Computer Support Forum

.lnk files keeps coming back whatever I do. Please help me!

Question: .lnk files keeps coming back whatever I do. Please help me!

Please help me to totally remove these .lnk viruses and others from the all folders and hard drives. It keeps coming back whatever I do. I did the following:
1. Deleted those .lnk
2. Installed Avast and Malwarebytes and did a scan then deleted all those quarantined viruses.
3. Reformatted my computer.
 
After all what I've done, it still goes back to almost all folders and my hard drives.
 
Here are a few screenshots to help describe what I'm saying: (There are still lots of .lnk viruses from other file locations based on the deleted by Avast and Malwarebytes quarantine before I reformatted my computer)
 

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler

Spoiler


 
Here are the screenshots of the other viruses from the hard drives:
 

Spoiler

Spoiler

Spoiler

Relevance 100%
Preferred Solution: .lnk files keeps coming back whatever I do. Please help me!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: .lnk files keeps coming back whatever I do. Please help me!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578571 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.FRST Download LinkWhen you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.Double click on the FRST icon and allow it to run. Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button. Notepad will open with the results. Post the new logs as explained in the prep guide. Close the program window, and delete the program from your desktop.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

2 more replies
Relevance 65.19%

Hello I was wondering if someone could help me on this issue. I have no clue if I am infected with a virus or something because I have never seen this file before and there are a lot of them all named the same thing. well what am I saying I know im infected because along with these files it made two folders one folder that records my key strokes and the other I have no clue what its for. its empty. I have tried the simple delete or using a virus scanner/remover to get rid of it. no cigar. along with the files in my task manager "javaw.exe" apears and a lot of them the same amount as the files that are in the folder. hope this makes any sense if someone could please get back to me on this. the file names are "jspyb"(random letters and number) its also a java file. the other two folder are called "js_logs(records my key strokes)" and " js_plugins(empty)" someone please help me thanks in advance!

Moderator note: Moving to V & M Removal forum.
 

Answer:Files Keep Coming Back

Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

1 more replies
Relevance 64.37%

The files keep coming back even though I sent to the recycle bin and empty them again and again.
But the files just keep coming back when I restart or shut down.Please help if you know any answer.

Answer:Files cannot be deleted and keep coming back

SlientThinker,

What kind of files keep coming back? I ask because Windows has a feature to prevent the deletion of necessary operating system files.

Another possibility is that the files that keep coming back are being generated automatically by an application or operating system component.

If you provide a bit more detail about the types and location(s) of files in question - I might be able to provide more detail.

- John

5 more replies
Relevance 64.37%

Whenever I delete a file in "my documents", it copies itself. "my documents" keeps growing and growing the more I delete.

Answer:deleted files keep coming back

Could be a virus or hacker.

7 more replies
Relevance 64.37%

Here is a list of my hijack log...

Logfile of HijackThis v1.97.7
Scan saved at 1:11:58 PM, on 7/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\System32\odjiwjf.exe
C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Symantec\LiveUpdate\LUAll.exe
C:\PROGRA~1\... Read more

Answer:Can not delete files, keep coming back

Have you tried doing this in Safe Mode?

Preliminaries: Have these instructions printed or in a convenient Notepad (or Wordpad) file so you can view them in Safe Mode. Have "show hidden (or all) files" checked in Folder Options > View in case you have to search for any hidden files to delete. Also ensure you do NOT have "hide file extensions..." enabled in Folder Options > View

Then:

1 >> Restart in Safe Mode: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

2 >> In Safe Mode run HijackThis and check and "fix" the following entries:

O4 - HKLM\..\Run: [Microsoft Sinsup] odjiwjf.exe
O4 - HKLM\..\RunServices: [Microsoft Sinsup] odjiwjf.exe
O4 - HKCU\..\Run: [Microsoft Sinsup] odjiwjf.exe

3 >> Go to Start > Run, enter cmd and a command shell will open; at the command prompt type and enter:

del C:\WINDOWS\System32\odjiwjf.exe

If you get an access denied message, rename it instead:

ren C:\WINDOWS\System32\odjiwjf.exe odjiwjf.bad

4 >> reboot and see if the entries and the file stay deleted or reappear immediately, or after you have been online for some time.
 

3 more replies
Relevance 64.37%

My computer runs Windows 7 Home Premium.

I have been going through my Library directories, (in particular my Document directory), doing some housekeeping. You know the procedure, deleting old files which are no longer relevant and deleting stuff that I no longer want and stuff that somehow I have repeatedly located in different directories, getting everything rationalised and organised.

The sort of files that I am deleting are Word and Excel files, .pdf Adobe files, downloaded program files that I scan prior to installing, zip files and folders and folders containing files - nothing out of the ordinary really!

A couple of days later I notice those damned files that I know I deleted, (and I made sure that the Recycle Bin was cleared out too), have all somehow been reinstated to exactly where I deleted them from.

I repeat the exercise and it happens again!

I don't understand why - it's like the candle you can't blow out!

I'm not sure if the same thing has happened with any other areas of the Library.

I do perform a backup to an external hard drive once a week. The drive is a Seagate and I am using the Seagate backup software, but this shouldn't be causing this - should it? I'm only backing up, I'm not asking for it to restore anything.

Can anyone tell me what is going on and how I can fix it?

Answer:Files that I have deleted keep coming back on their own!

  
Quote: Originally Posted by Barneyboy48


My computer runs Windows 7 Home Premium.

I have been going through my Library directories, (in particular my Document directory), doing some housekeeping. You know the procedure, deleting old files which are no longer relevant and deleting stuff that I no longer want and stuff that somehow I have repeatedly located in different directories, getting everything rationalised and organised.

The sort of files that I am deleting are Word and Excel files, .pdf Adobe files, downloaded program files that I scan prior to installing, zip files and folders and folders containing files - nothing out of the ordinary really!

A couple of days later I notice those damned files that I know I deleted, (and I made sure that the Recycle Bin was cleared out too), have all somehow been reinstated to exactly where I deleted them from.

I repeat the exercise and it happens again!

I don't understand why - it's like the candle you can't blow out!

I'm not sure if the same thing has happened with any other areas of the Library.

I do perform a backup to an external hard drive once a week. The drive is a Seagate and I am using the Seagate backup software, but this shouldn't be causing this - should it? I'm only backing up, I'm not asking for it to restore anything.

Can anyone tell me what is going on and how I can fix it?


Try deleteing your files and check to see if they are in the recycle bin. Reboot your s... Read more

9 more replies
Relevance 64.37%

My Windows XP machine picked up this *nasty* Malware a couple of weeks ago and I've been struggling to get rid of it. I've tried to use McAfee to clean it off, but have had no success. It's manifesting itself in various ways, but the one constant it the appearance of files starting with OVFSTHX*.DLL and .SYS. These files are ID'ed by McAfee, but are never really removed. Other files are PROTECT.DLL, CHKDISK.DLL, AUTOCHK.DLL, LMN_SETUP.EXE. Copies into Start-up as hidden/system files. Used to turn off REGEDIT, change system parameters. McAfee may have gotten rid of some of it, but the OVFSTHX*.* files keep coming back. Also, about every 7 minutes, it re-adds the following to the Registry Run section, either Local Machine or Current user:

rundll32.exe C:\WINDOWS\system32\autochk.dll,[email protected]
DDS (Ver_09-03-16.01) - NTFSx86
Run by Ward at 16:33:51.15 on Sat 05/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1455 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:&#... Read more

Answer:OVFSTHX*.* Files Keep Coming Back

Update ...

Somewhere between automatic Microsoft and McAfee downloads, a McAfee Anti-Virus call ($89), and my own tinkering, my computer seems to be Mal-ware-free. It involved a Service that was flagged as a hidden, system Service and a bunch of hidden files in SYSTEM32 and SYSTEM32/Drivers and hidden records in the Registry, all beginning with OVFSTX. Once the Service was killed and the files were deleted, everything seems to be back to normal.

I don't entirely trust McAfee's work and software, so, if someone is still interested in assisting me, I would appreciate the help. Otherwise, here's hoping I stay Mal-ware-free. Thanks for listening.

Ward

4 more replies
Relevance 64.37%

This has been happening on my mother's computer.  She claims to have deleted files and then they're back the next day.  Then I noticed files that I deleted were also coming back.  This has happened for sure with .bmp files and shortcuts.  These are files that are created by me and deleted regularly.  Haven't noticed any other types returning.  I did a google search, but all I got was results for how to recover deleted files.  Are we the only ones having this problem?

Answer:Deleted files coming back

Hi RRguy,
 
I'm just curious if after you have deleted the file/s, then emptied the trash, do a F5 refresh while on the desktop, if the files reappear?
 
Give it a try, and let me know.
 
Take care,
 
Kurt

15 more replies
Relevance 63.55%

Hey guys looking for some help with my Windows 10 Acer. I have these files that i keep deleting and they keep coming back. Any idea what could cause this ? Thanks.

Answer:Log Files keep coming back after deleted (Pics)

I have all these files, and then some, in the same directory on my production machine. I think these are automatically generated by IE. Yes, they are: and here's an MS blog post that addresses the size issue and provides a batch file to get rid of the database stored in WebCacheV01.dat. I guess you should be glad you're not handling 1,000 users via Terminal Server! ;-)
HTH,
--Ed--

2 more replies
Relevance 63.55%

Hi, recently I was infected by a whole bunch of trojan and rootkit viruses, including the insidious rogue ?antivirus? program Security Tool. I was able to remove them and restore my computer?s functionality. Since then, I?ve run Malwarebytes several times over the past few weeks, but each time the scan log says I have three files associated with Rogue.Antivirus2010 and one file associated with Malware.Trace. Each time I run the software, I get a message saying that these files were ?quarantined and deleted successfully,? but after I restart my computer and rerun the software, the four files reappear. Although my computer appears to running well at the moment, I am worried these are latent infections. Below is the log from my latest scan:alwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4746Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187022010-10-12 오후 4:53:32mbam-log-2010-10-12 (16-53-32).txtScan type: Quick scanObjects scanned: 150087Time elapsed: 9 minute(s), 19 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsof... Read more

Answer:Malwarebytes removes files, but they keep coming back

It seems I have resolved the issue on my own. Please consider this thread closed, and thanks again!

2 more replies
Relevance 63.55%

Im at my wits end with what to do about this.

I have a brand new pc that is turning up with corrupted files when i run the scannow.. ive dism restored it multiple times and re-scanned and it keeps coming back with errors.

pc specs:

AMD A6-7310 APU 2.00 GHZ, 64 bit processor
AMD Radeon R4 graphics
4 GB RAM
500 GB HDD
Windows 10 home, 64 bit OS
i performed the dism repairs multiple ways. first i did the standard dism online restore.. it says that its completed successfully. then i reboot and run scannow and it comes back corrupted.

then i downloaded a copy of windows 10, mounted it to my desktop, entered the commands to repair. it said it was successful. then i rebooted and scannow and its still corrupted.

this is the website i followed to fix the corruption:

https://www.easytechguides.com/sfc-unable-to-fix-corrup...

im going to post links to the dism and cbs logs, as well as my dxdiag and msinfo

dxdiag:

http://s000.tinyupload.com/index.php?file_id=7845547486...

msinfo:

http://s000.tinyupload.com/index.php?file_id=0243830597...

cbs log:

http://s000.tinyupload.com/index.php?file_id=9628735986...

dism log:

http://s000.tinyupload.com/index.php?file_id=2785341797...

i dont know what else to do. any help would be greatly appreciated. thank you

Answer:Need help with sfc scannow. keeps coming back with corrupted files

Hi darx888. Welcome to the Tenforums @darx888

I boiled down your CBS log. It appears to be having problems with some wav files. It also says your store is also corrupted.

sfcdetails.txt

You said this machine is brand new. What version of Windows 10 (V1607 or V1703) are you running?

Here is our tutorial on DISM. Note the info in the tip.

Use DISM to Repair Windows 10 Image

If you are on 1703 it may be easier to do an inplace repair / upgrade following this tutorial.

Repair Install Windows 10 with an In-place Upgrade

Before doing these type of things I recommend you have a system image created with a tool like Macrium Reflect. Always want a fall back.

Ken

more replies
Relevance 63.55%

I run xp on my computer and have Norton 360 and Malware Antibytes. However after temp files are deleted they keep reappearing. What can I do??? Thnaks for your help in advance.:cry
 

Answer:Help Temp Files will not delete keep coming back!!!

Well that is quite vague, are they temp files that are being flagged by your anti virus? Temp files and folders will be created on your computer all the time. Most of them are harmless, if quite a few have accumulated, then we sometimes advise to run software such as Ccleaner (but not the registry side of it, just the cleaner itself)
 

5 more replies
Relevance 63.55%

Hi, o;m new to this sort of site and i really really need a hand
I have a file in my flash drive and it's a normal one , i keep deleting it and it keep coming back i tried shift+del. but nothing not a min. and the file is there a gain...........

Note: when i deleted the file i noticed that the file isn't on the recycle bin so please please help T_T
 

Answer:files keep coming back on my USB flash drive

10 more replies
Relevance 63.55%

I delete a file or multiple files, usually it happens with files of the media type; pictures, videos, music, etc. I will delete the file, and empty the recycle bin just to see the file returns to its original directory a week to a few months later. I've only seen this behavior on Windows 7 machines, all of them I've previously owned has experienced this problem, my computer now isn't any different. I deleted a Xerneas pictures back in May because I already posted it to Twitter, just today, that same image is back into my 'Twitter Upload' folder in the 'My Documents' of my user folder. I have emptied the recycle bin a few different times since, but the file has returned today. I did some searching around and saw that this question has been asked on various forums but no valid answer.

Answer:Deleted files reappearing (coming back)

Not sure what the problem is here. It may help if you state what steps you have already taken to attempt to resolve the issue.

Recyle Bin (All Drives)

Open an elevated Elevated Command Prompt: Elevated Command Prompt Tutorial

Type:

RD /S /Q C:\$Recycle.bin

Assuming that drive C: is your windows partition. If it uses a different drive letter replace C: in the line above with the correct letter.

Press Enter

Repeat the above for all other drives.

Then right click desktop and choose "Refresh"

You might need to reboot and fresh recycle bins will be created.

Other than that try setting all recycle bins to delete files immediately.

Right click the recycle bin icon and choose "Properties". For each drive set it like this:

Question. What's a Xerneas picture?

Also what created this "Twitter Upload Folder" ?

Is that a folder you created yourself or was it created by an application and used as the default save location for images when you use that application? Is anything set to sync with that folder?

Thanks.

2 more replies
Relevance 63.14%

I work at a local computer shop and am familar with removing viruses but this one keeps coming back. Every time I believe I have it gone it comes back. I have run malwarebytes, nod32, Comboxfix, Hijackthis. None of these programs seems the find the root of the problem they all point to were I might continue looking but do not resolve the problem. The problem is on the root there a randomly named batch and exe files that I can shift delete. I restart the computer and it runs fine for about ten mins. I have the task manager open and then the randomly named exe's start to show up. Then I go look in the root and there they are again. Combo fix pointed to this in the reg
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Msn"="c:\OxOr.exe" [2009-04-14 245248]
"MsnHost"="c:\OxOr.exe" [2009-04-14 245248]
"MsnLoad"="c:\OxOr.exe" [2009-04-14 245248]
So I checked it out deleted them and restarted again. Once again about ten mins into the computer running everthing is back again only with different names. Even in the reg entry. There are two batch files the contents of one appears to shut off the firewall and then try to run one of the randomly named exes. The other points to what appears to be a randomly generated website a long string of numbers and letters .cn every 15 mins. Sorry if I jumped ahead by running all the above but I usually can... Read more

Answer:random named batch files and .exe's that keep coming back

Hi neelhow,Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Go to start > Run copy/paste the following lines one by one in the run box and click OK after each line.

cmd /c dir /o:d /a "C:\" > "%userprofile%\desktop\log1.txt"
cmd /c dir /a /s C:\WINDOWS\tasks >> "%userprofile%\desktop\log1.txt"

A log1.txt file will be created on your desktop. Please post the content to your reply.

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.

8 more replies
Relevance 63.14%

I have a USB flash drive with a SanDisk MicroSD card in it, and whenever I delete everything on it the files just keep coming back whenever I plug it back into my computer. This never happened before so I'm not sure what to do. I tried right clicking on the removable drive and formatting, but I always get a message that says "Windows could not format this drive." Same thing happens when I go under disc management and try to format it from there. Also, when I right click on the drive the option to delete partition is grayed out.

Anyway, if anyone can help out in anyway I would be really grateful. This has really been driving me crazy.

Answer:Files I delete on my USB flash drive keep coming back

make sure you have admin permissions and that it's not set as read-only....if that still doesnt work try deleting the partition table in disk management (right click my computer then Manage) and recreate then format

8 more replies
Relevance 62.32%

Hi!
So, last Friday my OfficeScan software found a couple infected files that it couldn't clean off. So I ran Ad-Aware and Spy-Bot and RegistryCC and cleaned things up as best I could. But the pop-ups didn't stop. In fact it got worse. I turned the TeaTimer off on Spybot because it kept popping up telling me about registry changes and the virus started looping and creating new files when I denied the changes.

I've been reading replies to other people's messages that have similiar problems and tried to do what I could. I updated all my anti-virus software, I updated my Java (which was probably the weakness that let it in in the first place). I've been running Malwarebytes frequently. Sometimes it finds something, sometimes it doesn't. I've run VundoFix and it cleared a couple files off too. One I wrote down because it took a couple tries to get rid of : system32/uljeuf.dll Malware identified a few files as TrojanVundo.

It keeps coming back and I'm not sure what to do next. I used the add/remove to get rid of IE because I never use it anyway and I naively thought that might stop the pop-ups. But now they just come in streams of empty IE pages and system errors that say "An attempt was made to reference a token that does not exist."

Also there's a program in my add/remove called Mirar. I googled it and it doesn't sound good. I can't get that off either.

I don't have the knowledge to go deeper into my sys... Read more

More replies
Relevance 62.32%

After I delete files from my Windows 10 PC, the get deleted and go to Recycle Bin. I empty the Recycle Bin and the files get deleted there too and the Recycle Bin is empty.
Now after I restart my computer, the deleted files reappear in Recycle Bin,
Weird!

Answer:Deleted files keep coming back or reappearing in Windows Recycle Bin

Maybe your Recycle Bin is corrupted. Reset your Recycle Bin and see if that helps.

3 more replies
Relevance 62.32%

Greetings All,

I'm not very keen on how this all works. I know I have TrojanDownloader.xs infecting my computer with a lot of crap from CoolWebSearch. I've located the files and am trying to go about deleting but nothing sticks. I have no access to Task Manager as that has been disabled. The dll's I'm trying to unregister in the Command Prompt section all come back as non executed files so can't delete. And when I try to get rid of keys in Registry Editor, I can right click and delete but it always comes back. PLEASE HELP! Anyone.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:13:58, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\portsv.exe ... Read more

Answer:Help! I can't delete corrupt files from Registry Editor. It keeps coming back! HELP

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 55.35%

I've been having a a problem with the back left corner hinge since October of last year I poisted to another board about this problem hving been told that this issue would be passed onto support in my region. I'm currious as to weather I'll hear from these people in this lifetime or the next. I enjoy my Laptop and would like to continue using it but as time goes on it keeps seperating more and more and I have to snap it back into place to keep in together. I'm hoping to actually hear back from someone this time that will be able to help me in fixing this issue.

Answer:Back Corner coming from the back left side by the hinge

@jmb1313

 

I have brought your issue to the attention of an appropriate team within HP. They will likely request information from you in order to look up your case details or product serial number. Please look for a private message from an identified HP contact. Additionally, keep in mind not to publicly post personal information (serial numbers and case details).

If you are unfamiliar with how the Forum's private message capability works, you can learn about that here.

Thank you for visiting the HP Support Forum.

1 more replies
Relevance 53.71%

I already posted in How to remove Windows 10 upgrade updates in Windows 7 and 8
In this thread after the starting post from Tookeri other updates that had to be deleted were mentioned. I made a list in post 841
I did not have all these updates on the pc but those that were on it I hid.
Some of them came back and I hid them again.
Now today they are back - with some that I had not seen before.

I made an attachment that shows them and also shows that I hid them again

Will I have to check Windows Update for the rest of my live?????

More replies
Relevance 52.89%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 49.2%

Hello
For many years a succeeded in keeping my computers safe - then, not even a month ago, something surfaced. A Virut thing after I visited an insecure site.
If this can help, a few days before I had for the first time in my pc life installed a downloader program called Flashget-
Well I tried at first to clean up with Spybot and Spyware Doctor (who had not by the way intercepted the hostile item). But the machine had still a strange behaviour so I downloaded some Linux based Rescue CD .iso files (Kaspersky, BitDefender, WebDoctor), burned the CDs and went on scanning without Windows. Those found a wealth of infections by Trojans as well as by the Virut thing, so I kept cleaning and cleaning (desinfecting and/or deleting that is) until nothing more was found.
I then restarted Windows, uninstalled Flashget and installed Avast antivirus. Unfortunately when using my browser I started to get redirected to a "stolnik.net" whatever search I did. Plus Avast began to show infections spreading in the system by a "W32.Vitro" virus. So I tried again with the rescue CDs - Kaspersky found a couple issues but nothing else - and Avast still claiming I have the W32.Vitro everywhere.
At this point I used the VirutCF removal tool by Norton, but to no avail - there is no Virut infection in the machine.
I was beginning to get nervous so I downloaded the Combofix tool, disabled all and every anti-virus and -spyware - as requested - and tried to start Combofix: nothing happens... Read more

Answer:They keep coming back

If you truley have Virut the only real alternative is to do a complete wipe and reinstall. See boopme's post here:http://www.bleepingcomputer.com/forums/ind...t&p=1260380That will help you determine if you have virut, and if you do, what you need to do.

13 more replies
Relevance 49.2%

I can't get rid of this crap - I've ran everything on here that people say. I have SAV installed and up to date, I have SpywareGuard installed, I have ran HJT, I've ran Ewido software, nothing can get rid of this - Everytime I clean everything while in Safe mode and reboot, Spywareguard immediately starts popups saying a BHO has been added (suchs as C:\WINDOWS\system32\wvuvspq.dll) - I click remove BHO, and it comes back over and over...

Someone please help - this has totally destroyed my computer...
 

Answer:Someone please help - These BHO's keep coming back!!

Closing duplicate thread. Please continue to reply here: http://forums.techguy.org/malware-removal-hijackthis-logs/648572-please-help-my-hijackthis-log.html
 

1 more replies
Relevance 49.2%

Hey everyone this is the first time I have posted anything but i am having some serious problems. I let my brother borrow my laptop and when i got it back it was infected bad.
I have pc-cillin, Malwarebytes, and SuperAnti-Spyware.
SuperAnti-Spyware seems to clean everything after i scan and reboot but there are two things that keep coming back on the next re-boot.
1. Pc-cillin keeps giving me a waring telling me to close the browser when its not open with the web address of 110/rjsa/select.php?a=6707a0a cd82d9318fa98c6ee396eed8e61fcf4200553e0c95d8b1d81bbda3c1b&b=1001&c=1
2. There is a sys32 file that gets deleted and always comes back on reboot its MoIXWA40.dll
Pc-Cillin tells me this is a trojan.bho and says its will delete on reboot.
please help me this is so frustrating it slows everything down sooo slow.
 

Answer:Pop-Ups keep coming back

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Relevance 49.2%

I have a PC i believe is infected.
i have run Combofix, it appears to find something and reboot but i am unable to tell by the log what it found.
i think it is still infected because if i run CF again, it says it needs to reboot to continue.
 ComboFix.txt   29.88KB
  5 downloads
 ComboFix2.txt   30.15KB
  3 downloads
 ComboFix3.txt   26.11KB
  2 downloads
 ComboFix4.txt   29.75KB
  3 downloads

Answer:it keeps coming back

Hello cgtrott, I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy and as you can see the logs we ask for are very extensive and take a lot of time to investigate. Please subscribe to this topic. Click on the Watch Topic button, select Immediate Notification and click on proceed.Make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box. Do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.Please read carefully all directions and instructions. If you are instructed to save a tool to the desktop please save it to the desktop. If you have since resolved the original problem you were ha... Read more

2 more replies
Relevance 49.2%

I uses Vundofix, ad-aware, spybot, xoft, avg, House call, Microtrend, Don't know what to do next? here is my infoLogfile of HijackThis v1.99.1Scan saved at 1:48:37 PM, on 3/22/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Norton Utilities\NPROTECT.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\NavNT\vptray.exeC:\Program Files\BearShare\BearShare.exeC:\Program Files\ArcSoft\PhotoImpression 5\PI Monitor.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.Begin2Search.com/search.htmlO4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\... Read more

Answer:Pop Up's Keep Coming Back

Hello Mhenry, Welcome to BleepingComputer!My name is Nick and I will be checking over your log.Let's get started.You will want to print or save these instructions.Please download Look2Me-Destroyer.exe to your desktop.Close all windows before continuing.Double-click Look2Me-Destroyer.exe to run it.Put a check next to Run this program as a task.You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OKWhen Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.Once it's done scanning, click the Remove L2M button.You will receive a Done Scanning message, click OK.When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.Your computer will then shutdown.Turn your computer back on.Please post the contents of Look2Me-Destroyer.txt (it can be found wherever you saved Look2Me-Destroyer.exe) and a new HiJackThis log.If Look2Me-Destroyer does not reopen automatically, reboot and try again.I highly suggest you get rid of BearShare. It is a P2P program which is usually the cause for malware.Read here for more information on clean and infected File Sharing Programs.Click Start> Control Panel > Add/Remove Programs and remove:BearSharePlease note any other programs that you dont recognize in that list in your next responseReboot your computer once more.Please go HERE to run Panda's ActiveScanOn... Read more

1 more replies
Relevance 49.2%
Question: Keeps coming back

Ok guys not sure what I keep missing but the 020 line keeps coming back and changing it name.

I have ran CWS, ewido, Killbox ( and delete after reboot) VirtumundoBegone
Logfile of HijackThis v1.99.1
Scan saved at 11:25:30 AM, on 1/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hijack This\TrojanHunter 4.2\THGuard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDae... Read more

Answer:Keeps coming back

10 more replies
Relevance 49.2%

windows securty 7 keeps coming bak after doing all the steps
 

Answer:it keeps coming back

Please attach the logs from both SUPERantispyware and MalwareBytes. Also run the below and attach the log.

I want you to run TDSSKiller so refer to the below for how to do so.

TDSSkiller - How to run
 

11 more replies
Relevance 49.2%

Hi everyone,

i had this fake FBI Virus on a laptop couple days ago, it would not let the windows to boot, not even in safe mode. i got it to clean with kaspersky boot disc, and also scanned it with avg, malwarebytes, avast. send it back to customer, same night he called me saying avast kept picking up something but was not able to remove it! so i picked it up again the next day, scanned with avg & malwarebytes seemed to be cleaned up again, nothing was picking up any viruses. but guess what? this morning i have a text from a custoemr, saying he was locked up out of screen and he was able to get into it, but now avg is picking up something again!!! i asked him if he uses usb drive or external or anything but he said he did not use any of those! PLEASE HELP WITH REMOVAL OF THIS!!!!

Answer:It keeps coming back!!!!

Hello sapikest,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Before we start, please note:

Please be advised that this free service is typically for home users. We'll help you out this time, but in the future if you are unable to clean a machine via standard methods, then either backup the client's data and rein... Read more

2 more replies
Relevance 49.2%
Question: Back coming off?

My Lumia 640 is quite new and the back plastic panel writing logo is coming off the Microsoft logo has come off and some letters are coming away?
Is this normal?

More replies
Relevance 49.2%

I am trying to clean out a co-worker's computer. I have restored to over a month ago and continue to find malware during scans. Any help appreciaded. Have not yet restarted to fully remove. Do I need to kill some files will killbox prior to the restart? Thanks, Jeff

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 231065
Time elapsed: 1 hour(s), 11 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Wi... Read more

Answer:ave.exe keeps coming back

Windows restarted for updates while sleeping last night. Running malwarebytes again. Final rid of Hijackthis entries
O20 - AppInit_DLLs: C:\ProgramData\nuvanifi\nuvanifi.dll
2658977195-169558386-357108580-1000

Malwarebytes came out clean as well as a full McAfee virus scan. Hijackthis log appears clean too. With persistance I think I have this cleaned finally. I have both a dds scan and gmer report but don't really know what to look for. I can post these if someone has time to review them. I ran both prior to the windows update restart. Also updated and ran spywareblaster. Pop ups and redirects are gone too.

Partial log of items cleaned.
3/31/2010 2:19:22 PM
mbam-log-2010-03-31 (14-19-22).txt

Folders Infected:
C:\Windows\System32\config\systemprofile\AppData\Roaming\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2658977195-169558386-357108580-1000\$RR7NTAN.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\System32\co... Read more

1 more replies
Relevance 49.2%

Oh God help me... these anti-spyware pop ups keeps popping up and i always run a check on ad-aware 6 and Spybot once i see it. But once i connect to the net and open a site, it all comes back again n i haf to scan it all over again.... help please this is real miserable...

Thank you.

Answer:It just keeps coming back...

try manually removing, on www.doxdesk.com there are listings for spyware/parasites.

you could also go to run > msconfig and deselect any programs starting up that you dont recoginse.

also try going to http://www.symantec.com/homecomputing/
at the bottom is a link to a free online virus check, you may have one that persistantly downloads spyware.

and finally ensure you have a firewall and if you have one make sure its up to date. www.download.com has a free copy of zonealarm, thats a good one

6 more replies
Relevance 49.2%

Here is my dilemna:

I've run Kazaabegone, CWShredder, Spybot and Adware with new updates and reboots in between. I've run Hijack This and removed what I knew to be suspicious files in safe mode. But one:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

keeps reappearing on the HJT log after rebooting. I know I'm missing something; just don't know what.

Here is the entire log:

Logfile of HijackThis v1.97.7
Scan saved at 8:04:28 PM, on 2/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\EarthLink 5.0\Con... Read more

Answer:New.net keeps coming back

6 more replies
Relevance 49.2%

2 nights ago i was surfing the next and i starting getting reports such as :

Windows has detected spyware infection!
It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you
Click here to protect your computer from spyware!

and

Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to pervent any unathorised access
to your files! Click here to download spyware remover ...

i started getting a lot of popups trying to send me to a site calling cookingluck (f3.cookingluck.com, f5.cookingluck.com, f7.cookingluck.com,
f9.cookingluck.com) i close them before they can finish loading.

Now i didnt do the smartest thing and i downloaded one of the "anti-spyware" things they told me too. "system-defender". well thats about when everything went from bad to worse, shell.dll was giving me hell, wowfax.dll was messing up. The control panel icon also disapeared and anything i tried to do with the system it wouldnt let me..pretty much telling me i didnt have administrative privliges.

So i came on this site and saw the self help page and was looking it over and saw the the "SmitFraud and It's Variants Removal Instructions" section fit my problem to a T, so i followed the steps exactly as they are written. I also got rid of the system defender. When i rebooted into norma... Read more

Answer:It just keeps coming back.....

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix
When the tool is finished, it will produce a report for you.
Please post C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

12 more replies
Relevance 49.2%

I'm the kind of person who just needs to turn UAC off.  It's a great idea for the vast majority of regular users, though, so I'm not canning it, just asking some questions on how to actually turn it off so that it stays off.I'm using Windows 7 x64 on a laptop that's just on its own, no domain, no group policy etc.Anyway, I've got my UAC slider all the way down the bottom (and have rebooted), yet I still need to explicitly right-click and choose "Run as Administrator" if I need to run something as an administrator.  (for example the command prompt, if I want to run "chkdsk c: /f" or "pskill explorer.exe" or use ProcessExplorer and look at the threads in system processes or whatever.)  The thing is I want to run most of my stuff as administrator without the need to right-click each time.  Just take a look at some of the crazy problems I see and need to work with: http://users.on.net/~MRIS/Problem_20090207_0701.mhtI know that I can tick "run as administrator" in the advanced tab for the shortcut that launches these as a work-around but I want it for all my sysinternals utilities, and there's lots of them.  I'm also sick of clicking "show for all users" in things like task manager when I launch it via CTRL-SHIFT-ESC. There's a Group Policy setting in the registry named:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUAThat I think is responsible.However it always comes back and gets set... Read more

Answer:UAC keeps coming back on all by itself.

 
MRIS said:
How do I track how this is getting there?It turns out a file named "registry.pol" in this folder:C:\Windows\System32\GroupPolicy\Machine\was doing it.

15 more replies
Relevance 49.2%

Hello, after removing numerous malwares, str.sys keep coming back even though i removed it several times.Here's the log, thanks for your help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:19 PM, on 7/16/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Utilities\KeNotify.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Symantec AntiVirus\VPTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Synaptics\SynTP\SynToshiba.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\Symantec AntiVirus\DoScan.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program... Read more

Answer:Str.sys keep coming back, help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

16 more replies
Relevance 49.2%

hi, i hope somebody can help me. I'm running windows 95 b with internet explorer 5.5 and I keep getting "Error loading C:\WINDOWS\TEMP\se.dll". when I run IE, avg detects trojan horse startpage 16.bd and my start page is now advertising called "about: blank" I've deleted se.dll but it just keeps coming back. I'd appreciate any suggestions. thanx!
 

Answer:se.dll keeps coming back!

it sounds like you got hijacked. this should have been posted on the spyware specific board. follow the instructions on this link below.

http://forums.majorgeeks.com/showthread.php?t=35407 <--
Sticky: READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

g/l - sos
 

1 more replies
Relevance 49.2%

I have done everything to get rid of my recent popups including runings spybot, adaware, microsoft Antispyware, Norton and Pandascan both in regular mode and safe mode. THey keep on finding stuff, but after restarting, they still come back. I have also empties the TEMP folder and cookies and temporary Internet files. I have included a HIJACK this log, hopefully someone can help. thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:34:55 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~3\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\GWHotKey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe... Read more

Answer:HJT Log because they keep coming back

16 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disabled Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Thread closed, please do not post duplicates!
Continue here: http://forums.techguy.org/security/460316-e2g-keeps-coming-back.html
 

1 more replies
Relevance 49.2%
Question: keeps coming back

I keep running scans and it cleans the computer sometimes. I will encounter xp antispyware 2009 and 2008 telling me that my computer is infected. It posts a permanent box on my desktop saying infected and keeps popping up at bottom right by time clock saying infected. I will run anti malwarebytes and it will clean it only if i do quick scan. But then i will run full scan and it freezes so i know it is still infected. And sure enough a few days later it is all back. Please help. I also run cc cleaner and norton but norton freezes too. I have also tried in safemode but still freezes. Thanks Any and all help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:21 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Inte... Read more

Answer:keeps coming back

bump
 

2 more replies
Relevance 49.2%

I think I may have finally scrubbed enough to keep the dll (IeBHOs.dll) from re-appearing, but the E2G folder keeps recreating itself. Any suggestions?

It's a friends system and had Norton on it. I installed NOD32 and PC Tools Spyware Doctor. Then read a few threads and ran HJT a few times and made some deletions that "may" have helped. I know that I managed to get rid of the TrojanDownLoader-AC2 but this E2G is stubborn.

Also ran SpySweeper many times in safe mode and in non-safe mode. Disables Spyware Doctor from auto load with windows as it seemed to be interefering with the Spy Sweeper scan.

Here's the latest HJT log:

Thanks in advance for any suggestions!

Charlie

Logfile of HijackThis v1.99.1
Scan saved at 6:51:15 PM, on 4/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EX... Read more

Answer:E2G keeps coming back

Three threads are not needed for the same problem.
 

2 more replies
Relevance 49.2%

I've run Ad-awareSE, Trend Micro's housecall, and McAfee. I've also run Ad-aware while in safemode yet I still keep getting these popups and McAfee keeps telling me that " The file C:\\WINDOWS\system32\winupdt.exe was infected by the Downloader-LG trojan and has been deleted to complete the cleaning process. Its' says it repeatedly then stops then a few hours later it'll come back. Here is my Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 6:07:30 PM, on 3/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wkogyo.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:... Read more

Answer:They just keep coming back...

16 more replies
Relevance 49.2%
Question: Keeps Coming Back

Can someone please help me with this problem? All my AV programs detect a virus running in my system, but whenver I have it removed, it keeps coming back How can I stop this???


HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:13 AM, on 8/25/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\csrcs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.... Read more

Answer:Keeps Coming Back

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

2 more replies
Relevance 49.2%

I have a problem with pop-up ads that keep on appearing randomly on my computer. I tried using adaware which picked up a lot of them, but they keep coming back later.

Hijack this log (Created with Hijack-this Analyzer)

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Fil... Read more

Answer:Pop-Ups that keep coming back

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

4 more replies
Relevance 49.2%
Question: Keeps coming back!

I thought I wiped it off already but it's back AGAIN! And my SpyBot S&D is missing all sorts of components so it's not working right and it's the only one that has found any. The Microsoft one found one and deleted it but SpyBot found 16 but only deleted 2 before running into problems. EliteBar is back also. Help again!
 

Answer:Keeps coming back!

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

3 more replies
Relevance 49.2%

Greetings everyone I need some help.

First off... I have followed all the proceedures listed on the READ ME thread that is asked and I STILL AM HAVING ISSUES.

I have Ad-Aware SE and with the VX add.

I have HiJackThis v1.99 and have followed the steps on that thread as well.

Here is the problem:

I run Ad-Aware everytime I log on, and even in safe mode. It finds beween 8 and 60 items. Mostly Malware and DataMiners. Then once I fix those I rescan and it comes up clean. However, I am still getting pop-ups, I have EnhanceMySearch, and when I log off and log back in... and re-run Ad-Aware I still have 8-60 items that show up and the same problem persists.

Can anyone help and point me in the right direction? It is a major annoyance. THANKS TO EVERYONE IN ADVANCE!!
 

Answer:It all just keeps coming back

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

11 more replies
Relevance 49.2%

This is my second attempt at help. I failed my first time and after reading the preparation guide here I am. I tried fixing it myself and loading MBAM and it says I have an infected regestry value, (Trojan.Agent) When I run the MBAM it says my computer must reboot to fix. It does, but then I have the same infection. I am confused, frustrated, and not really sure now what I am doing. Thankfully there are those here that can help...I am humbled.

Here is my DDS.txt
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 16:10:46.34 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.186 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINNT ... Read more

Answer:Not sure what I have...but it keeps coming back

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 49.2%

okay, so yesterday i cleaned my pc with "malwarebytes anti-malware and there were like 11 viruses. then i scanned after t, none, so i get up this morning and scan my pc because everything is going SO SLOW! and now i got 10 viruses. can anyone please help? yesterday i had like 2 injections, 2 clickers, 2 malware.packs, and like 6 agents.
heres my log for yesterday: http://pastebin.com/panEZfVS
and heres todays: http://rhymingcolors.pastebin.com/G7gJ51nr
please help. 5 of those kinds ive never seen before :/ please comment below
 

Answer:they keep coming back >:(

8 more replies
Relevance 49.2%

Everytime I run webroots spysweeper It finds a cws threat. I don't understand why it keeps popping up, even after I tell spysweeper to remove it. Someone want to help me....

Logfile of HijackThis v1.99.1
Scan saved at 7:44:30 PM, on 10/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Eset\nod32kui.exe
D:\programfiles\Spy Sweeper\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\programfiles\MicrosoftAntivirus\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
D:\programfiles\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\programfiles\MicrosoftAntivirus\gcasDtServ.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
D:\programfiles\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.... Read more

Answer:CWS keeps coming back

8 more replies
Relevance 49.2%

I am having trouble getting rid of this BHO object.Everytime I manage to remove the dll and the BHO registry entry it comes back under a different name.I have run Spybot, AdAware and Trend Micro AV.Any help would be appreciated.Logfile of HijackThis v1.99.1Scan saved at 3:17:14 PM, on 04/16/07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exeC:\WINDOWS\TEMP\EWE594.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files ... Read more

Answer:Bho Keeps Coming Back

Hello EBurritt, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the programAVG Anti-Spyware is designed to be used to both scan for and remove malicious files and also to run in real-time alongside, but not replace, your existing anti-virus program to give an added layer of protection.Both the Resident Shield and Automatic Updates will only be available for the thirty day trial period, after that AVG Anti-Spyware will revert to a stand-alone scanner which you can keep and manually update for free and use in a similar way to Ad-Aware SE Personal, Spybot S&D etc.1. After download, double click on the file to launch the... Read more

11 more replies
Relevance 49.2%

Can't seem to get rid of the trusted zones, option is disabled in internet tools. I've run spybot, adware and avast but they still show.

Logfile of HijackThis v1.99.0
Scan saved at 10:18:03 AM, on 2/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.... Read more

Answer:they keep coming back!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Right click on this link http://www.greyknight17.com/spy/De... Read more

3 more replies
Relevance 49.2%

Hot bar I am told is a parasite.That is its a freeby thats seems frindly but in reality is sucking all your secrets.So last night I deleted all trace of it from the system by norton and by Regedit.Tonight it back......What sort of mallet this this need ?

Answer:hot bar keeps a coming back

Please post a HJT log click hereYou may need to post in in two halves because of the 800 word limit.Please double space it by adding a blank line after each line so that it is legible with the site's formatting.

4 more replies
Relevance 48.79%

Hello. I need some help. My parents' computer is running Windows XP and has persistent alerts from AVG saying that multiple threats are detected. It removes them and a little while later they are back again. The file c:\tdlcmd.dll keeps showing up. svchost shows as an infected process sometimes. I ran a Malwarebytes scan and it detected 20 threats, removed them, then the next day they were back again. AVG also identifies these threats as Trojan Horses in the Vundo family. Nothing seems to be able to permanently remove this virus. After some research on forums it seems that the only thing that works is when someone who is very skilled reads a logfile (usually OTL, Combofix, or Hijackthis) and gives the OP instructions specific to the infected machine. I really wish I knew enough about this process to do it myself, but as it is, I need help. I've read the forum rules so I'm posting a Hijackthis log that I ran on my parents' computer via TightVNC. Thank you in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:32 AM, on 1/15/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\... Read more

Answer:tdlcmd.dll keeps coming back

bump
 

1 more replies
Relevance 48.79%

Greetings all.
 
I have been struggling with Malware for most of the past day and am in need of some advice.
Malwarebytes has been run and deletes a bunch of files in safe mode, including svchost.exe.
After restart, it continually find and quarantines svchost.exe.  In other words, svchost.exe is coming back endlessly, and MalwareBytes keeps removing it.  The removal message pops up from the systray every 5 seconds (not kidding). 
There is also an issue sometimes when I click a link, I'm sent to some other site.  I think I see "seachzone" in the url briefly before the reroute.  Guessing these are separate issues.
 
Have run AVG, Nortons and Spybot S&D (which always freezes before finishing), but nothing has fixed this issue.
 
Any thoughts would be appreciated.
 
Thanks.
 
HKP

Answer:svchost.exe keeps coming back

Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
Click Start Scan and allow the scan process to run
If threats are detected select Skip for all of them unless I instruct you otherwise
Click Continue
Click Reboot computer
Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient
===================================================RKILL
Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
Link 1
Link 2
Link 3
Link 4
In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
A black screen will appear and then disappear. Please do not... Read more

10 more replies
Relevance 48.79%

Hi, everyone. I have something Malwarebytes calls Trojan.BHO that I can't seem to get rid of. Malwarebytes apparently gets it but it always ends up reappearing after a couple of reboots.

I think it first showed up on the 14th of February during a routine checkup. It wasn't until after I tried to get rid of it that I started having problems.

For wathever reason it wouldn't allow me to launch either Firefox or Chrome - in fact, the folders where they were installed were off-limits to all users, regardless of their admistrator status. I could temporarily gain control of the folders by running Malwarebytes and have since uninstalled both.

I can still run IE, but -

1. Whenever I try to open a link on a new tab, it will ALSO open a new window. Yes, I checked the settings, and it's definitely the trojan since this behaviour goes away - temporarily - after I run Malwarebytes.

2. The Trojan also shows up as a toolbar add-on for IE ("jscript proxy auto-configuration"). It claims to be by "(unverified) Microsfot Corporation" and the option to disable it is greyed-out. The only way to get rid of it is to run Malwarebytes but, again, it comes back after a couple of reboots.

3. It doesn't do anything else that's noticeable. There's nothing on my toolbar, no pop-ups, no redirecting, etc.

If it matters, I have tried running Malwarebytes under safe mode after disabling system restore (that was following someone els... Read more

Answer:Trojan.BHO keeps coming back

Hi and welcome.

Re run Hitman Pro and have it delete everything it finds.

Delete these:

C:\Program Files (x86)\GUM4751.tmp
C:\Program Files (x86)\GUT4752.tmp


Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.



Re run Malware Bytes and attach the new log.

Now explain how things are.
 

3 more replies
Relevance 48.79%

Despite regular PC anti-virus scans, Avast, and online scanners like ESET and scans from Malwarebytes, which usually returns little, the one that captures malware best for me is Spybot.

But it seems I keep removing same malware like Fastclick etc.

Any other scans available?

I've posted Hijackthis scans many times in past, but stopped as I recently get no responses.

This forum must be really busy now.
 

More replies
Relevance 48.79%

my USB keeps geting infected ith fooool.exe i use the Flash_disinfector provided by you guys but it keeps geting infected, i scanned with Superantispyware and it didn;t find it though it is there, i tried avast and it didnt find it too.

Any tool to remove it?

I can see Fooool.exe when i run a Live Linux ditrubution and chek what's on my USB stick, anyways i know it is there because my USB stick keeps geting infected and when i open its Autorun.inf the open command refers to fooool.exe .

Help plz!!

Answer:Fooool.exe Keeps Coming Back

I did a quick search and it seems that fooool.exe is related to explorer.exe that i posted about earlier that some anti viruses were locating it as a virus and i thought back than that they are detecting the legitimate one.

anyways i still need help on how to remove this infection.

4 more replies
Relevance 48.79%

Sorry, I had run these scans before I found this forum. I need your expert help.Windows XP with svc pack 3 and all updates. I have been able to get around the malware by running a scan, deleting the infections and corrupt files, but they return at every start up.Latest routine I did was this:ComboFix, then re start; Temp File Cleaner; Malwarebytes, then re-start. Infection still returns.Thursday, AV suite suddenly loaded, I received several cmd line boxes that looked strange and then all Google searches got redirected to shopping sites. Other symptoms are standard stuff, have to re-name anti malware to get it to run, several tries to go to correct site from google, etc.TDSSkiller has been run, GEMR has been run; ComboFix has been run multiple times (logs saved and available); Malwarebytes run multiple time (logs available)ComboFix showsInfectedc:\winnt\system32\ernel32.dllc:\winnt\system32\spool\prtprocs\w32x86\17931u.dllc:\winnt\system32\spool\prtprocs\w32x86\5w555.dllMalWareBytes showsRegistry Data Items Infected:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.221,93.188.166.201 ... Read more

Answer:DNSChanger keeps coming back

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 48.79%

I got hit with the Vundo family and have been battling it for a while now. I finally seem to have gotten it out, but the last thing that seems to be stuck is this entry.O4 - HKUS\S-1-5-20\..\Run: [girusizezo] Rundll32.exe "C:\WINDOWS\system32\mologipu.dll",sI tried deleting it from the explorer, but even with the show hidden and system files checked, it doesn't show. I tried to delete from the command window, but am told the file does't exist. I don't know if this is the problem or if is just a symptom, but perhaps you guys would know. I tried to google it, and came up with nothing. I also used Malware's software and it removes it, only to have it come back when I refresh or scan again. Here is the full log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:19:49 PM, on 11/30/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\S... Read more

Answer:Reg entry keeps coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

2 more replies
Relevance 48.79%

i scanned my flash drive with Avast antivirus and it detected a virus "antisys.exe". i had it removed but after using the disk and running a scan again, its back. I don't see the file on the drive but Avast kept telling me it is infected with the "antisys.exe" virus. and after deleting the file using avast and running a scan again, it's still there. Is it really a virus? how do i remove it without losing all the data in my flash drive. Any help is greatly appreciated. Thanks in advance.
 

More replies
Relevance 48.79%

My computer was fine until it got infected with Spyware =[ ... it started when i stupidly decided to install an Active X to watch an online movie, and now the System Alert keeps on popping up and say that there is active spyware and i should download an up to date antispyware ...It's driving me crazy, i've been trying to scan my comp so many times, with spybot, adaware and Avast....i follow some guide that people posted for help on this forum, but the weird thing is, when i restart my comp, the shield (or system alert) doesnt show up anymore, but the next day, it appears again =[ ... i dunno what to do ...i tried rescan my comp and reboot it again and it doesnt show up anymore, i dunno if this is good or bad. What should i do if it appear again ??

Oh, and i use a Window Xp 2000

thank you so much for helping mee ..
 

Answer:Solved: it keeps on coming back

12 more replies
Relevance 48.79%

Hello,
Yesterday my computer started acting up. It said that the Windows firewall was turned off (even though I didn't turn it off) and now it's saying automatic updates has been turned off (even though it's turned on). I've scanned the computer with ad-aware, AVG and my Norton antivirus. I've removed trojans at least three times. However, random IE windows keep popping up with fake antivirus dialog boxes. I'm not sure what else to do. Below is the HJT log. Thank in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:05 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost... Read more

More replies
Relevance 48.79%

I am running windows xp home edition. My virus software is pcguard from virgin active.At first pcguard find 50 viruses and deleted them but I would run the scan again it would find the same 50 viruses.Disabling the system restore function cut them down to 13 viruses. I have now run a viruse scan in safe mode and I have found six viruses. Worm.win32.autorun.aam,
worm.win32.autorun.dej
backdoor.win32.small.czo
backdoor.win32.small.eiu
trojan.bat.runner.s
w32/backdoor2.emeb
The software says it has deleted them but after I scan straight away they are detected again.I hope if someone can help me get rid of the viruses in safe mode it will cure the viruses in normal mode.
I would appreciate any help anyone can give me
 

More replies
Relevance 48.79%

I have a Dell Dimension 8400 Pentium 4 3.0 GHz with 3GB of RAM running WXP Pro sp3. I have uninstalled mIRC twice. The first time I thought I had solved the problem. The problem (a sound stuttering problem that sounds like a key is stuck) came back, so I looked for every other cause, and then discovered that mIRC was back. I booted into safe mode and uninstalled it again using jv 16 power tools 2009. When I restarted, it was back again. Now I'm thinking it must be some type of malware. If someone can help, I will post log files. Thanks in advance.
 

Answer:mIRC keeps coming back

I am stuck. I really think it is some kind of malware. I don't know what else can reinstall itself. Anyone?
 

1 more replies
Relevance 48.79%

As the title says, whenever i start my PC, the language bar (rightclick on the taskbar->toolbars->languagebar) comes back. I can make it go away, but i have to do that everytime i start my PC...

any ideas?
 

Answer:Language bar keeps coming back- Xp Pro x64

control panel > regional & language options > languages tab > text services and input > details > pref > language bar > deselect the "show the language bar"

iirc, been a while sorry
 

2 more replies
Relevance 48.79%

hi~i've been having major problems with pop ups and being redirected to a search i don't want~computer is slower~big headache~i have my hijackthis logfile if anyone can help me out i'd appreciate it

Logfile of HijackThis v1.97.7
Scan saved at 8:48:37 AM, on 1/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
D:\iTouch\iTouch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stacy\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?session=CA70E82E-B286-42D0-AD0D-721124977930&version_id=18
O2 - BHO: (no n... Read more

Answer:clearseach keeps coming back

15 more replies
Relevance 48.79%

On scanning the computer with No Adware it keeps picking up 2Search even though I have deleted it in No Adware!The file is HKEY_CLASSES_ROOT\Interface\{0RegKey and No Adware classifies it as Dangerous.Any way of stopping 2Search? My OS is XP Pro.

Answer:2Search keeps coming back!

Turn off System Restore temporarily.

3 more replies
Relevance 48.79%

Yesterday my boyfriends computer started acting up out of no where. It'll randomly lag really bad, about every 5 minutes or so. We've narrowed the problem down to some sort of spyware that's related to Alfacleaner. He'll delete Alfacleaner, but then when the computer lags again, it comes back. I've searched everywhere and followed a bunch of different instructions (such as running Ad-aware, SpyBot, and HijackThis) and can't seem to find a way to fix it. He's even used system restore and the problem still hasn't been solved. He's using Windows XP Professional. Any help will be greatly apprecaiated.

Answer:Alfacleaner Keeps Coming Back

Have your boyfriend run a fresh HJT log and submit it to our great volunteer team of experts. The instructions for posting can be found here, and he should carefully follow the directions given:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/They will work with him to solve the problem.Regards,John

6 more replies
Relevance 48.79%

Hi,

I have tried to remove Exactsearch from my PC, but everytime I scan with Panda it says my memory is infected with it again.

My Hijack this log is:

Logfile of HijackThis v1.99.1
Scan saved at 12:21:17 PM, on 26/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\WINDOWS\Expl... Read more

Answer:Exactsearch keeps coming back

hi, Can you post the exact location of the Exactsearch item Panda says it found please?

Look in the program Results or Report from a scan where it was found and post where the item supposedly is.

One thing to try is to find the quarantine or items that were removed by Microsoft Antispyware, AdAware, Spybot or other program and delete those backed up items> Panda or another scanner may detect those.
 

3 more replies
Relevance 48.79%

Hi, I have (thanks to this forum) downloaded spybot and run a check, which removed unwanted files. however, after visiting the internet I thought I would check again and the following file appears every time I even start up IE. 'DSO Exploit'DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-21-807862539-876780862-1957817608-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3DSO Exploit: Data source object exploit (Registry change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3--- Spybot - Search && Destroy version: 1.3 ---2004-07-09 Includes\Cookies.sbi2004-07-28 Includes\Dialer.sbi2004-07-27 Includes\Hijackers.sbi2004-07-27 Includes\Keyloggers.sbi2004-05-12 Includes\LSP.sbi2004-07-27 Includes\Malware.sbi2004-07-09 Includes\Revision.sbi2004-07-02 Includes\Security.sbi2004-07-27 Includes\Spybots.sbi2004-07-28 Includes\Tracks.uti2004-07-27 Includes\... Read more

Answer:spyware keeps coming back

dso exploit is nothing to worry about.Run a check with this click here

10 more replies
Relevance 48.79%

It started with the AntiVirus 2009 pop-in the new firefox tab. So, I installed Malwarebytes and ran the test. It found a bunch of stuff, deleted it, but it all comes back within a day. If I run Malwarebytes again, it finds it, deletes it, but it keeps coming back.

I installed and ran SDFix, but upon reboot it hangs on the finishing. Also, now I get rundll errors upon startup due to this.

Please help! Thanks in advance for any help anyone can provide! Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:28 PM, on 11/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common File... Read more

More replies
Relevance 48.79%

Hi

I am working on a friends PC which seems to be heavily infected. The symptoms are they are unable to load taskmanger and msconfig as soon as you select them they disappear. CPU usage seems to be extremely high and so it is difficult to run any other programs. Also there seems to be a lot of traffic when they get on the internet.

I have tried the FAQ and running the latest versions of spy bot, stinger, ad-aware, cwshredder they all seemed to find things which then just reappeared. Even though I ran cwshredder first ad-aware still found lots of coolwebsearch stuff which caused it to crash.

I have also cleaned up the system with ccleaner 1.18 and defragmented the hard drive.

The only way I was able to run Hijack this was in safe mode as other wise it would disappear as soon as I had opened it just like taskmanager.

Any help would be really appreciated.

Kind reagrds

Deitel

Logfile of HijackThis v1.99.1
Scan saved at 17:53:14, on 24/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\userinit.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Administrator\My Documents\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explore... Read more

Answer:viruses keep coming back

12 more replies
Relevance 48.79%

I have already been through the "Am I Infected" forum and I am sure that I am but I don't know how or with what. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/305217/security-breach/ ~ OB We have run MBAM and GMER and removed some infections and the next day when I ran my Spyware Doctor, I was reinfected with two new infections. Already identified them as keyloggers and one was some type of autodialer. Anyway, I was told to run a DDS and post it here. Time for an operation, I guess. LOL I am hoping to learn something from the process. I have already learned a lot just reading and researching on my own before I broke down and came to bleepingcomputer for help. I know when something is over my head and whatever this is.....is it! Thank you so kindly for the help! Here is the DDS. I did run a GMER last night but for some reason, my system had crashed when I returned the computer so I did not have the results. If you would like for me to run another one, please advise and I will do it ASAP. DDS (Ver_10-03-17.01) - NTFSx86 Run by Compaq_Owner at 0:48:56.29 on Sun 04/04/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.ex... Read more

Answer:Malware keeps coming back.

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopCREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThanks

42 more replies
Relevance 48.79%

Hi, So I have this virus. Everytime the windows start, and if its connected to the internet before anti malware malwarebytes protection on, It will start downloading virus like crazy. MBAM can limit the virus somehow, but it still somehow allowed wuaucldt.exe and VRT***.tmp (*** is random number) and sometimes some random dll files. I also got random number dot exe and it contain w.exe, d.bin, ms.bin, so.bin. All of this happened if i connect to the internet and worse if there is no MBAM protection. I tried to remove it through registry and hijackthis, it just keep coming back. Make me think that all my exe files has been infected.I sent winlogon.exe to several online file scanner and apparently has Virut on it.I tried to use DDS.scr, but i keep getting error (0xc0000142). I tried to rename it lots of time with any name that i can think of and still the same problem. I tried to rename the file name into bat or exe, same problem.ComboFix also has the same (0xc0000142) error. Gmer works, but it keeps going to the blue screen everytime I scanned a lil longer (say more than 2 minutes). So I uncheck registry and files to make it faster. Here's the log.I also attached hijackthis log if needed. Oh, I use Windows 7, and updated MBAM.Thank you so much. Sorry for my English. I really really appreciate it.PS : Sorry for repost. I don't know why the logs is not appear in the previous post.Just in case if the log dissapear again, i copy it to here :GMER 1.0.15.15281 - http://www.... Read more

Answer:wuaucldt.exe keeps coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

10 more replies
Relevance 48.79%

Hi,Norton found the virus called Back door greybird.k on C:\windows\G_server_hook.dll.I logged on to the safe mode and deleted the G server. exe and dll file.But Norton keeps finding this virus. How can I clean the virus?Thanks very much. (Moderator edit: moved post to more appropriate forum. jgweed)

Answer:Virus coming back again and again

Symantec Security ResponseI'd recommend submitting a hijackthis log here.How to submit a hijackthis logDownload HijackthisTry running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.ziporDrWeb CureITIf your good with the command line also try Sophos Command Line scannerAlso try installing and running A2 Free and EwidoI'd also run Spybot and AdawareIf your using Win2K/XP run adaware/spybot from "safe mode with command prompt"At the C:\ prompt type the following:-cd\C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofixcd\C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

2 more replies
Relevance 48.79%

don't know how to remove trojan,keeps coming even after reformatting the c:drive and d:drive.

Answer:troj_downadjob.A keeps coming back

If you formatted the drive, it didn't come back.. you keep going to a place on the internet somewhere where this virus hangs out. Either way, go to download.com and download the program called Spybot - Search and Destroy, it will find it and kill it. From there, go into your internet history and see where the virus came from.

2 more replies
Relevance 48.79%

I'm not entirely sure what infection I have here, but I think it has something to do with the Coupon Printer my friend downloaded a while back (I'm cleaning her computer for her)It started out with a bunch of fake AV programs screaming at me to "fix all the infections". I downloaded and installed MBAM, but I couldn't run it until I rebooted in safe mode. It found 8 or 9 items and I cleaned them all. One of them was the following:C:\Users\Haley\AppData\Local\Temp\Low\COUPON~1.DLLEvery time I restart the computer and re-run MBAM, that same file shows up, no matter how many times I've tried to delete it.I thought I had fixed all the nasties because the fake AV is now gone, but I'm not so sure anymore. I'm pretty good at malware removal, but not great, so I thought I'd ask you guys to take a look.Thanks!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Haley at 0:15:15.58 on Tue 05/11/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3034.1804 [GMT -6:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Ess... Read more

Answer:Malware that keeps coming back

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

12 more replies
Relevance 48.79%

Posting here, as instructed by Orange Blossom.I run Malwarebytes Pro and I recently encountered an infection where all of my Autorun executables were being renamed to have a space before the name and another executable was being put in its place. I manually removed all of these dummy .exe's and searched the entire drive for any other .exe's with the same file size and recent modification date. I removed all I found. I've not run into any further issues similar to this.I originally removed wmpscfgs.exe and js.mui from various folders using MBAM.However, Malwarebytes Pro is popping up daily saying that wmpscfgs is infected in my Internet Explorer directory. Each time, I tell it to quarantine. Rinse, repeat. Malwarebytes continuously pops up down at the bottom of the screen saying 'Malwarebytes has blocked access to a potentially harmful website at 58.240.239.70' or something similar. The popup doesn't stay up long enough for me to get exact wording. (The IP varies, but this is the most recent pop up as of now.)I've scanned with MBAM, SASW, CWShredder... It's still happening and I'm at a bit of a loss as to how to proceed. Any help is greatly appreciated.I am running Windows 7 64 bit. I don't know if GMER just isn't compatible with the OS or what, but I wasn't able to select any of the checkboxes other than Services, Registry, Files, and ADS in addition to the C drive. It found nothing and the ark.log is empty, so I've not uplo... Read more

Answer:wmpscfgs.exe Keeps coming back

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

81 more replies
Relevance 48.79%

Several months ago I had conduit take over my browsers and install toolbars, etc. I worked through removal instructions I found online and succeeded in removing the toolbar and search hijack, and thought it was gone forever but it keeps coming back. The only symptom now is that Explorer will start using around 25% of the CPU activity, which keeps my cooling fan running, and will not allow the computer to hibernate. It also may be interfering with Flash on Facebook and some other websites, but I'm not sure about that.
 
The only way I know that this is Conduit is that when I notice the activity starting up I run MalwareBytes and it finds a Conduit file, even though I have repeatedly cleaned using that program.
 
In your forums I found someone talking about ImgBurn installing Conduit, and I did have the program, so I have uninstalled it. Also I have Secunia PSI, so it was regularly updating ImgBurn without my being able to deselect any Conduit option, so that may have been the source of the problem, but I have uninstalled ImgBurn and cleaned with MalwareBytes and Explorer is still running the CPU at about 25%.
 
Help please.

Answer:Conduit keeps coming back?

As a quick follow-up, I have just run ADWCleaner and it found a bunch of stuff related to Conduit, all of which I had it clean. And now Explorer is no longer running at 25% CPU in the Task Manager. So maybe it's gone, but I've thought it was gone before.

4 more replies
Relevance 48.79%

I have a Dell Dimension 8400 running Windows XP SP3 and I installed a new hard drive (wiped). I had some issues installing drivers and I downloaded some sort of a "driver detective" program that (I think) infected my computer with all sorts of crap. I know, I know -- I'm an idiot.

I ran Spybot, AdAware, Malwarebytes, and HijackThis. I scanned, rescanned, cleaned, rebooted several times, etc. I was able to get rid of everything (I think) except for KBDNET.dll. I can't "fix" it through HIJACKTHIS and when I delete it through FileAssassin, it comes right back after restart.

My HijackThis log is below. Can anyone help me to get rid of KBDNET.dll once and for all? Thank you!!

JC

====
 

Answer:KBDNET.dll Keeps Coming Back - Help!

You have gone thru the cleaning process just a few months back. You should know that you need to do the READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 48.79%

For the past couple weeks or so my computer has been infected. They've been all sorts of different viruses and Norton Antivirus 2006 scans, finds them, and removes them but they keep coming back. I tried doing a system restore to about 2 months ago and the problem didnt resolve itself. I've also tried using Roguescanfix and smitRem to no avail. My computer is running windows XP media center edition if that helps
Any help is appreciated. thanks

Answer:Viruses Keep Coming Back

Welcome to bleepingcomputer slicktrick689Let's try this before we go to HiJackThisRun the NAV again then do the following as you may be reinstalling the virus.Empty your Recycle Bin.NextUpdate your windows Windows UpdateNextCreate a new Restore Point:Go to Start > All Programs > Accessories > System Tools > System RestoreThen when Restore opens, select Create a new restore point and click NextGive the the restore point a name like New and clean >Click CreateThen delete old Restore points:Go to Start > All Programs > Accessories > System Tools > Disk Cleanup > Click Ok. Click the more options tab > notice System Restore > click clean up >Reboot A little extra protectionNow install SpywareBlaster 3.5.1 . QUOTEPrevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially unwanted sites in Internet Explorer. SpywareBlaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. update weekly

1 more replies
Relevance 48.79%

Hi guys!

I need help with these viruses on my computer ...
in the system 32 folder. I have w2k ..

Norton 2004 finds the virus ... usually a trojan or something and it deletes it ...

But the programs the virus puts in my computer is still here ... and i delete them (search for created dates and delete) and they pop up .. in the registry run command and in system 32 folder ... i don't know how to kill it completely ... so i'm asking if someone could help me out ... i'd really really appreciate it .. i've been trying since the first of the year!

oh ... and i have to right click scan for norton cuz norton won't open ... something is making it close cuz i see it open in task manager and disappear ...

First time here .. made an account with my used email but it didn't work ... i think norton said one of the virus also copies everything i type so ... i hope it isn't serious ....

also ... lots of people ask to put on the hijack thing on other posts that i read .... so i d/l it and tried it ... here is what i got ..

Logfile of HijackThis v1.97.7
Scan saved at 6:29:56 PM, on 1/13/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shar... Read more

Answer:HELP ! Viruses keep coming back :(

12 more replies
Relevance 48.79%

hello

I have a virus Worm_RBOT.BCQ found on file C:\windows\system32\micront.exe

I have followed to the letter the removal instruction by Trend

I have deleted the file, deleted all Registry reference to this file, deleted all temp files and Bin , all in safe mode..

The virus seems to have been deleted. but when I connect to the net, after a while , virus is detected and all is back to square one..

Please Help!! how can I get rid of this Virus forever....

Thanx
Jadan
 

Answer:virus keeps coming back

10 more replies
Relevance 48.79%

Hello--I keep running my Spyware Doctor, and every day I get a warning that I have tdlcmd.dll in my Windows/system32 file, and every day I delete it, and then the next day it's back. There's obviously something else going on here that I'm missing. Thanks very much for any help you can give me!!

Here's my Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:10 PM, on 12/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program F... Read more

More replies
Relevance 48.79%

The problem started about a week ago. A popup said there was an infection on the computer. I tryed to close the window but the popup persisted. I went thru the steps to remove malware one by one. It got rid of the popups about the infection but the other trojans that were found keep coming back after a short while. I have all the logs. Help Please!
 

Answer:Trojans keep coming back

cruiser1968 said:





I have all the logs. Help Please!Click to expand...

Then please attach them to your next reply.
 

19 more replies
Relevance 48.79%

So I've seen the other post with tdlwsp.dll but somewhere along the lines of fixing it I always see something that says script was created for this specific user so i don't follow the instructions that are given. On my computer avast detects tdlwsp.dll every so often and I delete it every time but it keeps coming back. I already ran malwarebytes,avast, and a windows defender scan but it doesnt pick anything up. Oh and tdllwsp.dll always shows up at C:\Windows\System32\tdlwsp.dll.
 

Answer:tdlwsp.dll keeps coming back

16 more replies
Relevance 48.79%

Hello all

I have recently been having a problem with trojware and viruses. I use Zone Alarm extreme security as my usual firewall/antivirus, and whenever I quarantine, delete, rename or even delete on reboot, this keeps coming back
photo: "http://img32.imageshack.us/img32/2328/serg.png" (couldn't be assed to name it so just mashed buttons, hence 'serg' )

Anyway, this has been happening for a while now, although its not just this, I have been getting other viruses, trojware, etc. and zone alarm keeps deleting them, and they keep coming back.
Another symptom, on Google chrome, when I google search something, when I click on the result, it occasionally redirects me to other search sites, where it searches the same thing.
For example, I google search "spyware removal". Click on the first result, whatever that may be, and it takes me to ask.com search results page for "spyware removal". It is not just ask.com though, it is sometimes just other weird search sites.

I have used malwarebytes anti-malware, as that is my 'big guns' antivirus, which I just use whenever zone alarm fails to take care of the problem, but although malwarebytes says it has deleted it, I always seem to find it again a few days later.

Its not a massive deal, as there is no slow down on my pc, but im just kinda nervous typing in any personal details in my browser, like banks or email, etc, because I don't know if the trojans have keylo... Read more

Answer:Trojware, keeps coming back

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 48.79%

I ran ad aware and nothing come up yet when i ran spy sweeper it found web search.i removed it but it keeps coming back here is my log any idea why
Logfile of HijackThis v1.98.2
Scan saved at 11:13:40 AM, on 9/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program F... Read more

Answer:Web Searchtool bar keeps coming back

16 more replies
Relevance 48.79%

Looking for assistance in getting rid of gosave and similiar adware that keep coming back after uninstalling in chrome and restarting. Not sure what to do next,
 

Answer:GoSave and 1 other keep coming back

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies