Computer Support Forum

Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Question: Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Relevance 100%
Preferred Solution: Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 98.4%

Junkware Removal Tool has consistnelty removed these from my Firefox user.prefs:
 
[File] C:\Users\...\AppData\Roaming\mozilla\firefox\profiles\...default\extensions\[email protected]
 
Successfully deleted the following from C:\Users\...default\prefs.js
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"pr
user_pref("browser.urlbar.maxRichResults", 5);
user_pref("extensions.SortCustomizationDialog.existingButtons", "{\"navigator-toolbox\":[\"wrapper-tphistorydropdown\",\"wrapper-FoxLingo-Galician\",\"wrapper-FoxLingo-Latin\"
user_pref("[email protected]", false);
user_pref("[email protected]", "1.1.1");
user_pref("extensions.getAddons.maxResults", 10);
user_pref("foxlingo.cm_toggle_all", false);
 
Why does it do this? I can understand it is impossible to tune for every possible Firefox add-on. Still, it is clearly removing things which are not problems.
 

Answer:Junkware Removal Tool - why does it remove non-malware Firefox settings?

They are false positives. I'll whitelist those in the next version. Thanks for bringing it to my attention

1 more replies
Relevance 94.3%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 89.79%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says "The server at topsearchfeed.com is taking too long to respond" For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 84.46%

I really need help with this malware, the main threat is somewhere hidden in my system 32 folder and it keeps making and running exe's with random worded names that slows down my computer. It corrupts some of my downloads, as well as closes some antivirus programs along with disabling my regedit and taskmanager. When i do get an antivirus to work, it doesn't pick up the main threat. Almost like it is well hidden. Please someone give me steps into removing this malware, it is really harming my computer and i do not wish to pay money just to get it fixed. It also did something to safemode so i can't access that. I can only use msconfig instead. Please help me.

Hopefully someone can help and thank you for your time

Also i can provide additional computer info if needed
 

Answer:Urgent Malware removal. Please!

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 84.46%

Hi,

I have this malware in my computer that I really can't delete. It keeps respawning and infecting anything plugged into the computer.

I see this one thread:
http://forums.majorgeeks.com/showthread.php?p=1272485

Hope I would be able to be helped as well.
Please!!!

Miss Joey.
(Thanks in advance)
 

Answer:0w.com malware removal!!!!URGENT!!!

Combofix log:
 

3 more replies
Relevance 84.05%

Okay, I posted over at MalwareBytes but nobody is helping me, so someone help please!

So brief run through.

PC has had multiple viruses and 1 rootkit in the last year, all removed successfully.

A yesterday it started acting up, and now here is what is wrong.

AVG and Spybot both show up totally clean with a system scan
ComboFix and GMER don't do anything and GMER won't even run now.
GMER found this, highlighted in red, HIDDEN SERVICE [BOOT] cbnosn.sys
MalwareBytes won't open, runtime error 372
All desktop icons are stuck and you can't drag anything
Cannot copy/paste most text
Taskbar doesn't have windows for programs
Can't System Restore!!
CryptSvc will NOT run
Network connections won't show
Cannot even manually start processes
services.msc Window is all funky

Pretty much all signs of a rootkit or something.

I don't know what to do! PLEASE HELP!

Answer:HELP! Rootkit/Malware activity, CANNOT RESTORE/REMOVE!

Hello.Please follow the instructions in This Guide starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.~Blade

5 more replies
Relevance 83.23%

I have malware "MA removal tool" infected on my computer. I can only run in safe mode. I was told to post my log file, here it is: (I also attached it if that's easir to read)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:42:45 PM, on 4/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105774... Read more

Answer:ms removal tool malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

5 more replies
Relevance 83.23%

The Malicious Software Removal Tool is used for malware removal. Stay up-to- date with anti-malware software to protect your Windows computer.How to Run a Malware Removal Tool?
 

Answer:How to Run a Malware Removal Tool?

I'm sorry, a little confused as to what you are trying to say here, or if you require assistance? Let me know. Thanks.
 

1 more replies
Relevance 83.23%

XPHome SP3 FF3.6.16.
The above has de-activated my C drive with the (apparently) usual side effects. ie all applications dead.
Luckily I successfully re-booted to my Q internal clone on same PC and ran Malware Bytes free and SAS to do a full scan on C.
Also used my usual Eusing registry cleaner.
None of them found anything.
Have searched application data on C for any traces as per a Google search--nothing found.
Re-booted from Q to C, but no change--all dead.
Any further help would be appreciated.
Have not yet all restore points.
Thanks.

Answer:MS Malware Removal Tool help

'not yet removed all restore points'.

10 more replies
Relevance 83.23%

I have used the malware removal tool on a monthly basis when it became available. the second tuesday of each month. Plus I have security essentials on schedule to run every sunday @3:00AM. The last time it scanned was 12/2015. What is going on here?

More replies
Relevance 83.23%

I'm curious about mrt. Does it ever get updated? Or is it just static. Appears to be useful but it could become out of date and therefore not as effective.

Answer:MS malware removal tool

I got an update today.

3 more replies
Relevance 83.23%

my laptop has been infected with some kind of malware. pls see the hijackthis & smithfraudfix (didn't work) log & suggest some action

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:50 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32�... Read more

Answer:Removal Tool For Malware

Since you are being helped herehttp://gladiator-antivirus.com/forum/index...170&t=59603and http://forums.cnet.com/5208-6132_102-0.htm...ssageID=2567112and http://forums.spywareinfo.com/index.php?sh...p;mode=threaded and http://72.14.253.104/search?q=cache:dG3h_D...;cd=2&gl=usI am closing this post. Quad posting wastes Hijackthis helpers time and backs up the log!

1 more replies
Relevance 82.41%

My computer is bizarrly slow and not allowing me to open different programs.

I need help desperatly . Posted early but no reply.

My Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:37 AM, on 3/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\VPC32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Larry\LOCALS~1\Temp\Temporary Directory 2 for HiJackThis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ycomp/defaults/sp/*http://ca.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ycomp/defaults/su/... Read more

More replies
Relevance 82.41%

Alrightly. I'm new here. As can be seen by my stats or whatnot, however, for the last i'd say - two or three days and nights, i've had a severe battle on my hands. I mean the 'Bloody Castle' of Devil May Cry 3 on Heaven or Hell mode, one hit kill kind of aspects.

Firstly, the symptoms. Well, to put it bluntly, a crapton of virus/trojans and malware =D And I mean a -crapton-. At first, it was a random anti-virus rogue program, that generally malwarebytes, AvG and WinPatrol took care of. But just last night, it seemed like I said, it switched to the Heaven or Hell mode. I lost absolutely everything. My Admin rights. My EXEs stopped function. My Task Manager. Access to my Registry. My Internet Explorer -and- Firefox. The effin works. I mean absolute works.

Now. After playing hopscotch between my computer and my grandmothers computer and surfing around, I found general fixes to allow me said functions. And they worked. I have access to everything again, even Admin rights. However, even I know the damned thing isn't gone. As WinPatrol continually flips out and asks me to block craptons of things and the like.

I don't have HiJackThis!, buuuut I do have Combofix (latest), AvG and Malwarebytes all updated and the like. And I managed to keep said logs. From Combofix, Malwarebytes, VundoFix..ect ect.

Now, I know it was probably ill-advised at running the likes of Combofix without being told to, however - it seems to have helped -somewhat-. As in i... Read more

Answer:Urgent Help Needed! At Wits End! (Malware Removal)

Oh and here's the log of what the AvG 9 Residential Shield detected and the like. I don't know if it will help or not, but yeah..i'm guess whatever logs I can possibly spare will shed more light onto the situation, what virus is trying to bend me over a barrel and so forth.
 

2 more replies
Relevance 82.41%

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Jim at 20:55:39 on 2011-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.999.442 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\W... Read more

Answer:Infected with ms removal tool malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

11 more replies
Relevance 82.41%

My neighbor asked my help in dealing with a problem on his Windows XP desktop. I discovered that his system was infected with WinPC Defender malware. I Googled and found bleepingcomputer's MBAM removal tool. Since the incessant popups on my friend's system prevent or impede a lot its functionality -- including getting an uninterrupted internet connection for a direct internet download! -- I decided to try using my own PC to download MBAM to my HD, and then copied it to my optical drive onto a blank CD-R disc.

My first question to the forum members is: Can I successfully install the CD-stored MBAM tool to my neighbor's PC as an alternative to the internet download method?

Note: If this method is deemed to be an effective alternative, then I should also mention that I planned to install it to my neigbor's PC while in Safe Mode.

My second question then is: Will the Safe Mode installation be possible -- or better yet, helpful?

Please help me help my neighbor! Thanks.

Answer:MBAM malware removal tool

Yes, it will work
Mbam is best run in normal mode, if possible

5 more replies
Relevance 82.41%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 82.41%

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Starter , 32 bit
Processor: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, x64 Family 6 Model 28 Stepping 10
Processor Count: 2
RAM: 1013 Mb
Graphics Card: Intel(R) Graphics Media Accelerator 3150, 256 Mb
Hard Drives: C: Total - 137586 MB, Free - 113434 MB;
Motherboard: Dell Inc., 0P9MDV, A07, .8WQZ2M1.CN12961049114B.
Antivirus: avast! Antivirus, Updated and Enabled

My daughter's Netbook keeps getting a pop-up warnings by the MS Removal Tool on the taskbar stating that files are infected. Keep closing the warning and it keeps popping back up. Prompt to purchase the MS Removal Tool.

Is this malware?

She has Avast, which was not up-to-date. I have downloaded the update and am running a full scan. Pop-ups have stopped. Ran HijackThis, which gave a warning about sytem denying access to the hosts file. I clicked. ok. HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:44:39 PM, on 01/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\... Read more

Answer:MS Removal Tool Warnings - Malware?

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Zata boa at 19:25:54.84 on 01/05/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1013.123 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhanc... Read more

2 more replies
Relevance 82.41%

Just saying hi to everyone. I use Bleeping Computer with a lot of my malware issues. I'm tech support for a large office, and believe me, with people get infected all the darn time. Mcafee and even the new Norton, is not enough for protection. I'm curious to see if there is such a product on the market that will stop say 98% of all intrusions. I'll be looking over the forums to see if anyone has found such a thing, and what it cost. Thanks to the guys/gals for having this site, you are appreciated.

Answer:Looking for a the best Malware detection/removal tool

Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. For more specific information to consider, please read Choosing Your Anti-virus Software and How to choose a firewall.No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic a... Read more

1 more replies
Relevance 82.41%

Hello,

Does anybody know a good product for a MacBook Air that will remove malware, pop-ups and unwanted webpages randomly popping up on my machine?

Thank you!
Dawn
 

Answer:Good Malware Removal Tool for MAC?

Are you running Windows on it? Norton is a good AV for it.
 

14 more replies
Relevance 82.41%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 81.59%

Anyways, sorry for the dramatics, I just need some help with this, and I hear this site is the place to look:

My taskmanager has something wrong with it:

-I cannot access it via ctrl +alt+del,

-I cannot access it by right-clicking onto the taskbar.

-I cannot access it through "run: taskmgr.exe"
When I try to use the run: program, it tells me

"another program is currently using this file"

I have called the tech-support people for my school, and they suggested I get something called "Hijack This v1.99.1" I did that, and I ran it. Now, I have a log file of all the programs it found. I would really like any and all available suggestions on what the spyware/malware in question is, and what I should delete. This is the log file:



Logfile of HijackThis v1.99.1
Scan saved at 12:33:47 PM, on 10/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\Documents and Settings\John E. Dell 2\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe


O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto


If any one could help, I would really, really appreciate it. It is messing with my other programs as well. I am having trouble running games, I am having difficulty with just about every regular program as a matter of fact. Thanks so much.

-Ungoliant
 

Answer:Please, Urgent Help Needed - SpyWare/MalWare Removal Problems

You should be locked away!
NO antivirus
NO firewall
NO service packs or updates

Follow these instructions EXACTLY and put HijackThis in e.g C:\Program Files\HJT and NOT in Temp or on the Desktop!.
Read: How to remove Begin2Search/Coolwebsearch and Other Nasties

Then Read: How to post your Hijackthis log-files as an attachment.
 

6 more replies
Relevance 81.18%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 81.18%

Hi all,
 
I would like some help on understanding what kind of software I can use to remove malware from my Toshiba notebook. I read that I could use RKill and I downloaded it from your site, but when I click on it,  it just tells me 'No run action specified for files of this type (application/x-ms-dos-executable) - you can set run action from the File Menu or you can just drag the file to an application'. A second window appears asking me to provide a shell command, when I click set run action. Note: I am a complete novice and have no idea what I'm supposed to enter there.
 
To give you a brief summary: I currently use Windows 7 Home Basic x 32. A while back it got badly infected and the only way to access any of the information on my computer was to use a Puppy Linux CD. 
 
Puppy Linux is wonderful and does what it's supposed to do, however I can't seem to get a decent malware program to run on it. Please advise me.
 
Many thanks for your help.
 
 

Answer:Best malware removal tool for Puppy Linux

Are you trying to run RKill when you booted from the Puppy Linux CD?
 
This will not work, RKill is an executable for the Windows OS, not for the Linux OS.
 
It sound like your PC is still infected? In that case, I suggest you read the pinned posts in "Am I infected? What do I do?" and then post about your infected PC there.

1 more replies
Relevance 81.18%

Hello everybody!
My security software (Bitdefender Internet Security 2014) detected a virus inside the .exe file of JRT (Virus Name: MIDAS3) and removed it from my system immediately.
Virus Total report also shows some malware detection coming from other AV software.
BIS 2014 usually doesn't make blunders from this point of view, since it's known to have a very low FP rate detection. What do you make of it, dudes?
It's strange because previous JRT versions never gave me any trouble, meaning they were always clean.
It would be great if someone of you could report my comment to the JRT developer, in order to clear up this issue once and for all.
 
Thanks in advance.
 
 

Answer:Junkware Removal Tool (JRT) malware detection!!

It's obviously false positive.
Report it at BIS forum.

2 more replies
Relevance 81.18%

Hi Friends what is the best free antivirus or malware removal tool you have been using or used
 

Answer:Best free antivirus and malware removal tool

Moved to software. Not seeking actual malware removal.
 

3 more replies
Relevance 81.18%

Can you help me determine which malware removal tool/program I need. I need to download to my computer to a flash drive to run on my friends infected computer. I believe his browsers have been hijacked and fake spyware was installed along with a few other programs that are questionable. He has been using his computer without any anti-virus and downloading programs from the internet. Like myself he is an elderly gentelman and didn't know about internet safety, malware or viruses. He is fairly new to computers and is a novice internet user. I looked over his computer and other than a few fake spyware programs and his browser redirecting his search results, I believe the level of infection may be minimal but I don't know for sure. After spending most of the day explaining how the internet works  along with the do's and don'ts and safety, I now need to clean up his computer. I have AdwCleaner/ Aut2Exe on a flash drive along with the free version of Malwarebytes. I have purchased Webroot SecureAnywhere for him because that's what I use and have been pleased with it.
 
My first question is should I clean up the malware first before installing Webroot or try to install it first and let Webroot clean it up? My experience has been, although Webrood is a good anti spyware blocker, it doesn't do that good of a job removing malware already installed. Thanks to BleepingComputer I found AdwCleaner did an excelent job and most of the time that's all I needed to do to clean it up. ... Read more

Answer:Need help determining which malware removal tool to start with.

List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware or get a second opinionList of Anti-virus vendors that offer free LiveCD/Rescue CD utilitiesWith most Adware/Junkware/PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features (Add/Remove Programs) in the Control Panel or an alternative third party uninstaller like Revo. In many cases, using the uninstaller of the adware not only removes it more effectively, but it also restores many changed configuration settings. After uninstallation, then you can run specialized tools like Malwarebytes Anti-Malware, AdwCleaner and JRT to fix any remaining entries they may find. These tools typically find and remove related registry entries, files and folders to include those within the AppData folder and elsewhere.As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert (see here) who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individu... Read more

3 more replies
Relevance 81.18%

I am stuck at the point where you need to choose a program that will 'open' the tool. I don't have a clue, but have tried some with no success. Would appreciate the info. Thanks, {redoak}
 

Answer:Solved: How to 'open' Ms' malware removal tool

16 more replies
Relevance 81.18%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 81.18%

Can anyone suggest a free malware removal tool that is trustworthy. I am have a "redirect" problem.

Thank you
ech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) II Dual-Core M300, x64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 2812 Mb
Graphics Card: AMD M860G with ATI Mobility Radeon 4100, 256 Mb
Hard Drives: C: Total - 295635 MB, Free - 122230 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: Avira Antivirus, Updated and Enabled
 

More replies
Relevance 81.18%

I was originally infected with a virus that kept stating that I needed to purchase Antivirus 2008 PRO. I used the Malwarebyte's Anti-Malware software to remove the software that it requested as was suggested to do so in another thread. However, I am now receiving messages in my browsing window (IE) that say "Insecure Internet activity. Threat of virus attack". I also have some new processes running in my Task Manager (which takes incredibly long to open as well).My HiJack This Log is posted below because I am not sure which processes need to be removed, etc.Anyhelp at all is greatly appreciated thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:42:45 AM, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Citrix\GoToMyPC\g2svc.exeC:\Program Files\C... Read more

Answer:"insecure Internet Activity. Threat Of Virus Attack" Have Tried To Remove Malware!

Hello Perfectdeuce and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comp... Read more

2 more replies
Relevance 80.77%

I have a dell inspiron 1720 and with windows Vista.

The sound on my computer keeps turning off and i have to turn it on by right clicking on the task bar and selecting the audio device. However, it turns of within a couple of minutes.
Also on the task bar it says i am not connected to a network even though i am connected to the wireless network.
I also have a windows security centre alert saying security centre is off.. I click turn it on and Maleware protection is red and says check settings.
Even though my AVG is uptodate it says no programs found. It says spyware protection is off and when click to turn it on I get a messege saying " There are no new deffintions available to download for windows defender"

I also keep getting a messege saying " Host process for Windows services stopped working and was closed"

I've updated AVG and run scans however it does not detect anything ..

I am overseas so i do not have any of the cd's that came with my laptop.
Please help.

Here is the log from Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:40 PM, on 1/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\... Read more

More replies
Relevance 80.77%

Hi,

This afternoon, I opened my windows explorer program and an alert message from my Mcafee Program popped up. It says that it has quarantined a trojan known as 'New Malware.J'.

The filepath affected is - "c:\windows\system32\sysinfo.exe".

I ran Hijack This to generate the log file. Can someone advise me how to remove this trojan from my computer system? I don't want to just quarantine this trojan. If it's possible to remove it totally from the system, I want it out immediately.

Here's the log file generated from Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:06 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\... Read more

Answer:Urgent Help Needed to Remove 'New Malware.J (Trojan)'

10 more replies
Relevance 80.36%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 80.36%

I personally find it odd that Bleeping Computer does not make the contents of their malware removal training program publicly accessible. Keep in mind that I am not talking about the 'training' aspect of the program, but rather the documentation. Would it not be beneficial to the community as a whole to provide a publicly accessible, read-only archive of these training materials? Why create detailed documentation for specialized removal tools, but then hide them away from the public? Why do all UNITE schools not want to make the information public? Sharing this information would allow interested people to acquire a new skill without the associated time constraints of a training program.
 
I'll admit that I was in the training program for a short while, but I had to stop because of time constraints. I really enjoyed reading the information provided to members of the program and feel that it would be an amazing addition to the community if this information were publicly available for anyone to study (minus the interactive content, like exercises, of course). I'm not trying to sound rude or demand anything, but it seems odd that a community focused on sharing knowledge would not want to share an entire library with the public.
 
I vote for a "Bleeping Computer Public Library". ;)

Answer:Specialized Tool Documentation (Malware Removal Information)

Hi Kaosu I doubt it's going to happen. Just think about what would happen if all the training material was made public. You would see all the malware authors lurk BleepingComputer in order to understand how they proceed to do malware removal, how they know where to look, how to remove infections, etc. This would result in more advanced malware that would be way harder to remove and more "intelligent" malware author. Also, the training is meant to be done under supervision and if a user was to try to complete it alone on his own system and was to run the wrong tool or wrong command, he could end up messing up his whole system. I'm not part of BleepingComputer's Staff, nor Academy (I'm from GeekU) but I can tell you that it'll never happen. OTL and FRST tutorials are already public from their respective author's wish, so there's that.

11 more replies
Relevance 80.36%

I was requested to post this hijack log from over here: http://www.bleepingcomputer.com/forums/t/214638/malicious-software-removal-tool-malware-trojan/Here is a summary of my problem (same as in the other thread):"...I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found ... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

13 more replies
Relevance 80.36%

Yesterday, my computer was infected with anti-vermins malware. I executed a system restore to a point earlier in the day before the infection. It seems as though that solved the problem. There are no more "warning messages " or "system alerts" on my taskbar. Is the problem solved by the system restore or is it still necessary to use malware removal tools? Any advice would be greatly appreciated.(Moderator edit: moved post to more appropriate forum, added topic description. jgweed)

Answer:System Restore As A Malware And Trojan Removal Tool

It is a good idea if ou run an anti-virus program

1 more replies
Relevance 80.36%

Hi,I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found no infection (it automatically detected some trojan horses and quarantined them during the time I got infected - DWHE420.tmp, 49c2da87.tmp & DWH8AF4.tmp), then did a Spyb... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Welcome to BC--------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results... Read more

12 more replies
Relevance 80.36%

Yesterday, my computer was infected with anti-vermins malware. I executed a system restore to a point earlier in the day before the infection. It seems as though that solved the problem. There are no more "warning messages " or "system alerts" on my taskbar. Is the problem solved by the system restore or is it still necessary to use malware removal tools? Any advice would be greatly appreciated.

Answer:System Restore As A Malware And Trojan Removal Tool

Are you referring to the AntiVermins [rogue] software?In order to answer your question if your problem is solved, you will need to post a HijackThis log. If you don't have HijackThis, then download the current version from here and save it to a convenient location. This is a self-executing file, so just double-click the file and it will install itself in its own folder in Program Files.Double-click onto HijackThis.exe, click "Do a system scan and save a logfile" and copy/paste the log into your next reply.

11 more replies
Relevance 80.36%

I am trying to download the windows malware removal tool but it doesn't let me .what do i do?
 

Answer:I am trying to download the windows malware removal tool but it doesn't let me.

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to s... Read more

1 more replies
Relevance 79.54%

Gauss is a project developed in 2011-2012 along the same lines as the Flame project. The malware has been actively distributed in the Middle East for at least the past 10 months. The largest number of Gauss infections has been recorded in Lebanon, in contrast to Flame, which spread primarily in Iran.
Functionally, Gauss is designed to collect as much information about infected systems as possible, as well as to steal credentials for various banking systems and social network, email and IM accounts. The Gauss code includes commands to intercept data required to work with several Lebanese banks - for instance, Bank of Beirut, Byblos Bank, and Fransabank.

Check online if your computer is infected with Gauss malware in a few seconds by going here. Download the Gauss Removal Tool by Kaspersky here.
CrySyS have also introduced a web-based method to check your system for Palida Narrow. Their test webpage is currently available here: http://gauss.crysys.hu.

Answer:Gauss malware: Check if your PC is infected - Download Removal Tool

Thank you for this great tweaker.

1 more replies
Relevance 79.54%

Tnx in advance. This is my first post. I had been observing following weird behaviors: 1. When connected to ADSL it keeps downloading things which I do not see at all. It happens only at my office IP address. 2. It reboots as soon as I try to install IE7. 3. It reboots at times when I run MRT.exe (Microsoft Malware Removal Tool) I am currently using: XP PRO sp 2 Kaspersky AV 6 Trying to install: IE7 from Microsoft Website So far: I had downloaded rootkitrevealer and renamed it to nailsetter.exe. Ran it and following is the txt output:
HKU\S-1-5-21-1960408961-287218729-839522115-500\RemoteAccess\InternetProfile 11/19/2006 12:20 AM 9 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 8/31/2006 1:13 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/31/2006 1:13 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 12/8/2006 11:58 AM 0 bytes Access is denied.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxgbkhh6.default\Cache\1C18D5C1d01 3/18/2007 4:50 PM 16.46 KB Hidden from Windows API.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxgbkhh6.def... Read more

Answer:Bosd: Lzx32.sys While Installing Ie7 & Microsoft Malware Removal Tool

Download RustBFix from one of the following locations...http://www.uploads.ejvindh.net/rustbfix.exehttp://uploads.ejvindh.andymanchesta.com/Rustbfix.exe...and save it to your desktop.Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (C:\avenger.txt & C:\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.

17 more replies
Relevance 79.54%

Hi,
Over two years since my last thread asking for help. Glad you are still here.

I was hit with the System Tool scareware yesterday. I did not fall prey to their scam and did not download their bogus program. However, I kept getting the popup screens warning of the virus and performing the bogus scams which I immediately closed.

I downloaded Malwarebytes Anti Malware onto a thumb drive on my laptop then installed it on my desktop and ran a complete scan. I did not update the software at that time because System Tool had disabled my internet. I was told the version I had was 23 days old. I ran the full system scan on all my drives. If found two files on my C drive and 3 files on my O drive. C drive contains my OS and program files. O drive is an external hard drive where I store all my files, word and excel docs, pics, mp3's etc. I delete the five files using the Malwarebytes program, but the System Tool is still affecting my computer.

System Tool was still in my software list so I uninstalled it. I still have the System Tool warning which has overtaken my Desktop wallpaper. And I still get the bogus virus warnings and bogus scans on my desktop. Below is the DDS.txt and the Attach.zip is attached.

Thanks in advance for any help. This forum has saved my butt before. You guys/gals are awesome.

I run XP with service pac 3


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Administrator at 14:46:59.90 on Thu 01/13/2011
Internet Explorer: 7.0.5730.11 BrowserJ... Read more

Answer:Malwarebytes did not remove System Tool malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who ran OTM on this machine? Are you receiving help elsewhere?

Did you try updating MBAM in Safe Mode with Networking? Are you able to connect in Safe Mode with Networking?

I need to see a gmer log in order to help you. If necessary, use your thumbdrive as you did with dds.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------

16 more replies
Relevance 78.72%

With the recent acquisition of the popular Junkware Removal Tool software, Malwarebytes has added another string to its security bow. Although, I guess it?s really a case of strengthening an existing string rather than adding something new. Although not sporting a traditional GUI and purely a command line tool, Junkware Removal Tool has proven to be a popular download among those wanting to rid their computers of unwanted crapware.Click to expand...

http://www.davescomputertips.com/ma...um=email&utm_campaign=Weekly+Recap+Newsletter
 

More replies
Relevance 78.72%

This thing has attacked our computer today and the regular guys (ad aware, spy-boy ccleaner, avast) are not working. Please help!!!!
 

Answer:A bit slow and Google Tool bar problems after hpmon.exe removal: HJT and Malware logs

7 more replies
Relevance 78.72%

i was having the same issue JB123 was having:
Malware issue, now mshelper.dll cannot load cleaned comp but now cannot connect, did all of the netsh s, winsockfix,lspfix etc but issue still exists. 2 hrs with HP support and thats like torture and they just said to reformat... is there any fixing without the latter ??
still no default gateway listed or valid IP either

HP g7
W7 Home

Last edited by jb123; 25-Jul-2011 at 08:18 PM..

Would like to know what the resolution was to his fix if there was one

 

More replies
Relevance 77.9%

Hi all, and a pre-thanks to anyone who can try and help me.My desktop computer has been compromised. This is my symptoms:Can only start in Safe Mode without Networking. Any other boot try endsin a blue screen dump, and restarts itself. It will start in safe mode fine.I have used Malwarebytes software and ran full scans 3 times in safe mode. It did pull upthe Antimalware Doctor virus, but it still is not working correctly. Still won'tboot up normally. I did use Rkill before I used Malwarebytes.I have done a restore to the earliest date, did not help.I am posting from my laptop, I did the prep scans and have them ready. This isthe only way right now I can work it, as I cannot even get the other one onsafe mode with networking. I hope this works.Attach file:UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 6/30/2010 3:39:25 PMSystem Uptime: 10/3/2010 10:31:05 AM (0 hours ago)Motherboard: Dell Inc. | | 04GJJTProcessor: AMD Athlon™ II X4 630 Processor | CPU 1 | 2800/200mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 688 GiB total, 605.892 GiB free.D: is CDROM (CDFS)E: is RemovableF: is RemovableG: is RemovableH: is Removable==== Disabled Device Manager Items =============Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: McAfee Inc. mfehidkDevice ID: ROOT\LEGACY_MFEHIDK\0000Manufacturer: Name: ... Read more

Answer:Malware Removal - Can't Remove

You can close this thread out, as Dell is sending me a new hard drive with the operating system installed.Thank you for this forum tho, and your time.

2 more replies
Relevance 77.9%

This Malware Removal Bot has completely corrupted my computer. I cannot run or scan with Malewarebytes at all.
I cannot even start my mozilla firefox. Luckily IE is working.
Can someone please help me. I will appreciate your help.

Answer:How to remove Malware Removal Bot

Any help is appreciated.

7 more replies
Relevance 77.08%

hello!

can you tell me please which tool/software can fully remove MyWebSearch malware/virus/trojan ?

there is no entry for it in Add/Remove Programs under my Win7

thanks!

Answer:which tool/software can fully remove MyWebSearch malware/virus/trojan ?

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 77.08%

I downloaded a program that looked legit but had all the bells and whistles of downloading something WRONG.  I aborted installation but still ended up with a default search engine on my Firefox browser called "SearchflyBar3"  I uninstalled everything that was downloaded....and even did a system restore back two days to get rid of it.  The time I opened Firefox it was back.  I tried a search on the name "SearchflyBar3" and nothing was returned.  The only way I could proceed was to go into Firefox private browsing to find Bleeping Computer.com for help.  If I am in Firefox private browsing, I cannot access any of my regular "saves" without having to reinter my user name and passcode.  I don't want to do that, so I'm stuck with limited use of my computer.Any help would be appreciated.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum, due the absence of malware logs included in the topic. ~ Animal

Answer:Malware removal help - How do I remove "SearchflyBar3" ?

Download AdwCleaner -->http://www.bleepingcomputer.com/download/adwcleaner/Open it and press Delete. Follow the instructions...

2 more replies
Relevance 77.08%

Hi,

Thanks to Twin Headed Eagle, my PC is now clean. However I have the following programs I just can't seem to uninstall.
aswMBR, JRT, FRST, and shadow explorer
I have tried the "add/remove program" utility but they don't show up
I have tried http://www.avast.com/uninstall-utility It doesn't find aswMBR
I have also tried http://www.revouninstaller.com/ It doesn't find any of them
The last 2 I downloaded from the article http://malwaretips.com/threads/list-of-uninstallers-and-removal-tools-for-antivirus-software.299/

Can anyone help me uninstall these please?
 

Answer:How do I remove malware removal programs?

Sorry, i overlooked that.

? The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
Remove disinfection tools
Create registry backup
Purge System Restore
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.
 

4 more replies
Relevance 76.26%

What is Best Malware Protection?

Best Malware Protection is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. This rogue adds a proxy server which prevents the user from accessing the internet. To remove this proxy server, start Internet Explorer. Under Tools, select Internet Options.

Select the Connections tab. Then click on LAN Settings.

Un-check the boxes under Proxy server if they are checked. This will remove the proxy server and allow you to use the internet again.

For Firefox users, go to Tools > Options > Advanced tab > Network > Settings > Select No Proxy

2. After getting rid of the proxy, restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

3. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, tr... Read more

More replies
Relevance 76.26%

I have been working on a computer for a co-worker this weekend. It was loaded down with Malware, Trojans, and ad pop ups. Cleaned it with smitfraudfix, spybot S&D, and ran AVG on the computer. Also went ahead and ran CCleaner.

No more pop ups, computer is running good, but whenever windows starts it ups up a RunDLL error of "Error loading C:\Windows\system32\gosofuwu.dll The specified module could not be found"

Autoruns has two things listed pololotanu for the gosofuwu and Lekme for another dll it is loading on startup. I have never heard of these and can not find references online so I believe they were assocatied with the adware.

If i uncheck them in msconfig they come back (tried in safe mode also), if I delete their registry keys they come back, if I remove them with autoruns they come back.

Can you guys and gals think of anything else to try? It's a tiny bit frustrating and annoying to have that popup after the problem has been fixed.

Answer:Adware/Malware removal, cannot remove dll from loading

Go thru my guide

1 more replies
Relevance 75.85%

Ran a pcpitstop scan last week as my pc is becoming increasingly slow (particularly when it comes to opening web pages). The scan showed that the pc is infected with Kollah, trymedia as well as various others. Started searching for solutions on the web, and subsequently installed Malwarebytes, HijackThis, Superantispyware, etc (already had spybot S&D) Malwarebytes and hijackthis would install but refuse to run. I found this forum, and followed the READ AND RUN ME FIRST Malware removal guide - to the letter.
Superantispyware scanned ok, but didn't find anything.
Malwarebytes won't run.
Combofix gets to stage three and then i get the BSOD and have to crash and restart.
Rootrepeal and MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.
Incidentally, Spybot S&D and Adaware both don't find anything more sinister than a few tracking cookies.

I'm losing the plot now!

I have attached logs as instructed. Would really appreciate any help that you can give me!

Thanks
 

Answer:Trojans/malware blocking virtually every malware remover tool

Welcome to Major Geeks!





badlydrawngirl said:





MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.Click to expand...

It is not in the MGtools folder. See the instructions which said it would be in the root folder of your Windows boot drive. i.e., C:\MGlogs.zip

We need this log to even begin.

Why are you attaching instructions for using SDfix?
 

10 more replies
Relevance 75.85%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

10 more replies
Relevance 75.85%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

0 more replies
Relevance 75.44%

Hi everyone...I am getting ready to follow all the steps in your tutorial to clean up my system. I had been using spybot but couldn't run some of the programs they asked me to without locking up, so I have uninstalled spybot and am starting over.

My question is...if there is a root kit...would it also be on the external harddrive that I use for backup? It is always connected and backs up with Norton. Should I disconnect from it before proceeding or does it not matter?

Thanks!

Answer:remove external hard drive before malware removal?

If you have a rootkit...you ought to be posting at BC Am I Infected Forum, as a first step to attempting to overcome it, IMO.Louis

10 more replies
Relevance 75.44%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 75.44%

Hi All and Brian
 
I have moved my issue to the correct spot as requested.
 
All of a sudden I had Antivirus Security Pro flash up and tell me a had a whole heap of virus' and that people on the net could see me via my camera (my camera light was consistently on).  I suspect I got this from a dodgy site I visited (which obviously Microsoft essential did not pick up)
 
I following the instructions from this site http://www.bleepingcomputer.com/virus-removal/remove-antivirus-security-pro which appear to have removed most of it but I still have the following issues.
 
No matter what I download the virus windows comes up and deletes the file and secondly
And I could not find Microsoft Security essentials to uninstall. 
 
I have tried a Microsoft programme to try and remove/rectify  Microsoft Sec Essentials but it seem to still be there because I cannot install any new anti virus program (I have tried reinstalling MSE and even Trend but to no avail)
When I try and install MSE I keep on getting the 0x80070643 error
 
I have been contemplating doing a complete reformat??
 
 

Answer:Cannot remove Microsoft Security Essentials after malware removal

You are probably infectec with ZeroAccess rootkit.Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Follow this guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 74.62%

Please help me How to Remove  Virus,Trojan and Malware on my computer.

 

Answer:How to Remove Virus, Trojan, Spyware, and Malware Removal Logs

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.     HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to you... Read more

2 more replies
Relevance 74.62%

What is Palladium Pro Malware

Palladium Pro Malware is a fake system software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This are some screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2.Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Double-click Malwarebytes Anti-Malware-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download and install the latest ... Read more

More replies
Relevance 73.39%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 72.98%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 72.98%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 72.57%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 72.57%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 72.16%

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

Answer:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

2 more replies
Relevance 71.75%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 71.75%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 71.75%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 71.75%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 71.75%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 71.75%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 71.34%

My Acer Aspire 3400 G with WIN 7 Pro wont update Defender or the Malware Removal tools, Ive scanned for Virus, etc none found, dont believe thats the issue, seems it stopped updating Defender and the Malware Removal tool after a Online service I had to have performed...was something turned off I can check, Ive tried singular updates, etc, read the error codes and trid FIX IT, Trouble shooter...Suggestions...Recently upgraded the WIN 7 HOME to PRO....didnt solve the issue....

Answer:Malware Removal tool Updates, Defender updates won...

I use free version of MalwareBytes as well as Windows Defender.Select custom scan. Make sure the "root kit" box is checked.https://www.malwarebytes.org

7 more replies
Relevance 71.34%

Hi Everyone,

First, I want to point out that not a single method currently posted online that I am aware of works when trying to remove Yoog Search Malware. I tried every single one (which takes a lot of time) and they all failed, so this tells me either experts are not taking this serious or they are presently unable to select a generic system for its removal that works.

I am happy to say that I did finally remove Yoog Search Malware from my system and although it seems a long winded way, when compared to the time used in trying alternative ways it proves to be one of the more efficient ways in the long run. It also finds many Malware programs that my current security software missed and therefore was well worth it.

Steps 1 - Open Firefox and click Bookmarks/Organise Bookmarks.

Step 2 - Click Import and Backup and select ‘Backup’. Choose the destination for saving this file and click ‘Save’.

Only Do Steps 1 and 2 if you want to save all your current ‘Bookmarks’ and ‘Bookmark Folders’ otherwise you can skip this part.

Step 3 - Uninstall Mozilla Firefox - Control Panel/Add Remove Programs/Mozilla/Uninstall.

Step 4 – Now remove all traces of Mozilla Firefox from your system - My Computer/C:/Documents and Settings/Admin *or whatever your System Username is*/Application Data *(if this is hidden click folder options and tick the box that says show hidden folders*/Mozilla/Delete this folder if it is still there.

Step 5 - Remove any other Mozilla Files - Click Sta... Read more

More replies
Relevance 71.34%

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

More replies
Relevance 70.93%

Hi. There is something going on with my computer, can't get on internet and many pop up messages, and I have tried to run MBAm. When I click on "Remove Selected" it starts doing the removal but then a box pops up with "Malwarebytes Anti-Malware has encountered a problem and needs to close." There are three boxes to choose to click on...Debug, Send Error Report, or Don't Send. When I click on Debug I get a new pop up box with "DrWatson Postmortem Debugger has encountered a problem and needs to close". Same three boxes to choose to click. I click on Debug and then get a pop up box with "Microsoft Visual C++ Runtime Library. Runtime error. Program:C:\Windows\System32\svchost.exe.

I have multiple pop up boxes coming up when I just log on:

dsca.exe-Application error

27578134.exe has encountered a problem

Sysfader:IEXPLORE.EXE-application error. Instruction at "0x03a0bdd9" referenced memory at "0x03a0bdd9". The memory could not be written. When I click "OK" to terminate this it came up with multiple other boxes with different numbers...0x0403bdd9,0x03eabdd9,0x0455bdd9,0x053abdd9.

ctfmom.exe Application error

Data Execution Prevention-Microsoft Windows...to help protect your computer Windows has closed this program: Internet Explorer.

I am unable to get on the internet from my computer and am currently using my husbands laptop to post.

I would appreciate anyones advise or help.... Read more

Answer:Malwarebytes Anti-Malware unable to remove selected malware

I would try logging in to safemode with networking and then run the scanfrom there. To log in to safemode gently tap the F8 key as the computer reboots and then select safemode with networking from the list. If you are able to run the scan in safemode then there's probably some infection that was preventing it from runnig in the regular Windows mode. If not then there may be a problem with the Malwarebytes. I have had a similar problem and I had to un-install it and then re-install it. I emailed their tech support and was told it was possibly a conflict between it and AVG free though I'd never had that problem before... EVER.

I suspected it was something buggy with the update that had come through.

4 more replies
Relevance 70.52%

Here are the only two logs that I was able to get:

Here is the logfile from Win32kDiag.exe

Running from: C:\Documents and Settings\Eduardo Lugo\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Eduardo Lugo\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB902400\KB902400

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB913580\KB913580

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$&#... Read more

Answer:Virus will not let me run Malwarebytes or any other tool to remove virus/trojan/malware

Hello trumpetman,Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -rinto the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

2 more replies
Relevance 70.52%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 70.52%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 70.52%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 70.52%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 70.52%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 70.11%

Hi! I accidentally installed an unknown .exe file few days back which didn't seem suspicious though I think it infected my computer with malware that has hijacked my Chrome. I looked for it in the Control Panel and uninstalled anything that seemed suspicious. I even downloaded and installed various malware removal tools, include Malwarebytes and IObit malware fighter. But none of these were able to get rid of it completely as after a few days my homepage changed again.
What keeps on happening is that new malware keeps on showing up. In the beginning my homepage got changed to "indiatimes.xyz". I looked up online and uninstalled the unknown software from Control Panel and also reset my Chrome settings. After a few days, it came back in the form of Snap.Do and then again I tried to remove it and it went away. But now it's back and again my homepage has changed. BUT this time I keep on getting ads from "Safe Finder" . After trying again for a malware search and restarting my computer it seems to have gone away but I don't think that the problem is gone. 
Also, it also seemed to have taken over my ESET NOD32 and forced it to block websites that were safe. Among the websites that my ESET was blocking was the official ESET website, so I got rid of ESET as well.
I don't know what to do. I've tried a lot but nothing seems to help. Please I need help!! Please respond as soon as possible. 
Thank you so much. 
My operating system is Windows 10.
 
UPDATE : It is back.... Read more

Answer:Help! Unable to remove malware and new malware showing up daily!!

Welcome.. Please try thisPlease download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista/Windows7, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.......MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time ... Read more

1 more replies
Relevance 68.88%

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

Answer:Cant remove malware and have run avg, malware bytes, hitman pro etc

Constant popups and redirect links everytime i try and click on anything on the internet... is actually driving me crazy now... seems to be since i installed the free windows 10... any help much appreciated have attached the dds files

4 more replies
Relevance 68.06%

What is MS Removal Tool?

MS Removal Tool is a fake system security software that is considered as a Rogue. Rogues are malicious programs that hackers use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information
Am I infected?

This is a screenshots of this rogue.

Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

1. Restart your computer. As soon as your computer turns on, tap F8 until you reach the Advance Boot Menu. Use the arrow keys and select Safe Mode with Networking .

2. Download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3
Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
(This tools will kill the rogue's process temporarily. As a result, act quickly and move on to the next step.)

3. Download Malwarebytes' Anti-Malware to your desktop.

Rename the file to firefox.exe BEFORE downloading
Double-click firefox.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware

then click Finish.
If an update is found, it will download an... Read more

More replies
Relevance 68.06%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 67.24%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 67.24%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 66.83%

Well Hello.. I have a rather (run of the mill) medium budget laptop from ACER.. It works very well.. TOO GOOD.. XP-HOME. Installed is Windows One Care, AVG anti-spyware pro, and Sypbot.. I also have Highjack this, Microsoft Baseline Security Analyzer, and Microsoft Self - Extracting Tools at my disposal... One Care and Avg I run frequently and they show no infections..spybot show the same cookies and tags and repairs them ok,, untill last time.. sypbot ran out of memory?? About that time I noticed that when I would hibernate the laptop, the next day the battery would be dead and the computer would have to start from normal boot..; I have wireless in my house (about 4 Months).. MY THEORY: malware is on my computer, wakes it up and goes online and (PLAYS) untill the battery is dead and shuts it down.. what do you think and where do I start looking???
 

Answer:possible Malware activity

7 more replies