, INFOSTEALER, Remove Failed" appeared yet again. Please, any assistance would be most welcomed. Many thanks.
 

Answer:Re: ran all the steps in "Read & Run Me First malware removal guide,"

Welcome to Major Geeks!

We cannot continue until you attach the other 2 requetsed logs from RootRepeal and MGtools. If your problem with downloading RootRepeal said something about bandwidth limits, just scroll down to one of the other links given where it can be downloaded from on their web page.
 

1 more replies
Relevance 104.4%

Background: I watched a video on Veoh. After I finished and closed the window, weird things start to happen. I used to have McAfee but stopped updates for quite a long time?

Below are steps that I have taken.

Step 1: House Cleaning & Setup
Complete

Step 2: Enable viewing of hidden files, system files and file extensions
Complete

Step 3: Select and run the all steps in the cleaning link below based on your Windows Operating System
? If you have Windows XP, continue here:Windows XP Cleaning Procedure

SuperAntiSpyware (Free Edition) ? I first ran the scan and it crashed. I then followed the steps to uncheck the 2 ?User Kernel?? boxes and the scan completed successfully. However, when the application started to clean up the quarantined items, system crashed again. (Log attached) No further step taken with SuperAntiSpyware

Malwarebytes Anti-Malware ? I finished the scan successfully. When I tried to clean the quarantined items, system crashed. After reboot, I opened the application and deleted all items in quarantine. This time completed with no problem. (Log attached)

ComboFix ? When I tried start the application, I got an error message. ?ALERT It is NOT SAFE to continue! The contents of the ComboFix package has been compromised. Please download a fresh copy from: bleepingcomputer.com Note: You may be infected with a file patching virus (Virut)? I downloaded ComboFix again but got the same error message again.

Cou... Read more

Answer:Problems encountered "READ and RUN ME FIRST. Malware removal guide"

I need the log from running MGTools --> C:\MGLogs.zip
 

5 more replies
Relevance 104.4%

I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)
 

Answer:I completed the "Read & Run Me First malware removal guide," still problems

tonymiggs said:





I have been having problems with my computer for two weeks now..when none of the other software removed the infection I knew I had a big problem...I found your site and I've gone through the "Read & Run Me First malware removal guide," but still have problems. (troj/virtum-gen)Click to expand...

I have submitted to you my logs...I thank you in advance
 

19 more replies
Relevance 104.4%

I've gone through the steps from the 'READ & RUN ME FIRST. Malware Removal Guide' process and am happy with my system being malware free.

Now, what to do with the downloaded and installed items? I want to clean these out of my system. Or should I not worry about them?
 

Answer:Clean out the items from "READ & RUN ME FIRST. Malware Removal Guide"

If you do not require any help from us then do the below.


If you are not having any other malware problems, it is time to do our final steps:

We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.

If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
"%userprofile%\Desktop\combofix" /uninstall
Notes: The space between the combofix" and the /uninstall, it must be there.
This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Go to add/remove programs and uninstall HijackThis.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders re... Read more

1 more replies
Relevance 104.11%

Hi there,

Long-time reader, first time poster....

I've been running through the steps on the READ & RUN ME FIRST page, trying to fix up this computer I've inherited.

I've gotten as far as the Windows XP Cleaning Procedure page and tried to run combofix.exe as instructed and ran into a snag:

The little blue window was up and running through it's scan when it seemed to pause. It never re-started, and I waited for well over an hour. I didn't touch my mouse through the whole process, and no other browsers were running or anything.

At this stage there were no other icons or toolbars on the desktop at all. Just the paused ComboFix window.

I made the decision to re-boot, and now ComboFix won't run at all. I've tried deleting it and re-downloading but the same thing keeps happening: when I run the program, the blue window pops up for a fraction of a second and then disappears. Nothing else happens.

My desktop clock is still in 24 hour time.

What gives?

Any advice is appreciated...
 

Answer:Trouble with "READ & RUN ME FIRST. Malware Removal Guide"

Welcome to Major Geeks!

Just skip ComboFix and continue.





muukiithefinn said:





My desktop clock is still in 24 hour time.

What gives?Click to expand...

This happened because ComboFix never finished.

You can fix your clock from Control Panel ->Regional and Language Options and then on the Regional Options tab click the Customize button then on the next form click the Time tab. Then change the Time format to what you want. It explains there what the lower case and upper case letters will do. Upper case H is giving you 24 hour clock settings.
 

20 more replies
Relevance 104.11%

I think I downloaded a virus. I went through the whole Malware Removal Guide and it found some problems, but I don't think it fixed everything. My laptop makes that loading sound constantly now and it's freaking me out!

I'm on Windows Vista, and I have a HijackThis log, CounterSpy log, newfiles, and runkeys. I've attached three of the four on this post, and the last one in the second post. I do not have a BitDefender or PandaActiveScan log because I am using Vista.

In case it helps, I thought I found the virus and it installed as "Video Codec" or something and I tried to uninstall it in the Programs section but it wouldn't let me. It said something like "The file could be corrupt or it could be a virus. It could be removed with the /NCRC command switch, which is not recommended." I tried deleted the files at the source manually, and I think that worked because when I tried to uninstall it again it said that it had been deleted and asked if I wanted to remove it from the programs list. I removed it, but I think the virus created another program called WebVideo Support because now I can't uninstall that and it was created today and I don't know where it came from.

Thanks so much for your help, and let me know if any other information would be helpful.
 

Answer:I've gone through the "Read & Run Me First malware removal guide," still problems

Runkeys.txt attached.
 

44 more replies
Relevance 104.11%

Hi,

The last couple of days I started noticing my Gaming computer started slowing down, it's primarily used for playing computer games, but I do check my e-mail and the news on it from time to time. Today I left my browser open for a couple hours (my ISP's webmail), and when I came back to my computer there were numerous popups and programs wanting to install themselves. Now also a couple days ago I tried updating IE with Microsofts Update thing, I thought it was complete as it didn't have anything else for me to install, but after the popups started happening I checked again and it wanted me to install SP3, after installing SP3 it gave me more updates, and still the popups kept happening.

I searched the internet and found one solution that said to install Malwarebytes' Anti-Malware, which I did, and it removed a few things, but every time I reboot my computer and run Malwarebytes' Anti-Malware it keeps finding two more files (the same two every time). After this I uninstalled my old anti-virus (was AVG) and installed Norton as I ran Malwarebytes' Anti-Malware on my other computer that uses Norton and found no problems, kind of was hoping Norton would resolve the issue, but sadly it didn?t.

I finally found this website and all the steps you guys have for clearing Malware, but after doing it all I still get popups, and Malwarebytes' Anti-Malware keeps finding files after reboot. The difference is though, that now the popups seem to... Read more

Answer:Did the "READ & RUN ME FIRST. Malware Removal Guide" Still have problems :(

The other log.
 

2 more replies
Relevance 99.18%

I ran all the malware removal steps and everything went well. I am attaching logs. I also have MGlogs.zip on my hard drive will you guys need this? Thanks for the help its worked well. Everything went in the order the directions said.
 

Answer:I ran all steps from READ & RUN ME FIRST. Malware Removal Guide

Sending the MGlogs.zip file
 

2 more replies
Relevance 89.03%

Hijack this log

Can I post my hijack this log here for feed back?
 

Answer:Reports from "MALWARE REMOVAL GUIDE!"

Re: Hijack this log

Hi Bob O



As I mentioned in the earlier thread the guide I will repost below needs to be followed as you likely already know is that malware is a massive pest these days and does its level best to hide itself in any number of places, So just a Hijackthis log will not show all the malware that can be on your PC, the full guide of our steps below has a few other logs that show alot of the malware on your PC and where they are located,



Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide


Once these are attached to your next post in this thread as its best to keep all info in one place, out malware experts will be able to determine if indeed you have a malware issue and if so they will post some manula removal instructions for you to follow to clean up the remaining pest.
 

12 more replies
Relevance 85.84%

i have a big problem, 2days ago 2 icons appeared on my desktop called "live safety centre"+"online sercurity guide" and im geting sercurity alerts in my task bar telling me to download antiviruses and system performance monitor and also im geting loads of pop ups, iv tryed every thing i can think off is der any1 da can help me.

Thx :confused
 

Answer:malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz help

Re: malware 2 icons on my dt called"live safety centre"+"online sercurity guide" plz

Welcome to Major Geeks!


I'm going to post two sets of instructions below. Each will be enclosed in separate Quote boxes. Make sure to complete the first one 100% before moving on to the second one.





STEP 1: Complete this procedure completely including attaching the requested log before doing the second procedure.

Download SmitfraudFix (by S!Ri) to your Desktop.

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please attach that log in your next reply.

Note:process.exe ( which is used my SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. The below is a link to what process.exe is.

http://www.be... Read more

6 more replies
Relevance 85.26%

Ran everything a few times. Still comes back.
 

Answer:"Online Security guide", "Live Safety Center" malware

a few more logs
 

16 more replies
Relevance 84.97%

Hi, I have followed everything that you have said to do and can now upload the logs. I can't think of anything that brought the virus on so don't have any additional details for you. When performing the SuperAntiSpyware search, I had to cancel the first search so now have two logs. I have uploaded both of them and the log from the most recent search has been uploaded second. Also, I cannot do a system restore and it asks me to contact the domain administrator. Is there any way of being able to perform a system restore again?Thanks very much.[Saving space, attachment deleted by admin]

Answer:Regarding "Read this before requesting malware removal help"

Welcome to CH.Open HijackThis and select Do a system scan onlyPlace a check mark next to the following entries: (if there) O15 - Trusted Zone: http://*.buy-internet-security10.com O15 - Trusted Zone: http://*.buy-internetsecurity10.com O15 - Trusted Zone: http://*.is-soft-download.com O15 - Trusted Zone: http://*.is-software-download.com O15 - Trusted Zone: http://*.is-software-download25.com O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM) O15 - Trusted Zone: http://*.buy-internetsecurity10.com (HKLM).Important: Close all open windows except for HijackThis and then click Fix checked.Once completed, exit HijackThis.----------Download Lop S&D by Eric_71 and save it to your desktop. Lop S&D will only run on Windows XP and Windows VistaDisable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.Double click LopSD.exe - If you are using Windows Vista or Windows 7, right-click on the LopSD icon and select Run as administrator to perform this scan.* Choose the language by typing of the corresponding letter and press Enter* Click OK at the informative window.* Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter* Wait until the end of the scan.* A report will be generated, post the contents of it in your next reply, along with a HijackThis log.

13 more replies
Relevance 83.23%

I still seem to be having issues with pop-ups. I've attached the 5 logs from running the MGtools. Can anyone take a look and tell me if I still have problems that weren't removed?
 

Answer:I performed all the steps following the malware removal guide, but...

Here are the other two logs.
 

13 more replies
Relevance 80.33%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 78.3%

Hi ...

I've been able to run most but not all of the steps outlined in the malware "sticky" ... my computer is much more stable now but i'm still getting signs (like browser popups and Ad-Aware "critical objects") of problems ...

i'm attaching a HiJackThis log

here's some additional information:
i'm running Windows XP Pro SP1

i downloaded the MGTools for Windows XP Pro but couldn't get them to run.

from Safe Mode:
i ran CCleaner
i ran Microsoft Windows Malicious Software Removal Tool
i ran Spybot
i ran Counterspy (couldn't see the Take Action button and reran in Normal Mode)
could not get Bitdefender to run

i hope i've provided enough information to get started ...
any help you could provide would be greatly appreciated ...
 

Answer:numerous problems following the malware "sticky" steps

i'm adding an attachment of the log from CounterSpy to provide additional information ... the log seems to capture most of the malware problems i'm having ... i quarantined all the files listed in the log but i'm still having problems with them ...
 

45 more replies
Relevance 77.72%

Hi,
I want to thank you guys from the bottom of my heart. I cleared most of the malware from my laptop with the usual programs. (Yes, I invited the Devil in). Something(s) was still in my system that would not allow me to access the Windows Update site, or update my virus and mal programs. I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee. After reboot, Windows update was already downloading files.

Cheers,
Bill Campbell :major
 

Answer:READ & RUN ME FIRST. Malware Removal Guide

Welcome to Major Geeks!

And your welcome. Thanks for letting us know of your success.





bbillcampbell said:





I found this old thread "READ & RUN ME FIRST. Malware Removal Guide", and followed it to a tee.Click to expand...

While the thread was originally started a long time ago, the procedure in it is frequently updated. Thus it is not an old procedure. The date of the thread starting, does not equal the date of the last update. We don't recreate the thread each time the procedure is changed. We just edit the procedure.
 

1 more replies
Relevance 76.85%

Hello I am new to the forum.
My daughter downloaded what she claimed was an active-X add-on that ended up putting about 8 different virus/spyware/malware on my computer including cycberlog-x, worm_nucrp??, icthis.exe etc.
Following some of the reccomendations on this site and utilizing some of the online scans I was able to find and kill all of them but I have one lingering problem. One of those programs seems to have shut down all my access to the control panel, internet options and the security center. The link to the control panel is completely gone from my start/settings table. I had placed shortcuts to the control panel, securtiy center and internet options on my desktop but now when I click them I get the following error "This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator"
It's like the malware has setup some kind of network and locked me out.
I went to the MSN help site and it told me to login as the administrator and click Start, Run, and then enter gpsedit.msc. When I did that that i get a "file not found" error.:cry
I know I can load programs because I was able to load Hijackthis, Spyware Doctor and a couple others but I can't uninstall anything.
Does anyone have any idea how to fix this?
Thanks in advance,
Marc
 

Answer:Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st step.

Re: Tried to run the READ & RUN ME FIRST. Malware Removal Guide/ can't even do 1st st

OK I was actually able to find a way to do everything but the "Add or Remove" programs.
Still have the same issue.
 

11 more replies
Relevance 76.85%

Hi I was following "READ & RUN ME FIRST. Malware Removal Guide"
Completed till "... locate the DisableUAC.reg file in the C:\MGtools folder and double click on it."
When double clicked Spybot ? Search & Destroy poped and scaned "DisableUAC.reg" said nothing found and asked to close.
How do I go about now.
 

Answer:Help Needed with READ & RUN ME FIRST. Malware Removal Guide

XP-96943172.EXE hoping somebody would notice and help

Unable to log into safe mode when tried to do so i was asked to Press Esc to to stop loading of Sptd.sys watever i do system reboots.
Scaned with Malwarebytes there were 67 instances of malware removed them but still could not log into Safe mode.
Found the following in Startup of MsConfig
Startup Item-----Command ---------------------------------------Location
XP-96943172 ----C:\windows\system32\XP-96943172.EXE----SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iiiiii --------------- C:\windows\system32\XP-969~1.EXE -------SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Unchecked them but when ever i reboot i find them checked.
Searched the Net and found its 278.EXE Trojan/malware....
There is another Thread of mine here
" Help Needed with READ & RUN ME FIRST. Malware Removal Guide " in Forum: Malware Removal
I am struck at the Step 3 don't know how to go about, hoping somebody would notice and help
I know i cant post a new thread but I am desperate :cry please help me
 

21 more replies
Relevance 76.85%

While using the Google Chrome internet browser, moments ago, the page I was attempting to open turned bright red and was overtaken by what appears to be a Security Essentials message. There are various smaller windows with messages telling me that my personal logins and bank information was targeted so I need to freeze my accounts and contact 1(888) 944-5964 for the urgent help needed.

Because I have had a Security Essentials message in the recent past that turned out to be nothing, I am not panicking. Last time, I did call the phone number but found that it was just a company trying to get me to pay for their clean-up services. I declined their services and, instead, went to the Major Geeks Malware Removal Guide and had an expert confirm that all was well.

Consequently, I think it is possible this alert (although it has a much more elaborate screen presentation) may also be a fake so I am back again to follow the removal protocol. I am now at the prep-step of using the CCleaner, but the supposed Security Update will not allow me to close the Google Chrome window. It just makes a dinging sound. Should I tell the CCleaner to force it to shut down?

Thanks, in advance, for any guidance that can be provided. I would like to get through the protocol ASAP in case the alert is valid!
 

Answer:Question About Following Read & Run Me First Malware Removal Guide

I am sure it is a fake alert. Go ahead and force the closure then do the requested scans and we will look at your system.
 

2 more replies
Relevance 76.85%

First of all, I am pretty certain that I have malware...my main problem is that I have the blue default background saying "Warning: Spware Has infected your PC..."

I am running into obstacle after obstacle trying to perform the read & run first instructions. I first uninstalled all the listed malware programs and then tried to install the latest Java (in safe mode) and I got a message saying "The system administrator has set polices to prevent this installation". I then finished the rest of step 1 "house cleaning and setup" with no problems. I also had no problems in step 2.

I then went to step 3 "Windows XP cleaning" and had no problems downloading the tools to a thumb drive from my laptop. I then started my PC in safe mode and tried to run SAS and kept getting an error message saying "SUPERAntiSPyware Application has encountered a problem and needs to close".

I then tried to install Spybot - Search & Destroy, but when I clicked install, I got a file download error "Error sending request. The server name or address could not be resolved." Of course, at this point, I was pretty dismayed but kept pushing forward with the "Windows XP cleaning" instructions.

Well, I then went to try to install Malwarebytes Anti-Malware and it got hung up and never fully installed. This is when I decided to finally give up. So where do I go from here? Please help.


Here are my main ques... Read more

Answer:Problems with Malware Removal Guide Read & Run First

Hello, YOYOADRIAN

These instructions should help.

First:
Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it.
Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Secondly:
Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.

Please uninstall your current version (this is necessary).
Then download this SUPERAntiSpyware
Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
Now run a new full scan of your system. And attach this first log later.
Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

*If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs.

Links are given in ... Read more

1 more replies
Relevance 76.85%

Hey guys, recently my computer started behaving strangely and I believe I have some sort of a virus. Two icons, with the names of "Live Safety Center" and "Online Security Guide," downloaded themselves onto my desktop. Also I would receive random pop-ups in IE imploring me to "find true love," among other things. Also I would receive a flashing exclamation point on my desktop toolbar stating that I had some sort of a virus and that I should go to a certain site to download software to remove it. There were a few other notifications that would pop up that would say other things, but at the moment I can't remember exactly what they said (although I think it also had to do with a virus on the computer and asking me to click on something to get rid of it). Any ideas on what's happening here? Thank you in advance for taking a look for me.

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:06 AM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system... Read more

Answer:Malware/Virus Problem ("Live Safety Center/Online Security Guide")

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your thread in the HijackThis Log Help Forum.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

9 more replies
Relevance 76.85%

Hello, i have followed the 5 steps and have the reports which you will need, we have the online security guide pop-up on the computer asking us to buy it to ensure protection. Upon doing a Panda ActiveScan, it has shown 3 Spyware files, and also 3 hacking tools, i have saved the report from panda scan and i can post it in this thread if required along with the attached extra.txt. Below is the main.txt copied from the Deckard System Scanner.

Deckard's System Scanner v20071014.68
Run by brian lee on 2008-02-25 2028
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2008-02-25 2032 UTC - RP155 - Deckard's System Scanner Restore Point
12: 2008-02-25 20:01:07 UTC - RP154 - Software Distribution Service 3.0
11: 2008-02-24 21:25:01 UTC - RP153 - System Checkpoint
10: 2008-02-17 20:05:19 UTC - RP152 - System Checkpoint
9: 2008-02-16 19:51:49 UTC - RP151 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-12-04 14:27:11 UTC - RP143 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as brian lee.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
... Read more

More replies
Relevance 75.98%

Original problems before following the removal guide
1. bprotector
2. Ngnix (chrome, IE)
3. Yontoo
4. Babylon (Chrome, IE)

i also had firefox but removed before running the steps.

Please see the logs attached.

After running the steps:
1. bprotector - STILL AN ISSUE
2. Ngnix (chrome, IE) - Resolved
3. Yontoo - STILL AN ISSUE
4. Babylon (Chrome, IE) - seems to be Resolved

Note: bprotector also spread to my external hard disk.
 

Answer:LOGS - after completing the READ & RUN ME FIRST Malware removal guide

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msihez32.dll,pvnWkKAGtClick to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSIDLL"=-

[HKEY_USERS\S-1-5-21-3441783611-3546664065-2954317798-1000\Software\Microsoft\Windows\CurrentVersion\run]
"MSIDLL"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Expl... Read more

9 more replies
Relevance 75.98%

A couple of days ago I was searching a torrent site and got attacked by about 8 Trojans in the space of a couple of minutes AVG picked all of these up and quarrantined them, but ever since I have not been able to run any antivirus software, AVG opens but will not let me scan, Spybot won`t open at all ( I get an error message saying " windows cannot access the specified device,path or file, you may not have the appropriate permissions to access the item and it was the same story with a few other antivirus/spyware programs ( malwarebytes anti-malware, Avast ) I have run the Read Me, Run Me First malware removal guide and when I ran superantispyware it removed 4 trojans and 2 rootkits and then rebooted my system, at which point I got the same error message as before, preventing me from getting a log for the scan. Tried downloading Malwarebytes anti - malware running it again and had the same issue as before, it installed fine, started running and then quit a few seconds later. So after running the read me run me procedure I have the RootRepeal log, the combofix log and the MGtools log. Hopefully you guys can help because I am stumped!!!
 

Answer:Have run the Read Me, Run Me First Malware Removal Guide and I stll have problems

Re: Have run the Read Me, Run Me First Malware Removal Guide and I stll have problem

Welcome to Major Geeks!


Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

After clicking Fix, exit HJT.



Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
Open Notepad and copy/paste the text in the below quote box into it:


... Read more

9 more replies
Relevance 75.98%

I have a laptop that is having various issues. It started out when my browser was hijacked and continued on to not being able to get on the internet at all and to not being able to update any programs....virus/spyware or other wise.

Many times these programs would run and then error out with Dr. Watson errors when trying to delete any found issues.

After various iterations of Safe Mode/Regular Mode, I finally got some of the programs to run. The one thing that I must do to get to the Windows GUI is to start explorer via Task Manager after every reboot. Sometimes, I must start explorer more than once before the GUI shows up.

1. SUPERAntiSpyware - ran ok. Log attached
2. Spybot S&D - never could install the latest version. Ran an older version and finally got it to update the definitions. Log attached.
3. Malwarebytes Anti-Malware - Scans ok, but fails when trying to remove found issues.
4. ComboFix - ran ok, rebooted the machine and hung. I killed the ComboFix window and started the GUI. Then I saw the ComboFix window flash by. There is no c:\combofix.txt , but did find one in C:\cf\combofix.txt that gives a warning about not having the Recovery Console installed. Log attached.
5.
 

Answer:Issues with various parts of READ & RUN ME FIRST. Malware Removal Guide

Last log file.
 

16 more replies
Relevance 106.19%

Please help. I'm such a newbie and I have no idea what to do.:-o

AVG detected Trojans (a lot) so I tried to do "READ & RUN ME FIRST. Malware Removal Guide." I had no problems up until the part where you have to run RootRepeal.exe, and then Explorer crashed and I can't fix it. The moment I restart explorer it crashes again. :cry I can't do anything on my PC anymore...

What went wrong? What should I do? I attached some of the reports I managed to get. Hope they help.
 

Answer:Windows Explorer crash during READ & RUN ME FIRST. Malware Removal Guide

This is the AVG report and the RootRepeal error log just in case you need it too. thanks!
 

15 more replies
Relevance 105.37%

The How to Protect yourself from malware! Guide is good very useful information but it lacks information on other tools that have actually been found more effective at stopping Malware than just using realtime Antivirus/antispyware engines, that can stop unknown malware like Host-based Intrusion Prevention (HIPS), the D+ in Comodo, or spyshelter, ECT or Virtualization software which also is not covered that can isolate a threat so it doesn't even affect your Original OS files, like Sandboxie which isolates browsers and other files, or the sandbox in comodo that Isolates unknown files, or Bufferzone Pro Free, Returnil or Wondershare TimeFreeze which isolates everything in a virtual OS ECT

Also I don't remember their being an option to install ASK toolbar in any current comodo set up, they removed it in 2009.

Comodo has changed allot and none of the important Comodo IS features are covered?

Sorry if I sound like a Bug but Computer security is advancing and their are better and more effective ways to protect yourself than just using a realtime antivirus engine. and by the looks of it the Tutorial needs more updating anyways.

A Combo I like to use is
Comodo Internet Security, in Proactive mode with sandbox, antivirus, Defense +, and Firewall Enabled.

MalwareBytes Pro Antimalware in Realtime.

SpyBot SD Resident, Immunized.

SandBoxie for browsing the unknown ect.

PeerBlock to block malicious servers/ip's.

ThreatFire, Helps protect against known and unk... Read more

Answer:The "How to Protect yourself from malware!" Guide.

Welcome to Major Geeks!

Thanks for your comments.

There are quite a few tools that we don't list. That does not make them bad nor does it mean they are good. Comodo is listed in the How to protect thread in the antivirus and also in the firewall area. We do not go into some of the other areas of protection in detail for a couple reasons. One, the thread is meant to be as useful to ALL people with all computers ( old and new ) as possible. The newer forms of protection can be problematic for older/slower PCs with smaller amounts of memory. The second reason is that experience as shown that if all of the instructions in that thread are properly followed, you don't need sandboxes or HIPS anyway and you will not suffer from the effects that they have on PCs. Many many people of complained to us about how slow their PCs were after using tools like Threatfire and sandbox type software. In addition, use of these tools caused many PC novices to intermediate users all kinds of other grief and loss of information and loss of settings that they did not realize they were losing due to the sandbox affects.

Also we have had many, many, many cases where people have had all this kind of protection you mention installed, and still have gotten severely infected. And all this protection just made it harder to manually clean the PC. It did not stop the infections. The educated end user ( which is what that sticky is pushing ) is the most important piece of protecti... Read more

1 more replies
Relevance 105.37%

Hi, I am using an Acer Aspire 5740g Windows 7 laptop (details in txt in another thread as noted below).

Thankyou chaslang and majorgeeks team for your malware removal guide- it has helped me remove some nasty malware. However, I have since noticed a problem with running audio in web browsers. I have written a more detailed post in the drivers thread under "Audio stopped working in browsers after running malware removal".

If you have time I would really appreciate someone having a look.

Thanks
 

Answer:ran READ AND RUN ME FIRST malware removal guide and audio no longer works in browsers

Re: ran READ AND RUN ME FIRST malware removal guide and audio no longer works in brow

Welcome to Major Geeks!

You're welcome.





albertpancakes said:





If you have time I would really appreciate someone having a look.Click to expand...

Unless you attach the 5 logs we requested, we have no idea what was found, deleted, or changed and we don't know where to begin in helping you. You need to attach the original logs, not new logs which would not show what was done the first time thru.
 

7 more replies
Relevance 104.14%

See new READ ME PROCESS dated 10-09-05 below or above depending on how you chose to display threads ( oldest first or newest first ).
 

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

READ & RUN ME FIRST. Malware Removal Guide

Please Read These Important Notes for the Malware Removal Guide: Yes we know they are long but they are important!

NOTICES:

Backup Important Data First - While in most cases, we do not have problems, we cannot guarantee that there will not be any. Thus it would be a very good idea for you to begin by backing up all important personal information before undertaking the act of malware removal. You can bypass this step at your own risk, but remember that we cannot guarantee what the result will be from trying to remove malware from your PC.
After the automatic cleaning procedures/instructions in this guide, additional manual removal steps will almost always be required. So do not be surprised if you still have problems when you finish the instructions.
Do not make the false assumption that this thread is old or out of date based on the date the thread was started ( 10-09-05 02:49 ). Look at the Last Edited date at the bottom of this message as this procedures does evolve with time.
Please do not create any new threads ( even at different websites ) on this same topic while we are working on your system as it wastes another volunteer's time. If you are being helped elsewhere or have solved the issue or no longer wish to continue, please post a message in your thread and it will be closed.
Please do not try to fix anything without being asked.
Please attach all requested logs. Do not post them inline with your messages or ... Read more

1 more replies
Relevance 104.14%

I have followed your instructions as per thread: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker) by chaslang. Last edited by chaslang; 09-23-11 at 22:56

http://forums.majorgeeks.com/showthread.php?t=35407

Let me congratulate with the clarity of expression and the methodical approach to problem solving showed by chaslang. I found the guideline very useful and easy to read.

This is what I have done. I have followed step 1 to 7 (however I missed out step 6 by mistake), so I had to start all over again from scratch after I ran Combofix.

For the records:
1. SUPERAntiSpyware took a staggering 3hrs to run first time. Second time it took only just over 40minutes;
2. Malware Anti-malware took nearly 2hrs the first time. just over 30 minutes the second time.
3. Combofix deleted some .dll the first time. Unfortunately I have no log file as I had realised i DID NOT DISBALED CD emulator then...so I started all over again.

Results:
Nothing was found by the various removal tools. I have attached log files to this thread for your consideration.

Current status:
- apparently cleaned laptop (windows xp sp3)
- AVG 2012 re-installed with firewall.
- Defogger still disabled
- Settings.dat file has appeared on my desktop (I think this was created by Combofix)
- When rebooting system the screen shows black screen with three option
- Normal
- safe mode
- (cant remember the third option). Sorry. The system reboot OK. Normal mode.
- Malware Anti-malware ... Read more

Answer:READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)

Re: READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker

Welcome to Major Geeks!

Please do no make your own ZIP files. Attach the logs as requested. Please attach the original C:\MGlogs.zip file as is. What you attach does not have the MGlogs.zip file required.
 

5 more replies
Relevance 102.91%

I was infected spyaxe and usually, I can do things myself as soon as I get into safemode. However, this time, I'm unable to get into safemode. I've downloaded the following programs:

-Ad-Aware SE
-CCleaner
-Microsoftฎ Windows AntiSpyware .Install it and update it (this can only be used with Windows 2000/XP/2003)
-Microsoft Windows Malicious Software Removal Tool (this can only be used with Windows 2000/XP/2003)
-SpyBot - Search & Destroy
-Hijack This!
-CWShredder
-Kill2me
-SmitRem

And I've also ran BitDefender and PandaActiveScan which took me almost 8 hours. At first, I had that little bubble in the bottom righthand corner of the screen that tells me I'm infected. That's spyaxe I'm guessing and now that I've ran all of those programs, it's gone. However, my mainpage is still getting hijacked and I'm unable to send e-mails through outlook. I'm running out of options. When I try to boot in safe mode, it gets to a certain file that it tries to load and then it reboots and does this infinitely. The two files that I believe it tries to load before rebooting is vax347h.sys and d347bus.sys.
I've attached my activescan log and my hijackthis log and was wondering if you guys could assist me. Please advise. Thank you very much.
 

Answer:safe mode hijacked - tried everything in "read me first" - spyware/malware

Start by Manually deleting all the files that you can that are listed in the ActiveScan log. Keep track of what deletes and what does not.

Attach the BitDefender log and also smitfiles.txt from SmitRem!
 

7 more replies
Relevance 102.5%

Ok, first off, I'm running XP service pack 2. I visited www.rajahwwf.com the other day (a wrestling site) where I believe I received the malware that is on my machine. There was an executable on my desktop that I mistook for another .exe that I normally use. I wasn't even looking when I clicked it. I believe it installed a series of different malware programs such as SurfSidekick 3 and Zeno Search assistant among others. Having used HJT before, I used the normal process of deleting the bad programs from Add/Remove programs, then I ran HJT and deleted the files associated with the malware (got them from various message boards such as this one). That did not help though, so I ended up here because I absolutely want to be rid of these popups (heck, I even get a popup every 30 or so seconds as I type this). I get a series of popups every 5 minutes with others that popup when I visit websites (geeks.com shows up when I visit here). I have gone through the read and run section here and only ran into a few problems. Here they are:

I couldn't run Ccleaner in safe mode because I kept getting the message "Runtime error '0'"
Ad-Aware SE couldn't remove the file "k0nola53.dll"
Spybost Search & Destroy couldn't fix the entry "Command Service"
I had a Look 2 Me parasite, but I ran Kill2Me and it claims it removed it.
I also couldn't download Windows Defender. It said something like I didn't have a verifi... Read more

Answer:I followed "Read & Run First" directions...NOW LETS TOAST THIS MALWARE!!!

PLEAAAAAASE!!!! Anybody? I'm about to pull my hair out. This is the worst I've ever had malware.
 

18 more replies
Relevance 101.68%

I'm pretty sure my laptop had something going on (Windows XP 32-bit). It says 70GB of data is used, but I've deleted every file off the computer, except the Programs. It would freeze before I could even open the Programs list...

I somehow managed to run DDS and have attached the logs, but as I was running gmer, maybe 2 minutes in, the screen went blue then the computer restarted. However, this is the text that I'm getting upon start up:
Yukon PXE v4.17.8.1 (alpha) (20060116)
(C)Copyright 2003-2006 Marvell(R). All rights reserved.
Pre-boot eXecution Environment (PXE) v2.1
(C)Copyright 1997-2000 Intel Corporation.
PXE-E61: MEdia test failure, check cable
PXE-M0F: Exiting PXE ROM.
Operating System not found

....I don't know what to do now... Any help would be great, thanks :\ I figured it was a dead laptop anyway, but thought maybe I could revive it... I think it's even more dead now *lol*


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Juhua Zhou at 0:20:25 on 2011-09-20
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.957.277 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k ... Read more

Answer:My laptop got killed during the "Preparing for the Malware Removal" process :\

Ooh, I just started it and it worked. But can you still help me? A couple weeks ago my little sister downloaded a lot of stuff that I'm not sure of. I thought I got rid of it all, but the laptop is VERY slow now.

2 more replies
Relevance 101.68%

I inadvertenly downloaded the wrong site. I meant to get on the FedEx tracking site but ended up with "PackageTracking by myway". This myway Malware has taken over and the problems worsen. Rather than having Google Chrome as my web browser it is now "myway". Also I am on the home page and click Chrome and MicroSost Word pops up instead ? I have tried everything I know to kill it Search/Programs and Features/ etc but there is no trace of it anywhere that I can find ?
I don't have the $ to go thru MicroSoft so I'm hoping this site will prove useful.

Thanks,
Kevin in Boston

Not sure if my email was posted with my question so here it is:

<[email protected]>
 

More replies
Relevance 101.68%

I have a virus from virus protector which shuts down desktop and the administrator account. I can get access into the other user account but it needs an administrator account which i cannot access. Is there a way to get access to the administator account or to download a virus removal that does not need approval. Any help would be greatly appreciated. many thanks

Celeste
 

More replies
Relevance 101.68%

As my title suggests, I followed all of the steps in malware removal for XP but the "Shop to Win 2" is still showing in the Start\Programs. Can you help me remove it please. I don't know how to attach the logs from Malwarebytes or Spybot but I've attached other logs which you've asked for.

Thanks in advance.
 

Answer:I followed the XP malware removal but I still have "Shop toWin 2" showing in my Progr

Re: I followed the XP malware removal but I still have "Shop toWin 2" showing in my P

I can have you attach logs from SUPERantispyware and Malware Bytes soon, for now just attach the log from running MGTools ---> C:\MGLogs.zip.
 

21 more replies
Relevance 101.27%

I am not sure what the current issue is, but I am thinking there is still some remnants of the FBI ransomware. I would like to use your expertise to help solve/resolve this problem.

There are no logs attached as I canot even boot up.
 

Answer:Malware Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

Hi, what is the version of your system?
 

11 more replies
Relevance 101.27%

A customer picked up the Windows Vista Recovery virus and I could use some help with the removal procedure. I'm currently scanning with a newly created Norton Internet Security bootable CD. The scan takes a while and I don't know yet if it will fully detect and remove the problem. In case you're not familiar with it the virus blocks access to anti-malware apps, hides user data files and is active in SAFE mode. I can't find a way to get to the usual load points, such as "appdata" etc, to see find the virus EXE. I have booted with a rescue CD, but access to folders in the user profile is denied. Is there a removal FAQ for this one? TIA.

Answer:"Windows Vista Recovery" malware removal

See if the manual removal instructions here, will help Windows Vista Recovery and Windows 7 Recovery - Virus Solution and Removal

3 more replies
Relevance 101.27%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

Answer:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Relevance 101.27%

OK, so last week I got a really nasty virus/malware. A program called "defender" got installed onto my computer, ever since my computers hasn't been the same. Whenever I turned the computer on this fake virus scanner called "defender" would come on and not let me do anything on my computer, wouldn't let me open task manager to kill the program. Some how I managed to take it off using msconfig on safe mode. Ever since my registry is all messed up, Windows hasn't been updating, programs won't load sometimes, High cpu usage, and computer won't shut down, random site open up while I'm on the browser. I did virus scan with ESET and Spyboy search and destroy, and my computer seem's clean but I'm still having problems.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:09:11 AM, on 8/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17099)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Progra... Read more

Answer:"DEFENDER" Virus, Spyware, Malware Removal! HELP

helpp??!
 

1 more replies
Relevance 101.27%

This morning i got on my computer and i saw 15 webpages, and everything was slow
I closed all them out and then noticed a big red screen with biohazard sign and the privacy thing, and when i clicked on it my wallpaper it would take me to a site and download something, but my nortan antivirus detected it and denied access to it.
So i went to the folder and deleted it, the red screen went away.
my desktop wallpaper turned white and i couldnt find a way to get rid of it.
i then turned off my computer and left my home.
i got home and turned on my computer and the red screen came up again so then my friend told me to get spybot and i deleleted some items including the privacy danger thing. but my wallpaper is still messed up and im afraid the malware would come back. help???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:32 AM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\... Read more

Answer:Solved: incomplete removal of "privacy_danger" malware

Multiple request threads - see here. This thread needs closing.
 

2 more replies
Relevance 101.27%

I'm helping a friend with a computer that got infected when she opened an email attachment. I've used your tools many times before, but this is a tough one. The screens that pop up show "Virus Protector." I have your tools on a flash drive, but I cannot access them. Even in Safe Mode the pop-ups are fast and furious, and I cannot get to Start or anything else. Task Manager is also disabled, so I can't use it to stop processes and perhaps get past the pop-up windows.

Where should I begin? Thanks in advance for your help.
 

Answer:"Virus Protector" is preventing malware removal

If you can't access anything ( start menu / run / task manager / command prompt / cd drive ) in either normal or safe mode, there isn't much we can do to help you. All we can suggest is this:





[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
UBCD4Win
http://www.sysresccd.org/Main_Page
http://trinityhome.org/Home/index.php?wpid=1&front_id=12
[*]reinstall
Click to expand...


 

3 more replies
Relevance 101.27%

Hello,
I have been removing malware from my friend's computer. I think I have removed most of it except for "US Tech Support Framework". It shows up in Control Panel and wants to run a program when I want to uninstall it. So I searched the internet and found this thread at MajorGeeks.com.

Before I begin to delete more things. I thought it might be a good idea to have someone with more knowledge take a look at the log files. I went through all the steps at the READ & RUN ME FIRST thread and generated the following log files.

Will someone please take a look at these files and recommend the next step?

Thanks!
 

Answer:Malware removal and "US Tech Support Framework"

Update: "Extension 1.0"

uuuuugh!

OK, Chrome is now redirecting when I do a search. It was here before, but I had removed all the extensions in Chrome and all was good.

But now it seems like it is back. After I had removed all the extensions there were none. Now there is one called "Extension 1.0"

Would someone please provide some suggestions on how to approach this problem too?

Thanks!

Should this be it's own thread, or is it OK to leave it here?
 

6 more replies
Relevance 100.45%

Hey all,
I've been here before and have heeded all warnings and advice but somehow got a program called Disk Repair on my computer. I have no idea how or when but it pops up windows that say disk space full or disconnected or no ram or a number of other messages that are constant. From what I can find, it is a trojan and also keylogger!!!! Bad news!
I am not typing this from that computer as I have disconnected it from the internet.
I was going to just run the Read & Run Me First stuff but believe someone said to not do that without contacting someone here first.
Doing so in the past has always turned out favorably and hopefully will again.

Thanks. Awaiting any and all help
Paul
 

Answer:"Disk Repair" malware removal help

Hello!

Yes, do go ahead and run the procedures which I will link to below for reference.

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and inf... Read more

1 more replies
Relevance 100.45%

I can connect to my router/modem wirelessly and via ethernet cable, i can connect a go into my router change setting from my router but it wont load any websites, and my msn won't log mi in. its NOT the router/modem. other computers including this one can connect without any problems. And my computer that cant connect also cant go online connected to other wireless connections.

any ideas how i can fix this?
 

Answer:I have no internet after malware removal with "StopZilla!"

Maybe this can Help, http://www.ezlan.net/clean.html#refreshnet
 

1 more replies
Relevance 100.45%

I am trying to clean my mother-in-law's computer of viruses, malware, etc. She has no antivirus program, firewall, etc, running. I found and removed cyber security using Superantispyware. The next day I installed Avast antivirus and ran that scan at the same time as a second SAS scan was running. Avast found a virus but when I tried to quarenteen or remove it, the program would say that it could not remove the virus because the file could not be found. I have no idea what file it is talking about. It does however keep popping up with the virus warning, but always the same results. The SAS scan froze. When I restart the computer get a blue screen that says "A problem has been detected and Windows has been shut down..." I restarted the computer many times and get this same message when trying to start in safe mode, last known good configuration, and start windows normally. So, now that is as far as the computer goes. Cannot get past the blue shut down screen. I could really use help as she is counting on me to fix this!!!

Dell desktop (old one)
Windows XP
 

Answer:"...windows has been shut down..."after malware removal. Help!

It's possible that when running both scans at the same time, some system files were deemed infected/corrupted and removed.....possibly by Avast.

Try doing this:
How to recover from a corrupt registry.
 

4 more replies
Relevance 100.45%

Hope I dont offend anyone with the subject title of this post. I firmly believe the best resources on the internet are websites just like this one and the people that communicate through these forums.

But for anyone else who works in a corporate setting I'm sure you understand how important accountability is.

What im looking for, are resources from credible sites (is, us-cert, microsoft, eset, etc) that specify a 'best practises' for malware removal. I'm looking specifically for something that mentions the value of scanning a system either in Safe Mode, or a PE environment. This is something I almost always do and have done for years. I have friends who basically make a living cleaning this crap out (guys who own Nerds On Site franchises, local shops etc) and there advice is the same.

Again the reason I ask, is you can't really point to forums or newsgroups because ultimately there really is no 'accountability' and its too easy for someone who doesnt know any better to totally discredit them as a legit resource.

Any help greatly appreciated.

TIA...
 

Answer:Looking for "official" best practises on malware removal

The below is what we consider the best practice. If companies like McAfee and Symantec wrote up a procedure you would be using their tools and procedures to try and remove malware which they do not properly do. That is the reason this forum and others like it exist. Much of the malware that exists now requires special tools and frequently additional manual steps to fully remove. While scanning in safe mode is sometimes helpful and use a PE environment can also be useful in some cases, but they will very frequently not be as effective as the below and the manual steps that follow.





Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the sc... Read more

2 more replies
Relevance 100.45%

Hi,

I have a dialer pop up regularly when I am using the browser (both Firefox and IE). The dialer is called "ENTER".

I have followed the instructions and I have all the logs.

If I can get some help that would be much appreciated.

jordi
 

Answer:Malware removal help "Enter" dialer

and here is the HJT log
 

7 more replies
Relevance 100.45%

Additionally the new tab that pops open has a text box that opens:

"Critical Security Warning!

Your PC may have been infected with a malicious virus due to recent internet activities."

etc etc
 

Answer:"ADs by info", Malware Removal Request

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

3 more replies
Relevance 100.45%

I've gone through all the steps as instructed. Before coming to the forum, an Avast scan found 2-3 Trojans which were all sent to the chest and then subsequently deleted per the instructions in this forum.

I'm Running XP Pro with the latest updates and SP's.

I've attached the SuperAntiSpyware log which I believe found false positives. I don't believe those two files mentioned in the log are trojans but I deleted them anyway.

MBAM & Spybot found nothing. Mbam log is attached.

Combo Fix log attached.

With a max of 3 attachments, I uploaded MGlog.zip Here.

If I got everything, I still have a few problems. The main problem is my Start>All Programs Directory is empty. The programs are installed. Is there a way to rebuild this beyond manually adding shortcuts for all my programs? And I'm not even sure how to do that for things like the Accessories and the programs that come with XP.

Beyond that, I've got a Skype Error that pops up when I reboot. "Exception EFCreatedError in module SkypePM.exe at 00021cf9". When I try updating Skype, it finds a new version but it won't install saying it can't write to disk which may be full. Actually, there are 20gb on the disk and it's not giving me the option to choose another disk (I've got three on the machine). I'm sure I can sort this out with Skype but am mentioning this since this only started happening with this malware incident.

Thanks in advance ... Read more

Answer:"All Programs" empty after malware removal

Re: "All Programs" found now - But is my system clean?

Ok, found all the programs. They were hidden and now I've restored them.

Please let me know if my logs indicate I'm malware free.

All the best,

Bill
 

2 more replies
Relevance 99.63%

I've run all the steps that I could, though I've run into a few problems. Malwarebytes, for example, every time it says it removed the virus, if you run the scan again after the restart, the same viruses are still detected. Also, I was unable to run RootRepeal after getting an odd error that said: "FOPS-DeviceIoControlError." I also wasn't able to download ComboFix since I wasn't even able to visit the site. Whatever virus I have blocks me from visiting several computer-help sites such as "geekstogo.com" etc. So I'll upload the logs that I've gotten from the other scanners. Hopefully, you guys can find a way to help me rid my laptop of my viruses. It's getting very annoying. Thanks. Let me know if you need me to post any more information.

I also have personal information on this computer; I've been sort of worried that these viruses can steal my personal information... Any help would be greatly appreciated. Thanks
 

Answer:Followed "READ ME FIRST" Thread and still Malware

Welcome to Major Geeks!

Why are you running this PC with NO protection? And why haven't you updated Vista? You are running original Vista with no Service Pack Updates. The above two items are major security issues. Is it because your copy of Vista is illegal as indicated by this "Vista x86 OneClick Activator" that you have installed? You need to read the below:

Warning about Porn, Keygens, Cracks, and other Illegal Software

And you need to get a valid legal license for Vista if you wish to continue using it and to get any further support. You have a rootkit malware infection which has easily been able to infect your outdate copy of Windows that is running with no protection. Please post back after you have spoken to Microsoft and obtain a valid license and removed the above illegal activator.
 

3 more replies
Relevance 99.63%

hello,I am following instructions as I think I am infected. So I downloaded free avg.after this, the directions say, "Do a full system scan and remove or quarantine everything found."Can you pls explain this-how to do it?And also how I check that avg is installed, and that I only have one.[I did check and I have windows pack 3.]thank youadded: to give more info:I did go to add/remove programs and did not find any programs on the malware list, did not see anything that doesn't seem to belong.I have what seems to be a "windows Security alert" says I have viruses.

Answer:? re "read this before removing malware"

Hi there.  I am assuming you have avg 9.0.  Look for the system tray icon of avg.  [if you can't find it start>all programs> avg 9.0> user interface] Right-click and "open AVG user interface".On the left click on update now.When the updates are download, on the left click on computer scanner, and then click on scan whole computer.Then continue with the instructions by EvilFantasy.Hope your computer gets fixed soonTwo-Eyes %

6 more replies
Relevance 99.63%

my wall paper is white and right clicking on it and selecting properties comes up with "Internet Explorer Properties"

my intial problems started with clicking an active-x add on.

issues included:

- malwarrior 2008 pop ups

- blue wallpaper with msg: "Warning Spyware detected on your computer: Install an antivirus or Spyware remover to clean computer"

- "adware.W32.Spyshredder was detected" msg

- task manager disabled

- roches eating screensaver

- "Not found: c:/windows?privacy_danger/index.htm Make sure path or internet address is correct" msg

- Windows script host msg: Could not find c:\Documents & Settings\local settings\temp\ttF.tmp.Vbs



my logs are attached.

any help will be much appreciated.
 

Answer:Done "Read & Run Me First" to remove Malware... all seems better except

here's the combo fix log
 

11 more replies
Relevance 99.63%

I'm trying to help a friend out. It first started with the fake DHL tracking number e-mail that installed a trojan rootkit. After that the computer would only boot into safe mode. After running the SAS and Anty-Malware I could get the computer to run into normal mode, but continued anyway just to make sure the computer was free from all malware. Right now it won't boot into normal mode, and when I try to boot into safe mode I have to kill the explorer and run it again to get the computer to work.

I'm attaching the logs hoping someone can help me out.

Thanks in advance
 

Answer:Problem with malware after going thru "READ & RUN ME FIRST"

Please also download MBRCheck to your desktop

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

 

6 more replies
Relevance 98.81%

Hello

It started a week ago when a friend wondered why I had sent him an email about Viagra... I didn't..

Now, randomly, when I open my firefox I get redirected, almost all the time when I close the "hacked" webpage, my browser crashes and I have to restart it.

I do have Facebook and if I only use it for my friend list and "farmville", I have read that malware like "Zango" had been uploaded from their website without consent.. (found during my scan, see attached log).

Now, when I was doing the "noobie" steps before I could post, I ran into a problem, I cannot disable or deinstall my AVG (version9), it won't let me, I am going to attach the detail message it gives me to this message "avg.txt".

ALSO! I wasn't able to run Combofix because of the above problem, I can't turn my antivirus off or deinstall it, it said it was not wise to run Combofix with the AV running so I didn't.

I get redirected to website like "questbooster.com", will add more websites as I remember them or see them.

MSconfig was already set to Normal Startup mode.
I did the house cleaning (didn't find anything weird, did get rid of a bunch of old programs I don't use though).
First scan did find something in the registry.


Thank you in advance for giving me a hand here.
 

Answer:Browser Redirection - "read me" post steps done

Thats what I get when I try to deinstall or reinstall AVG

Local machine: installation failed
Installation:
Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Access is denied.
 

6 more replies
Relevance 98.4%

I have completed the steps in the Malware Removal Guide. I believe everything is running normal. I just need some confirmation from someone with more expertise.

This is not my computer so I do not know what allowed this attack. My guess is user error and that is why I was called in. The computer system is Windows Vista Business edition i386 with McAfee. Obviously McAfee failed to stop the intrusion.

Please see the attached logs.
 

Answer:"Fun Web Products" Malware Removal

more logs
 

5 more replies
Relevance 98.4%

This program called "Save! on" has showed up on my computer. It creates an extension in my Google Chrome browser that places ads on every website that I visit. Disabling/deleting the extension doesn't solve the problem. I've also tried uninstalling the "Save! on" software from my computer, but the problem still persists. I ran a FRST scan on my computer and have attached the logs. Someone please help! Thanks sooo much.
 

Answer:"Save! on" malware removal

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

3 more replies
Relevance 98.4%

Hi all,

I've been a member of this forum for a month or so, and you guys have really helped me. I wanted to give something back and improve my computing knowledge.

The sticky was a bit vague - contact a moderator.

1) How do i contact a mod?
2) How long does the 'training' take?
3) Are there any requirements to becoming authorised, and if so, do I meet them?
4) Is the 'training' a straight course you follow, or do you spend sessions with other people, or what?

Thanks,

Nappymonster
 

Answer:How do I "Get trained up?" in malware removal?

bump
 

1 more replies
Relevance 97.58%

View attachment rootrepeallog.txt



View attachment defogger_disable.log



View attachment SUPERAntiSpyware Scan Log - 08-23-2010 - 13-49-50.log
 

Answer:Taken "read me first" steps. Post logs here?

Still need you to attach:

MBAM
ComboFix.
C:\MGLogs.zip
 

8 more replies
Relevance 97.58%

Hi! I've completed all the steps in the "READ ME FIRST" section, but haven't downloaded Hijack This! yet... I want to be sure it's the right thing to do first.

I've been using Mozilla Firefox as my browser for around a year and have never had spyware/adware troubles until recently. For some reason, I've started to get IE pop-up's while I'm surfing in Firefox. Other issues I've been having include: Aurora pop-up's; clicksearchclick links everywhere; a blackend desktop that reads WARNING YOU'RE IN DANGER etc...; there is a blue desktop underneath the black one which says "Security Warning: and a bunch of other letters and words including VXDVMM. Also, not sure if it's related but since it just started, I assume it is but when I plug something into my USB port I get a blue desktop that tells me I need to do a memory dump. My HD is 40GB and is maybe 1/2 full... plus, I just defragged a few days ago and the issue is still there. I've been using my USB port for years and have never had a problem until recently. Finally, to my knowledge I have no firewall on my system. Is there a good free/cheap one out there to help me out?

Thanks for any tips. You people are great and run a super-helpful site. It's nice to see people providing free help for other people. You are all to be commended.

Thank you!!
Steve
 

Answer:S.O.S. - having several problems. "READ ME FIRST" steps completed

Oh, one more thing: for some reason I wasn't able to run the Symantec Security Check. It wouldn't open with my Firefox browser due to an issue with my cookie settings... I allowed it to open via my Tools>Options>Cookies but it still wouldn't. Thanks!
 

19 more replies
Relevance 97.58%

Hi there!
I diligently followed all the steps in "Read me First" but have come to an impasse when doing the final cleaning steps. I was able to run the SuperAntispyware scan, but can go no further. Even after renaming the .exe file for Malwarebytes, the program gets hung up when installing. The combofix will not run either.

I am pretty sure I have malware defense infection, as when I tried to update my AVG it told me to uninstall the malware defense first, but I cannot find it to uninstall it. My Spybot will not run, nor will the above programs. Any advice would be greatly appreciated!
Thanks in advance!
 

Answer:Unable to complete "Read me First" steps

Assistance please with malware. Logs attached.

I have attached logs from MGTools, ExeHelper, SAS, and AVPfind. I am unable to execute the cleaner files mentioned in "Read me First." Any help would greatly be appreciated!
Thank you,
Miki
 

17 more replies
Relevance 97.58%

Hello folks. Thank you in advance for any help you can provide.

About two days ago, I noticed that Firefox had significantly slowed down. Page loading is stalling, and scrolling down through pages is laggy for the first fifteen or so seconds after the page loads.

Searching through the search toolbar (via Google) up top ends up taking about 10 seconds to load, and when I click the results, I am either erroneously redirected to "google.com", or to what I assume to be dangerous sites ending in .org

This morning, as I began initiating all the scanning involved with the "Read Me" steps, my Spyware Doctor program had 2 popups which stated that it had blocked system events: RogueAntiSpyware.XpInternetSecurity2010, and RogueAntiSpyware.XPAntiSpyware.


I have run through all of the cleaning procedures, but still find that the trojan problems remain.

Thanks again for your help, and please let me know if you need further information.

-Trixie
 

Answer:Trojan remains after "Read Me" steps

Here is the mglogs file as well.
 

8 more replies
Relevance 97.58%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 97.17%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

Answer:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

1 more replies
Relevance 97.17%

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

More replies
Relevance 97.17%

Hello. I need some help on my computer..

When i start my computer, i see 2 ms-dos dialog boxes appear.
I am preety sure that they are responsible for disabling access to folder options, registry tools, task manager, and windows firewall settings.

Using process explorer, i found that the malicious files are namned SSCVIIHOST.exe. I have tried deleting this file but it keeps on reappearing after rebooting my computer.(probably thanks to that stupid msdos boxes)

anyway i have ran the "READ & RUN ME FIRST" list and the files were removed by spybot (the rest of the scans showed 0 errors/malicious software. i didn't use counter spy or avg anti spyware but i ran the rest). But every time i reboot my computer, the files keep on reappering.

Here is my HIJACKTHIS log. as i feel that the error can be spotted there.

Also for some reason getrunkeys.sys and shownew.bat doesn't seem to work while SSCVIIHOST.exe is running, after killing the process with process explorer, only am i able to produce the logs.

Help is greatly appreciated.
 

Answer:SSCVIIHOST.exe = Task manager error.(ran the "read&run me guide")

Welcome to Major Geeks!





cheongzewei said:





i didn't use counter spy or avg anti spyware but i ran the rest). But every time i reboot my computer, the files keep on reappering.Click to expand...

Why not? They are not optional scans. Neither are the scans from BitDefender and PandaActiveScan. We require ALL 6 logs that were requested in the READ & RUN ME. Basing cleaning steps solely on what HJT reports can leave lots behind. In fact when you see my next message, take notice of how much I'm asking you to fix that has nothing to do with what you see in HijackThis.

It also appears that step 2 of the READ ME was not done. Do your problems prevent you from getting this step to work?

Did you configure the below settings yourself?
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=203.146.127.98:3128
O1 - Hosts: 24.13.34.142 gameguard.mapleglobal.com
 

10 more replies
Relevance 96.76%

Just wondering if starting off with Java, if this would be a good book? I'm not really new to programming but haven't done a whole lot either.. I've done some java and c++, but very basic stuff. I'm interested in trying to pass the exam and possibly trying to find a job as a java programmer. Would it be possible without having a computer science degree to get a job?

I'm currently working in the IT industry but more as a Tech Support Specialist on the hardware side..

Any advise or thoughts would be greatly appreciated..
 

More replies
Relevance 96.76%

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

Answer:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

14 more replies
Relevance 96.35%

hi
i got the cleaning process started but my computer gives me the blue screen everytime i run gmer. i have attached the "attach.zip" file which doesnt contain the ark.txt file as i have not been able to complete the process. i have attached a picture of the bluescreen that pops up 20 minutes into the gmer scan. Please let me know how i can get the scan to be completed. i followed all the instructions carefully (i think)
i do have access to the windows install disc
thanks



DDS (Ver_10-03-17.01) - NTFSx86
Run by ANANTH at 20:53:37.14 on Mon 06/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1505 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
svchost.exe
C:\Program Files\Common... Read more

Answer:"first steps" spyware removal issues

Hello and welcome to TSF.

Please note that more than one round may be needed to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please refrain from any self-fixing or running of scanners unless requested by me or another helper at this forum.

Also note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

===================

We really need to see the GMER log. Let's try this special version of gmer.

Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.

**Caution**
Rootkit scans often produce false positives... Read more

18 more replies
Relevance 96.35%

I am running Windows XP Professional version 2002, service pack2. Dell Dimension 2350 Pentium 4 CPU 2.00Ghz 1.99 Ghz 512RAMwith 7.31GB free of 27.9GB.
Using "Internet Explorer 8 and/or "Mozilla 3.0.12".
95% of the time i use Firefox.
I have Glary Utlities and PC-Tools Spyware Doctor. Just REcently added UniBlue Registry Booster2009. I do not want to pay for removal and it reports over 400 registry problems(will only remove 15)
?? What to Do? please help.
Originally i recieved this error/alert:

~Aug 1 09:
re: VIrus : "W32/Gaobot.worm.gen.u"
______________________________
Today: Aug 22 09:
Spyware Dr. scan reports:
19 threats and 3455 infections in my computer. :

[ high-Trojan.CWS(3 infection). 422(low)application.tracking cookies. high-Trojan.FakeAlert(100 infec.) Elavated-Adware.Component.Claria (2479 infec.)
Adware.BHO.GEN(19) Adware.eBates ~ Trojan.WinShow ~ Adware.IE_Driver,.. etc. etc.]


AVG never downloaded properly to get req'd updates needed to even start it. (i have downloaded & removed it several times.) Same problem with Avira. (connection to server failed/access denied )

Another Quirk i'm having is:
Other than being slow(at times) and Browser hanging/or crashing,...
Upon Reboot a black screen appears with only this text: E.S.C.D. updating ,, (Extended System Configuration Data) in which it started to hang. i reboot F2 or F10, exit the diagnostic test, hit F2 again and Widows started.

When u... Read more

Answer:Malware-Virus re:"W32/Gaobot.worm.gen.u"/re:"feriopsedi.com" alert-...Protocol

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to s... Read more

1 more replies
Relevance 96.35%

Hello,

I'm running Windows XP SP 3. I have fake "Security Center Alert" popups and "Security Center" popups. A program called "Malware Defense" has also seemed to installed itself onto my computer. And I've just noticed porn icons appearing on my desktop. It's also disabled my Avira software.

GMER doesn't seem to run. I've clicked on it a couple of times but it doesn't seem to do anything. The DDS logs are attached/follows.

Thanks in advance!

DDS (Ver_09-12-01.01) - NTFSx86
Run by zili at 23:28:31.96 on Wed 01/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1022.493 [GMT 11:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WI... Read more

Answer:"Security Center Alert" popups, "Malware Defense" self install

Let's try this version of gmer.


Download GMER Rootkit Scanner from here to your desktop. Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

4 more replies
Relevance 96.35%

Hiya,

I am exhausted and frustrated. I have infected PC with malware "shopping assistant" and pop up ads powered by GREAt FIND. I have followed your removal guide but it has not worked. Is there something I'm missing or not doing to get rid of this pain the butt.

Your expertise in this miatter would be highly appreciated
 

Answer:PROBLEM REMOVING "SHOPPING ASSISTANT" PUP & "GREAT FIND" MALWARE

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 95.94%

What is "Your codec version is too old" (Fake alert) ?

"Your codec version is too old" is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue :

[attachment=671]

[attachment=672]

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advanced Boot Options. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malw... Read more

More replies
Relevance 95.94%

What is "Windows Security Alert"?

"Windows Security Alert" is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue.

[attachment=149]

[attachment=150]

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)
1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advanced Boot Options. Use the arrow keys and select Safe Mode with Networking .
2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes&#... Read more

More replies
Relevance 95.53%

I have completed the "read and run me first" guide and the "windows xp cleaning procedure" and I'm still having problems. I did not, however, run combofix because of the warning that 1/100 computers fail after use (don't like those odds). I have attached the logs that were created.

The problem I am having is that when I'm on the internet doing something I'll go to a web page and as soon as it finishes loading the page closes. It doesn't happen on all web pages just certain pages.

Before I completed the read and run me first/windows xp cleaning procedure, I could not get ad-aware or counterspy to run on my computer. I am now able to do so, but neither fixed the problem.

CounterSpy did however find "Bifrost Backdoor" (hkey_users\s-5-1-21-3965320847-892991537-108970575-1006\software\wget) and "AntiVirus Gold Rogue Security Program" (hkey_users\s-5-1-21-3965320847-892991537-108970575-1006\software\microsoft\internetexplorer\desktop\components\1) which I suspect might have something to do with my problems. But I was unable to remove the problems because my registration with counterspy has run out.

Attached are the zip from MGTools and the log from Ad-Aware. If counterspy created a log, I could not find it.

Any help is appreciated, thank you very much.
 

Answer:completed the "read and run me first" guide and still have problems

jakkalofv said:





. I did not, however, run combofix because of the warning that 1/100 computers fail after use (don't like those odds).Click to expand...

It did not say it would fail your computer. It said on 1/100 computers it will fail the disinfection process.

Since your trial copy of CounterSpy has expired, please uninstall it as it is of no use to you anymore and will just get in our way.

Please run and attach the requested log from SUPERAntispyware as gievn in the READ & RUN ME.

Also do the below which was also requested in the READ ME.


Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment
 

3 more replies
Relevance 94.3%

Hi,I need some help with the guide titled, "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help".http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/I'm up to step 8.I already downloaded GMER and when I double click it. It would automatically do a scan without prompting me (lasting less than 10 seconds) and then I continue with the instructions in the guide: I unchecked 'Sections', 'IAT/EAT', Drives/Partition other than Systemdrive, which is typically C:\, and 'Show All'.When I clicked "scan" the program just froze on me. I waited for about 5 minutes to see if it was just a lag but then I noticed the clock on the bottom of my computer screen also froze. I had to force the computer to shutdown by holding the power button. I tried GMER again about 2 more times and it froze both times the moment I clicked "scan". Then on the 3rd and 4th try, it scanned but I walked away for about half an hour and when I returned, it appeared to have self terminated. Then my final attempt. The scan finished and I clicked the "save..." button and the program froze on me and again, the clock on my desktop has froze again and I was not able to save the scan report.Is there an alternative program I can use rather than GMER?Thanks

Answer:I need help in the guide titled, "Preparation Guide For... Malware Removal Tools..."

If you cannot get GMER to just just post the other logs asked for and explain the problem you had trying to run GMER.

3 more replies
Relevance 91.43%

Ok where do I begin?! I have been dealing with viruses, spyware/malware for the past week. It all started with Norton advising me that I had been infected with Trojan. Vundo and Trojan.Zonebac. After that I started receiving many different pop ups warning me about critical system alerts. I also had an annoying yellow triangle at the bottom of my screen warning me about different trojans and worms. More evil friends included 2 new icons that had made their home on my desktop one named "Live Safety Center" and the other "Online Security Guide", also installed was a new toolbar named "Security Toolbar 7.1". I have scanned my computer with many different programs and have somehow finally managed to get rid of the pop ups and toolbar, although I know I'm probably still infected somewhere. I'm sorry this is so long but, I wanted to explain EVERYTHING! I'm running Windows XP SP2, and have followed all steps to post. I downloaded DSS, but after many attempts to run, it just wouldn't let me. I do have a fresh hijackthis log and my Panda report, I hope this is good enough.
Many thanks in advance to whomever helps me, I am desperate!
Monica

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:35 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe... Read more

Answer:2 evil friends on desktop "Live Safety Center" and "Online Security Guide" Help?

Hi, thanks for trying to perform all the steps.


Quote:




I downloaded DSS, but after many attempts to run, it just wouldn't let me.




At what stage does DSS stop working?

7 more replies
Relevance 91.43%

My work laptop has picked up this virus/malware. What it does is blocks your desktop and all programs with a white screen, and if you are connected to the internet it brings up a bogus FBI warning that says you have to pay a fine. Task Manager is unavailable. I cannot remove it because I cannot get to the BIOS without an admin password, nor can I boot in safe mode w/o this. I do not want to give it to the I.T. of my work place because they will probably just wipe the drive and re-install the programs of my work place. I hate to have that happen because I have installed on this computer several programs I need for my work, and if the drive gets wiped I'll have to spend hours hunting down these programs again and re-installing them. Is there some way around the "admin rights" stuff so that I can run Kaspersky's WindowsUnlocker and be done with it?

Answer:"White Screen", "FBI Warning" Malware!

Really, you should just take it to your IT department to let them deal with it so you don't make it worse.

I work in a corporate IT environment right now, and much prefer a user come to us before they tried to fix it on their own..

Yes, you'll most likely get the drive wiped, however you can tell them to back up your data for you, and possibly even reinstall those programs that you need; especially if its for work, they should have the licenses and/or installers for the software.

3 more replies
Relevance 91.43%

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

Answer:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

2 more replies
Relevance 91.43%

I copied this from another post, as it is exactly the same problem I am having:

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

• Visit Website • Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

• Visit Website • Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

• Visit Website • Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

• Visit Website • Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

• Visit Website • Free Scan
Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:21 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.... Read more

Answer:Solved: "Malware Wipe" "the spy guard"

16 more replies
Relevance 90.61%

I don't have a clue where to begin trying to fix this problem. Spybot doesn't seem to fix the problem. I keep getting random icons on my desktop and start menu called "online security guide" and "live saftey center". There are also many fake balloon warnings appearing and a window titled "Critical System Warning!" that wants me to download stuff. What process can I go through to clean my system. Any help would be great...thank you!

Answer:i need help - "online security guide" & "live safety center" icons!!

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 90.61%

I'm having the same problem that a lot of people are having. These icons have showed up on my desktop and i keep getting pop ups telling me to download them because i have a virus. i would really applicate the help.
thanks!
John

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
91: 2007-11-17 16:39:03 UTC - RP554 - Deckard's System Scanner Restore Point
90: 2007-11-17 15:47:18 UTC - RP553 - System Checkpoint
89: 2007-11-16 15:05:33 UTC - RP552 - System Checkpoint
88: 2007-11-15 01:17:54 UTC - RP551 - Software Distribution Service 3.0
87: 2007-11-13 22:39:57 UTC - RP550 - Removed Banctec Service Agreement


-- First Restore Point --
1: 2007-11-12 23:17:11 UTC - RP464 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 81% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).
System Drive C: has 2.78 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-17 11:42:27
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\... Read more

Answer:"online security guide" and "live safety center" deckard log here

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop. We'll use this later.

Download SDFix and save it to your Desktop.

Please download & install - ERUNT (This is a utility that'll replicate a copy of your Registry)
Start ERUNT, confirm the Welcome message.

Next, select the backup options:

System registry
Current User Registry
Other open user registry

Click "OK" and wait until the backup process is complete. (Note that depending on your system configuration this may take some time, and that the first bar is NOT a progress bar, just an indicator that the program is still running.)
# Note: To ensure proper operation of ERUNT, you should be logged in a... Read more

13 more replies
Relevance 90.61%

Hello
I have tried to research this myself but am still unsure.
When the antivirus program quarantines a trojan, does it do any harm to leave it there?
There are choices;1-remove,2-repair,3-report to Mcafee.
I asked them but am getting contradictions and vague answers.
I do not want to remove a necessary file with a 'simple' removal but how are you supposed to know what will happen when you click remove?
I will continue to research this but could use an educated response.
Thank you
 

Answer:malware removal steps

peterr said:





When the antivirus program quarantines a trojan, does it do any harm to leave it there?Click to expand...

No, other than the fact that other scanners could detect it. Once you are sure that something that was quarantined was not a false detection, you can empty the quarantine.





peterr said:





There are choices;1-remove,2-repair,3-report to Mcafee.
I asked them but am getting contradictions and vague answers.
I do not want to remove a necessary file with a 'simple' removal but how are you supposed to know what will happen when you click remove?Click to expand...

If something is truly malware, it needs to be fixed. Sometimes a fix means delete the file since it is not a necessary file; however, other times a file that is necessary for Windows or for some other program could truly get infected and the first thing you would like to do is repair (i.e. remove the infection) if possible. Sometime a repair is not possible and you will need to delete/quarantine the file and then replace it with a good copy. Care must be taken not to delete a file required for your PC to boot or run properly which is why sometimes a scanner may detect a problem but could say that it cannot be fixed. If the fix it, it could make your PC unbootable.

Sometimes scanners will have False Positives (FP) which McAfee has quite a few of and you need to report them or they will never fix them and they will ke... Read more

5 more replies
Relevance 90.61%

So In the past maybe 5? months I've been redirected to:
2 times aferesearchgroup.com claiming to be a charter survey (Charter doesn't know about this at all and the website is basically unlisted on google)
1 time Browser hijacker and my anti-virus/mbam were unable to find anything wrong.
 
I've run adwcleaner, jrt, and rkill to try and remove any threats..
 
Is there anything else I can do to block any potential attacks?
 
 
 
Edit: I use webroot pro and google chrome

More replies
Relevance 90.61%

Hello,
I've completed the Read and Run Me First steps, and the various scans have turned up a lot of scary-looking files. My laptop, which runs Windows 7, has been experiencing a few ongoing problems:

I have to reconnect to my wireless Internet whenever I log out of Windows even though I have set the computer to log in automatically. This has been going on for a month or so.
Whenever I use a search box on a web page, advertisements automatically appear. I haven't been able to remove this problem, which has been happening for at least a month.
My bank's web site alerted me that I may be getting redirected to an unsecure site. This was alarming.
My Internet has been getting steadily slower. I realize this could be due to a number of causes.
I'd very much appreciate advice on how to proceed. Thank you in advance.
 

Answer:Malware Removal Next Steps?

Welcome to Major Geeks!

While I look thru all of your logs, run Hitman Pro again and allow it to remove all of the Malware remnants and Potential Unwanted Programs items it found. Then reboot your PC. After reboot, run a new scan with Hitman Pro and attach the new log.





neilers17 said:





My bank's web site alerted me that I may be getting redirected to an unsecure site. This was alarming.Click to expand...

Have you used a different PC to change all passwords? Or called your bank to ask them to change passwords?
 

2 more replies
Relevance 90.61%

Hi.

4 days ago my machine began running slow, mouse was erratic, net was dragging and every re-boot I got the error window as in the attatched screenshot.

After running Norton as standard - and Advance System Care (which I then deleted) and finding nothing I came here - and followed your advice to the letter . The log attatchments are below. Im stumped - please help. Thanks.

Im running W8, 64 Bit. 6.00 gig Ram, i5.
 

Answer:Malware Removal? All steps taken?

plus this TDSKILLER log.
 

31 more replies
Relevance 90.61%

hi, recently ive been noticing a lot of pop ups, usually with every new address i open, or i will have a really slow internet activation time (when i start google chrome it takes forevaaaaa). I have also noticed a program called strongvault, i immidiately googled it and came to this awsome forum site, when i was reading through a post, i realized i also had what i thought was another malware program: delta search bar. I left my room door open one day and my roommates friend went on a downloading spree and since ive been having these problems. I have also noticed toolbars in my mozilla and chrome popping up when i start them, i reinstalled mozilla and chrome and that fixed it. since i ran ccleaner (today), i havent really had many pop ups, but i did do all of the other steps and i have some logs for you awsome tech savy people to look thru =P. I noticed quite a few threats detected with all of the scans that i did, however tdsskiller did not show results for threats so i left that log out. I greatly appreciate the effort you all put forward to helping people like me(i feel so lost haha). i am a very patient person, so no bumping of this thread will happen i assure you. THANKS!
 

Answer:malware removal *followed all steps (1-4)

Rerun MBAM and have it fix everything it found.

Now Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4808 : wscript.exe C:\Users\Jonathan Hawley\AppData\Local\Temp\launchie.vbs //B

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Now rerun Hitman and have it fix everything it found.

Reboot and rescan with both RogueKiller and Hitman and attach those new logs as well.

Be sure to tell me how things are running.
 

10 more replies
Relevance 90.61%

Hello-

My wifes pc started having problems and when I ran spy bot it showed braviax infection. Removed but continued to have problems. Ran a few other programs to try and get it all cleaned up but no luck. Found your site and followed the steps.

It appeared to have cleaned the issues up...malwarebytes and SAS showed clear. But I ran Kaspersky and got a hit for some wurldmedia files. I'll include that log as well.

This same braviax issue infected her pc a year ago. I'm wondering if I left some trace behind that it re-infected with.

Thanks in advance for any help you can give!

James
 

Answer:followed malware removal steps..gone?

attached are two more logs...thanks
 

19 more replies