Computer Support Forum

Malware removal

Question: Malware removal

Hello.

Recently ive been very sloppy with my PC security and safety. Ive been target by online hackers and lost soe accounts information such as premium spotify etc and also very sure been targeted by a personal attack by people I know. Thats another story which I will get to the bottom of.

Meantime I reset my PC using the windows recovery - I choose delete everything.

Im now worried about rootkits etc. Please take a quick look at the logs - would these show any rootkit problems?

Many thanks

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8139 Mb
Graphics Card: NVIDIA GeForce GTX 780, -1024 Mb
Hard Drives: C: 223 GB (138 GB Free);
Motherboard: ASUSTeK COMPUTER INC., H61M-K
Antivirus: Avast Antivirus, Enabled and Updated

More replies
Relevance 100%
Preferred Solution: Malware removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 46.33%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 46.33%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 46.33%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 46.33%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 46.33%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 43.05%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 42.23%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 42.23%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%

Hello,

For about the last week I have been getting a lot of pop-ups, sometimes several per minute. Spy-bot and Spy Sweeper both identified and removed virtumonde several times, but the pop-ups continued. For the last two days they have not found virtumonde or anything other than cookies - but the popups continue. I also frequently receive warnings from SpyBot about system changes being attempted (even when I'm not downloading anything), and once I got a warning from Symantec that the page I was on (which was my main Yahoo page) had characteristics of a phishing page.

I followed the requested five-step process except I was unable to download Panda ActiveScan (I did not receive registration instructions even though I tried it twice with two different e-mail addresses), and I have left Norton, Spy Sweeper, and SpyBot enabled.

I have pasted the Deckard's main text below and attached the extra text.

Thank you for your help.

Rod Smith

Deckard's System Scanner v20071014.68
Run by Roderick Smith on 2008-07-05 17:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-07-06 00:22:01 UTC - RP1188 - Deckard's System Scanner Restore Point
86: 2008-07-05 23:54:41 UTC - RP1187 - Software Distribution Service 3.0
85: ... Read more

Answer:Need malware removal help

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a... Read more

19 more replies
Relevance 40.18%

Is there an easy and preferably free way to remove malware from a PC? I am running Windows 10

Answer:Removal of malware from PC

MalwareBytes or HitmanPro.

3 more replies
Relevance 40.18%
Question: Malware removal

I had malware and ran superantispyware, spybot, malwarebytes and Combo Fix. All of them found problems, what else do I need to do?
 

Answer:Malware removal

also ran MGtools
 

11 more replies
Relevance 40.18%
Question: Malware removal

Hi hoping someone can help with solving my Malware probs, not sure wot programs to delete from ARK.tet & DDS, hope you can help!Can someone please help withe diignostics! Please!!!!ive attached, Thankyou!EDIT: Topics and posts merged ~BP

Answer:Malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

DDS (Ver_10-03-17.01) - NTFSx86 When I turn on my computer it runs normal and goes to the password screen. When I enter my password and hit enter the screen goes black and I can't access my desktop. I can still use windows task manager to bring certain programs up though. below is the D.D.S. report. I appreciate the help and sorry I can't be more specific with the virus.Run by Jordan at 11:08:38.06 on Sat 10/02/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3033.1611 [GMT -4:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Program Files\Dell\Dell Wireless WLAN Card\bcmw... Read more

Answer:Malware removal

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

3 more replies
Relevance 40.18%
Question: Malware removal

I am new to your forum and have XP media center. Several weeks ago I followed your instructions for removing malware and never sent the logs in because my system seemed to be restored back to normal. I was having problems with being hijacked to other web addresses, my avg antivirus wouldn't update any longer and when I would open media center and click on a link to watch, it would spontaneously shut down. Yesterday, I noticed my browsing speed had slowed significantly, updating malware program wouldn't work and the same problem with media center started happening again. I decided to start your process all over again but this time I would like you to look at the logs to see if there are any hidden problems. Thank you for any help offered. Logs attached: SAS, Malwarebytes, Combofix, Mglogs
 

Answer:Malware removal

Hi there and welcome to the forums. We are currently reviewing your logs and will get back to you with a set of instructions as soon as we can.

Thanks for your patience during this time.
Kes
 

2 more replies
Relevance 40.18%
Question: Malware Removal

Hi there everyone. I am prettty new to the whole Hijack this scene but I have a family friends computer that I was given to fix, and I am looking for a spot of help.The computer uses Dial-up Internet via PeoplesPC (???) I will try to include as much information as I can but I will probably forget to include somethingThe issue - The computer will not let you access the internet via a web browser even though it connects to a working network.What I have already done - I installed AVG and ran a full virus scan on the computer and also a full computer comandline check in Safe Mode. It doesn't seem to be working as right after it says it has quarantined/ move to vault, the problems just keep showing up on a rescan.I also tried to do a windows update but it kicked it back telling me that certain services were missing, ie the Windows Update Service and some other servicesComputer specs -Dell Inspiron 6000Microsoft Windows XP - Media Center Edition - Version 2002 - Service Pack 3Intel Pentium M Processor 1.73GHZ504MB RamHere is the HijackThis log that was generated when I scanned it -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:02:12 PM, on 1/31/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\... Read more

Answer:Malware Removal

Can the DDS and RootRepeal scans be run in Safe Mode?

4 more replies
Relevance 40.18%

Hi
I am looking for help in removing malware form my system. I know it has some issues as I have run several on line scanners with positive results for spyware and such. I am running windows XP, ver 2002 with serivce pak 2, 1.00 ghz with 250mb of ram. I currently have windows defender, norton anitvirus corporate version, spybot search and destroy, previx and lavasoft ad aware. recent scans of these programs have shown no spyware but my computer is really slow and old installs from ewidoa and such have left traces as well as a program called liscence manger and some other things. Any help would be greatly apprecited. I am tired of my computer hanging....
 

Answer:Help with malware removal..

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not able to run Windows Defender
Bitdefender - from step 6
Panda Scan - from step 6
HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of... Read more

1 more replies
Relevance 40.18%
Question: malware removal

Hi Can anyone tell me how to get rid of Koower.com this has taken over my main screen and i cannoy fid a wy of removing it, many thanks .plum
 

More replies
Relevance 40.18%
Question: malware removal

hi i've recently noticed that random search pages pop up every now and when i click a link. it's not the pop up blocker and i've tried everything else. now i have the DDS reports but when i run GMER before the scan is complete my laptop reboots and i have tried it 3 times now. here's the dds reportsDDS (Ver_10-03-17.01) - NTFSx86 Run by Chris at 0:04:24.70 on 21/09/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1014.136 [GMT -5:00]============== Running Processes ===============C:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Trend Micro\AMSP\coreServiceShell.exeC:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:&... Read more

Answer:malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 40.18%

Can someone please look at my hijackthis log and see if everything is okay?
Maybe give me some other things to run to make sure my computer is clean.
I had google redirects a few weeks ago & some infections running in the background, I have that fixed now but I want to make sure everything else is clean.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:23:37 PM, on 6/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Progra... Read more

Answer:Malware Removal Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

22 more replies
Relevance 40.18%
Question: Malware Removal

I have had a few different malware on my computer that i can not removeHere are my logsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:10:48, on 24/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exeI:\WINDOWS\system32\services.exeI:\WINDOWS\system32\lsass.exeI:\WINDOWS\system32\svchost.exeI:\WINDOWS\System32\svchost.exeP:\Ad-Aware 2007\aawservice.exep:\Alwil Software\Avast4\aswUpdSv.exep:\Alwil Software\Avast4\ashServ.exeI:\WINDOWS\Explorer.EXEI:\WINDOWS\system32\spoolsv.exeP:\AVG Anti-Spyware 7.5\guard.exep:\Grisoft\AVG7\avgamsvr.exep:\Grisoft\AVG7\avgupsvc.exep:\Comodo\CBOClean\BOCORE.exeP:\Comodo\Firewall\cmdagent.exeI:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeI:\Program Files\Mil Incorporated\Mil Shield\ShieldService.exeI:\WINDOWS\system32\wwSecure.exep:\Alwil Software\Avast4\ashMaiSv.exep:\Alwil Software\Avast4\ashWebSv.exeP:\Microsoft Office\Office12\GrooveMonitor.exeI:\WINDOWS\SOUNDMAN.EXEP:\Grisoft\AVG7\avgcc.exeI:\Program Files\Adobe... Read more

Answer:Malware Removal

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shamonemofo My name is Richie and i'll be helping you to fix your problems.You have Avast4 and AVG7 Antivirus installed.Its definitely not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.Copy and paste ALL the following text in the Quote box below into Notepad.Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.File::I:\WINDOWS\system32\syvadiep.dllI:\WINDOWS\system32\ututv.bak2I:\WINDOWS\system32\ututv.bak1I:\WINDOWS\system32\ututv.ini2I:\WINDOWS\system32\cfhkj.bak2I:\WINDOWS\system32\sptll.dllI:\WINDOWS\system32\cfhkj.bak1Registry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39796DAA-7966-41C9-994F-0E12621CB841}][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxvwvs][-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfc]Now drag then d... Read more

9 more replies
Relevance 40.18%

Okay...so, my wife's old dell dimension 2400...slow slow slow, didnt run spyware protection only because that makes it just as slow as well, having a virus. (what it is) the "windows vista antivirus" or system32 something and insits to be installed on my PC. (symptoms) everythings so slow...i can tolerate the dell-nish...but now its ridiculous. i can slowly surf the web thru the search menu out of start menu...with firefox and IE out of search mode it will load pages like weather.com or yahoo but once you try to use the site...it eternally loads. furthermore, it will randomly pop up its windows and fake scan my computer and the whole nine yards to con me. (countermeasures in place) i have Ad-aware, Spyware doctor (registered) , avg free, and spybot S&D running and ran and scanned and deleted and so forth. done the hijack this thing, removed malicious this and that...to no avail. SO im turning it on to you all that are smarter than me. fair enough i hope? thanks for the help if you so choose to bless me with it-sethLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:59 PM, on 6/29/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\S... Read more

Answer:Malware Removal Help

Hello IbesethroPlease rename your C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to Ibesethro.exe.Then run HijackThis (Ibesethro.exe) and post the log back here

8 more replies
Relevance 40.18%
Question: Malware Removal

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

Answer:Malware Removal

Malwarebytes' Anti-Malware 1.39Database version: 2540Windows 5.1.2600 Service Pack 38/1/2009 2:34:57 PMmbam-log-2009-08-01 (14-34-57).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 190980Time elapsed: 55 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 0Files Infected: 17Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.HKEY_CURRENT_USE... Read more

6 more replies
Relevance 40.18%

My computer has been sluggish and quits responding at times. Some keyboard keys stop working from time to time but I'm not sure if that's just a keyboard problem. I ran a full scan with Avast and it detected a generic threat. I've seen this on my machine before recently, also. I deleted it last time but thought I might need help for more thorough removal in case it's the same one popping back up. I've gone through malware and virus removal before on this machine and the last fix I made was a few years ago in which I had to reformat and wipe the restore files to get rid of a bug hiding there. Haven't had anything serious since.

I have Windows XP on an Acer laptop.

Thank you in advance.

Angi C

Answer:win 32 malware gen removal

Hello and welcome,let's look a bit more.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThe... Read more

14 more replies
Relevance 40.18%
Question: malware removal

I have just finished the Malware removal House cleaning scans ill attach the logs . Thank You this site is excelent

Answer:malware removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)Please defrag your hard... Read more

13 more replies
Relevance 40.18%

I started the "read & run" guide and I have followed all steps. I am now at the point where I should run ComboFix.
Since I don't know what I'm doing (I'm only following directions) I am hesitant to start ComboFix, due to the fact that it might screw something up.
First of all I downloaded the Windows Recovery Console package as instructed because I don't have the XP disc. When I drag it onto the ComboFix icon it doesn't install the Windows Recovery Console, it just asks me if i want to run ComboFix. I have not run it because I don't know if I should do it, since this is not what the instructions describe will happen.
Second, I have read that ComboFix might screw things up, is this true if you follow the directions exactly? What exactly can it screw up? Can I loose stuff, or?
Also, I did these steps a few days ago, and have not continued yet. The computer is still in "Normal start up mode" and the hidden files, system files and file extensions are still showing. Do I need to start the guide from the beginning or can I just continue with the rest?

I have attached what I have gotten so far from Super anti spyware and Malwarebytes. Spybot did not find anything.

Thanks for any help!
 

Answer:Q abt. malware removal

We need the MGLogs.zip from running the MGTools.exe.
 

7 more replies
Relevance 40.18%

Hi folks...i found this site after searching and searching for online help for malware found on my neighbor's computer. Basically I have removed the majority of the STD's (hehe) found on that thing and am still left with the 3 desktop icons of Error cleaner, privacy protector and something else that I can't remember at the moment. I am at work and hoping to get some tips on what to try once I get home. I am unable to get to the internet unless I am in safe mode
and ie has set safenaweb as the homepage, not sure if the same malware is causing this. Can someone please tell me what programs to download in order to submit my logs.Thanks in advance!!!
 

Answer:I need help with malware removal

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

7 more replies
Relevance 40.18%
Question: Malware Removal

Hi everyone!

I'd just like to make sure my PC is Clean, thanks for any help!!!
 

Answer:Malware Removal

Good morning.

Re run Hitman Pro, activate/enable the free trial, and then have it remove all that it finds, EXCEPT for 'Suspicious files'. They are fine.
Give Malware Bytes a rerun, let it quarantine anything else it may find.
Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:
[PUP] HKEY_LOCAL_MACHINE\Software\ParetoLogic -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19b4fdc9-b1b5-4c8e-ab5f-adcf4ebc0b0b} (C:\Program Files\DailyFitnessCenter_53\bar\1.bin\53SrcAs.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d36bfff8-a3ae-4032-a179-f29083c68ba7} (C:\PROGRA~1\DAILYF~1\bar\1.bin\53bar.dll) -> Found
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {a6547405-a964-4600-8326-e91c95218964} : (C:\Program Files\DailyFitnessCenter_53\bar\1.bin\53bar.dll) -> Found
[VT.PUP.Optional.Mindspark.A] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Daily Fitness Center EPM Support : "C:\PROGRA~1\DAILYF~1\bar\1.bin\53medint.exe" t8EPMSup.dll,S [7][x] -> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

... and the same for these entries on the files/folders tab ... Read more

7 more replies
Relevance 40.18%

I wrote yesterday but did not provide all of the necessary information. I had a problem several weeks ago with 2010 Internet Security pop-ups. Got them removed using numerous anti-spyware software, but now when I turn on computer I get a pop-up saying that Windows is closing the following program, "Generic Host Process for Win32 Services". I mininize and go on. Then a pop-up says that NT Authority/System is shutting down the computer in 60 seconds because DCOM Server Process Services has failed. I stop this by going to run and typing in shutdown -a. The computer then works but slowly and when using search engines are re-directed to random sites. I have run numerous anti-spyware programs but nothing seems to work. Let me know if there is additional information you need to help me.DDS (Ver_09-12-01.01) - NTFSx86 Run by Scott at 9:43:50.40 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.61 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support... Read more

Answer:Malware Removal etc

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

4 more replies
Relevance 40.18%
Question: malware removal

I need help! I don't have a job (laid off in January) so I can't afford to pay for software to help remove can I do it with out paying?

Thanks,
Dawndage
DDS (Ver_09-03-16.01) - NTFSx86
Run by Dawn Wood at 15:57:43.70 on Mon 04/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.697 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Updated)
FW: Norton AntiVirus *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\In... Read more

Answer:malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 40.18%
Question: malware removal

I need to remove existing malware, and I was told about Spyware Doctor as a good means. Can that run together with Adware and Spybot running at the same time?

Thanks.

Answer:malware removal

If you think you are infected submit a hijackthis log here.How to submit a hijackthis logDownload HijackthisAll 3 programs should be fine together just don't run them all at the same time.

1 more replies
Relevance 40.18%

Hello,

I have gone through all the steps in the "read and run me first malware removal guide" And i still have malware.

I think i may have got it from limewire a few days ago. My computer has been acting up soince thursday i believe.

I have tried a few different things that other sites suggested and have had no luck so far.

I keep getting little popups saying that my computer is infected with a black door trojan and that i need to download there suggested software to remove it. It has gotten so bad with the pop ups that i can barely get online to write this. My connection is very SLOW!!!

I also seem to have a triangle with an exclamation mark in it on my toolbar that pops up all the time say that i have a black door trojan as well and to click on it and down load their software.

Now i am not that dumb. i know better then to click on them. I just close them down and ignor them.

Any info that you may have to help me would be great. Thanks for your time and help! my logs are attached. I attached the MG logs and the combo fix logs. The avg scan came out clean. Probally since i did one eairlier and did not save the log. Sorry bout that.
 

Answer:i need some Malware removal help PLEASE!

First, please disable any antivirus and/or antispy programs you have installed so they will not block this fix.

Step 1:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and proceed.





Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 2
Spybot - Search & Destroy 1.4 <-- Latest version is 1.5! Click to expand...

Step 2:
Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, please run HijackThis and click on the Open the Misc Tools Section button on the open page. Then select Open process manager on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click Kill process. Then click yes.





PD6000SM.EXE Click to expand...

After killing all the above processes, click Back.

Step 3:
Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )





R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;* windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.syma ntecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.co ... Read more

7 more replies
Relevance 40.18%
Question: MALWARE REMOVAL

I am looking for help with removal of these two viruses. I have Mcafee protection, and it seems to be deleting the Spy-agent Trojan when it appears. However it keeps reappearing every time I try to open up an explorer window. I also have info from McAfee that directed me to the registry to locate and delete a service registration, but did not find anything. In addition my system restore was reset during the process of trying to remove the virus as well, so I only have one reset point, so I cannot go back to a point before the infection. I am on XP Professional and would like assistance on this from anyone having experience with removing this problem. Thank you.

Answer:MALWARE REMOVAL

Run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/If that doesn't help, then:Read the pinned post in the HijackThis forum, here Please read, and follow, all directions carefully.Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

1 more replies
Relevance 40.18%

Hi all.
I've read so many different posts from this site at one time or another but never had the need to actually post a problem of my own.
I have a laptop running Windows Vista x86 Home Premium (not mine) that has been infected with malware.
There are some important programs on the computer that are unable to be removed at this time so a fresh install (my preference) isn't an option.
Please let me know the first step which I'm guessing is the generation of some logs etc for you guys to look at.
I'm at your mercy.
Thanks in advance!

More replies
Relevance 40.18%

Im having trouble so im posting my hijack this results. Thanks in advance.
 

Answer:Malware removal HELP PLEASE!!!!

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support
 

1 more replies
Relevance 40.18%
Question: malware removal!

Hi,
Cleaning an infected computer where the owner likes to use gambling software. :/
Just wanting to make sure everything is clean. Thanks in advance!
-jt
 

Answer:malware removal!

There is a bunch more to remove.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ecc745e1000000000000944452706ded
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ecc745e1000000000000944452706ded
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25503
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {5C... Read more

5 more replies
Relevance 40.18%

DDS (Ver_09-03-16.01) - NTFSx86
Run by Compaq_Owner at 8:50:53.12 on Sat 03/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.222.81 [GMT -5:00]

AV: AVG 7.5.516 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Compaq_Owner\Favorites\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://google.icq.com/search/searc... Read more

Answer:Malware removal help

Bump...
-.-

2 more replies
Relevance 40.18%

Hello!
I could really use some help with removing a virus I've got on my computerf. I hear audio ads playing in the background even with nothing running, and there is often a ghost iexplorer.exe process running in my task manager. Furthermore, search engines redirect me to random sights and internet randomly restarts(not sure if that's strictly related though). Thank you for any help you can get me. Here are the logs from dds, and I'll also attach the other part. And yeah, I know I need to update ESET but I want to get rid of this virus first.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Alex at 20:29:17 on 2011-11-03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2370 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32�... Read more

Answer:Need help with malware removal

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

17 more replies
Relevance 40.18%
Question: malware removal

hey guys,i believe i have malware on my lappy,what i think it's doing is opening one of my browsers in the back ground and going to youtube playing a video,and then opening another tab and doing the same thing over and over again,until my lappy's sound cuts out and the whole thing take a trip to lag city.

i''ve been dealing with it by just going into the task manager and looking at processes,and then ending a process call "hid.exe" as soon as i end that process i can turn my sound up again,and all the lag is gone and everything is fine.

but i have to do this every time i restart my lappy(so i have to do it every morning)so i was wondering how i can remove it without having to reformat.


any ideas??


ty

Answer:malware removal

Run malwarebytes and then hijackthis, post both of their logs

1 more replies
Relevance 40.18%
Question: Malware Removal

I've picked up some virus or malware or .... Please help!

I've tried to run through the "Do this First" a couple of times now. The computer seems to work correctly for a while and then:

1. begins to have Window Security allert messages - "Somebody is trying to attack ... click here to remove.

2. Homepage hijack attempts to Softwrereferral.com/jump.php?wmi...

3. Explorer page is "unstable" top page shifts to othe that are open radomly. Sometimes tries to open sites selling a spyware fix

4. Lost my desktop background. It is all white with icons now, when I try to change it I get a message "Cannot find file///C:/Windows/privacy.danger/index.htm'

I attached the requested logs AVG did not create on this time
Let me know what else I can to to assist you.

Thanks for your help
John
 

Answer:Malware Removal

You did not attach the requested logs ...we need to see them in order to help you.
 

13 more replies
Relevance 40.18%
Question: Malware removal

Hi,

Recently I downloaded many trojans etc picked up by my AVG software.
These could not be removed as they were 'not accessible'

Now everytime I turn on my computer I get this error message...
"There was a problem starting
C:\Windows\$NtUninstallMTF1011$\mmduch.dll

I fear that the virus' are going to keep coming and get worse overtime!

I have downloaded the malware removal software but do not wish to use it until I have spoken to a professional.
Can somebody help me please?

Adam

Answer:Malware removal

Hi Adam,Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help)If you have done the last step, a professional expert will check your topic at that forum.Good luck.

1 more replies
Relevance 40.18%
Question: malware removal

i cannot access my control panel etc... it says this operation has been cancelled due to restrictions in this computer.kindly contact ur admistrator. moreover my internet explorer runs internet exploiter. recently i had khatra virus.i have XP os n kaspersky trial version now... what to now? pls help... i downloaded a file fixit.zip n got my regedit working. now what else to do...

i am posting hjt log here. kindly reply soon...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:45 AM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\ba... Read more

More replies
Relevance 40.18%

Malware has taken over my computer. I can no longer have access because it has taken over as administrator. It also plays audio of US Army promos. Pleas help! Here are the logs:Deckard's System Scanner v20071014.68Run by Owner on 2008-07-05 14:18:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-07-05 19:18:45 UTC - RP740 - Deckard's System Scanner Restore Point52: 2008-07-04 23:06:21 UTC - RP739 - Last known good configuration51: 2008-07-04 23:06:13 UTC - RP738 - System Checkpoint50: 2008-07-04 23:06:13 UTC - RP737 - Removed Creative System Information49: 2008-07-04 23:06:13 UTC - RP736 - Removed Creative Zen Touch-- First Restore Point -- 1: 2008-07-04 23:05:56 UTC - RP688 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 1.74 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-05 14:25:46Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32&... Read more

Answer:Help Me With Malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

2 more replies
Relevance 40.18%

Please check the attached HiJackThis log and let me know what problems there are.
it is a friends computer that has the problems.
thanx for all the help.
ps. is the Trend Micro HijackThis v2.0.2 version sufficient?
===============================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:28:41 PM, on 2008/01/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec ... Read more

More replies
Relevance 40.18%
Question: Malware removal

Hello,I have had this malware that i've not been able to remove. I've used malwarebytes and successfully removed everything but cannot seem to remove one file even after malwarebytes restarts. I've read on this forum about combofix, is that something i should try?Thanks,TowkneeREdit: Moved topic from Vista to the more appropriate forum. Please do not use ComboFix unless directed to do so by a Malware Removal team member and when your topic is in the proper forum for those sorts of logs. ~ Animal

Answer:Malware removal

Hello, not yet and not on your own.What is the malware? Post the MBAM log please.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

3 more replies
Relevance 40.18%

Greetings,

I have a computer that was suffering from browser redirects, popups, sporadic browser performance, and other signs of malware infection. I have followed the instructions in your READ & RUN ME FIRST thread and have attached the logs that were created as a result.

SUPERAntiSpyware ran at first and indicated that it fixed an infection, but it no longer runs. Each time I try to launch the program, I receive an error that Windows cannot find the path and that I might not have the necessary permissions (even though the user I am logged in as is an administrator). Therefore, I am not sure how to recover the log file it created.

MalwareBytes installed properly and ran for all of two seconds before completely disappearing. No log for that program either.

The other three scans ran properly, and their logs are attached.

I have tried to test the computer somewhat after running these scans, and performance has improved. However, I am still seeing very sluggish and somewhat sporadic behavior from Internet Explorer and would love some assistance.

Thanks very much in advance.
 

Answer:Malware removal help

I am not seeing any evidence of malware. Can you uninstall both SAS and MBAM, run CCleaner to remove leftovers and then try reinstalling them? I would like to know that they both run and can produce logs. for you.

You may also wish to try doing an online scan here:
http://www.superantispyware.com/onlinescan.html

Reboot immediately after scanning if it finds and removes anything. Let me know if anything was found. It does not save a log.
 

5 more replies
Relevance 40.18%
Question: Malware removal

It worked fine for a while then I did not use it for while. It is now acting funny again. One major issue is the Wifi will randomly turn off and it runs slow.

I have attached newly ran scan reports. thanks in advance.

ME
 

Answer:Malware removal

Your original thread was from over a year ago and you didn't follow up on it after given the first set of instructions.

I have moved your post to a new thread since you last thread was locked due to our new policy on locking old threads automatically once they are 6 months old.
 

8 more replies
Relevance 40.18%
Question: malware removal

I have just finished the Malware removal House cleaning scans ill attach the logs . Thank You this site is excelent

More replies
Relevance 40.18%
Question: Removal Of Malware

Hello. Please help i'm new at this so please bare with me. My McAfee Virus scan keeps telling me that the following files cant be found nor can they be removedc:windows\temp\thi149d.tmp\wupdt.exec:windows\tem\DrTemp\wupdt.exehere is the hijack logthanks for any help you can give me.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgrR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLLO2 - BHO: MyWebSearch Search A... Read more

Answer:Removal Of Malware

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also please post your entire log with the running processes on top as well.

8 more replies
Relevance 40.18%

About a week and a half ago i had recently rebuilt my computer and decided to put my old hard drive in and discovered this virus, i produced a hijack this log below please help diagnose and repair. thank you.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:49:31 PM, on 8/19/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\HijackThis(2).exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,Customize... Read more

Answer:Malware Removal Log

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

10 more replies
Relevance 40.18%

Problem started yesterday around noon-ish. I was suddenly hit with alot of popups, not sure what i was doing at the time that could have caused it. At first i could use spybot and it detected smitfraud and vundo. i removed them with spybot but it did not fix the problem. I am posting this from my other computer.

I ran smitfraud fix and vundofix that i downloaded online and both came up clean, didnt detect anything.

I cant start the computer in anything but safe mode, as it goes to blue screen of death if i try to start normally.

attempts to use spybot give me "invalid floating point operation", even when in safe mode.

thanks a million!
DDS (Version 1.1.0) - NTFSx86 MINIMAL
Run by Richard at 7:42:58.31 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1776 [GMT -8:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Richard\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchU... Read more

Answer:Malware Removal Help!

Hello Rhyyke and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

12 more replies
Relevance 40.18%

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412392 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

Answer:need help with malware removal

Hello again!I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.Thank you for using Bleeping Computer, and have a great day!

2 more replies
Relevance 40.18%
Question: malware removal

I have a malware problem due to Antivir Solutions Pro. I got rid of the virus--- I think--- but it left my laptop unable to access Google or anything related to Google.I followed your malware removal directions until the GMER log section. I could not download the GMER link 1 or the GMER link 2. The GMER link 1 gave me an error message that the website was taking too long to respond and the GMER link 2 took me to the spyware doctor home page. I didn't know what to download there. Can you help?Thanks.I was infected by Antivir Solutions Pro. I believe I removed it from my computer but some of its effects remain. For the past two weeks I was unable to access Google or any Google program (Chrome, Picasa, etc.), Safari, or Internet Explorer. I removed Google Chrome from my computer, hoping to download a new version without a misdirect. As of tonight, I can access the google website, but when I try to download Chrome, I get a message that the server took too long to respond. (Same message as I have received for many other websites.) The only browser I can access is Firefox. There are a number of websites that I cannot access now. For example, Windows Defender is unable to check for definition updates--- error message 0x80072.efd. Also, my browser is REALLY slow.Here is the DDS log I created:DDS (Ver_10-03-17.01) - NTFSx86 Run by Carol Lee at 21:36:48.33 on Mon 08/30/2010Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Business... Read more

Answer:malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

28 more replies
Relevance 40.18%
Question: Malware removal

Can anyone find anything harmful on the attached logs? Bitedefender came up with nothing wrong.

Thank you.
 

Answer:Malware removal

Welcome to MGs!

Did you miss step 0 of the READ & RUN ME?

I see Need2Find in your Panda log and also your HJT log shows Weather Bug. These are both in included in the list of programs to uninstall. Let me know if you find them in Add/Remove programs. Need2Find may not be there.

Is your version of Spy Sweeper a paid version? Is it up to date (what version and reference file is it)?
Have you run a full system scan with it? Please attach a log from Spy Sweeper after running a full scan?
 

10 more replies
Relevance 40.18%

Hello,

I am trying to make sure that my system is clean of any malware. I use a yahoo email account and people who I email are constantly receiving email spam from my address. I have followed, exactly, the instructions in Malware Removal Guide by Chaslang. I am still having a problem with emails sent out from my address that I didn't send.

I am running Windows 7 64 bit OS and I have Norton 360 on my system. Although alot was cleaned from CCleaner, I didn't see anything found in Malwarebytes or SuperAntiSpyware.

I have attached Malwarebytes, SuperAntiSpyware, and MGlogs

Thank you for your help
 

Answer:Malware Removal Help

I am not seeing any malware in your logs. Here is a general guideline about dealing with email infections:

Malware detected in email databases has to be cleaned up by you. You have a few choices:

1. delete the whole file which is not an option you normally want to use
2. load the email folder that contains the infection and delete ALL unnecessary emails (hoping to remove the problem email) and then use the Mailbox Cleanup option to delete all old emails. Then compact the Outlook database to permanently remove data. See http://support.microsoft.com/kb/291645 If you do not cleanup and compact the databases, the deleted emails may still be leaving hidden information in the database that you just cannot see but a scanner may still pickup on it.
3. create a new folder and move only emails you really need into the new folder and then delete the infected folder.
You may also want to read this:
http://blogs.msdn.com/b/securitytipstalk/archive/2010/07/07/hotmail-hacked-take-these-steps.aspx

If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
If we had you use ComboFix, uninstall ComboFix (This ... Read more

1 more replies
Relevance 40.18%

Not sure if I have any malware/viruses right now but it seems there are some issues with my computer where I get denied access to certain functions and popups showing errors stating "your browser doesn't have the correct flash player installed " , "your computer is running slow and needs to be tweaked for better performance" I have mcafee anti-virus and malwarebytes installed and operating . Running windows 7 Home , Office 2010. I attached the requested logs . Hope I got it right. Thanks , Pedro.

Answer:Removal of malware help

I have Secunia running at the moment and it advises that Shockwave needs to be updated. Secunia is updating shockwave and has been doing so for a few hours. Is it normal for it to update for such a long time?

1 more replies
Relevance 40.18%
Question: Malware removal

We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.
 

Answer:Malware removal

jallenaz said:





We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.Click to expand...

I think I have rid the Iminent web page that kept opening in Chrome. Now everything seems to be working as it should.
 

18 more replies
Relevance 40.18%
Question: Malware removal?

So ever since dec 12, my computer would have slowdowns and the malware would attempt to redirect me to sites. Kaspersky blocks the redirect, and its a different website almost every time. I remember installing ummy youtube video downloader (suspicious I know), but when looking at the site and after successfully installing a youtube video, it seemed legit. After getting computer slowdowns I deleted ummy. I am still getting slowdowns and the malware is always trying to redirect me to another site. I've scanned with kaspersky, hmp, and malwarebytes all up to date and no threats found. Note I took a snapshot with voodoo shield before installing ummy just to be safe, but I want that to be my last resort. If I can remove the malware without losing the video I installed, that would be great. Thanks for the help! In the meantime I set voodoo shield to paranoid to keep my compute on lockdown.
 

More replies
Relevance 40.18%

Hi there!I've gone through all the steps u recommended here. There were some slight problem during the process, mainly after running quick scan with anti-malware and rebooting as recommended, the system crashed, and have to do a restore to boot. After that I run cc cleaner again, and malware again (SAS haven't find anything earlier, therefore I skipped to run it again). In that run, malware stated -finally- everything as clean. However AVG keeps sending alerts about Packed.Protector.C in atapi.sys. (The system itself is already looking much more healthier, thanks)I'll try to attach all the logs I've created during the process. Thx in advance[Saving space, attachment deleted by admin]

Answer:Malware removal help

Never mind! I've read everything here, using the self helping methods (your analizer tool as well), and combofix (great scripts) and my pc is clean. Thx for the great posts and itineraries

1 more replies
Relevance 40.18%

You probably remember me from the last time I asked you for help, and again I thank you. This, however, is for my desktop. The last computer you helped me with was for my laptop.

I ran everything just as instructed and will be attaching the logs.

The computer seems to be running fine, now, but the same problem happened after running combo-fix. My clock did not switch back to 12 hour time.

The problem with this computer was found in add/remove programs with some of the programs noted in "read & run me first." I removed them, and hope they are gone now, but please tell me if you find anything else with the logs that might help.

Your help is much appreciated. I thank you again.
 

Answer:Help With Malware Removal

MGlogs
 

13 more replies
Relevance 40.18%

I had a serious infestation of trojans, adware, and other issues after downloading a file from a trusted website in which I have been a member of for several years. I am running Vista 32-bit and I followed everything on the "Read and Run First" sticky post for my OS.

I am now down to a message when Windows starts up that says something like "Error loading d3dpwi.dll. Module could not be found." I don't recognize this driver and I'm assuming that there is still something dirty in the registry that is trying to call on this driver.

The only other thing is the mysterious appearance of 2 "desktop.ini" files, in hidden mode, that are now on my desktop. They showed up after I ran the malware programs listed on this site.

Also, I couldn't get RootRepeal or ComboFix to work. RootRepeal would crash after a while and ComboFix caused my computer to crash with the blue screen of death, twice. To be honest though, I made the assumption that all was right with msconfig. Then, out of curiosity, I checked it and found that the Startup Selection was set to "Selective Startup" with all options checked.

So, what do you think? How do I get rid of that message at startup? Do you still want to see the files, or should I start the process over?
 

Answer:Almost There: Malware Removal

Please attach the logs you have.
 

3 more replies
Relevance 40.18%

Hi Geeks!

I have been trying to resolve several issues which began with slow downloading and Google redirect issues in Firefox; Office 10.(XP Pro) Excel which returns "Microsoft Visual C++ Runtime Library runtime Error" C:\Program Files\Microsoft Office\Office 10\Excel.exe Among others.

I followed your extensive pages on Malware running all on the "Read and Run" page and logging as directed. I did follow the pages on Google Redirection removal, and i surmise that has solved that problem.

I am not sure that I have removed all the malware, as in some places you recommend that I NOT clean the malware, just send the logs....but figure I cannot repair the Excel or other problems without first being sure that I have removed the threats.

Will you please review the log files and / or direct me to the next steps?

I have used the Belarc advisor should you need that detail too.

Kind Regards


XP Pro w/MS updates
 

Answer:Still not sure of Malware removal with XP Pro

Please rerun MBAM and have it fix what it found.

Then rerun Hitman and have it remove all the:
Potential Unwanted Programs

Finally, rerun RogueKiller and have it remove:

Code:
[RUN][SUSP PATH] HKLM\[...]\Run : shicoxp (C:\WINDOWS\shicoxp.exe [-]) -> FOUND
Reboot and rerun both RogueKiller and Hitman and attach both those logs.

Let me know how things are runnning.
 

11 more replies
Relevance 40.18%
Question: malware removal

A friend wanted me to check out their computer. Internet explorer did not work. I got it fixed however I noticed a hitchhiker named tuvaro had taken over her search engine. I ran malwarebytes and found she had quit a few hitchhikers -over 1000. cleared them with malwarebytes, so I thought. However tuvaro still hanging in there. So i ran another program called spyhunter. it found the same adware programs and more. My question is are we being fooled into thinking the free version of malwarebytes cleans anything or is there another reason I am still seeing these unwanted adware programs.
 

Answer:malware removal

11 more replies
Relevance 40.18%

Please see the attached logs. Problems were only that computer was loading slowly and a black box would pop up once in awhile.
 

Answer:Malware removal help

Hello, Bonfire




Bonfire said:



Problems were only that computer was loading slowly and a black box would pop up once in awhile.Click to expand...

You probably should look into trimming your running services - there's alot of them.

*Other than the tools our guide instructed you to save there, I strongly recommend that you clean up this account's Desktop immediately leaving only shortcut links. [ C:\Users\Integrity\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Re-run HitmanPro, activate its 30-day Trial license and fix these detections:
Malware remnants
Potential Unwanted Programs

Ignore all other detections.
Afterwards, click the Next button.
HitmanPro may want to reboot the PC in order for the changes to take affect, please do so.
After reboot and when you are back in Windows, run another scan with HitmanPro and then attach the latest HitmanPro log

Please re-run RogueKiller and run a scan. After it finishes the scan, select the Registry tab and then select any of the below that exist and then click the Delete button.




[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-260313422-843111330-963923735-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.co... Read more

7 more replies
Relevance 40.18%

I joined this forum to seek help with a HijackThis log that log was generated by a freeware program called Advanced System Care. I followed all of the instructions in your forum for posting such logs to best of my abilities. It looks to me as if those instructions had me creating new logs using the tools suggested by this forum and I have attached those logs as instructed. I have not attched the Advanced System Care log.

The Advanced System Care program cleaned up a lot of stuff on my computer which helped a lot. Some problems remain though: My computer still sometimes begins to run very slowly and this condition is temporarily helped by simply restarting my computer. Occasionally the computer essentially locks up and any effort to open email or start Internet Explorer only gest an error message saying that "insufficient resources exist to do that operation" The only solution when that happens is to unplug the processor and restart the computer. The normal restart process doe not work in those cases.

thanks in advance for your help. Here is my DDS report:
DDS (Ver_10-10-21.02) - NTFSx86
Run by Compaq_Owner at 17:30:44.79 on Sat 10/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.56 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k ne... Read more

Answer:Malware removal help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

15 more replies
Relevance 40.18%
Question: Malware removal

I've been handed my daughters netbook which has picked up a few items of malware. I've run all the tools but believe that there's still something left.

Attached should be the logs as requested.
 

Answer:Malware removal

second post with MGlogs.

Thanks in advance for you help.
 

5 more replies