Computer Support Forum

Windows 10 Restored & WLM 2012 removed - How to restore WLM 2012

Question: Windows 10 Restored & WLM 2012 removed - How to restore WLM 2012

Unable to download and restore WLM 2012 after doing a Windows 10 restore on May 24, 2017. Message says Microsoft stop supporting Windows Live Essentials in January 2017. Any suggestions for reinstalling WLM 2012? Is Windows Live Mail 2012 available from anywhere besides Microsoft?

More replies
Relevance 100%
Preferred Solution: Windows 10 Restored & WLM 2012 removed - How to restore WLM 2012

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 115.13%

Unable to download and restore WLM 2012 after doing a Windows 10 restore on May 24, 2017. Message says Microsoft stop supporting Windows Live Essentials in January 2017. Any suggestions for reinstalling WLM 2012? Is Windows Live Mail 2012 available from anywhere besides Microsoft?

Answer:Windows 10 Restored & WLM 2012 removed - How to restore WLM 2012

Skywavedoug said:

Unable to download and restore WLM 2012 after doing a Windows 10 restore on May 24, 2017. Message says Microsoft stop supporting Windows Live Essentials in January 2017. Any suggestions for reinstalling WLM 2012? Is Windows Live Mail 2012 available from anywhere besides Microsoft?



Welcome to TenForums @Skywavedoug.

Pity you didn't come here sooner, the end of support had been known since October last year. The links were finally removed from Microsoft's pages and the files pulled from the download server in March this year. Those of us who knew downloaded the off line installer wlsetup-all.exe before it was too late. See this thread...
Windows Essentials 2012 will reach end of support on January 10th 2017
...and read to the end. There are increasing difficulties running the installer as Windows 10 has been updated, particularly with the Creators Update.

There are a few places that purport to have copies of wlsetup-all.exe you can download, but most of them appear... well... suspicious. There does appear to be a copy of the English off line installer held by the Internet Archive.






Internet Archive is a non-profit library of millions of free books, movies, software, music, websites, and more.



https://archive.org/

The download is here: https://archive.org/details/wlsetup-all_201703

I've downloaded the 'Windows executable' from the above link and done a file comparison with my copy downloaded ... Read more

1 more replies
Relevance 90.61%

Running windows xp professional, was attacked with the fake windows security 2012 virus. I have Avast installed on my system but it didn't seem to catch it. Ran Malwarebytes and had it clean the system, now I have no access to my network. No internet, no printer.
Did the netsh firewall reset, still nothing.

Your help is greatly appreciated.

Mike

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Big Jeff :: JEFFSCOMPUTER [administrator]

1/5/2012 10:55:50 AM
mbam-log-2012-01-05 (10-55-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218364
Time elapsed: 15 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RRT-Auto (Autorun.RRT) -> Data: D:\New Folder\RRT.exe auto -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
D:\New Folder\RRT.exe (Autorun.RRT) -> Quarantined and deleted successfully.

(end)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.1870... Read more

More replies
Relevance 90.61%

Hello,

I had the 2012 Antivirus XP virus popup and Internet Explorer redirect problems and tried to follow directions in other posts to solve my problems. I don't have the antivirus popups anymore and I do not get redirected. But, now Mediaplayer won't run and I don't have access to Window's Help and Support. I am sure there are other problems too that I have not discovered. I had run Combofix to try and solve my problems, but after running for a long time it would stop. I would let it run for over 2 hours. When I use Window's explorer to look at my hard drive, there are over 100 folders with the name $NTUninstallKB896424$ or similar.

Help would be greatly appreciated.

Thanks!

More replies
Relevance 90.61%

My computer got infected with the Windows Security 2012 virus, I followed the guide, and now it seems that there is no more virus. However, one of the effects of the virus was that I could not see any of the files on my computer. I can't see anything on the desktop or the Start Menu besides Computer. However, I know that the files still exist because malwarebytes and MSE have things to scan, right? So I changed the settings by typing in Control Panel on a windows explorer window and changed the appearances so that I could see the hidden files. Now I can see all the files I have, but they're transparent, so they were hidden. I can still open the files, though. I scanned with malwarebytes and MSE and they didn't find anything, so I don't know what to do now. I access the internet by opening a picture jpeg file on a usb with mozilla firefox.

I don't know if this is relevant, but I can't access C: Documents and Settings, there's a little lock symbol on the icon, it says "Access is denied" even though I'm the only user of the computer.

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Wu Residence at 16:47:17 on 2012-01-04
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3839.1905 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5... Read more

Answer:Removed Windows Security 2012 virus, still have problems

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

27 more replies
Relevance 90.2%

Hello, all!

I am preparing to get a Windows Server set up in the near future here at a mission school I just started working at.

Here's what I am planning on running:
Windows Server 2012 Hyper-V, under which I will run 3x virtual machines (Server 2012 Standard, pfSense, and Untangle).

Since I am needing to get this implemented as soon as possible, I am trying to decide what to do, considering Windows Server 2012 R2's release is just around the corner.

I'm wondering... Is 2012 R2 going to be a completely different OS, in that you need to purchase a separate license key to run it if you already have 2012? Or will it be more like a service pack?

Also, can the preview version be upgraded to release once it is released?

The reason I am asking is that I am needing to get this set up as soon as possible, and need to know how to proceed. Should I use Hyper-V preview and Standard preview (if there is one... Only seen datacenter so far) then upgrade to release and purchase licenses, or is there something else that would be preferable?

Thanks!
ElectroPulse
 

Answer:Windows Server 2012 to 2012 R2 Questions

2008 R2 and 2012 R2 are new operating systems that require you to purchase them. I believe 2012R2 has gone RTM recently, which means in a few months you should be able to get it.

There are a lot of VM improvements in 2012, and even more in 2012R2. If you're just running a basic setup it's not needed to hold out for, unless you're not under any time constraints, then why not. Here is a list of the major R2 features.

I'm not sure how well pfSense and Untange will run in a Hyper-V VM. The Gen 2 VM and improved Linux support of R2 may be needed for better operation.
 

6 more replies
Relevance 88.56%

I followed the directions to remove windows vista security 2012 using the tutorial on your website. I believe that worked but I'm still getting a "Resident Shield Alert" saying I have multiple infections. While this has the AVG symbol (the antivirus software I use) it doesn't say AVG on it and I'm pretty sure it's bogus. I'm also being redirected from websites and a little window pops up saying "windows prevented some start up programs". My computer is running a little slow and sometimes freezes. I appreciate any help you can give me. Thank you.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Logan at 8:12:53 on 2011-12-26
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.675 [GMT -8:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows... Read more

Answer:removed windows vista 2012 and now redirects and "resident sheild alert"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434539 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 86.92%

Hi,
Does Windows 2012 Standard (and R2 standard edition) provide log collector facility? If so, could you please provide aq link for that. I understand that 2012 and R2 essential provides that feature - looking
for Standard edition support.
Regards,
Champak

More replies
Relevance 86.92%

Greetings,

My pc caught the Vista Antivirus 2012 the other day and today. The first time it disabled the internet and removed windows security system and firewall as well as made it unsucessful to system restore. I followed directions from http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 but I still can't turn on windows firewall or security. I also can't start IPSEC policy agent under the dhcp dependencies. I get the message 'Due to an identified problem, Windows cannot display Windows Firewall Settings'. My computer caught the virus again today as I was browsing with another antivirus which didn't stop the virus from attacking again. I want to make sure my computer is completely clean of this virus without disabling the internet and restoring windows security center without installing the OS. I'd also like a recomendation for an antivirus that is powerful enough against this virus. Thank you in advance! My HJ log is below:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:50:50 AM, on 12/20/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files&#... Read more

Answer:Vista 2012 Virus Keeps Coming Back! Removed Windows Security Center and internet.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433537 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 86.51%

want to restore & wipe content to start afresh with windows 7 can you please help having many problems & I am not very clever with computors

Answer:restore windows 7 complely from 2012

Different computer makes use different methods of restoring Windows so it is difficult to give an exact answer if you don't provide the make & model of your computer. One thing you can try is to start up the computer and as soon as the first thing appears on the screen start tapping the F8 key. This should bring up a menu and one of the options should be 'Repair My Computer', select this option (using the cursor keys) and then go through the screens until you get to a list of ways of repairing your computer - hopefully one near the bottom will give an option to do a complete restore."I've always been mad, I know I've been mad, like the most of us..." Pink Floyd

4 more replies
Relevance 85.69%

Need to install or restore Windows Live Mail 2012

Answer:restore windows live mail 2012

@Steve-9 From a quick check there are still places on the 'net where you can download and reinstall the software. Note the following: Microsoft is killing off Windows Live Mail ? what should I do? Update required to keep using Windows Live Mail 2012 with Microsoft accounts  Using Windows Live Mail 2012 with Outlook.com? Time to update your email application!  Click the Thumbs Up to say Thanks!Click Post that answers your question "Accept as Solution" to help others find it.  

1 more replies
Relevance 84.87%

Any Thought's on LiveBoot 2012, WinSuite 2012 and PowerSuite Golden ?

PowerSuite Golden contains both LiveBoot and WinSuite.

Thanks.

Answer:Thought's on LiveBoot 2012, WinSuite 2012 and PowerSuite Golden ?

WinSuite is totally absolutely utterly useless, Windows 7 does not need any optimizers. Generally you get more troubles with these "wonderful" toys.

LiveBoot is IMO useless because when you have your install media and a recovery disk created, that's all you need to recover your system or in worst case scenario access the HD to recover your files.

Kari

2 more replies
Relevance 84.87%

My laptop is a mess right now. My icons are hidden, my wallpaper is gone, and my system appears to have reverted from Vista to Windows XP. My start button shows up blank with only a search bar, and to access any folders I need to use the search option and hope for the best. Also, when on the internet, everything is zoomed in. At first, I had the Windows Vista restore virus. I followed your guide, but Malwarebytes would not install. When I finally got around that problem, I ran the full scan and hoped for the best. When I restarted, instead of the Vista restore virus, I had popups that belonged to Windows Vista Antivirus 2012. When I ran Malwarebytes again, the popups stopped, but other symptoms remain. I think the problem may be that I can't update Malwarebytes, because when I try to the install fails at 99% with a message saying "Access is Denied." Please help me!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by BLT at 23:03:28 on 2011-12-31
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2941.1762 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\... Read more

Answer:Windows Vista restore virus and Antivirus 2012

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

20 more replies
Relevance 84.46%

I followed all the steps to remove the XP 2012 virus and am still getting Internet Explorer redirects and problems with outlook. Any ideas? Here are the logs I was able to pull...Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! McAfee VirusScan Enterprise Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java™ 6 Update 24 Out of date Java installed! Adobe Flash Player ( 10.0.42.34) Flash Player Out of Date! Adobe Reader X (10.1.1) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee VirusScan Enterprise mcshield.exe McAfee VirusScan Enterprise vstskmgr.exe ``````````End of Log```````````` MiniToolBox by Farbar Ran by User (administrator) on 12-12-2011 at 19:23:27Microsoft Windows XP Professional Service Pack 3 (X86)***************************************************************************========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set.========================= FF Proxy Settings: ============================== Hosts file not detected in the default directory========================= IP Configuration: ==================... Read more

Answer:Removed XP 2012 and still have probelms

Posted logs to the log forum.

4 more replies
Relevance 84.05%

My school gives us server 2012 standard for free. I am wondering if it's possible to install it as 2012 essentials with the same features as essentials kind of like how win pro had every thing home had. Or are the features of server essentials not included in standard? (Features like full pc back up and the dashboard like whs 2011)
 

Answer:can you setup server 2012 standard as 2012 essentials?

Different media for the install, Server Standard and Datacenter use the same media. Essentials has it's own install disk and Foundation and Storage Server share the same media.
 

1 more replies
Relevance 84.05%

Hi
I am working with windows 8 and I have installed SQL server 2007 and visual studio 2010. Now I want to upgrade these setups to SQL server 2012 and visual studio 2012. what is the advantages of what i want to do and how can i do it easily without corrupting the operating system? Please help.

Answer:Installation of sql server 2012 and visual studio 2012

SQL Server has an upgrade option that is pretty painless. Just run the setup file from your 2012 installation media and click the upgrade option. It will ask you what instance to upgrade, run some checks, and then upgrade it for you.

Visual Studio is a little different. If you install 2012 without uninstalling 2010 first, you will simply just have both versions to choose from. You can completely uninstall 2010 before installing 2012 by finding your 2010 installation file and adding the uninstall and force switches when running it(ex. "C:\vs_ultimate.exe /uninstall /force").

If you keep 2010, 2012 will ask you if you wish to import your settings and whatnot from 2010. If you uninstall 2010, 2012 will just have it all when you open it for the first time.

1 more replies
Relevance 84.05%

This request was originally posted as http://www.bleepingcomputer.com/forums/topic432929.htmlOriginal situation:About two weeks ago, one of the computers I deal with was sick with one of the fake Antivirus scamware infections. I fixed it, I thought, using the manual removal instructions from this site: FixNCR.reg, rkill.exe, MalWareBytes. It worked fine until this morning, when it displayed “XP Antispyware 2012” and “Security Sphere 2012”These were removed manually, using the instructions on this site...After this, the computer running normally without malware symptoms. But, because the malware regrew last time (or was reinfected despite running AV), I would appreciate it if someone could take a look at it with me.One thing I have noticed is that the HOSTS file is locked or blocked against editing. SPYBOT SEARCH & DESTROY usually keeps many sites blocked in HOSTS, but all of these are missing and SPYBOT reports that it is unable to re-IMMUNIZE. Also, HOSTS cannot be manually edited.These new logs were requested by the Advisor, Broni:DEFOGGERDDSMALWAREBYTESGMER=======================DEFOGGER LOG (Reboot NOT requested)defogger_disable by jpshortstuff (23.02.10.1)Log created at 10:19 on 22/12/2011 (Staff)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-=======================DDS LOG.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Ru... Read more

Answer:Regrowing "XP Antispyware 2012” and “Security Sphere 2012”

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433942 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

19 more replies
Relevance 83.23%

When sitting for an elderly relative at the hospital, I had connected to the hospital router and my laptop at some point popped up a message indicating that my computer was being scanned for viruses and of course many were soon 'found'. This was a fake scan and the 'antivirus' software titled 'Win 7 Home Security 2012' is one of the hijack type programs that infect computers. Removing The "Win 7 Home Security 2012" Malware--After reading the Kaspwersky Lab Forum entries here: Kaspersky Support ForumI tried the suggestions there and they worked for me. i hope this also works for you!Removing this malware takes a few steps to complete, but is simple and effective.Since this malware does not allow internet access or allow you to execute programs, you must use another computer to download a Kaspersky utility.(Although there are many solutions to this problem out there, I preferred Kaspersky's solution for it's simplicity and the fact that they provided a free utility to solve a similar infection my computer had last year.)Step 1: download the following file onto an SD card (USB drive may work also) using another computer with internet access to allow your computer to again execute programs.http://support.kaspersky.com/downloads/utils/cleanautorun.comStep 2: Remove the SD card and insert it into the infected computer and run the com fileYou will now be able to access the internet (don't reboot the computer or the malware will take... Read more

Answer:How I removed Win 7 Home Security 2012

@ scott -
There are better tutorials on This Site, as well as Malwarebytes Forum, GeeksToGo Forum, and several other Forums -
I know you are giving people wrong information {as with your other incorrect post}
As you are not a recognised Expert, please stop spreading this poor information -

Thank You -

2 more replies
Relevance 83.23%

Hello and thank you for looking at my issue. Have a HP DC5700 Windows XP Pro sp3 computer. It had XP Antivirus 2012 and I followed the steps at http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012 . But the computer is slow and no icons would appear on desktop or file manager - I unchecked hide files and folders and all folders appeared but no + signs ( local settings, etc ) and the desktop icons are ghostly ( not full ). And Start/programs only show Malwarebytes - nothing else...If anybody can help me it would really help - This is my 1st post...Thank youMod Edit: Removed email addy, security measure ~ Hamluis.

Answer:XP Antivirus 2012 removed but still problems

Welcome aboard Let's see, if we can recover your missing features.Download and run UnHideLet me know, if it worked.

3 more replies
Relevance 83.23%

I have successfully permanently removed PUP.BITMINER on 2/06/2012

I discovered it on a computer back in early December. Latest Malwarebytes would remove everything but PUP.BITMINER kept coming back the next time I rebooted then opened a browser. Even
with the latest Malwarebytes. Things like Kasperky TDSS and Norton power eraser detected nothing.

The Pup.Bitminer file malwarebytes kept detecting coming back was C:\Windows\assembly\temp\kwrd.dll. So after a pass of mwbytes removing this without rebooting I
installed Webroot Secure Anywhere Complete. It is a cloud based scanner. It detected 2 files and a registry key within a few seconds.

2 Files Removed-
c:\windows\system32\config\systemprofile\appdata\local\hretywa.dll
c:\windows\system32\consrv.dll

1 Registry Key Deleted-
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hretywa\DllName

Here is the actual webroot log-
Automated Cleanup Engine

Starting Routine> Removing c:\windows\system32\config\systemprofile\appdata\local\hretywa.dll...#(PX5: E276E87A0024F0C72CC800589ABB6A00C8275DB8 - MD5: 35B12F2AE9857CE6B6627AA0076A57D3)...
Deleting File> c:\windows\system32\config\systemprofile\appdata\local\hretywa.dll
Writing Registry Value> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon�... Read more

Answer:Pup.Bitminer successfully removed 2/06/2012

I made this same forum post on Malwarebytes.org consumer forums. It appears to have been removed already from their forums.

I am not trying to sell anybody anything. I am just sharing information.

If any of my posts help you. That is what I intended. If you try something else that is fine with me.
I was just trying to help.
bdstx4

4 more replies
Relevance 83.23%

Howdy Everyone,

Stats on the computer:
Windows XP, SP3
Was running AVG and had an old Java version

It was infected with XP Security Center 2012.

Put it in safe mode, ran Malwarebytes and SuperAntiSpyware.

Allegidly it removed the XP security center. It doesn't pop up any more.

However, all the icon images were set to blank icons and .EXE's wouldn't run.

I downloaded and ran exefix.reg and iconfix.reg. Some of the icons are still blank, some got fixed.

A few days later, EXE's won't run again. Now it's at the point where I can run the Exefix.reg and it will only last about an hour. Then EXE's are broken again. There's been no popups or scareware. Just keeps killing the EXE registry keys and some icons still are blank. I think there's still something lingering left over.

The computer has a Labtech agent (LTSvc and LTTray) and LogMeIn installed on it which are authorized. AVG has since been uninstalled, MSE was installed, and Java is patched current now.

DDS.Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Zandra at 22:38:01 on 2011-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2175.1390 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.... Read more

Answer:Removed XP Security Center 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/417001 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

14 more replies
Relevance 83.23%

Greetings everyone,

Obviously I'm new here. I've read the forums before to get help with some problems but never created an account and posted.

A few weeks ago I had an issue with the Win 7 Home Security 2012 virus. I followed the steps here http://www.bleepingcomputer.com/virus-removal/remove-win-7-home-security-2012 to remove it and thought I was successful. Last night it came up again and I followed those steps again. Since following those steps I have been having problems with PING.exe *32 starting up randomly and using up almost all of my CPU. Also, Avira has been telling me that I have a trojan, Alureon.TK.3 that I cant seem to delete. I'm going to assume that a prorgam that I dont want using PING is using it because I am not pinging anything.

I can produce any logs that are necessary for you guys to assist me

Thanks for the help, Sean

Answer:Removed Win 7 Home Security 2012

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 83.23%

Hi everybody,

I caught a vista 2012 virus and I went through all the steps on here:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

But when I run spy hunter, it still shows like 58 infected items...so I guess they are not removed, are they? What I am supposed to do now?
I had avira before but since it let the 2012 virus through, I uninstalled it and now I got ad-aware. Doesn't pick up anything right now, but spy hunter still does. So how do I remove the stuff spy hunter discovered without having to buy it?

Thanks for your help.

I should add, when I do the spy hunter scan and firefox is still open it tells me to close firefox so it can scan its cookies and it seems that as soon as I click ok, spy hunter all of a sudden finds all these virues or whatever they are. So is it firefox that is infected? I really don't know much about all this...

Answer:Vista 2012 virus removed??

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 83.23%

My computer was infected with the Windows Antivirus 2012 a few weeks ago. I read some of the help files, and thought I had taken care of it. However, my computer is acting a little funny at times. Programs take a little longer to start than they used to and IE will hang at times (didn't have this problem before the infection), so I'm afraid that maybe I didn't clean all the infection. I hope someone will take a look at my logs and help me take care of this.

I'm running Windows XP SP3, Comodo firewall, and Avast Antivirus. I run the free Malwarebytes at least once a week.

Thank you an advance for any assistance,

NizTink

DDS.Log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by KM at 14:12:18 on 2012-01-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1522 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\syst... Read more

Answer:Win Antivirus 2012 - Thought I removed it

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

20 more replies
Relevance 82.41%

Followed tutorial on bleeping computer to remove AV protection 2012 and smart fotress 2012 and ran malwarebytes anti-malware and restarted the computer. But Still AV protection 2012 popup shows up after restart/startup

Alos GMER Log is bigger to attch so i will split in two parts and post part 2 in followup.

Answer:AV protection 2012 and Smart Fortress 2012

part 2 of GMER log.
Please rename .txt to winrar and extract.

I had to do this because the post wont allow to attach part 2 due to file size.

23 more replies
Relevance 82.41%

*******DDS LOG******

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Luis at 20:17:44 on 2012-01-14
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3069.1355 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k bthsvcs... Read more

Answer:Removed Vista Antivirus 2012, still having issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

35 more replies
Relevance 82.41%

Security Guard 2012 (a nasty bugger) installed itself on my XP PRO PC. After getting advice, I was told to run a tool called combofix. This worked are restored my computer to a working status again.

I was then able to run Malewarebytes for the first time and it found several infections and removed them.
I ran HiJackThis and removed some stuff (as a friend pointed out what to remove)
I then did a virus scan with AVG and it found a few things and removed them.
I then did another after rebooting and nothing was found, same with MBAM.

But...for some reason I still have the following issues:

1. Malewarebytes pops up with messages all the time saying "successfully blocked access to a potentially malicious website: **various IP addresses follow*** such as 121.10.120.143, 219.146.253.155 etc...
2. I cant really click on any google search results without being redirected to various scam sites...

Please Help me BleepingComputer!!
-Thanks for your time

P.S. I have the logs ready if you want me to post them...just let me know.

Answer:Security Guard 2012, removed- still having problems

Hello having run ComboFix we need to see that and a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you have.Let me know if that went well.

1 more replies
Relevance 82.41%

I somehow managed to get the Vista 2012 virus. After looking on bleepingcomputer I was able to remove it following the directions, but now all my Google searches are redirected. My McAfee antivirus is up to date but doesn't detect any problems with the computer. GMer also kept crashing in windows, saying it needed to shut down. These are my logs. Thanks!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Josh at 16:10:07 on 2011-12-16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3573.1242 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32 ... Read more

Answer:Removed Vista 2012 and now Google redirects

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download aswMBR.exe to your desktop.Double click the aswMBR.exe to run itClick the "Scan" button to start scanOn completion of the scan click save log, save it to your desktop and post in your next reply.Please include the following in your next post:aswMBR log

20 more replies
Relevance 82.41%

OLD THREAD: http://www.bleepingcomputer.com/forums/topic458509.htmlHP Laptop running Windows XP Home Edition, SP3.Computer couldn't connect to the internet. Task Manager was closed immediately after opening, as was Internet Explorer (the only browser on the machine).Got the Task Manager to open right as Windows started and stopped any process that looked suspicious. (This was before I found the guide on Bleeping, mind you. Forgive my ham-fisted attempts, but they worked.)I was able to run Malwarebytes and XP Home Security was visibly gone when I rebooted.How it stands:-First Malwarebytes scan removed over 130 infections.-Opening IE just flashes the white window of the program and then closes. No error message.-Installed Opera and Firefox. Neither of them can connect to Google. Both of them get random tabs opened with long, nonsensical URLs. I close them immediately.-Tried running DDS, got about 90% through the scan and it froze. Mouse still moved, but nothing was clickable.-Tried running GMER, scanned for 15-20 minutes and the program window went white. Unresponsive. I left it like that for another 20 minutes, no change.As requested by a Mod in this thread: http://www.bleepingcomputer.com/forums/topic458509.htmlI ran QTL.I am currently on a different machine. I will immediately make a reply from the other machine with the QTL logs.

Answer:XP Home Security 2012. Removed but not forgotten.

I am pasting the QTL.txt log. I am attaching the Extras.txt logOTL logfile created on: 6/27/2012 10:44:36 AM - Run 1OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Elaine\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.13)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.17 Mb Total Physical Memory | 129.05 Mb Available Physical Memory | 28.92% Memory free958.05 Mb Paging File | 740.89 Mb Available in Paging File | 77.33% Paging File freePaging file location(s): C:\pagefile.sys 576 1152 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 47.29 Gb Total Space | 30.04 Gb Free Space | 63.52% Space Free | Partition Type: NTFSDrive D: | 7.58 Gb Total Space | 0.61 Gb Free Space | 8.08% Space Free | Partition Type: FAT32 Computer Name: PC300862272413 | User Name: Elaine | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Elaine\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)PRC - C:\Program Files\Common Files\Pure Networks ... Read more

3 more replies
Relevance 82.41%

Recently had a desktop running Vista Home Premium 32bit come down with some rouge antispyware called Vista Antivirus 2012. Followed the spyware removal guide for it (over here), deleted like one registry entry (going in the registry makes me really nervous) but I want to be sure that it's completely gone. Any advice?

Answer:is vista antivirus 2012 fully removed?

There are no guarantees or shortcuts when it comes to malware removal. The severity of infection will vary from system to system, some causing more damage than others. The longer malware remains on a computer, the more opportunity it has to download additional malicious files which can worsen the infection so each case should be treated on an individual basis.In any case, we can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing.You can try doing an online scan to see if it finds anything else that the other scans may have missed.Please perform a scan with Eset Online Anti-virus Scanner.If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install. Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser and allow the download/installation of any require files.Under scan settings, check and make sure that the option Remove found threats is NOT checked.Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicatio... Read more

6 more replies
Relevance 82.41%

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Doug Optiplex 980 at 9:35:46 on 2011-12-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8182.5781 [GMT -5:00]
.
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k L... Read more

Answer:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433738 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 82.41%

Hi. I really need some help please. I have a Dell Dimension 4600 desktop pc running Windows XP. Malwarebytes removed the Security 2012 virus and now I have no internet. The desktop is connected to the router directly via an ethernet cable. We have two laptops connecting wirelessly without any problems. I tried to do a system restore but it won't work. Can anyone help please?

Answer:No internet after Security 2012 virus removed

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Fin... Read more

45 more replies
Relevance 82.41%

Hey guys,

We picked up Win 7 Antispyware 2012 and quickly removed it following the instructions at http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012. Everything seemed fine until we realized that the firewall (mcafee) won't start. Also we can't get into the windows security center. I ran both MalwareBytes and SuperAntiSypware in safe mode and they didn't discover anything (both clean) but obviously something still isn't right.

Any help you guys could give would be greatly appreciated. I work in IT and can follow directions quickly and accurately *and* this isn't my first time cleaning out viruses

Jay

Answer:Win 7 Antispyware 2012 removed but firewall won't start

Mcafee personal firewall depends on WINDOWS FIREWALL(You may be missing the service in this case)So due to dependency failure you cant turn on mcafee firewallGo to RUN and typeservices.msc and click okCheck if you have Windows firewall service.If you dont have that,try thisCreate a restore point before trying thisDownload both the registry fileshttp://www.mediafire.com/?317ea53a883288dhttp://www.mediafire.com/?z6aw8j7997qa7j9Launch and import them to registryRestart your PCNow,open RUN and typeregedit and click okgo toHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFERight click on it-permissionsClick on ADD and typeEveryone and click okNow Click on EveryoneBelow you have permission for usersSelect full control and click okNow,open RUN and typeservices.msc and click okstart base filtering engine service and then windows firewall serviceYou mcafee firewall should be ONGood luck

2 more replies
Relevance 82.41%

I have tried to follow the steps from several other posts, but to no avail.

First, I followed these instructions: http://www.bleepingcomputer.com/forums/topic424108.html

Then here: http://www.bleepingcomputer.com/forums/topic424137.html/page__p__2446881#entry2446881

Which took me here: http://www.bleepingcomputer.com/forums/topic34773.html
I followed from Step 6, as advised.

Now I have 3 logs which it says to post here. So here they are and I really hope that someone can help me to get on the Internet again from that computer, as it has my school work on it. Oh yeah, he said to call the file ark.txt, but my computer would only allow a .log file name, so it is ark.log instead, I hope this is okay.

I'm waiting patiently for you help. Thanks!

PS> I'm a computer idiot, so any response should be written in 2-year-old language otherwise I will be confused. I think I got the problem because my dad was playing a game on pogo.

Answer:Cloud AV 2012 removed - but no internet access

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429559 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 82.41%

Hey Guys,

So I somehow got the Win 7 Security 2012 malware on my Lenovo x201t Win7 x64 Ultimate. I removed it with Malwarebytes and then Microsoft Security Essentials. Everything seemed fine after the removal, but now my computer won't boot. It tries once or twice, then loads in to the start-up recovery manager. I used the restore option once and it worked, removed the virus and tried again and now it won't boot up. I created an Acronis True Image backup last night and also a Windows System Restore point but before messing with those I wanted to post and see if there is anything else I should do first.

I'm thinking the MBR is messed up as that is what the Alureon virus writes to, correct? I'm in the command prompt in the recovery portion of Win7 that you can get to at bootup. I think I should run a command like fixmbr or something along those lines.

Could anyone please provide me with some input on how to try and fix this problem.

Lastly, big downside... I don't have a Win7 disk here, although I do have a disk image of my CD that I could burn - but my x201 doesn't have an optical drive. I would like to create a Win7 x64 Ultimate bootable USB stick on my thumb drive and I know that can be done from Windows but I only have access to a Mac, is there anyway to create a bootable disc image on a USB stick from a MAC??
Thanks a lot guys!
-Mike

Answer:Removed Win 7 Security 2012 Malware - W7 Won't Boot Now

So I did the fixmbr command and now I can no longer push 'F11' to load Acronis True Image. I'm so incredibly frustrated right now... I think I'm just going to reinstall windows and start over, is there any possible way to make a bootable USB drive with the win7 CD image on it so I can reinstall windows? Again, I have no optical drive or I would just burn it to a DVD.
Thanks,

Mike

1 more replies
Relevance 82.41%

I got the newest incarnation of this Rogue Spyware yesterday. I've had it a few times over the years and pretty much know what to do. I got into safe mode, ran Malware Bytes and a registery cleaner, Trojan Remover. I was able to get rid of all files associated and fixed all apparent registery issues. I restarted my computer and re-ran this programs. All clean. BUT now my pc is not able to identify the network. I have my pc on my home network via eithernet cable from the router. I undid the cable and put my usb wireless in to see if i could connect to the wireless portion of my network. Once again, found network but stuck on identifying.

I'm stuck, any ideas?

Ian

Answer:Win 7 antispyware 2012 - network issue after removed

Welcome aboard Please download Farbar Service Scanner and run it on the computer with the issue.Check "Include All Files" option.Press "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.

13 more replies
Relevance 82.41%

Hello All,

I was infected with the fake removal tool Win7 Spyware 2012, and removed it with Spybot Search and destroy. After doing this, I noticed my harddrive was constantly being accessed, and my activity light on my motherboard's network controller was blinking like mad, even though as a test I went into taskmanager and shut down all programs. Also, my screen would black out momentarily, and then come back on with no apparent changes. I have Firefox set to not allow pop ups, and to warn on re-directs, but every so often, not every time I clicked a link, I would get re-directed in a new tab to some BS site for some product or another. I opened taskmanager, and 3 processes were listed as having no Username nor description. right clicking and selecting open location would not work. The three processes were; ATICLIEXX.EXE, CSRSS.EXE, and WINLOGON.EXE. I disabled the ATI executable, and when I ran in safe mode with networking, and opened task manager, CSRSS.EXE was listed with SYSTEM as the user, and I could open it's location folder. WINLOGON.EXE did not appear. Reboot in normal mode, and they were listed with no user and access was denied again. I ran McAfee, Super anti-spyware, and MalwareBytes, and only Malwarebytes found a problem, removing 2 trojans and 10 tracking cookies. Problem still persisted. I then ran Webroot, and it found and removed 2 trojans, but the problems still persisted. I then found and ran Hitman pro 3.5, and after it found and removed some hink... Read more

Answer:Removed Win7 Spyware 2012, now have problems.

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

27 more replies
Relevance 82.41%

Removed the xp home security virus with all the steps advised but now I can't open my browsers. Running XP Professional Service Pack 3. Run the diagnosis on the internet explorer and it tells me to contact the computer manufacturer. I also use Cricket Broadband internet and can text off of it. Just can't do any thing else if it requires using internet explorer. Please help.GreenmeannieRemoval guide for XP Home Security 2012 can be found here:Remove XP Home Security 2012 (Uninstall Guide)

Answer:Removed XP Home Security 2012 now no internet

Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.

20 more replies
Relevance 82.41%

I removed the malware with MalwareBytes. I have lost my Windows Defender and Firewall.

I get the following message: Specified service does not exist as an installed service. error 0x80070424

Did I remove the problem entirely and how can I repair my Window 7.

Thank you

Answer:Win 7 Anti-Virus 2012 - Removed with MalwareBytes

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

7 more replies
Relevance 82.41%

The computer in question is an HP laptop running Windows XP Home, SP3.
XP Home Security was keeping me from running... just about anything. It was mucking up the wireless card and IE (the only browser on it) would open and immediately close. No error, just a flash of a white window.

I managed to get Malwarebytes to do a full scan and it removed over 130 infections.
Rebooted, and the wireless card works and I can connect to the internet. I can't actively choose what network to connect to, it doesn't display any.

I installed Opera and Firefox to test with. Neither of them can connect to Google. It just hangs with no error. No "Can't connect" or anything. Just a forever-moving load bar. Any other website I tried worked fine, though.

Right now, it is currently locked up during a DDS scan. Mouse moves but nothing is clickable. I was going to post all the logs in the appropriate forum, but I didn't know what to do if it couldn't complete them, so I'm posting my issues here.

I've gotten the machine from dead to limping, I just don't know what to do next.

Answer:Removed XP Home Security 2012. Other problems still around.

Try Rkill, this tool eliminates 'temporary' the malware. ==> http://www.bleepingcomputer.com/download/rkill/And then try to run DDS and other tools.

4 more replies
Relevance 81.59%

Two days ago I was lucky enough to get the win 7 antispyware 2012 virus just browsing the internet. I didn't click on any links. When I got it, it pretty much locked my system down. I couldn't even start up in safe mode. Shortly after restarting my computer numerous times the virus minimized itself and gave me full access back to my computer. At that time I ran Malwarebytes like I usually would and removed the virus. I also ran super antispyware. Everything seemed to go back to normal except when I go into computer C: documents and setting or system volume info or config.msi and a couple other folders I get an error box. At the top it says Location not available, access denied. So I came to bp and followed these instructions to no avail http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012. I'm not sure if those instructions worked for me since I had already ran malwarebytes.

Answer:Removed Win 7 Antispyware 2012 Now access denied to folders

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 81.59%

After removing Windows XP Antivirus 2012 and Zeroaccess, lost internet connection. Says internet explorer cannot display the webpage. Network diagnostics says winsock error but still nothing after repair. DNS service does not work. Will not work in safe mode with networking. NIC card allows ip address invoking of router. Rest of network functioning for other computers, thankfully, because its gonna be a flashdrive job from a different computer.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Deanna Schwartz at 14:00:53 on 2012-01-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2815.2274 [GMT -5:00]
.
AV: WOW! Security 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: WOW! Security 9.01 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\WOW Security\Anti-Virus\fsgk32st.exe
C:\Program Files\WOW Security\Common\FSMA32.EXE
C:\Program Files\WOW Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Common Fi... Read more

Answer:No internet connection after Removed XP Antivirus 2012 and Zeroaccess

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

34 more replies
Relevance 81.59%

My computer is showing no connectivity to the net. Its local only and just says identifying. I can get on with my other computers no problem wirelessly and wired. I checked hours of posts and no fixes so far. Please help!

Answer:Removed Win 7 2012 Security Virus now Limited Connectivity

Just an update, I plugged the ethernet wire in and still just hangs on the part that says identifying. Anyone have this issue and fix it yet? - JT

4 more replies
Relevance 81.59%

Hi and thanks in advance for the help

Dell dimension e520
Win XP media edition SP2
Have a Dell Win xp media edition reinstallation CD
Malwarebytes and Avira antivir for security latest updates and scans show no infections

Had an xp security 2012 infection and a sys32 virus
after digging them out was unable to reboot
Performed a system repair from Dell reinstalation CD--noticed one thing here, I was asked for the disc containing the Service Pack2 files - I don't have that - my upgrade to SP2 was online from microsoft updates.
I continued, but have not reinstalled SP2 online --figured I'd better wait for the experts advice [thats you guys]

I'm having the following issues

1.Won't boot normally with the video driver installed --hangs at a black screen just after the windows splash screen. If I boot to safe mode and unistall the video drivers the machine will boot normally -re install driver set resolution and all is fine. Each reboot requires the same process.

2nd Not aquiring IP address --DHCP and TCIP are not loading on their own Go in to services and manually start them everything seems ok .Again required at each reboot

3rd --Cant print -- local area network printer, have reinstalled it several times- no clue here,everything apears to comunicate can even tell the ink levels and scan--it's a mutifunction printer scanner fax--but not print. Network is just my computer, a router, and a modem. Printer plugged into the router

After going through 1 &... Read more

Answer:Removed xp security 2012 & sys32 -still having issues want to make sure it's all gone

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
**Please run no scans or fixes on your ow.
**Please note that if there is no reply within 3 days to this thread it may be closed; please let me know ahead of time if you need extra time.
**Please only attach further logs if I ask, post them directly in a reply.

Please be patient with me during this time.

Thank you

19 more replies
Relevance 81.59%

My Mother-In-Law's HP Compaq dx2450 was infected with the XP 2012 Security Monitor virus and several other I am sure. I installed Avast from a flash drive onto her system (after finding a backdoor to get the .exe file to run), After Avast's removal of oodles of infected files through the root scan, the system rebooted, I am now unable to use the mouse or keyboard. If I safe boot they are still not operational. When I boot normally it loads the desktop and it looks absolutely normal, however the task bar does have several notifications with a red x, (can't really make out what they are, they don't look familiar).
I've booted into setup, but both devices are enabled (and they both work here)
I've booted into recovery and all diagnostic tests come back as pass (both devices work here)
I've used a different mouse (PS/2), still no luck
Both devices use the PS/2 ports
Lastly, the status light on the front of the tower was flashing between green and amber and then went to solid amber after boot

Any ideas as to why they are not being recognized? Thanks for any help.

Answer:Avast root scan removed XP 2012 virus

Hi, it is possible that the i8042prt service or driver file is/are missing. To check this, please do the following:Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Next download driver.sh to your USB driveRemove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Confirm that you see driver.sh that you downloaded therePress Tool at the topChoose Open TerminalType bash driver.shPress EnterAfter it has finished a report will be located on your USB drive named report.txtRemove the USB drive and insert it back in your working computer and navigate to report.txt

Please note - all text entries are case sensitiveCopy and paste the report.txt for my review

7 more replies
Relevance 81.59%

Hello.I removed Norton Internet Security 2012 from my PC two days ago (and then installed a trial of a new AV)and, on the advice of a friend, I also ran the Norton Removal Tool. My attempt to install MS Update KB2565063 failed and I received the following:SetUp.exe Unable to Locate Component:This application has failed to start because SetUpEngine.dll was not found. Re-Installing the application may fix the problem.Any suggestions regarding a fix would be appreciated it.Thank you again.

Answer:Removed NIS 2012, tried to install MS Update+Received Error

Is Microsoft Visual C++ 2010 Redistributable installed and reflected in Add/Remove Programs?

Is SP1 for Visual C 2010 installed and reflected in Add/Remove Programs?

Louis

I don't have the SP installed, but I do have VC 2010 installed...I don't have the update you reference.

1 more replies
Relevance 81.59%

Began as windows Xp antivirus 2012 issue
Followed general guidelines for removal
FixNCR
Rill
Malwarebytes
Reboot
There were some issues that remained and after reading a few posts I ran TDSSKiller

All seemed to be going well, but I continued to get alerts from Avira so I thought it would be in my best interest to switch AV since Avira was obviously not doing a good job. I downloaded AVG Free and installed. On installation I received an alert from my Spyware Guard alerting me to a BHO change and I remembered that I should have shut down SG during the installation. Since I could see that the BHO was from AVG I clicked to allow the BHO and the computer locked up and would not complete the AVG installation. I rebooted only to find some disturbing new nasty.

I now have a program that is starting on boot to windows. It is a blank?
program screen about 3x3 square. No words, no title. Only an icon that looks like a square with yellow red and blue squares in it. ?Along with this, none of my programs will allow an Internet connection.

Windows firewall settings cannot be displayed because the associated service is not running. Do you want to start the windows firewall Internet connection sharing service. Yes
Windows cannot start the ICS service

Have seen redirects that start with testendonline and findfast before, when I had Internet connection.

I have logs from dds and gmer but have no way of getting them posted from the infected PC at this time, until I can get some sort of Inter... Read more

Answer:Infected XP antivirus 2012 removed now no Internet and more infection.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434323 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

22 more replies
Relevance 81.59%

I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. I tried to run Rkill as instructed. If I use the ones with .exe, I get a "program too big to fit in memory" on the cmd prompt and it closes. If I use the .com or .scr, i get "this application is not a valid win32 application". I tried to run HijackIt.msi, and I cannot run a .msi I get a XP software restriction error. Basically I cannot run anything. I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running. Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.Right now I have it in a DMZ hanging off my ASA so it wont affect anythign else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP 2012 stuff would pop up. Looks like there might be a Apache server configured as weel.Here is the Malewarebytes log;Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6949Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187026/26/2011 6:52:33 PMmbam-log-2011-06-26 (18-52-33).txtScan type: Full scan (C:\|)Objects scanned: 271541Time elapsed: 1 hour(s), 8 minute(s), 8 second(s)Memory Processes Infected: 0Memory Modules Infected:... Read more

Answer:XP Antivirus 2012. Malewarebytes removed, still gets re-infected. Cannot run DDS or GMER

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

14 more replies
Relevance 81.59%

I have a Dell Inspiron 580 desktop with Windows 7 and Norton Internet security
Went to do a cleaning on it after Java update kept popping up
ADW found and removed chrome extension mkfikfff........
Jrt found and removed coupon printer and wininiti.ini
Malware bytes found nothing
Spybot found 18 low level items
 
ESET found 16 including Win32/toolbar.widgi.B
Msert found and only partially removed:
Exploit:Java/blacole.et
Exploit:Java/CVE-2011-3544
Exploit:Java/CVE-2012-0507
 
Running other programs, Hitman pro, Slim Cleaner, Advanced Systen Care, SFC, Microsoft security essentials and ESET in safe mode,
I got rid of the first 2 of the exploits
BUT No matter what I do, Exploit:Java/CVE-2012-0507 keeps showing up in the Msert scan.
Been working on this for 2 days.
Can anyone help? Please?!!!!

Answer:Exploit:Java/CVE-2012-0507 partially removed

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.===Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.p.s.If the SecurityCheck program fails to run for any reason, run it as an Administrator.If the site is busy or not available use this mirror site:http://www.bleepingcomputer.com/download/securitycheck/How is the computer running now?===Wait for further instructions.

35 more replies
Relevance 81.59%

I'm new to the site and hoping you can help (I'm not getting assistance from anyone else). I have two Windows XP login profiles set up (Sara and Dylan). Sara got hit with XP Security 2012 and System Check, and Dylan got hit with System Check. I tried the self-help guide but initially couldn't get RKill to end the process (I tried all the suggested name variants and a few of my own). Also, I couldn't get my laptop to run in safe mode for more than a couple of minutes before it automatically shut down. I found a registration key to temporarily bypass XP Security 2012 which allowed me to run RKill successfully (I did this in normal mode as with all the rest of the steps).

After going through the rest of the self-help guide things seemed to get better. TDSS Killer found nothing. Malwarebytes picked up the virus files (and Symantec End Point Protection picked up a handful more). But I'm still getting redirects and pop ups from Google searches on Internet Explorer. Also, after a complete scan with Symantec End Point Protection, I got a Boot.Tidserv warning for the MBR on Physical Drive 0. I tried TDSS Killer again but it still didn't pick anything up. Symantec said it was able to clean the file when I requested it.

I've followed the preparation steps up to the GMER scan but after running the scan, I got the blue screen of death and a forced reboot. I wasn't able to read the full screen of error message fast enough but after a reboot I rec... Read more

Answer:Removed XP Security 2012 and System Check but still getting redirects.

Hi Dylan!Welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are update... Read more

41 more replies
Relevance 81.59%

So I got the XP Antispyware 2012 Virus on my computer. I went through the steps to remove the virus (FixNCR.reg, RKILL, TDSS rootkit infection removal then ran Malwarebytes) I went through all these steps from a flash drive downloaded from a clean computer because the infected computer could not and cannot access the internet. These steps seem to have removed the virus but I am still unable to access the internet. I have verified that all my connections are intact and that windows firewall is disabled, in fact it seems like it was already disabled and when i tried to enable the firewall i received a notice "Windows cannot start the windows firewall/Internet Connection Sharing ICS." I read a few other similar posts and it seems that the first step is to run the Farbar Service Scanner and post the log please see attached Farbar log. If you can help it would be greatly appreciated.

Answer:XP Antispyware 2012 Seem to have removed virus but cannot access the Internet

Welcome aboard Please always paste your logs.Farbar Service Scanner Ran by LoanProcessor (administrator) on 03-01-2012 at 20:42:41Microsoft Windows XP Professional Service Pack 3 (X86)Boot Mode: Normal****************************************************************Internet Services:============Dhcp Service is not running. Checking service configuration:The start type of Dhcp service is OK.The ImagePath of Dhcp service is OK.The ServiceDll of Dhcp service is OK.afd Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open afd registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open afd registry key. The service key does not exist.Connection Status:==============Localhost is accessible.There is no connection to network.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:=============sharedaccess Service is not running. Checking service configuration:The start type of sharedaccess service is OK.The ImagePath of sharedaccess service is OK.The ServiceDll of sharedaccess service is OK.Firewall Disabled Policy: ==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall"=DWORD:0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Res... Read more

21 more replies
Relevance 81.59%

Hello All, I am helping a friend out who had the VISTA Home Security 2012 virus on her laptop. Here are the steps already taken:ran FixNCR.regran rkillinstalled & ran mbamEverything worked fine, and mbam found and removed 4 infected files. I then rebooted the machine, and ran another full scan which returned 0 results. However, I cannot get the machine to access the internet. I ran a full FSS scan, and here are the results.Farbar Service Scanner Ran by _____ (administrator) on 23-12-2011 at 12:58:44Microsoft? Windows Vista? Home Basic Service Pack 2 (X86)********************************************************Internet Services:=================Connection Status:=================Localhost is accessible.There is no connection to network.Google IP is accessible.Yahoo IP is accessible.Windows Firewall:================MpsSvc Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.bfe Service is not running. Checking service configuration:Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.Checking ImagePath: A... Read more

Answer:VISTA Home Security 2012 Removed, still have issues

Welcome aboard Those registry keys concern Windows firewall and system restore.Network files and registry keys look fine.Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList DevicesList Users, Partitions and Memory sizeClick Go and post the result.

9 more replies
Relevance 81.59%

My computer was infected with Security Sheild 2012. I followed your removal guide and everything seems fine except a couple of issues.

1. - When I use Google, all of the links redirect me to other sites (such as "happili.com").

2. - This is probably related to #1, but I have noticed even after a reboot, I always have 2 - 10 "Iexplorer.exe" processes running, even though I NEVER run IE. I kill the processes, but I always have at least 2 or 3 start back up.

Here are the logs (from the "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help").

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
Run by Shayne at 20:17:14 on 2012-04-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8191.5852 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32�... Read more

Answer:Removed Security Shield 2012 but Google still redirects.

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

30 more replies
Relevance 81.59%

I was able to get malewarebytes to run in safe mode, and it appears to have removed the XP antivirus 2012 as I can work with it. If i try to run rkill or GMER I get a "program too big to fit in memory" on the cmd prompt and it closes. If I use the .com or .scr, i get "this application is not a valid win32 application". I tried to run HijackIt.msi, or any .msi I get a XP software restriction error. Basically I cannot run anything. I tried to run ESET online scanner and it became re-infected rather quickly even while ESET was running. Finally I tried running avira rescue cd to no avail. Apparently they have changed all file associations and permission etc. I looked at the local security policy and I dont see any software restrictions.

Right now I have it in a DMZ hanging off my ASA so it wont affect anythign else, but I cant hook it up to the internet it will just get infected again. One process i saw come up was yki.exe and then the XP 2012 stuff would pop up. Looks like there might be a Apache server configured as well.

Answer:XP Antivirus 2012. Malewarebytes removed, still gets re-infected. Cannot run DDS or GMER

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

5 more replies
Relevance 81.59%

I was infected with the Win XP AV 2012 and removed it, but the network is and server shares won't connect. The workstation service will not run. Has anyone else ran into this issue?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by LWelker at 17:24:25 on 2012-01-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3567.2895 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\LTSVC\LTSVC.exe
C:\WINDOWS\LTSvc\LTSvcMon.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Microsoft SQL Serv... Read more

Answer:AV 2012 Removed, now cannot use network and the workstation service won't start

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

13 more replies
Relevance 81.59%

Hi, first sorry I already started a post in the log forum but I know that was the wrong place.

I was able to go through again and follow all the steps in the tutorial to remove this virus (utilizing a flash drive to transfer the downloads to the infected computer).

My remaining problem is no internet connectivity and cannot run Avira. Thank you!!

Answer:Removed Win 7 Security 2012 virus - now have no internet and cannot run Avira

HiDownloadhttp://download.bleepingcomputer.com/farbar/FSS.exeand run it on the infected PC.* Click on "Scan".* It will create a log (FSS.txt) in the same directory the tool is run.* Please copy and paste the log to your reply.

52 more replies
Relevance 81.59%

Hi There,

I hope I've got what you need here. I was able to partially remove the Win 7 Home Security 2012 Virus, but don't think I got it all because I had to do it manually. My MBAM, and none of the other Antimal software apps I installed, would update. The reason I say partially is because I've been left with a computer on which my search results redirect when I click on them and most of my onboard programs will not connect with the internet even though I have a connection. I've tried updating MBAM, going to the iTunes store and one or two others. I have not attached the GMER log because I'm running Windows 7 64-bit and the link said it's only for 32-bit.

Hope this everything you need to help me.
 Attach.zip   5.19KB
  0 downloads

 DDS.txt   26.46KB
  0 downloads

Answer:Win 7 Home Security 2012 Virus Partially Removed

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

33 more replies
Relevance 81.59%

I was recently infected with the Smart Fortress 2012 malware. I'm fairly confident I've successfully removed it (ran lots of tools, which found it a removed it, no symptoms currently). However, it seems to have done damage to Windows Firewall. I cannot start the firewall service. I have tried multiple fixes (5 or 6, many per instructions of Microsoft's website), including Microsoft's associated FixIt tool for this problem, to no avail. I still get the message "Windows could not start the Windows Firewall on Local Computer..." (see attached jpg for error).

Also, I tried a System Restore (tried 4 restore points), the process failed each time.

Would greatly appreciate any help.

Answer:Smart Fortress 2012 Removed, Can't Start Firewall Now

Hello and Welcome -Can you please list all Antivirus / Antimalware / Firewall programs that you have installed at this time.More of a chance that one of them are blocking it for now -Thank You

4 more replies
Relevance 80.77%

I removed Security Suite 2012 over the weekend following the instructions on this website. It appears to be removed, but I am now having problems with using any search engine. When I attempt to search using Bing or Google, the computer just sits waiting for the website. It does not connect to the search engine nor does it redirect to another site. I saw someone else had similar troubles after removing Security Suite 2012, so I'm suspecting I may not have completely removed it or that it left behind some damage.

Thank you for being here and being so helpful.

Carol

Answer:Removed Security Suite 2012 but now search engines won't work

Hello,Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it.To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.~BladeIn your next reply, please include the following:TDSSKiller Log

5 more replies
Relevance 80.77%

Hi

I am new to this forum and came across this great resource by googling . I got my Sony VaIO laptop infected with the Win 7 2012 fake antivirus along with a combination of google redirect virus.I followed some of the advice given online and used TDSSkiller along with Malware Bytes and Combofix. The malwarebytes and TDSSKiller worked well.The combofix seemed to run in compatibility well and then the system crashed . I have access to a Windows 7 CD and tried all three options of system restore,restore through image and startup repair but the system is not able to perform the repair operation or restore.

After searching some of the threads on this forum came across the Farbar system recovery tool and decided to run it from the command prompt. To save time I scanned it using the FRST tool.Below is the scan log.....I realize should not have run the combofix without supervision .Kindly guide me as soon as possible in getting the system to boot and possibly remove any traces of the malware that might be left.

Scan result of Farbar Recovery Tool (FRST written by farbar) Version: 17-01-2012 00
Ran by SYSTEM at 2012-01-22 18:43:09
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10775584 2010-05-31] (Realtek Semiconductor)
HKLM\..... Read more

Answer:Windows7(2012 fake antivirus removed) Combofix will not boot

Hello, can you please post me c:\combofix.txt as well so I can see what it deleted? (you can open it by typing c:\combofix.txt at the command prompt in the recovery environment and then saving it to a flashdrive).

2 more replies
Relevance 80.77%

 A "program" named CVE-2012-4792 cannot be removed. I get an installer error:
"Warning: can't delete value '{a1447a51-d8b1-4e93-bb19-82bd20da6f2}.sdb' under registry key
'Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe'
 
Nokojon has so kindly been helping me with forums/t/486948, and suggested I open a separate request for this problem.  I think it slithered in with the Java problems, and I did all I could to remove Java from this HP machine. I run XP SP3, MSEssentials which only found something once, when I used Rkill before I ran its scan. It said it removed trojans so I restarted the machine, deleted all previous restore points and made a new one. I use IExplorer 8 and have turned off most add-ons. I use MS Firewall and MS update and Secunia for updates.  I also use Super Anti Spyware which "only" always finds text files to delete or quarantine, now up to about 125.  I didn't understand the Hosts file and I deleted all the entries in it but thanks to Nokojon I will start rebuilding it with one of the utilities he had me run.
 
I will not be able to get back to this until late tomorrow (Wednesday 3/5 or Thurs/Fri).
 
I backed up some important files and ran DDS per Grinler's preparation guide.  Here is the DDS.txt file. And the attach file should be attached.
 
Thank you for your time reading this  You can refer to the other open case for more info, and I think I addressed this problem once t... Read more

Answer:A "program" named CVE-2012-4792 cannot be removed - re: forums/t/486948

Greetings JoanneMT and Welcome to the Forums,CVE is an acronym which stands for common vulnerabilities and exposures. The particular CVE notice you are referencing relates to vulnerabilities in Internet Explorer that were addressed by Microosft in the updates, available Here. It's not necessary to uninstall it but it's also not necessary to keep either, once the updates are in place. As I understand it, there was a "fix-it" that Microsoft issued, as a stop gap measure, prior to those updates. I believe that's what you are wrestling with.The best thing I believe you should do is to leave the Microsoft "fix-it" where it is...and, since you are still using Windows XP, try getting familiar with FireFox instead for use as your web browser.Windows XP users are unable to upgrade IE beyond IE8, which still leaves them in dire straights as to security concerns, so shoring up security by means of an alternate browser is a much better plan. Are you having any issues we can help you with?

15 more replies
Relevance 80.77%

I've been trying to get various things to work on my new computer (Windows 7 64-bit) and apparently caught something in the process, or possibly when I was downloading a video, which is when I first noticed a problem.

All of a sudden Firefox became unresponsive, then the entire computer stopped responding. I unplugged from the internet, and tried to shut down the computer, but couldn't. I tried CTRL/ALT/Delete, but nothing happened. I finally held down the power button and got it to turn off.

After rebooting this happened again, and this time it didn't seem to shut all the way down. A light was still on, until I unplugged the computer, and took out the battery.

I did a scan with Avira, which found two files, with a total of 9 problems, and quarantined them. It also found three 'warnings' but didn't do anything about them. So I ran the Kaspersky online scanner, and it also found three 'vulnerabilities'. I'm pasting the event log entries of Avira and the log from the Kaspersky scanner below. I also ran an MBAM scan which didn't find anything.

I tried to run HiJackThis, but got a couple of error messages:

>>
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\windows\System32\drivers\etc\hosts

and press Enter. Find ... Read more

Answer:'Warnings' after Avira removed EXP/2011-3544.DL.1 and EXP/CVE-2012-0507

Replying to myself, in the hopes this doesn't get lost completely in the massive amount of posts. Still very concerned about the three 'warnings' that Avira never showed before, and which seem to be in a couple of program files.

I don't know if it's safe to use these programs now, or if I should uninstall them and reinstall fresh. There's also the file in the SysWOW64 folder. I'm also concerned about doing any banking or other vulnerable activity on the computer until I know the exploits are truly gone.

I'm sorry I was not able to attach a HiJackThis log, because of a couple of error messages that I didn't know what to do with, so I'm hoping someone could tell me what to do about that too. And I didn't do anything with GMER, because I'm on 64-bit, and my understanding from the instructions in the STICKY is that I have to skip that step. If that's wrong, please let me know.
 

2 more replies
Relevance 80.77%

Okay, when I first noticed the problem, I tried to use ctrl alt del to stop IE, but the device manager crashed.
So I turned off the computer, and when I tried restarting, the virus started immediately.
After restarting in safe mode, I tried to run My antivirus program (avira), but gave up when the scan was only 5% complete
....after 6 hours
after that, I used System Restore to roll the computer back a week.
Upon restarting, the virus was still present, but partially inactive.
after managing to bypass the virus' redirects, I found and downloaded Malwarebytes AMW.
Successfully ran full scan in safe mode, MWB found and removed a few infected files, including AV Securiy's desktop shortcut.
When my computer restarted this time, the keyboard would not respond at all, but I'm still able to use the onscreen keyboard
Ran MWB again, and this time the second it found a file, Avira's activeguard blocked and removed a malware file, followed instantly by 9 more.
However, The keyboard still didn't work and AV Security's Icon was STILL in the start menu.
Found bleepingcomputer's uninstall guide, downloaded and ran TDSS killer and found...
Nothing.
.....
And that's my story.
So, Can anyone help me, please?

Answer:Removed AV Security 2012 (partially) Now keyboard doesn't work...

Oh yeah, sorry about forgetting to mention this earlier, but I've tried different keyboards and also uninstalling and reinstalling the keyboard driver both normally and in safe mode, with no luck.
The device status for the keyboard (from the Control Panel) is:
"This device cannot start (code 10)"

6 more replies
Relevance 80.77%

All scans I have done so far informs me that I have removed the nasty anti virus 2012 on my vista lap top. When I put the machine in safe mode all the icons on my desk top are there. When I boot up in normal mode the task bar and desk top icons are missing. Does this mean something is still running in the background connected with this virus

Answer:Removed Vista Anti Virus 2012 Desk Top BLANK

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/438810 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 79.95%

My computer became infected with the Vista Security 2012 virus so I used rkill to stop it then wiped it with MBAM. After restarting my computer I was unable to access the internet. I noticed that I had ping.exe so I ran ComboFix to remove it, however I still cannot access the internet. My computer will connect to the local network but not the internet. Link to previous post as requested. http://www.bleepingcomputer.com/forums/topic434356.html

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_27
Run by Kiri at 17:35:25 on 2011-12-24
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3573.2303 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsv... Read more

Answer:Removed Vista Security 2012 virus and ping.exe, can't access internet

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434366 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

20 more replies
Relevance 79.95%

I was recently infected with the Vista 2012 Security Virus. I followed all the instructions from one of your forums and removed the virus. I can now access my e-mail and the internet but am now being redirected to random sites. Since the virus, I also keep getting a pop up message for Adobe Flash Player 11.1 Installer every few minutes. I am not sure if this is fake but I never got that popup until I had the Vista virus. I am not very computer savey and really need help. Thank you.

Answer:FireFox - searches redirected after Vista 2012 Security virus removed

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart th... Read more

7 more replies
Relevance 79.95%

Recently, I removed a virus titled Windows Security Essentials 2012. I removed it by following the steps for virus removal provided by this site. Once the virus was removed I lost my internet connection. Coming back to the site, I follow the Preparation Guide For Use Before Using Malware Removal Tools and requesting Help, but ran into a snag at Step 5 "Enable Firewall" I cannot access my Firewall. When I follow the steps a pop up that states: "Windows Firewall Cannot be displayed Because the associated server is not running. Do you want to start the Windows Fire/ Internet Sharing Service:".When i click Yes, it is met with this response: Windows cannot start Windows Firewall/ Internet Sharing Service Should I continue to the next steps of the Preparation Guide?How can I regain my internet connection?

Answer:Removed Window Security 2012 Virus, but now I have lost my internet connection

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

19 more replies
Relevance 79.54%

Can you still buy system center 2012 Sp1? Is the 2012 R2 just an upgrade to it? Are the system requirements the same? I was just curious because I couldn't find any info on sp1??

Answer:System Center 2012 SP1 vs 2012 R2

Here's the system requirements for SC2012 R2:
https://technet.microsoft.com/library/dn281925.aspx

As for R2 vs SP1...usually the "R2" means it's an upgraded version, sort of like Server 2008 vs 2008 R2 or 2012 vs 2012 R2.

1 more replies
Relevance 79.54%

What`s new:

Based on user feedback and especially the extra effort from loyal WinPatrol fans we've improved reliability with WinPatrol 25.6. WinPatrol features work better than ever and we've removed the possibility of confusing messages that may have given incorrect alert messages.

* Fixed Multiple Alerts When Startup Removed
One of the newest features of WinPatrol 25 is letting users know if a Startup program had been removed without their knowledge. Unfortunately, occassionally a bug appeared that once the initial warning appeared, WinPatrol continued to warn about the removal of other programs which still existed in the list of Startup Programs.

* Windows 7 Performance Boost
WinPatrol has always worked well with all versions of Windows including Windows 7, this version takes better advantage of performance ability available to Windows 7 users.

* Multiple Add/Remove Uninstall Entries
When checking the Uninstall list using the Add/Remove or Uninstall applet, WinPatrol may have retained previous versions. This version will remove past entries that exist.

* License Agreement Info
In the past the license agreement for various WinPatrol versions were not clearly stated and easy to find on our website. The new setup program includes a description of the Free, PLUS, Family Pack and special licenses. Users will now see how unique WinPatrol is and what few restrictions exist.

* Scotty Barking at Random
This has been a long time unexplainable quirk that never made se... Read more

Answer:WinPatrol 2012 PLUS v25.6.2012.0-Update

RE: WinPatrol 2012 PLUS v25.6.2012.0

Thanks for the update.

Good day.
 

2 more replies
Relevance 79.13%

I was told to post in this forum from the Am I infected? What do I do? forum, http://www.bleepingcomputer.com/forums/topic433058.html.

Again, the background on the problem. The other day when I started the computer it said it restarted automatically after a windows update. Then after a minute after start up it said yahoo toolbar had been updated as well and I clicked OK. I then went to open firefox and it seemed as if I had no internet connection and then I restarted firefox since it was not opening anything, upon doing a search on google for the urban dictionary I was sent a redirect and then started to get fake warning saying my system was infected I closed out those windows with the upper right X, and then looked up the name of the fake program and was redirected a few more times. I followed the guide on this website and performed everything it said http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012,
I also followed this guide http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller, and ran tdss killer as stated, it didn't find anything.

Upon the first run of malware bytes it did remove XP home security 2012, but I was still getting redirects when using google search and yahoo. I ran malware bytes again and it didn't find anything the 2nd time, because I was still getting redirects I ran ad aware and it found some supposed trojans and removed those. After restarting I was still getting redirects an... Read more

Answer:XP Home Security 2012 removed, google redirects and system fix program present

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing... Read more

40 more replies
Relevance 79.13%

The other day when I started the computer it said it restarted automatically after a windows update. Then after a minute after start up it said yahoo toolbar had been updated as well and I clicked OK. I then went to open firefox and it seemed as if I had no internet connection and then I restarted firefox since it was not opening anything, upon doing a search on google for the urban dictionary I was sent a redirect and then started to get fake warning saying my system was infected I closed out those windows with the upper right X, and then looked up the name of the fake program and was redirected a few more times. I followed the guide on this website and performed everything it said http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012,
I also followed this guide http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller, and ran tdss killer as stated, it didn't find anything.
I was going to post the intial findings of malware bytes and rkill but now cannot see the my computer or anything except recent program files.
Upon the first run of malware bytes it did remove XP home security 2012, but I was still getting redirects when using google search and yahoo. I ran malware bytes again and it didn't find anything the 2nd time, because I was still getting redirects I ran ad aware and it found some supposed trojans and removed those. After restarting I was still getting redirects and I seen on google how so... Read more

Answer:XP Home Security 2012 removed, still redirects and system fix (fake program) present

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

9 more replies
Relevance 78.31%

Win 7 Home Security 2012 somehow got installed on my computer. I followed this guide (http://www.bleepingcomputer.com/virus-removal/remove-win-7-home-security-2012) to try and remove it. It seemed to remove it successfully, no more annoying popups but I'm still getting Google redirects. So I followed the rest of the instructions to get the logs below. Note: When I ran Gmer (and tried to d/l multiple times from different locations and even run in safe mode) all of the options were grayed out expect for Services, Registry, Files, and C:\. Any help would be greatly appreciated. DDS.txt: .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Susan at 20:21:21 on 2011-12-23
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.5934.3141 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\Syst... Read more

Answer:Win 7 home security 2012 supposedly removed but still getting TDSS caused (possibly?) Google redirects

Hey, don't worry about searching these logs...The malware is mostly removed so I can now just backup my files and reformat...Thanks anywayP.S. A mod could close this topicMod Edit: Closed per user request ~ Hamluis.

1 more replies
Relevance 78.31%

4. What are the changes in this release?

19.6.2 contains changes that help with forward compatibility with certain product services. This patch also contains fixes from the previous patch. Some of those changes included:

- Updated Monthly Report Card behavior
- Updated the Norton Toolbar look and feel
- MS Word 2003/2007 ?Open dialog box? error will no longer appear (Discussed Here)
- Corrected an issue where Popup Notifications could not be disabled
- Added ?Secure Resume? feature ? Identity Safe Locked when computer goes in to sleep mode.
- Out-of-the-box support for Google Chrome and Mozilla Firefox versions released between 19.2 and 19.5.
- Improved Cloud-based detections.
- Enhanced Norton Management integration.
- Quick Scan should do a better job of detecting the idle state of a system before running.
- Corrected several Browser/Toolbar crashes when using IE, Chrome and Firefox. (Filling forms or Credit cards on some sites was crashing and is now corrected in addition to other reported crashes.)
- Corrected an issue with Settings UI launch to increase performance
- Corrected a Reputation Scan failure
- Updated Firefox support to include version 8
- NCO carries a new feature called Secure ResumeClick to expand...

Read More

Dated on March 22, 2012
 

More replies
Relevance 78.31%

MINOR PRODUCT UPDATE: 19.1.1.3 for Norton Internet Security 2012 and Norton AntiVirus 2012 is Now Available
...
To receive the update, simply run LiveUpdate and download the update. A reboot will be required once the update is applied.

To verify you have the update, launch the Main User Interface, click on Support, and select About. The version number of the new release is 19.1.1.3
...
4. What are the changes in this release?

19.1.1.3 contains only minor changes. These changes are focused around our Online Platform and Norton Confidential/Norton Toolbar and include:
- Corrected an issue where Product Name/Version was not properly passed through when navigating online help.
- Correct an issue with "Failed to login to your Norton Account" may display erroneously.
- Improved Norton Toolbar/NCO Functionality with Google Chrome.
- Fixed Sync issues with Norton Management and the Norton Product.
- Corrected an issue where Identity Safe may force you to change your password after an elapsed period of time.
...Click to expand...
 

Answer:Product Update: 19.1.1.3 for Norton Internet Security 2012 and Norton AntiVirus 2012

Thanks for the notice, maybe the update also was included about other issue posted by users in their forum.
 

4 more replies
Relevance 78.31%

4. What are the changes in this release?

19.7 contains changes that help with forward compatibility with certain product services. This patch also contains fixes from the previous patch. Some of those changes included:

- Corrected the Google Chrome-specific issue where Norton Toolbar does not load when Google Instant is ON (link)
- Corrected the issue where customer is logged out of IDS despite setting a log out time of 15 mins (link)
- Better handling of login sites where username / password span multiple inputs
- Corrected an issue where the Password field was getting saved with "Password" string instead of customer input
- Corrected the issue where All logins listed in toolbar didn?t get refreshed unless the open browser session was restarted
- Corrected the issue where it was unable to change Identity Safe password
- Long passwords are accepted in recent Online Vault UI (link)
- Corrected the issue where customers remain logged into Norton Account even though they had unchecked Remember Password option from Create New Norton Account UI
- Corrected the issue where customers were not prompted to fill the card details using the saved data in IDsafe in My Account page (link)
- Corrected the issue where customer?s login got filled in the Edit Phone Numbers page in capitalone.com
- Corrected the issue where Last Submitted Login got autofilled when trying to overwrite the filled login (link)
- Corrected the issue where Update Password infobar does ... Read more

More replies
Relevance 77.49%

Hello, I am very safe with my computer and i download the update for adobe and then I randomly started to get the win 7 antivirus 2012 thing. It wouldn't let me use anything I've seen this happen before on my friends computer but I still don't understand why or how I got it on my computer. I am using spy bot search and destroy and McAfee because it was free when I bought my laptop. I ran safe mode and did a system restore and the viruis was gone I believe is there anyway to see if its still there. I use Firefox and everything to keep people from stealing my information. I would like to know if there is a way to check for it or if I should do a complete system restore like I just bought my computer.

Please help and respond. This is my first new computer and I had it for less than a yr.
 

Answer:Win 7 antivruis 2012 gone after system restore?

6 more replies
Relevance 77.49%

Not getting any help on the AVG forum so I thought I would try here....

After a full scan using AVG Free 2012.0.2197, virus db ver 5209, I get the following results (AVG will not remove them):

"";"C:\Windows\explorer.exe (1932)";"Trojan horse Generic_r.BAT";"Deleted"
"";"C:\Windows\explorer.exe (1932):\memory_03ac0000";"Trojan horse Agent_r.BLB";"Infected"
"";"C:\Windows\explorer.exe (1932):\memory_03ab0000";"Trojan horse Generic_r.BAT";"Infected"
I'm running Windows 7 SP1 and am using no other anti-virus software. I installed and ran Spybot to see if that would help, no luck.

I have run the scan a few times and notice that the first item continually shows up in the scan results, even though it says "deleted". The other two items have consistently indicated "Infected".

As instructed on the AVG forum I ran a scan usign a program called GMER. After the scan was complete a message came up stating "Warning GMER has found system modification caused by ROOTKIT activity".

I have not noticed anything unusual with my computer.............yet. Where do I go from here? Any help would be much appreciated!

Answer:Trojan Horse Agent Not Removed using AVG FreeAfter a full scan using AVG 2012.0.2197, virus db ver 5209, I get the following re...

Turn Off Your PC. Turn it back on. After the BIOS [PC Logo] screen, repeatedly tap F8 until a list of options appear. Select "Safe Mode with Networking." Once loaded, login as usual and open up your prefered Internet browser. Next, download Trojan Remover (it's a free 30 day trial but trust me, it works!) and install it. Start a full scan with this software, it'll detect the Trojan and remove it. Worked for me when every other software wasn't.If it re appears, just reply here or reasearch how to use HijackThis then apply that method along with Trojan Remover.Thanks

6 more replies
Relevance 76.67%

Hi,

Thanks in advance for helping me with this topic.

My computer got attacked by the AV security 2012 virus earlier today. I ran my Malwarebytes Anti-Malware software, it did its thing for over an hour, and then restarted the computer. After restarting, none of my web browsers worked. Then later, none of my programs would open either. I then restarted again, did a system restore to the last checkpoint. I attempted this twice and each time the computer told me the system restore failed. I restarted one more time without going it in safe mode and found my computer back to the last system restore checkpoint, despite being told that it didn't work.

So my concern now is whether or not the virus or other viruses are still there. I'm hesitating from running Malwarebytes again because of losing all my programs the previous time.

I used hijackthis and this is the log it produced:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:32:21 PM, on 12/30/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Users\Public\Desktop\ITS\Anti-Malware\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPNOT/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Inte... Read more

Answer:AV Security 2012- post system restore

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435417 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 76.67%

Hubby was trolling for T&A this morning. Microsoft Security Essentials caught a file which details said was of medium risk. I thought it was some advertisement software, caught, therefore not dangerous. When he finished ogling, we had XP Security 2012.

I recognized it as being not something I owned and not part of the system, so I clicked on nothing that popped up except to close it. Even so, I quickly could not explore my machine, connect to the web, run any program, etc.

I started surfing for info on another PC, looked at all the registry hooks it might have in addition to the variable names, and booted the infected PC into safe mode. Windows, of course, reminded me of system restore, I figured what the hey, and restored to a point 3 days ago.

When it came back up, I was not seeing signs of XP Security 2012. I could find MSE again, get to the web without being told Firefox was infected, open a DOS window, see the real Windows Security Center, etc. I then installed and ran a quick check with Malwarebytes' Anti-Malware. It found 4 items, 2 of which were PUMs that I did make and wanted. MAM is now running a full scan of the previously infected drive and the backup HD in that machine.

My question is, what are the chances that I've dodged a bullet versus that the beast is hiding? MAM was mentioned on many sites as being able to get rid of this trojan, so I would think it would find any leftover parts on a scan, yes?

(btw, hubby is restricted to the... Read more

Answer:? could doing a system restore have gotten rid of XP security 2012 or am I dreaming?

Re: ? could doing a system restore have gotten rid of XP security 2012 or am I dreami

I really would advise you to follow our procedures, there could be remnants hiding somewhere. System restore if often, especially nowadays, like band aiding a great big gash with a plaster.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 76.67%

Hi, just so I don't destroy my setup I Like to ask if anyone else have restored their system from a image made by Acronis true image home plus Livecd 2012?

My setup is the following:

Windows 7 32 bit on 1 HDD with the following NTFS partitions: Partition 1(Reserved for system - Bootloader), partition 2(C: windows), partition 3(E: Data and backup).

Now, I have made one incremental image including Partition 1 and 2 + MBR, but not partition 3 - and backed this up to Partition 3.

What I'm curious about is, if True image without any problems can restore partion 1 and 2 + MBR without destroying Partition 3?

Or if I should leave MBR out?

Is there any problems with drive attributtes, like bootable partition?
I have used Norton ghost for years, ever since the first Dos version, and never had any problems - the problems come with Vista and up because of the bootloader partition.

Hope someone already have tried this and can answer my question - Please, I know it should be possible, but I like answers from someone already tried this or seen it done, because theory is one thing and practice another.

With kind regards

JBJ

More replies
Relevance 75.85%

I am unable to perform system restore with Kaspersky. Each time it says, "unable to complete, an antivirus programme is using a file.
What do I have to turn off to get system restore to work?

Answer:System restore and Kaspersky Internet Security 2012

Disable your Anti Virus temporarily and try a system restore again.

8 more replies
Relevance 75.85%

Hi, everybody
Prompt please, MS SQL 2012 on the virtual computer. Backup of all section with bases every day, at 19.00. That is, for every day I have the file copy .MDF and .LDF. Is there a way to recover the database at a certain time? Not 7 hours, but for example at 12.00. If I just attach the base then at the start I get an error about the lack of backup. Because backup wasn't carried out by means of Ms SQL though at start of procedure of restoration it is possible to choose a timeline. Thanks for the help)
 

Answer:Solved: Restore MSSQL 2012 on some point. (Not backup)

If you have a file backup from 12pm, then I don't know why you can't restore that backup. Maybe the exact error message and process info would help.
 

2 more replies
Relevance 75.03%

You have been helping me with removing the Windows Restore virus and XP Security 2012 virus. Below is the DDS Log. I have tried repeatedly to run the GMER log, but after it scans for over an hour, it freezes. So I'm not sure how to proceed with that..DDS (Ver_2011-06-12.02) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26Run by matt gray at 10:05:16 on 2011-06-23Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.31 [GMT -4:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\WINDOWS\system32\HPZipm12.exeC:\Documents and Settings\matt gray\Desktop\PSI\PSIA.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exeC:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exeC:\Documents and Settings\matt gray\Desktop\PSI\sua.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Pro... Read more

Answer:Windows XP Restore Virus and and XP Security 2012 Virus

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

7 more replies
Relevance 75.03%

First time posting, thanks in advance for the help.

So I've recently come in contact with the Vista Security 2012 rogue, and have taken steps to remove it. I've done the task manager closing, deleted the exe and tried cleaning registry keys (bouncing between a hundred different sites at the time) and I ended up ruining my .exe associations. Well, crap. I used xp_exe_fix.reg to restore .exe functionality, but when I went to use System Restore, nothing happens. I'm just staring at the desktop. I can see rstrui.exe running in Task Manager, but nothing is happening. Where do I go from here?

Answer:Vista Security 2012 Aftermath / System Restore error

Other .exes are working fine, but I'm positive that the virus messed with rstrui.exe somehow.

3 more replies
Relevance 75.03%

When I boot this laptop it tries to do an automatic start up repair but I never get into Windows. I have tried booting and pressing F8 and Shift and F8 to try to get to the part where I can do a factory restore with no success. It has Windows 8 installed on it. I know from Windows I can hold shift and click restart to get there, but I cant get into Windows. Any suggestions?

Thanks.

Answer:How to get to the repair/restore on a Dell Inspiron 15 (3521, Late 2012)

Do you have a Windows 8 installation CD? Do you have a secondary Windows 8 machine? If so...

https://www.winhelp.us/create-a-reco...windows-8.html

4 more replies
Relevance 73.39%

hi does anybody know if i can run kaspersky anti-virus 2012 and kaspersky internet security 2012 at the same time ? thank you (please don't email me your reply as it is down)

Answer:kaspersky 2012 or 2012?

It's never advised to have two anti-virus programs installed. Internet Security has AV installed so the stand alone is not needed

7 more replies
Relevance 71.75%

Hiya! I recently contracted serious compu-flu-like syptoms!! While watching a live streaming sports event (Flyers hockey is addicting!), I seem to have been inadvertantly infected with an insidious virus! Amidst the glory of sports viewing, suddenly my browser auto-closed and a dreaded "Fake" Security (XP Security 2012) virus began it's nasty habit of lying to me. Having run across similar infections in the past, I attempted to isolate it's processes via Task Manager & then hit it with a regularly updated Malwarebytes scan. At the conclusion of the scan, Malwarebytes required rebooting the machine. Alas, though this seemed successful, I quickly realized that this version was more robust than the prior offenders I had managed to effectively deal with. On top of not removing the infection, I now additionally had Security Sphere 2012 chiming in with it's fake warnings along with the original culprit! Gettting more agressive, I atacked the issue from Safe Mode, rerunning the Malwarebytes scan & double checking some of the more obvious registry locations for issues. This initially seemed to do the trick! I rebooted normally and things looked ok....IE came up with no problem....but then I noticed my free version of AVG was not running? As I investigated this issue, I quickly realized that all of my .exe files (excepting Firefox & IE) were no longer functioning, apparently due to unknwown file extension issues. As I attem... Read more

Answer:Ping.exe/XP Security 2012/Security Sphere 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433699 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

6 more replies
Relevance 71.75%

ok guys i would like to thank everyone in advance for the help, i really appreciate it.I had the win7 internet security and home security 2012 fake virus scan virus's and i removed it with malwarebytes. however after i have scanned my computer many times and it always seems to find something new everytime, i have had trojans, virus and i dont know what else. heres some of the stuff i've had according to my logsmalwarebytes rogue.fakeHDD x3trojan.agent x2PUM.hijack.startmenu x2 (this has also f'd up my start menu, its blank now)heuristics.reserved.word.exploittrojan.fakeav x6trojan.exeshell.gen x2trojan.fakealert x2rootkit.0access x3then microsoft security essentials picked upplease can anyone help me get my computer clean? also i need help restoring my start menu.

Answer:win 7 internet security 2012 and home security 2012

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

1 more replies
Relevance 67.65%

Running Win7 x64

Pretty sure this popped when I went to run

Carried on through the Run Me's and Read Me's and I think I may be in the clear mostly.

I'm having issues with certain services - some that I'm trying to install, other's that were removed and can't be restored, etc.

One - BFE, Base Filtering Service.
Two - ESET, can kind of push this out of the list via the registry, but it's being a bear.

Windows Explorer crashes regularly on each boot. Just once, just the first time. I haven't tried simply logging off and on yet, it doesn't seem relevant yet.

Ran ComboFix, MBAM, SuperAntiSpyware finished a quick scan but the complete halted. Various related logs are attached per request. Adding one more for MBRCheck as well. MBAM was run twice, so there are two logs.

I don't have my ComboFix log anymore unfortunately. I didn't think I'd be having any residual issues, didn't think I'd even have to consult anyone, so I've already gone and uninstalled ComboFix. If you need me to, I'll gladly run it again so I can attach it.

Thanks,
B
 

Answer:Windows 7 Int Sec 2012

Welcome to Major Geeks!

You still have signs of a Zero Access infection on your PC. Also your MBRcheck shows the below
Code:

298 GB [URL="file://\\.\PhysicalDrive2"]\\.\PhysicalDrive2[/URL] RE: Unknown MBR code
SHA1: A2807BA7FD4C206EFECA81EE5D8474BD4DCD1035
465 GB [URL="file://\\.\PhysicalDrive5"]\\.\PhysicalDrive5[/URL] MBR Code Faked!
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

The unknown MBR may or may not be a problem but the MBR Code Faked is most likely an infection. Are these drives using any non-standard master boot records? I see you have many drives and partitions? Are you using multi-boot partitions to boot different versions of Windows. Fixing the possibility of infections may become rather difficult due to how you have setup and used this PC in non-standard form using VMware.

Also do you have your Windows boot CD/DVDs?

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

TDSSkiller - How to run

Be sure to attach your log from TDSSKiller

Do you know what the below files are for?
Code:

----a-w 579,008 2011-12-05 03:05:10 C:\Windows\eins2712.dll
----a-w 63,255,040 2011-12-05 01:49:19 C:\Windows\eins2712.msi
----a-w 1,945 2011-12-05 01:32:40 C:\Windows\epplauncher.mif
----a-w 30,568 2011-09-16 18:54:48 C:\Windows\MusiccityDownload.exe

&nb... Read more

22 more replies
Relevance 67.65%

Running windows xp. need to copy and export previous act database premium 2008(10.0).

Cannot open in Act 2012 for windows7. It shows up as unshare. It ask for my password I do not remember the password. How can I change the password to open up the unshare database?
 

Answer:Act 2012 for windows 7

If you don't recall the password, you'll need to get an ACT! Consultant to crack it for you
 

1 more replies
Relevance 67.65%

I upgraded today to windows 10 and my WLM is not working, it never gets beyond the splash screen. I had 2011 so tried installing 2012 and still no dice. Even tried running as administrator. I have some vital saved emails that I need to print out. Yes I know I should have done it before the upgrade, but when I did the check for program compatibilty before upgrade, it didn't list WLM so I thought it would work
Is there anything I can do?
Thanks in advance
Kim

Answer:Windows 10 and WLM 2012

You could roll back, copy off the emails you need, then re-install windows 10. Not the most pleasant solution, but maybe the best one.

3 more replies