Computer Support Forum

Possible malware infection preventing updates

Question: Possible malware infection preventing updates

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rundll32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\admin\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080223
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6261\SiteAdv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mRun: [<NO NAME>]
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6261\SiteAdv.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tmuxanil.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\siteadvisor\6261\ff\components\FFHook.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\tmuxanil.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-3-15 28544]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-15 206112]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-22 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-2-22 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-2-22 7424]
S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-7-2 19296]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-2-22 73728]

=============== Created Last 30 ================

2009-04-14 18:06 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-14 18:06 72,704 a------- c:\windows\system32\admparse.dll
2009-04-14 18:06 56,320 a------- c:\windows\system32\iesetup.dll
2009-04-14 18:06 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-04-14 18:06 48,128 a------- c:\windows\system32\mshtmler.dll
2009-04-14 18:06 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-14 18:06 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-13 19:00 <DIR> --d----- c:\windows\system32\URTTEMP
2009-04-13 18:26 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-13 18:24 40,894,464 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-04-13 18:24 196,608 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-04-13 18:24 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-04-12 19:51 <DIR> --d----- C:\inetpub
2009-04-09 20:52 <DIR> --d----- c:\programdata\Amazon
2009-04-09 20:52 <DIR> --d----- c:\progra~2\Amazon
2009-04-09 20:52 <DIR> --d----- c:\program files\Amazon
2009-04-09 20:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-03-23 19:21 <DIR> --d----- c:\users\admin\files

==================== Find3M ====================

2009-04-16 15:37 28,250,912 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-16 15:32 354,388 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-04-15 21:24 380,360 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-09 19:21 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-03-16 22:16 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 22:16 14,848 a------- c:\windows\system32\apilogen.dll
2009-03-16 22:16 25,600 a------- c:\windows\system32\amxread.dll
2009-03-15 17:45 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-03-15 17:45 47,560 a------- c:\windows\system32\SPReview.exe
2009-03-02 23:24 3,503,584 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-02 23:24 3,469,280 a------- c:\windows\system32\ntoskrnl.exe
2009-03-02 23:20 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 23:19 158,720 a------- c:\windows\system32\sdohlp.dll
2009-03-02 23:19 549,888 a------- c:\windows\system32\rpcss.dll
2009-03-02 23:19 24,576 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-02 23:16 97,280 a------- c:\windows\system32\iasrecst.dll
2009-03-02 23:16 53,248 a------- c:\windows\system32\iasads.dll
2009-03-02 23:16 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-03-02 23:16 37,888 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 21:40 654,336 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-02-14 10:22 174 a--sh--- c:\program files\desktop.ini
2009-02-13 02:26 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 02:26 1,233,408 a------- c:\windows\system32\lsasrv.dll
2009-02-13 02:26 7,680 a------- c:\windows\system32\lsass.exe
2009-02-08 20:59 2,028,032 a------- c:\windows\system32\win32k.sys
2008-12-30 19:09 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-30 19:09 51,200 a------- c:\windows\inf\infpub.dat
2008-12-30 19:09 86,016 a------- c:\windows\inf\infstor.dat
2008-06-18 19:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-28 23:16 0 a------- c:\users\admin\appdata\roaming\wklnhst.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-03-05 19:02 8 a--shr-- c:\windows\system32\4895CF8B9D.sys
2008-02-22 23:32 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:02:08.72 ===============


Please let me know if anyone sees any problems that I need to fix.

Thanks!

Relevance 100%
Preferred Solution: Possible malware infection preventing updates

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 72.16%

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

Answer:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

18 more replies
Relevance 71.34%

Info in this thread:
http://forums.techguy.org/windows-nt-2000-xp/736643-automatic-updates-rundll32-error.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:39 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avi... Read more

Answer:MalWare preventing Automatic Updates?

Er hm, was I suppose to post the HJT log while in non-safe mode?
 

1 more replies
Relevance 71.34%

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

Answer:malware &/or virus (I think) is preventing AV updates

Welcome joolzLet's run these as I feel you have a rootkit.Many malwares like to change the proxy setting on you.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.... Read more

10 more replies
Relevance 70.93%

It appears that my desktop PC is infected with some malware/virus which is preventing my malware diagnostic/cleaning tools from running. When I try to run MBAM or Spybot, I get the Windows message "Windows cannot access the specified device, path of file. You may not have the appropriate permission to access the item". When I run Avira, it goes all the way through a full system scan, identifies about 13 infections (including ZLOB etc), then just crashes.

I've tried booting in safe mode then running the tools, but I get the same result.

I've also been getting inconsistent boot-up, the occasional blue/black screen and sometimes the PC won't boot at all unless I power off and on again (sometimes twice!!).

I followed the Preparation Guide, downloaded DDS, but when I tried to run it, it just sat there, cursor blinking but no reports, even after 15 minutes. I also downloaded RootRepeal and tried to run it, but it also crashed immediately.

I would greatly appreciate your expert help with this.
Hazmat99

Answer:Infection preventing malware tools from running

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

3 more replies
Relevance 70.52%

Hi Guys,

I could use some help getting rid of some malware that has been vexxing me for quite a while now. Looking back at my windows update history, I have been unable to install Vista Security Update KB979683 since 16 Apr 10 with it attempting to install everyday since then and always getting the same error 'FFFFFFFF'

I was unable to get a RootRepeal log as the program would use up all my RAM (2GB) and then just exit itself after about 20 mins.

My logs are attached. Thank You!
 

Answer:Malware preventing Vista security updates

Welcome to Major Geeks!

You ran steps in safe boot mode not normal boot mode. You should be running in normal boot mode to get proper logs unless that is not possible.

Also you skipped running step 6 of the READ & RUN ME so we cannot tell whether you have a Master Boot Record rootkit infection or it is just the disk emulation software you did not disable. To properly continue, you will have to run this step and then rerun MGtools and attach a new log; however, based on the sum of all logs, I don't think you are having malware problems.

While problems with Windows Updates can sometimes becaused by malware, it is quite frequently not malware. It could just issues with Windows itself or it could be your own protection sofware. You could try shutting down Symantec and Windows Defender and see if you can update.
 

3 more replies
Relevance 70.11%

I obviously have a deep infection. After numerous attempts at scans and fixes by numerous programs, still no luck. I have a thread going in one of the other forums here, and I was advised by one of the techs to move it to this forum for more in depth assistance. To save typing, I will post the link to that thread, so you can see my symptoms and everything that has been tried as well as log files. http://www.bleepingcomputer.com/forums/topic364026.html

I have also attached a copy of the DDS log here in this current post.
 DDS.txt   9.79KB
  0 downloads

I hope I've given you all the info you need to help. If not, I will do my best to get you what you need. Thank you for your help.

**NOTE** while typing this post, using the infected PC, I received the blue screen of death 5 times. Wasnt doing anything but typing this. And then each time I obviously had to reboot, as soon as it got to my desktop, the blue screen shut me down again. Each blue screen mentioned the ldqgakb.sys file. You will see the full technical info in my thread posting. I had to finally boot into safe mode just to be able to type this.

Answer:Malware or virus infection preventing scans or fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 70.11%

I've followed the Prep Guide but have been unable to get DDS to run despite repeated attempts. I've also tried to run Root Repeal several times without success. I then downloaded RSIT. Here's the log file:
"Logfile of random's system information tool 1.06 (written by random/random)
Run by GREG GOODFELLOW at 2010-01-04 15:32:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1015 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\... Read more

Answer:Infection Preventing Malware Removal Tools from Running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

15 more replies
Relevance 70.11%

Hi:
 
windows 7 64-bit system
 
I haven't run a virus scan of my computer for some time.  After allowing my nephew to use my computer for several weeks, I decided I'd better run a scan so I attempted to run my 2013 Kaspersky Pure 3.0 program to check for viruses this afternoon.
 
It started to run, then went to a blue screen before going to a black screen before rebooting.  I attempted to run the scan three times with the same results.
 
I can surf the net as long as I don't attempt to go anywhere that allows me to update drivers and/or virus/malware protection.  When I visit any virus or malware site, I get the blue screen to black screen and my computer reboots.
 
I contacted Kasperky support.  They wanted me to create a System State Report.  Once it runs, I'm to click on Finish, then View Report, then Save Report.  The report will run.  I click finish, but it won't allow me to view the report so I can't save the report or send it to Kaspersky.
 
When I attempted to update the Adobe Flash Player, the same thing.  Blue screen to black screen and reboot.
 
I attempted to manually update my Kaspersky,  It failed to update giving me the following error message;  Task failed.  Cannot create folder.
 
Hoping for help.  Thanks.
 
*edit*  Now can't open any browsers.  I'm on wireless internet and tried to disconnect the computer and it wouldn't let me.  I had to t... Read more

Answer:Probable Infection Preventing Virus/Malware Programs

I am replying to this topic in order to update.  I definitely seem to be infected with something.  My virus protection is corrupted.  I had Iobit Advanced System Care 7 with it's Malware Protection.  It seems to have been turned off and/or become corrupted.  Both programs say they are working, but they're not.  I tried to boot from a Kaspersky rescue disk, it said the databases were corrupted.  I've tried to turn on Windows firewall, but it won't let me.  I tried to install BitDefender and received an error message indicating that it can't install the drivers, try again, which I did with the same results.  Unfortunately whatever is going on is preventing me from performing a screen capture or copying the message to my PAINT program so that it can be attached to this post.  My .32 dlls, etc are also becoming involved.  I ran a couple of the Malware programs, AdwCleaner and SuperAnti Spyware...they each found a few things which I had them remove but as soon as I rebooted they were back.  Again, things moved to quickly for me to try to write down what the items were and I couldn't use the screen capture.  I finally turned off my computer because it was only getting worse, not to mention there was no antivirus protection or firewall running.  I patiently await help.  

6 more replies
Relevance 68.88%

This topic is tied to the following post: http://www.bleepingcomputer.com/forums/t/304226/unable-to-update-mbam-spybots-d-or-avg/I have malware on my machine that prevents me from updating any of my security apps (MBAM, SpybotS&D, AVG). If I do scans with them in both regular and safe mode I receive no results.Steps i've already taken with the help of a moderator includes: - running fixexe.reg - running TFC - running rkill - running SuperAntiSpyware - re-running MBAM (to no avail)Now I have run Defogger, DDS, and GMER and will post the results per the guidelines and attach the appropriate files:DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Duong at 20:43:34.07 on Mon 03/22/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1270 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) coloro:#E567177FW: ZoneAlarm Firewall *enabled* coloro:#E567176FW: NVIDIA Firewall *disabled* coloro:#E567175============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\NVIDIA Corporation\... Read more

Answer:Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

27 more replies
Relevance 68.88%

Hi, my computer somehow picked up some nasty little programs that caused a lot of problems. This is my first time posting on a tech help forum so I hope I followed the rules correctly. If I've done anything wrong or you need some information I didn't supply, please let me know and I'll try to correct it ASAP.

Thanks in advance for your help :]
Okay, here's an outline of my problem:

Initially the desktop of my computer was changed into a screen that read "Warning! Spyware has been detected on your computer!" in Blue and Yellow text.

I downloaded and ran a few different antispyware programs:
SUPERAntiSpyware Free Edition
Dr. Web Cure It!
and Malwarebyte's Anti-Malware

Each of these programs detected some things and I had them remove them.

The desktop issue is no longer present now, however two issues that I know of remain.

I use Mozilla Firefox 3 and it works normal, same homepage and everything, except when I do a search in google, I can not follow the links. If I click on a link it'll divert me to some other things.
At first the links (under properties) all lead to some weird website that started with an "a" sorry I don't remember what it was...

Now all the links are to a go.google.com/? followed by a ridiculously long string of characters.

Some of the redirects try to get me to download some pseudo antivirus program antivirus 2009? I think it was called.

Other issues I have is I can't access any help sit... Read more

More replies
Relevance 57.81%

Hi,I'm new to BC and i'm here because i desperately need help. Have been trolling around Google and other forums but to no avail. Hopefully i might receive some help that might fix the problems that i'm encountering. Thanks to all in advance.I believe i have been infected some sort of virus. The first thing that i encountered was that my Windows Automatic Updates was turned off. The red symbol with an 'X' appeared in the taskbar and when i tried to go to Security Centre to turn it back on, it just doesn't register. It remains off. I ran services.msc to switch on BITS and AU (according to the Microsoft site). While i managed to turn on BITS, AU could not be started (Error 1058: The service cannot be started, Either because it is disabled or because it has no enabled devices associated with it.).And throughout all this while, a separate web browser tab keeps opening up randomly prompting me to install 'Antivirus 2009' and warning me about detecting malicious malware and trojans on my computer. I closed all the associated windows and did not install any of the software that they prompted me to. I proceeded to use Spybot Search & Destroy to attempt to remove the virus. It did detect some viruses (a total of 26 problems on the first run and 9 on the second). I remembered that one of the viruses was Virtumonde or something along those lines and another Smith-something (sorry i did not take down the results). BitDefender Antivirus did not detect any viruses on its full system sc... Read more

Answer:Antivirus 2009 Popup/Automatic Updates can't be enabled/Other malware infection

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

15 more replies
Relevance 54.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 54.53%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 54.53%

i use trend micro anti virus, just started using registryprot(i love it), and im reading up on spywareblaster right now (looks intresting)... what do you use? what do you suggest as the best & whats it the best at spyware, anti virus, preventing installation / spreading of infection / etc.
 

Answer:Preventing infection ... what do you use?

16 more replies
Relevance 54.12%

   Okay, I'll start off saying I was in the middle of a conversation on Skype; out of nowhere this fake scanner pops up and starts scanning. Well it's not the first one I have seen, so I stopped the scanning process quickly after scanning with both AVG 9 and then SUPERanti-SPYWARE. I had Trojan viruses and ad ware tracking stuff and malware. I scanned it a couple times after that to keep getting the stuff off. Eventually after a good 5-6 restarts and 1 successful restore point to a day earlier when it was working has caused me to land on this site. Very thankful for it too. This computer is NOT infected, I have 2 computers, both with Windows XP, SP2. I can't get on-line with the other computer at all. I'm not sure why because I have scanned it multiple times and kept rebooting. So I'm stuck and need help.I have AVG 9.0, payed for. And I also have SuperAnti-Spyware. I use them together. Not sure if that is good... I had recently downloaded an old movie off a peer sharing thing, which I know is bad but I was very determined to see it. - I removed the peer 2 peer software and erased the movie. What I need help with because I am not sure if I was clear enough...Removing / Fixing what ever it is that is keeping me from getting on-line on my other computer.Help preventing another problem like this again.

Answer:Infection Preventing Access to the web

Hello, and welcome to Computer Hope.Please note the following information about the malware forum:Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above. Please do not attach logs or post them in Quote/Code boxes unless requested.Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.If you have already asked for help somewhere, please post the link to the topic you were helped.We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMPLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.Please visit this webpage for a tutorial on downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixSee the area: Using ComboFix, and when done, post the log back here.

1 more replies
Relevance 54.12%

Hello all. 
 
First, let me say thank you for what you all do! Second, I'm sorry if the description of the problem is not ideal. I'm helping my mother in-law and I wasn't around when this started. 
 
She texted me saying she got a pop up on her machine saying along these lines "Windows Firewall Infected..BSOD....." I told her I would be home in a bit and would call her. Well she decided she would save me the trouble and call the 1-800 number that the pop up displayed.... Yup....I'm banging my head on the desk. 
 
She said some guy dialed into the PC and started a scan. My father in-law told her that this probably wasn't a good idea and told her she should hang up.
 
By the time I got to the PC there was some remote support session in progress that I killed. Firefox was now the default browser and homepage was Rescue by LogMeIn. 
 
Now AVG won't run so I'm assuming something is preventing it from running. Ran Malwarebit Anti-Malware and it didn't detect any threats? 
 
So I'm following the instructions you provided. Ran the Farbar tool and FRST log in below and the Addition file is attached. 
 
Again, THANK YOU!!!! 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-09-2015
Ran by Rita Bailey (administrator) on RITABAILEY (14-09-2015 21:10:12)
Running from C:\Users\Rita Bailey\Downloads
Loaded Profiles: Rita Bailey (Available Profiles: Rita Bailey)
Platform: Windows 7 Professional Servic... Read more

Answer:Infection Preventing AVG From Running

Looks like the Addition file didn't attach to my original post. Sorry about that. 

16 more replies
Relevance 54.12%

Good Afternoon and thank you for helping me:

Here is my issue: I switched from AVG antivirus free home edition to Avast. When I uninstalled the AVG it did not remove the toolbar. I have disabled the toolbar but it seems as if it's still active. I have yahoo DSL for internet service with a yahoo toolbar. My internet explorer will sometimes default to avg instead of yahoo while surfing the internet.

When I try to launch my AOL, I?ll get a message stating that AOL has detected a firewall and I?ll have to retry it a few times before it will connect.

I checked my windows firewall settings and this is what I see. In the windows firewall_exceptions tab_programs and services: There is a box with this verbiage; "Windows firewall is blocking incoming network connections except for the programs and services selected below" these AVGs are in the list along with my other programs. Avast is not in the list. (Shouldn?t this say avast now?)

AVG installer
AVG installer
Avgemc.exe
Avgupd.exe

When I look at internet options_general tab_change search default settings_search providers, I see this list:

Aol search, Status tab: Default, Listing order tab: 1, Search Suggestions tab: not available
Bing, Status tab: blank, Listing order tab: 2, Search suggestions tab: disabled
Viewpoint search, Status tab: blank, Listing order tab: 3, Search suggestions tab: not available
AVG secure search, Status tab: blank, Listing order tab: 4, Search suggestions tab... Read more

Answer:possible infection preventing AVG removal

My previous post in the software forum is titled "AVG NOT FULLY REMOVED". I don't know how to move the logs I've attached to this one.
 

4 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

1 more replies
Relevance 53.71%

Hi,
Right now i have about 56 updates pending, most of them office updates, and a couple of Windows updates.
I've discovered that a update is preventing my PC from sleeping, as when i do a system restore back to before i updated my PC will sleep, and then instaill them again my PC wont sleep.

I'm assuming its a windows update rather than an office update causing this problem.
Is there a better way to see which update is causing the problem rather than instailling each update, one by one?

More replies
Relevance 53.71%

I've somehow got some malware/ trojans/ viruses, whatever you may call them, and I'm unable to update my spyware/ anti-virus software. I currently have Spybot, Zonealarm pro, ad-aware pro and a recent download of the free avg anti virus...all of which are outdated. Can anybody please assist in the removal of these things causing the problems?

Thank you!
 

Answer:virus preventing updates

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

3 more replies
Relevance 53.71%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 53.3%

I am working on a a family member Toshiba laptop. It was infected and cleaned by a an office chain before me. I don't think it was completely working because I found drtrans32.dll loaded. I removed this with UBCD4WIN boot disk, installed a fresh battery, and found that it was cluttered with autoruns. I cleaned up the autoruns, ran several virus checks including Runscanner. Next, I found that it would bsod at times. Turning off the wireless card would prevent the crash.
 
I updated the Intel wireless driver, and now the radio will not function. I uninstalled and reinstalled the wireless card. I have updated the Intel wireless driver using the Intel utility. The new driver from 2007 does not work, and the old one crashes when I rolled it back.
 
I discovered that SP3 was installed, but not reported. I uninstalled SP3 and reinstalled, but the installation hung after nearly two hours. I shut it down and rebooted. Now, it still reports to be SP2. I has some suspicion that limited RAM stops SP3 install.
 
Please help. Here is the URL for a report on the computer:
 
http://speccy.piriform.com/results/cpihwy0Q408MYis5jZTJrER
 
 
Cheers

Answer:Previous infection preventing SP3 and Wireless?

Hi All,
 
I know it is summer, but I had hoped someone would offer an idea this weekend. I keep trying changes in the computer, but the wireless will not work.
 
I was able to get the wireless to work if I booted entirely from UBCD4WIN. This proves the radio card is working. However, I had to turn off encryption to get a connection. In that past with other laptops, I never needed to turn off encryption from the router. The driver on UBCD4WIN may not be ideal. I would need to rebuild the ISO with a changed driver to see if that would help.
 
(I really regret that the UBCD4WIN project has died, and even the forum has turned off. It was a neat project that I used often to fix problems, although it has limitations to XP to some extent.)
 
I have a suspicion that security updates that have been added are interfering with the wifi radio. I read some comments that some get relief from a small USB wifi dongle when the radio fails in a Mac or Windows computer. Therefore, I finally ordered a cheap small dongle to try.
 
I am trying to avoid getting egg on my face with this rescue project. I am sorry I volunteered to get it going again. It is a nice Centrino laptop that has a small drive and limited memory.
 
Cheers

1 more replies
Relevance 53.3%

My computer has been repeatedly infected by something calling itself Antimalware Doctor, a nasty piece of malware which effectively renders the computer unusable until I have restored it to a pre-infection state using an Acronis boot CD and a backup stored on an external drive. The fix is not hard, but it is time consuming.

The computer gets infected when we watch a TV show on this web site:

hxxp://wowpinoytv.blogspot.com/2011/04/mara-clara-april-15-2011.html

I'm sure the conservative advice would be to avoid the web site, but it is a ripper of a show!

The computer runs WinXP pro SP3, and has AVG free installed, along with Spybot S&D. Spybot will find the infection once it is there, and if I kill the process associated with it (k70ccreloc.exe), it seems to remove it. But after a short pause it comes back and reaks havoc, corrupting files, killing the network and so on. AVG doesn't seem to notice anything is wrong.

I am curious as to how the malware is getting on to the computer. Nothing is happening, except at TV show is playing in a Browser (Firefox - current version). No ads are being clicked, the mouse is not rolling over anything. The show is playing, and suddenly the Antimalware Doctor window opens up.

I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.

With many thanks

MCart

Answer:Preventing infection by Antimalware Doctor

Please do not post active links to malware or possible malware related sites to include links which may lead to sites where infections have been contracted and spread. I have disabled the one(s) you posted so others do not accidentally click on them.I am curious as to how the malware is getting on to the computer.Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.I should also like to know of a not too expensive tool which will sound an alert as the computer is being infected, or better still prevent it from happening.No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered def... Read more

2 more replies
Relevance 53.3%

Please help! An unknown infection is preventing programs from running on my PC; ie: Malwarebytes, etc.
Windows 7 64bit OS.
Thanks for any help with this dibilitating problem.
L J Mac

Answer:PC infection preventing programs from running

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. Other types of malware may delete the main mbam.exe executable file during installation or when attempting to perform a scan which results in various errors. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware for using Rkill or downloading a renamed version of mbam.exe. Do not reboot after running Rkill. Immediately after running this tool, you need to perform your scan with Malwarebytes Anti-Malware.Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it. If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

6 more replies
Relevance 53.3%

I have a Compaq desktop at home running Windows 7 Home Premium. My girlfriend has a user account on it that she uses from time to time. She sometimes needs to restart the computer. When she tries to do that, many times the shut down screen shows "Install updates and Restart" as the default action. Is there a way to eliminate that option for her account or at least make Restart or Shutdown, without installing updates, the default choice? She is careful about changing the option, but I am concerned she might slip up one time.

I have no desire to upgrade to Windows 10 at this time (Yes, I know the free upgrade offer is supposed to end at the end of June). On my account, I manually go through the list of new available updates and remove any that are related to preparing the computer for Windows 10 or actually downloading and installing it.
 

More replies
Relevance 53.3%

hello everyone,
my sons laptop has acquired a virus. (an acer aspire 5100 on xp)basically it is preventing any windows updates & any security scans. It is clever; for example if i attempt trend micro house call i get blue screen & the pc shuts down immediately. When i reboot it refers to fat32 as follows:
checking file system on c the type of the file system is fat32.

i have current subscription to trend micro internet security for three pc's but can't download due to the virus.
i am not a "power user" but i am capable of starting the the laptop in safe mode & carrying out basic tasks.(but it appears to be stopping that unless i'm doing something wrong with the "f8" key)

how serious is this & is there the idiots guide to a resolution?
thanks for looking bob (uk)
 

More replies
Relevance 53.3%

i keep getting this message. i have already disabled automatic updates through group policy editor.

Answer:updates preventing my computer from shutting down

With this batch script you can automatically close apps not responding at shutdown in windows. Please execute the batch script as a administrator.

1 more replies
Relevance 53.3%

What can I do to prevent updates from preventing me from using my computer?
Apparently whoever designed Windows update never considered the possibility of people using small SSD drives that only have a fraction of the space required to run applications. Everything worked under Windows 7, although I did have to do some tweaking to get it to install apps directly to drive E: (my multi-terabyte hard drive). After installing Windows Update, I had to do the same registry tweak to make it install programs on drive E:, and it worked fine the first six weeks or so, but then it started routinely breaking one or two of my applications with each update. The problem was initially tedious to fix, but I eventually got everything working. However, I was not successful at getting Windows to comply with running my Chrome browser from E: I finally relented, and moved as many of the commonly used apps to drive C: (the SSD) and consequently had to set the cache size smaller. Everything was fine for another month or so.
However, beginning sometime in November, Windows updates started failing. It schedules an update, runs the update, reboots my computer, says the update failed, and reboots the computer again, uninstalled the update, and then it works. This was an annoyance, but since it only happened once a month, I put up with it.
Recently however, Windows has started retrying updates every few days, and doesn't bother warning me in advance or asking my permission. It just unceremoniously shuts... Read more

Answer:What can I do to prevent updates from preventing me from using my computer?

In updates, there is a setting to schedule restart, usually 3am. Can you check that setting is enabled?

2 more replies
Relevance 52.89%

XP Pro SP3 System Intel P4 using Avast AV and Commodo FW
When booted into Normal Mode desktop is displayed but most things just do not run or just hangs. i.e. click a desktop shortcut or run program from desktop or right click My Computer properties. Task manager shows task in list but nothing displays and machine just basically bogs down. No particular task in process list shows any excessive cpu usage. System has to be forcibly powered down to recover.
If system is booted into Safe Mode all apparently works OK.
Actions tried so far:-
Malwarebytes Scan - nothing found
Avast Quick Scan - nothing found
File asscociations fixed
CCleaner clean up
XP3 Pro SP3 Repair install performed
Dowmloaded suggested tools as per Preparation Guide.
DDS script will not run (even when script allowed by FW) - the usual command window is not displayed.
Not tried GMER yet - suspect it too will not run.
Running in Safe Mode for now!

Answer:Unknown Infection preventing normal mode use

Update to my original post:-

Defogger had been run.
Memory has been checked ok with MS and Memtest utils.
Disk drive has been checked ok
Device Manager list looks ok - nothing flagged.
Usual h/w checks performed - cables, dirt, cpu, northbridge, temps etc. -all ok.
MS System File Checker does not flag up any problems.

Eventually got DDS and GMER to run in Normal Mode by killing off both AV and FW apps.
Relevent DDS and GMER logs are now below and attached.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_23
Run by jr at 21:00:21 on 2012-04-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1600 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\... Read more

11 more replies
Relevance 52.89%

Greetings everyone. Thanks in advance for any help!

Our PC has been showing erratic behavior, including problems booting up. MBAM is detecting svchost.exe attempting to regularly hit various IP addresses. Re-booting after the MBAM check does not fix the problem.

Here are the specs on the machine:
Dell XPS L502X
Intel Core i5-2410M
6 GB RAM
64 bit system
Windows 7

Here is our MBAM log:
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Zeynep :: ZEYNEP-PC [administrator]

Protection: Enabled

2/3/2012 9:33:52 AM
mbam-log-2012-02-03 (09-33-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211123
Time elapsed: 15 minute(s),

Memory Processes Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> 7956 -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> 7964 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 

Answer:Trojan infection preventing boot (scvhost.exe)

16 more replies
Relevance 52.89%

Link to original topic:Original postProblem Description: Was trying to access Gmail and getting an error that cookies were not enabled. I tried the suggested fixes but it didn't work. Finally, concluded that a virus might be the issue. I ran malwarebytes (Quick Scan) and it found a trojan which it quaranteened. Since it found something on quick scan, I then decided to run a full scan. Six minutes into that scan, the computer rebooted and since then, I can't run any programs. What happens is that when I double click on a program, the cursor will show busy for 5-10 seconds, but the program won't load. I booted into safe mode and I still could not run any programs (cursor would show busy for a few seconds but nothing would load). I was able to restore the computer to a point about a week ago, but problem continues after restore. I have tried other restore points but none of the other restore will complete successfully. My operating system is Win 7 home premium. Computer is Dell studio XPSWhat I have done so far: As suggested I have reviewed the prep guide. I cannot post the DDS logs because the program won't run. I downloaded DDS tool to a flash drive from a working computer and copied it to the desktop of the infected computer. When I double click on DDS tool, the cursor shows busy for 5-10 seconds, but the program does not run (similar to any other program I try to run). I tried running it in safe mode and it fails in safe mode as well.

Answer:Windows 7 - Infection preventing programs from running

tds1, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
When you post your reply, do not use the button but use the button instead.
In the upp... Read more

3 more replies
Relevance 52.89%

Help please! On or about April 17 I apparently became "infected" with something that I cannot identify. Anti-virus programs are not finding anything, nor did Spybot, but I suspect that the file c:\windows\fonts\unwise_.exe may be involved somehow. Since that date, computer has been excruciatingly slow, and IE will not store anything in the browser cache (every web page is completely re-loaded on each visit - nothing restored from the cache).

I was told that this is the place to go for help with this sort of problem, so I really hope that you guys and/or ladies can be of assistance, thank you!
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 21:31:35.12 on Thu 04/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.247.53 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\EMS Free Surfer Companion\fs30.exe
C:\Program Files\Jav... Read more

Answer:unidentifiable "infection" preventing browser from caching anything

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 52.89%

The laptop won't connect to the Internet (it connects to the notwork, but wont connect to the Internet). I did a malwarebytes scan and it had 21 infections, and I "fixed" them all with malwarebytes, but it still won't connect to the Internet.

I know it's not a network issue or anything on my end, because I have 4 other computers and my cellphone all hooked to the same Internet and none of them are having issues.

Here's my hijack this log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:30 PM, on 3/18/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 ... Read more

More replies
Relevance 52.48%

I have a paid version of AVG Internet Security 2012 which commenced in August 2012. I've had paid versions in the previous two years and until the last two months have had no problems.
In the past few days when I switch on my PC (Windows XP with Mozilla Firefox browser, wired connection with BT) the automatic AVG update will not proceed, nor will a manual attempt.
Within a few minutes of switching on the following Windows warning box appears on the screen:
'The software you are installing for this hardware - Non-Plug and Plug Drivers - has not passed the Windows Logo testing to verify its compatibility with Windows XP. Continuation of installation of this software may impair or destabilise the correct operation of of your system either immediately or in the future.'
Two options are then given: Continue anyway or Stop installation.
The updates waiting to be downloaded are all version 2238 of the the following: Alert Manager; Anti Rootkit Driver; Anti Spam Component; Scanning Engine; Set Up Component; Kernel components; E-mail Scanner; Firewall Component; User Interface Component; Identity Protection; Language Files (English); Online Shield (Settings); Resident Shield Scanner; Link Scanner HTTP Redirector; Systems Tools Component; TDI Component; Pc Analyzer; Update Component.
If I click on 'Continue anyway' the system attempts to download the updates again but aborts very quickly and the same warning notice appears. If I do nothing the warning notice remains but my AVG page sa... Read more

Answer:Windows preventing paid AVG updates download

I'd recommend putting this to AVG in the form of an email. Even copy and paste what you posted here.

2 more replies
Relevance 52.48%

Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks

Answer:Automatic updates now preventing access to internet

Quote:





Originally Posted by duncan hill


Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks




I have a similar problem. Bun not from automatic updates. I updated Adobe reader(it says "Install security update). Since then It appeared in system Tray an yellow triangle with an exclamtion mark on it. If I click on it, it disappears, but my network connection has stopped working. It connects normaly, but the computer works like it would not be connected to the Internet. I unistaled the update, but the problem reappeard after 2-3 days. Now it looks that it is all OK, but I do not know what am I suposed to do.

7 more replies
Relevance 52.48%

I was going to download Norton 2009 antivirus, but the setup said that the computer needed and upgrade. I proceeded to the windows update to check. Sure enough I needed windows service pack 2. I tried to download this but got the error 80072efd. Its not the firewall, but i also realized that I cannot download it directly from the windows update website. I am really confused and need this antivirus cause my computer is infected at this time. All help will be appreciated.

Answer:error 80072efd is preventing me fom downloading updates

hi and welcome to TSF the first thing you should do is go here
http://www.techsupportforum.com/f50/...lp-305963.html and get help for your infection and then see about antivirus i would not choose norton or mcafee as they can cause issues with vista

3 more replies
Relevance 52.48%

Hello, I am writing for help on solving an issue on my friends computer. He must have downloaded a single bug which hijacked his internet and began downloading multiple viruses/malware. I was able to remove a good number of them with the a squared free scanner, but my problem is that when I read all the suggestion guides and forums people were asking for HJT logs and HJF logs. I have had minor success with this and many 'cleaner' programs listed, because I am pretty sure the bug is preventing these tools from scanning and identifying all the appropriate files. I have downloaded almost every single tool onto the laptop I am typing from, renamed, copied to a flash drive and then copied to the infected system, yet the infection still continues to identify these programs and kill them before I am able to see the GUI load up, or the scan to complete (or even get close, the bugs seem to squash these programs in their tracks as soon as an infected file is identified and attempted to be deep scanned. I am trying normal scans right now as was suggested in the 'read first' post.I have tried deleting the offending reg keys and files with no real success. the programs tell me that the files and keys have been removed yet the infected files are still hiding and are definitely still doing their dirty work.Since I was unable to produce an HJT or HJF log, and your guide said not t until asked for one I am just going to post the names and locations of identified files discovered by a squared.... Read more

Answer:multiple trojan infection preventing log tools from running

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 52.48%

Symptoms: When trying to run Avast Home Edition Database/Program Updates, the first error indicated that the RPC communication failed. After following directions at http://www.avast.com/eng/fag-red-circle.html a new error 501 was received which indicated that the server proxy was incorrect?review of server proxy settings were not wrong?threads on Avast about error indicated that the program needed to be reinstalled?reinstall attempted, but would not run? the program install just halted; also noticed after rebooting that it took an usually long time to open the login box; and when using Internet Explorer to continue research it was hijacked?this made me suspect a rootkit program?so I downloaded several anti-rootkit programs (i.e. AVG Antirootkit 1.1, F-Secure BlackLight 2.2, Sophos Anti-Rootkit 1.2, and ASWar) from their respective sites onto a USB memory stick; booted up in Safe Mode with Networking and tried to run them starting with the ASWar.exe, but none would run. Next, after rebooting I tried following directions at http://www.bleepingcomputer.com/virus/viru...e-security-tool where rkill is run, then mbam-setup.exe, then launched from a new copy of the Malwarebytes? core executable. When rkill was run, the program appeared to run but ended without any notes; however, when Malwarebytes? was run the program halted before I could hardly click on the Update tab or the Scan button in both Normal and Safe Mode with Networking. At this point, I am stuck and need your help ... Read more

Answer:Infection Preventing Avast/Anti-Rootkit Installations

Hi,My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay of response. If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-RootRepeal logs-Description of any remaining problems you may still have.Thanks again and we apologize for the delay.With Regards,Extremeboy

4 more replies
Relevance 52.48%

Hi, I recently had spyware on my computer. I've used Malware Bytes for awhile now so I ran a full scan of my computer overnight, and the next morning cleaned the infections. When I restarted my computer it got stuck in an infinite boot loop. I repaired windows and now my computer is fine, but my Firefox google search is hijacked to go to something like search.search-go.net.

Also, I am having trouble with programs connecting to the internet. My internet works fine, but is a little sluggish. For example, I use World of Warcraft and when I start the launcher, it won't connect to the news server, but the game runs fine. I also have a program called Curse that needs to connect to the internet but can't establish a connection. I have a few other programs that use updaters, but fail to connect to the internet.

I know its the spyware preventing these programs access. Help?
-Thanks

Answer:Ghost infection preventing programs from accessing the internet

Alrighty, so the virus finally revealed itself as Antivirus IS. The problem is, I can barely run any programs now. Malware Bytes won't run, even if i rename it. It just says its infected and asks if I want to run my antispyware

1 more replies
Relevance 52.48%

I think I have a virus infection,Symantec scan in safe mode found the following viruses W32.Virut.CF, W32.Virut.H and InfoStealer and quarantined them successfully.Nothing seems to be wrong with the system, except I cannot access any of the antivirus sites like www.symantec.com, www.free-avg.com etc.So suspect something is still wrong. Ran sdfix.exe in safe mode and it threw errors running Regsvr32.exe and terminated them but proceeded to complete the scan. Post which still not able to access the above mentioned sites.Then tried following instructions in http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/The DDS log follows. Replaced a single string involving company details.DDS (Ver_09-07-30.01) - NTFSx86 Run by Pradeepkumar.T at 13:23:34.08 on Thu 09/24/2009Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1342 [GMT 5.5:30]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Intel\WiFi\bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Bonjour\... Read more

Answer:Unknown Infection preventing access to antivirus sites.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

2 more replies
Relevance 52.48%

Hi,
my PC is infected. I'm getting a notification that Security Centre can't be started. It's already set to start automatically, but when I try to find my computer name in the 'Log on' tab of Security Centre Properties, it says that it doesn't exist.
I've done scans with Malwarebytes (which found 28 problems) ESET online (found 1) and a number of other suggested programs, but the problem is persisting.
I'm out of ideas now so I'd really appreciate some help.
Thanks in advance
Toby

Answer:Infection preventing Windows Security Centre start-up

Have a look at this Misrosoft support.

1 more replies
Relevance 52.07%

For some reason, whenever windows 8.1 updates, internet explorer stops working. Every time I try to get on the internet, I just keep getting a message that 'this page cannot be displayed'. Skype still works, so the problem seems to be internet explorer itself.

I have decided to switch to google chrome to fix the problem, but I can't do so without getting on the internet.

I would like to restore the computer to a point in which it worked, and I have one restore point which I'm certain will work, but the problem is, immediately after restoring, windows automatically updates, which kind of undermines the entire purpose of the restore. I have tried changing the update settings so it will restore without updating, but as soon as the system restores, my changes are undone and windows then proceeds with the stupid updates.

I just want to get on the internet somehow to install google chrome! (and no, I can't just copy and paste from the computer I'm currently on because this one has windows 7).

Any ideas?

Thanks,
smile puppy

Answer:Windows Updates Preventing Internet Explorer from Running!

Unplug your router, then do your system restore. You then have as much time as you need to configure Windows Update not to auto check.

2 more replies
Relevance 52.07%

Hi

With Windows 8.1 Update, how do I prevent all users that the notification of any updates to the apps by Microsoft Store will never be displayed?

Thanks

Bye

Answer:Preventing the notification of any updates to the apps by Microsoft Store

This should cover it: Tech Blog :: Enable/Disable App Notifications In Windows 8

1 more replies
Relevance 52.07%

I am not able to install the windows updates>>used Express and got like 72 updates required. dloaded all but NONE installed.. got this message>>

A problem on your computer is preventing updates from being downloaded or installed

any help on this? this is after a windows XP install/repair

thanks, bo bo bolinski
 

Answer:A problem on your computer is preventing updates from being downloaded or installed

Re: A problem on your computer is preventing updates from being downloaded or install

no help on this? I am suprised! do I have to do the HJT routine or does someone have an easier solution??

thnx, bo bo bolinski
 

3 more replies
Relevance 52.07%

I have 93 updates for XP & Office 2003 which I cannot install. I have stopped and re-started the update service & tried everything else I can find on the web.

I would be very grateful for any help anyone can provide!

Answer:A problem on your computer is preventing updates from being downloaded or installed

Is your windows update allowed to install updates automatically? Check your settings in the security center. I hope you are updating via a broad band connection. Also does windows download the updates and stalls have way thru the installation? During the install of the downloads, Windows will ask you to accept certain agreements. You may not be seeing these and think Windows has stopped installing. Windows will not move forward unless you respond to these agreement. When downloading be sure all the downloads are complete and upon the installation part, Minimize your screen to see these agreements. IE7 download and install is one of the biggest culprites. It hides behind your Download and install screen.
Hope this helps.

5 more replies
Relevance 51.66%

Like others you have successfully helped, I too have a laptop with a nasty infection that is preventing me from accessing anti-virus/anti-malware sites. I have read some of the other posts and started the process of running combofix and hijackthis. Here are the log files for each. Awaiting further instructions. Thanks in advance.

ComboFix 09-11-25.01 - Zeny 11/25/2009 16:25.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.447.217 [GMT 7:00]
Running from: c:\documents and settings\Zeny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zeny\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1424024376-433878387-890889717-1003
c:\recycler\S-1-5-21-507921405-1563985344-854245398-1003

c:\windows\system32\qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-25 21:44 . 2003-05-22 23:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-03 08:15 . 2004-09-09 05:32 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-A... Read more

Answer:Nasty Infection preventing access to anit-virus sites

Can someone delete this thread. I did not post the results in the proper order and I have created a new thread.

Thank you.

1 more replies
Relevance 51.66%
Question: Preventing Malware

I am not sure the best place to post this. I am trying to find a secure method of moving files from home to office. Our office has a rule stating that you should not bring a thumb drive into the office from home without going through IT. This is to prevent infecting the work network. IT can run a Symantec scan on the USB device but is still not in favor of using the USB due to what might not be caught on a scan.

Any ideas of methods that IT might be willing to implement that allows the convenience of USB drives and the security that IT needs. I am in the position of greatly influencing this research if I had a direction to suggest. Of course IT would be researching in order to feel confortable. Thanks in advance. If there is a better forum for this question please advise.
 

Answer:Preventing Malware

There is not a lot that you can do to insure that any USB device is clean without running scans on them. Your IT department would have to insist that all employees install programs such as AutoEater on their home computers and scan them with something like USB Vaccine. But that would require faith that all employees took these measures.
 

2 more replies
Relevance 50.84%

I've heard mention on other forums that for XP Pro there is stuff like EMET, Software Restristion Policy, Hosts File, etc., that will prevent installation of malware like OpenCandy, YellowMoxie Redirect, and so on. If true, I'd like to know more (a lot more) about this! Advice? Links? Anything at all appreciated!

Answer:Preventing malware installation

 There are supported antivirus and antimalware programs for XP if that's what you're looking for.  They're pretty much the same ones you can get for later versions of Windows.
 Of course MS pulled the plug on the last of the Windows updates for XP back on 4/8, so it's going to become more and more vulnerable to attacks over time.  My recommendation is to either upgrade to Windows 7 or 8 or go with Linux.  The Mint and Ubuntu versions of Linux run very well on computers that run XP, and they just boot up, find your devices, connect to the Internet, have a Windows like user interface, and come with Firefox and LibreOffice.  AND they're supported.
 
Good luck.

8 more replies
Relevance 50.84%

Hello,

It seems that my computer as been infected by a nasty virus/malware since yesterday. I have tried to eradicate it with ComboFix but it keeps resuming its activities.

The initial symptoms was no access to Web in Chrome: Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error

However I had web access via IE and Firefox.

Also HTML content was not anymore displayed in Outlook (images displaying red cross).

Then I could not install any new software, seems like the access to Registry was blocked somehow.

I managed to install MBAM but it won't update it's 68 days old signature file.

Even to start the GMER I had to go back to safe mode because it would not start.

Below are the following logs:
1. The last instance of ComboFix (Sorry I did not know about this website and the rules when I ran ComboFix, so I thought I would post the log for info)
2. The defogger log
3. The HIJACK THIS log
4. The DDS log (plus the Attach)
5. The GMER log (I had to run it in safe mode because in normal mode I have the error: LoadDriver ("C:\Document and Settings\Alex\Locals~1\Temp\kwlorpod.sys" ) error 0xC0000034: The system cannot find the file specified.

Thanks in advance for your help.

Alex

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:15, on 26/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\... Read more

More replies
Relevance 50.84%

I have some form of malware that is preventing me from installing and running Super anti spyware, spy-bot and malware bytes. I keep getting an error window with the following message. " The instructions at "0x7c8841ee" referenced memory at "0x00000000", the memory could not be written" then an end program button.
Ad-Aware seems to be the only program that I can run and it finds "win32trojant.dss"
Attached is my HJT file
any help or direction would be appreciated, thanks
 

Answer:Malware preventing me from installing

Please at least attach logs from running Combofix and MGTools. You didn't mention whether you had problems running those so I assume you have logs from them.

Thanks
kes
 

14 more replies
Relevance 50.84%

Seems I have a nasty virus/malware which is preventing just about everything I try to do to exterminate it, even in safe mode. Progress has been made, but it has been extremely slow and has hit a wall. It started with over half of the sites I tried to visit getting redirected to various sites claiming to be able to disinfect my computer and such, as well as several virus warnings from Symantec. After noticing this, I tried running Spybot, but it wouldn't open. After I renamed the executable file, it ran, but would not connect to the internet for updates. The same problem occurred with Malwarebytes' Anti-Malware and HijackThis. Also, the website for Spybot would always get redirected to another one of the above-mentioned fake sites.

I ran the scans without updates in safe mode hoping they would still be up to date enough to handle the problem. They did held to fix the problem of website redirection and updating Spybot and Anti-Malware, but they and HijackThis are still unable to run as their native (non-renamed) executables. I don't know if the more annoying problems will resurface later, but I want to be sure that the malware is off of my computer.

EDIT: This appears similar to be the Google hijacker that others on this forum are experiencing

ANOTHER EDIT: The main annoyance is back. Google search results are being redirected again. :-(
DDS (Ver_09-06-26.01) - NTFSx86
Run by Aaron at 20:52:13.84 on Sat 06/27/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.... Read more

Answer:Malware preventing countermeasures

Hello AlfaWolf04,Delete these old version of Java, as they are malware magnets.Java™ 6 Update 2Java™ 6 Update 3Java™ 6 Update 5Java™ 6 Update 7 Please post the last Malwarebytes log so I can see what it is finding. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire MBAM report in your next reply

7 more replies
Relevance 50.43%

I think I may have picked up some malware that is preventing executable files from running.
Windows 10
avast free anti virus
Sony VAIO VPCEB2C5E

I first noted that i couldn't get FireFox to open. I removed the program & re-installed it but no joy. I eventually downloaded Chrome and this is working.
Now however I've discovered that the majority of the programs on my laptop will not run.
Symptoms:
The program will initially load, blue flashing disc, but then nothing.
The list of affected apps are below:
Outlook
Word
DIVX player
MalwareBytes
VLC media player
Any app updater is blocked.

Working Apps
Chrome
CCCleaner but no update
Excel
Spybot
iTunes but no updates

Any help much appreciated
 

Answer:Malware Preventing Executable Files

The fact that some programs run and some do not, makes this sound like it is not one of the typical executable program blocking malware problems. In fact, it may not be malware. Let's see if we can get anywhere with our cleaning process in the link below. Try all the tools. Don't assume that they all will not run just because one or more does not. Also if you run into major problems trying to run the tools, try running them in safe boot mode.

Read & Run Me First Malware Removal Guide (incl. Spyware, Virus, Trojan, Hijacker)

There is a chance that you may have to uninstall Avast temporarily. We have seen antivirus program cause problems like you are describing. But let's first see where we get with the Read & Run Me First.
 

3 more replies
Relevance 50.43%

My computer has been acting strange for a while, but I couldn't ever pin it on malware.  My clock doesn't sync even when I change the server.  I got really suspicions when I connected to a new wireless network and got the following error message:
 
Cannot connect to the real www.google.com
Something is currently interfering with your secure connection to www.google.com.
Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.
If you were to visit www.google.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.google.com.
 
I tried enabling my firewall but got:
 
Windows Firewall can't change some of your settings
Error code 0x80070424
 
I have a backup.  I ran CC cleaner and Junkware Removal Tool.  I'm currently running a full scan of Malware Bytes.
 
I've attached the results from dds.  Thanks for any help!

Answer:Malware Preventing Enabling Firewall

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

2 more replies
Relevance 50.43%

I am running Windows XP SP3, with the latest version of Firefox. I am using Bellsouth Fastaccess DSL. My antivirus is Norton, and could not find any issues. My computer is connected to the wireless network, with excellent signal strength. I have tried repairing the connection and using IE, but neither have worked. My laptop and other computer can both connect to the Internet. Other things that I have noticed: SUPERAntispyware and Spybot Search and Destroy have both stopped working. I have also posted this on the Web Browsing forum. Thank you for your help!

Answer:Malware preventing connection to Internet?

Please just keep it to one forum for nowIf we can't fix you here then you can post thereSee if you can access Safe mode w/networkingorYou can burn to a CD or download to a thumb drive the tools I am going to have you useDouble-check that Spybot's Teatimer function is disabled----------------------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all th... Read more

11 more replies
Relevance 50.43%

Hello,
I have recently developed a problem when I play games on the Pogo & Slingo websites as I have done for many years. I recently started getting a popup to download some antivirus software called 'winsuperantispyware' which I knew was bogus, so I did my best to ignore & get rid of it. Anyway, shortly afterward I began having problems with java on both sites & on Pogo, it said my java was not working or I had a 'bug' in my cache. I decided to run all my clean up programs including Smitfraudfix & Superanitispyware & I am still getting an error message when I try to play my beloved games.
I spent time reading through some of the related forums on this subject at your site yesterday & so I even tried to download Mozilla Firefox & when I did that, I got the 'winsuperantispyware' popup at the time when my selected game is downloading which I believe tells me that this malware is preventing me to play games with java on any browser. I have tried relentlessly to solve this problem on my own & I am having no luck , so I hope you guys can help me get rid of this nasty little pest!
Here is my Hijackthis file:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:37:59 AM, on 9/30/2007
Platform: Windows Vista (WinNT 6.00.1904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\s3trayp.exe
C:\Program Files\CyberLink\Powe... Read more

More replies
Relevance 50.43%

OS - Windows XP Home

I've been trying for a couple of weeks now to install Comodo Firewall, but it just wouldn't install. I made a thread over at the Comodo forums regarding this, which ended up being 2-3 pages long, and finally a Comodo technician replied to me.

He said the following:


Quote:




I am sorry, but your PC is seriously infected with at least four dangerous viruses. They blocks your registry and fully controls your Windows.
For example:
C:\windows\fonts\fonts.exe - see http://www.auditmypc.com/process/fonts.asp
System32\appmgmts.dll - see http://www.greatis.com/appdata/d/a/appmgmts.dll.htm
si.exe - see http://www.processlibrary.com/directory/files/si/ - most dangerous, it loads under explorer (maybe even replaces it)
Also I've found few suspicious and unknown drivers in your system.





Therefore, I've decided to come on here for help, in the hopes that I can clean my PC of this malware. I've followed all the instructions in the "Read This Before Posting For Malware Removal Help" thread.

I did everything except for the Gmer scan. I ran the Gmer scan and it was running for around 3 hours. I went and did something else for a while, and when I came back it was still running. It had caused the whole PC to basically freeze up, with the only thing NOT freezing up being Gmer itself. Then all of a sudden the PC blue screened and rebooted, therefore I'm left without the "ark.txt" file unfortunatel... Read more

Answer:Malware Preventing Installation Of Firewall!

Bump, please.

19 more replies
Relevance 50.43%

I've tried everything I know how to do (which admittedly isn't much) and I'm hoping someone can help. I've run Spybot, Malwarebytes, and AVG. They all say they detected something called Astromedia and removed it, but now my computer is running worse than when I started. Every time I open my browser or a new tab it acts like it's not connected to the Internet until I reload multiple times. Can someone please help? My system info is below.
Thank you!
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD A10-4600M APU with Radeon(tm) HD Graphics, AMD64 Family 21 Model 16 Stepping 1
Processor Count: 4
RAM: 5609 Mb
Graphics Card: AMD Radeon HD 7660G, 512 Mb
Hard Drives: C: Total - 590202 MB, Free - 403986 MB; D: Total - 19972 MB, Free - 2166 MB;
Motherboard: Hewlett-Packard, 18A6
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled
 

More replies
Relevance 50.43%

I posted previously in another section about lagging issues: How to make speed improvements

satrow: "The security processor loader driver (spldr.sys) isn't related to any 3rd party drivers, it's installed by MS as part of Windows. If it's not loading in at all, it could be a malware issue"

As instructed there, I'm asking for a malware review. Thank you!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689 BrowserJavaVersion: 11.31.2
Run by Tony at 7:19:24 on 2015-04-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7630.4546 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe ... Read more

Answer:Malware possibly preventing spldr.sys?

Hello revelry,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your und... Read more

7 more replies
Relevance 50.43%

Hi, recently i've been having problems with "XP Security 2010" and other pop ups that it appeared to install. I tried several times to remove them with Malwarebytes and Spybot Search and Destroy and I was sure they had fixed the problem, but i am still having problems! Whenever i start up my computer I.E and FF run fine for the first few minutes then suddenly they start redirecting me to "search.avg.com" or they "cannot display the web page as i am not connected to the internet".

Also whenever i try to connect to the net with my laptop at the same time as my PC, my laptop does the same as the PC and the same is said for my PS3 when trying to play online but when i disconnect my PC from my router, my laptop and ps3 work fine.

Thanks

Steven

EDIT: also i have just noticed when i connect my laptop at the same time it appears to be turning my windows firewall off on the laptop.

Answer:Malware preventing internet access?

Hi,Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several op... Read more

5 more replies
Relevance 50.43%

I seem to have a particularly pernicious bit of malware that I can't shift.

"Live Security Platinum 3.6.1" is showing in my taskbar, and keeps feeding me fake alerts.

I foolishly googled a "fix", which i suspect is just yet more malware.

I can't follow any of the general fixes because it's blocking almost every .exe from running.

Judging by the lost keystrokes as i type, i suspect there is some kind of keylogging afoot here too.

Help please!

I have older versions of some of the recommended tools installed if that helps - although can't find a way to update or run them... any ideas?

I'm on Windows Vista.
 

Answer:Malware preventing .exe files from running

OK I managed to find a rogue .dll... deleting it let me run .exes again.

I've had a bit of a mixed bag with the recommended utils though.

Hitman blue-screened for me twice in a row, and MBAM crashed during fixes the first time.

I've attached a transcript of what was in the window when MBAM crashed (although some of it's not very helpful because the full filepath wasn't displayed in the window when it became unresponsive) - and a log from when it ran OK the second time.

Any advice?
 

8 more replies
Relevance 50.43%

I hope I'm posting this to the right spot... this website is pretty confusing...

McAfee will not update and I cannot access the McAfee site. Instead, I get redirected to a pseudo site. I had something similar happen on another computer using Kaspersky. I am running Combofix now. Is there someone who could help me read the log?

Answer:Malware preventing McAfee from updating

DO NOT EVER run Combofix on your own and without supervision of an expert. It can seriously damage your system and make it unbootable. DO NOT post the log here.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and y... Read more

1 more replies
Relevance 50.43%

What do you think about anonymous software, and firefox add-ons like switchproxy and stealther? Do they prevent malware? Do you have any Firefox add-on recommendations for effective internet security?
 

Answer:Question about Firefox Add-ons and Preventing Malware

You can not be anonymous on the internet.
In order for the post office to deliver mail to you, they need to know the address where you accept mail.
In order for the internet to deliver web pages to your computer, a server somewhere needs to know the address of your computer so you can view the pages. Some server (or more than one) knows exactly where you computer is located and what web pages you want to view. If this information wasn't known, you get a 404 error for every page that you tried to load.
The perception that you are anonymous is just that, a perception.

You do not protect the browser; you protect the computer so that things delivered to your computer don't come with nasties you don't want.

The computer needs: a firewall, one antivirus (monitoring in real time), one malware detector (monitoring in real time). You might be able to get two of these things in one program.

To lessen your chance of clicking on something you don't want and installing something not healthy for your computer, you can run noscript in Firefox. This turns off javascript and you are able to turn it on for certain sites either permanently or temporarily. I also run something called WOT (web of trust) which shows me when I use google to search, sites to avoid or to approach with caution.
 

2 more replies
Relevance 50.43%

Greetings! I have recently been infected with some sort of malware. It is preventing me from visiting several websites I used to visit often. A few examples:Google, Yahoo search engine, Gmail, Hotmail, Facebook... Just to name a few. When I try to visit any of these sites I receive a browser message "Unable To Connect". I use Firefox.

I run Windows 7 64 bit.
_____________________________________________________________
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tyrantius at 21:05:02 on 2011-08-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.2591 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common File... Read more

Answer:Malware Preventing Me From Opening Many Websites

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

If you did not modify your HOSTS file it has been compromised.


Quote:




Hosts: 184.107.64.187 Google
Hosts: 209.172.56.118 search.yahoo.com
Hosts: 209.172.56.118 Bing




Go to: HostsXpert v4.4
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.

Restart the computer normally.
===

When the hosts file has been restored.

Please download C... Read more

7 more replies
Relevance 50.43%

Let me start by saying I already started in the "Am I infected" forum and they told me to start a new post in here. The link to my thread over there is: Internet access shuts down right after loginI sure would appreciate your help!Here is my DDS.txt:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21Run by Alan at 20:44:04 on 2011-09-23Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3325.2251 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalSe... Read more

Answer:Malware preventing internet connection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420238 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

30 more replies
Relevance 50.43%

Hi,
I have formatted my computer a few days ago and now I'm reinstalling my adobe programs. in order to do so I must close firefox, but after I do it, it reappears in the processes window. I terminate it, and a second later appears a process named CuNew.exe which immidiately changes to firefox. it just keeps happening every time I try to terminate it.

this cunew sits in C:\WINDOWS\system32\install, and it's something by indetectables.net. I guess it's a malware but my antivirus doesn't recognize it.

in addition, every time I restart now. I get error messages from programs such as skype, "the program failed to initialize", each time more and more programs.

here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:54 PM, on 9/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Extensis\Exte... Read more

Answer:malware preventing firefox from closing

I ran Malwarebytes' Anti-Malware and it detected the file. It said that it deleted it, but it just pops up again in the same directory.
Also, I noticed that this process disguises itself as Firefox all the time, e.g. when Firefox is closed I see "Firefox" running in the processes window, when it's open, there are two "Firefox" there.

Help will be so much appreciated!

Here's the MAM log:

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 2

9/21/2009 1:59:11 AM
mbam-log-2009-09-21 (01-59-11).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 194426
Time elapsed: 35 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0014hv01-o13r-jqfl-rq46-27ap31np34lx} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c20ee2d6-81c3-6a08-79c5-1989da43bc19} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\poprock (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UI... Read more

2 more replies
Relevance 50.43%

Hi guys,

Here's my System info:
Windows 7 Home Premium 64bit
Intel i5-2500k cpu
8gig DDR3 RAM
OCD VertexII SSD 60GB running OS
2TB HDD and 1TB HDD
ASRock Z68 Pro3 Mainboard

I went through the clean up process step by step and my logs are attached over this and the next post
 

Answer:Possible Malware preventing drag and drop etc

And here's the last of the attachments
 

7 more replies
Relevance 50.43%

Attempting to follow the XP cleaning procedure, and none of the tools will run except MGTOOLS, which did run to completion and generated the zipped file.

Symptoms are: both IE and Firefox either redirect or deny finding websites. For example, cannot get to windowsupdate.microsoft.com--instead, browser is redirected to findstuff.com when I attempt to click on Google search result which points to windowsupdate.microsoft.com. Attempting to go directly there results in a 'page not found' error. Same is true for symantec.com or Mcafee,com.

Spybot did install, but when I run it, it loads a 3MB process I can see in task manager, but never opens.

Superantispyware will not install. Even after renaming the executable, it crashes with the "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience" error, which pops up and asks if I want to send the error report to Microsoft.

Combofix opens the "do you want to run" window, but never continues when I tell it to.

Malwarebytes' Anti-Malware -- same thing: when I click to run it, nothing happens.

One detail: Netscape Navigator appears unphased by the malware. So, I do have a working browser for some web access (Microsoft insists on IE, so I cannot use windowsupdates via this browser) on that computer.

I am attaching the mglogs.zip file.

One other note: I am actually conversing from a clean machine. I am running logmein to access t... Read more

Answer:Malware's preventing most tools from running

Let's start with this:

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

Use add/remove programs to uninstall:
J2SE Runtime Environment 5.0 Update 10"
J2SE Runtime Environment 5.0 Update 11"
J2SE Runtime Environment 5.0 Update 9"
Java 2 Runtime Environment, SE v1.4.1_02"
Java(TM) 6 Update 2"
Java(TM) 6 Update 3"
Java(TM) 6 Update 5"
Java(TM) 6 Update 7"
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Now use windows explorer to find and delete:
C:\Documents and Settings\Julia\Application Data\MJUSBSP
C:\Documents and Settings\Julia\Local Settings\Application Data\tjnet

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and any other logs you can run ( remember to try the in safe mode).
 

3 more replies
Relevance 50.43%

Hello!  Yesterday I was having some problems with some spyware.  It would randomly create a fake windows firewall error saying that my computer is infected and prompt me to visit a web page to download a full version of a virus scanner.  The malware was causing lots of pop ups and whatnot.  I downloaded MBAM and superantispyware.  I ran both of them and the popups are gone(wohoo!).  However... This morning I got on my computer and I am unable to use any web browser (IE, Firefox) to navigate to websites.  I am connected to my router just fine, and I am able to connect to Steam and AIM with no problems, so I know I am connected to the internet.  I am unable to ping any websites or anything.  When I try to navigate to a website, I get the "address not found" error.  Please help!

Answer:Malware preventing web browser usage!

Go to...http://www.computerhope.com/forum/index.php/topic,46313.0.htmlFollow the guidelines, post the three logs and a specialist will review them in turn.

5 more replies
Relevance 50.43%

I am infected by a Trojan/Virus that prevents me from updating my antivirus software as well as redirects any clicked links from a Google search. I've run Ad-Aware and it removed a trojan but apparently did not completely fix the problem. I have run online scans (Kaspersky and Panda) but the scan either didn't finish or my computer rebooted when the infections were trying to be removed. I've installed MalwareBytes but it will not execute. I've pasted the dds.txt log below and attached the attach.txt and hijackthis.txt logs.

I appreciate any help that can be given.

Thanks,
Brian

DDS (Ver_09-05-14.01) - NTFSx86
Run by brian at 20:38:36.45 on Wed 05/13/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3069.1563 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalS... Read more

Answer:Infected with an unknown trojan preventing updates to antivirus and causing google redirects

Just bumping this up. I'm still interested in getting some help if anyone is available.

I appreciate your time. Thanks.
Brian

4 more replies
Relevance 50.02%

Please help to solove the problem. Google chrome when opens https://google.com tels that it can not open real google.com. But it opens https://www.yahoo.comDDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.65.2Run by U135428 at 18:08:26 on 2014-07-28Microsoft Windows 7 Enterprise 6.1.7601.1.1254.90.1033.18.3014.1552 [GMT 3:00].AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\WUDFHost.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exeC:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Program Files\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Windows\system32\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\... Read more

Answer:Malware preventing https work on chrome

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542521 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

4 more replies
Relevance 50.02%

we are in a small corporate environment.we have one user that needs administrator permissions to run some softwarethe problem is, this user regularly accidentally installs viruses and malware from her browsing habits.we have spent countless hours cleaning up the system from various attacks, malware and viruses.is there a way to give the user admin permissions to run the software, but block things from being installed.it is an active directory systemthanks

Answer:preventing virus and malware from admin user

mmm... Bit of rum situation when a user with admin rights is part of a problem re' malware/viruses etc...Perhaps restrict the profile (for that user only) so as to NOT allow actual online presence; able to browse access local network etc but thing outside of it?

5 more replies
Relevance 50.02%

Sup hoes, I'll jump right into it.Workstation at a clinic is infected with a piece of malware that disables antivirus as soon as it's accessed. So far I've tried to run AVG's scan and MalwareBytes' scan. Running malware bytes once after installing will start the scan and the search is stopped seconds after initializing, program is terminated. At this point then the program can not be opened. Attempting to open mbam.exe delivers error "Windows can not access the specified device, path or file. You may not have the appropriate permissions to access the item." Identical results if repeating this entire process in safe mode.Installing AVG; AVG Active Anti-Virus (the real-time scan) disables and can not be enabled. An attempt at a scan with AVG results in an immediate conclusion stating no threats were found (nothing scanned). Safe mode is similar, the AVG scan will run for about 15 seconds then just simply close.The only active process I found out of the ordinary was this entry: "3517402925:3534772270.exe" - 464K. Ending the process does not seem to have any effect; it remains there. It is an active process in Safe Mode as well. Found registry entry inLOCAL_MACHINE > System > Services > 2d4fa7d1 >name: imagepathdata: \systemroot\3517402925:3534772270.exeAlso appears inLOCAL_MACHINE > System > CurrentControlSet > Services > 2d4fa7d1LOCAL_MACHINE > System > ControlSet003 > Services > 2d... Read more

Answer:Malware preventing Anti-Virus from scanning

Hi Putrid, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the update... Read more

3 more replies
Relevance 50.02%

Hey guys, I apologize in advance, but I want to let you guys know I am not tech-savvy whatsoever; I fell upon this forum by google searching repeatedly on issues my computer is having; Anyway, I think I have cornered down the problem;
 
 
I am unable to connect to the internet with my desktop (all other devices in my house are able to connect)
 
chrome, IE, etc etc are all giving me the error that they "could not connect to the proxy"
I go into my browser settings to disable the proxy which I never set up, and, it is automatically re-enabled; Obviously I have malware of some kind;
 
I have ran hitman 64bit, malwarebytes, and neither of them succeeded; I was reading multiple threads on this forum from people who were having the same issue and noticed that the mods/"consultants" here were asking them to have some kind of scanner run and create a log for them to see; I also noticed the solutions they offered were specific to the OP's computer, and thus, could not be used by others reading.
 
So, I have created this thread in hopes that someone can help me. Just tell me what to do and ill get right on it!
Thanks guys, I really appreciate the help;

Answer:Malware setting up a proxy and preventing me from disabling it

Also, I have a dell desktop with a preinstalled version of windows;
 
The F**** joke of a "reset/recovery" disc made in windows 8 doesnt work; I have created a repair disc using the program in windows 8, and, when I try to use it, it tells me the "media is not valid"
 

I have also looked up my product key using belclair or something like that, and went to microsoft's website, only for them to reject the product key in a new installation of windows;
 
therefore, I can not do a clean install of windows 8; I am bleep out of luck here with dell and microsoft and it seems my only option is getting rid of this malware myself;

2 more replies
Relevance 50.02%

Hello.

For about two weeks now I have been battling several trojans/worms that have attacked my computer. I have managed to remove the majority but I'm still having one problem; I cannot update, run in real time or reinstall my Symantec Antivirus program. Every time I attempt to reinstall my antivirus program I have a window pop up saying my computer will shut down in 60 seconds; it also says I initiated this shutdown sequence. I usually use to Mozilla Firefox but I did use Internet Explorer about two weeks ago to view some sports videos on Yahoo Sports (the videos could not be opened with Firefox). Ever since I used IE my computer started acting weird; pop up ads all over the place, additional browser windows opening and my task bar disappearing. All those problems have been fixed except the problem of my antivirus.

Thanks ahead of time for your help!

Best,
Erika
 

Answer:Malware Preventing the Reinstallation of Antivirus Program

Attached is my MG log....
 

4 more replies
Relevance 50.02%

Hi there,

I've had my attention drawn to my sister in laws computer that appears to be causing major problems. it won't open IE or FF but will run Chrome. when trying to place the computer into safe mode the power cuts and it reverts back to booting up. this happens at all versions of safe mode.

I've run an avast boot scan and found several files infected with Win32:rootkit-gen. I've also run malware antibytes with no luck. i'm out of ideas :S


DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13
Run by Kathrin Wallace at 20:24:21 on 2011-07-17
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.2039.1212 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenge... Read more

Answer:Unknown Malware preventing safe mode?

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

9 more replies
Relevance 50.02%

I get svchost.exe errors on bootup with references to 0x85993a44 and 0x01c8284.

I get Google redirects.

I cannot do a Windows update. I get Error number: 0x80072EFF

I've attached the logs.

It looks like the limit for attachments is 4, but the 5th is short and is here:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/25/2008 at 04:17 AM

Application Version : 4.22.1012

Core Rules Database Version : 3685
Trace Rules Database Version: 1662

Scan type : Complete Scan
Total Scan Time : 01:39:58

Memory items scanned : 918
Memory threats detected : 0
Registry items scanned : 9108
Registry threats detected : 0
File items scanned : 47848
File threats detected : 0

Any help???
 

Answer:Malware preventing Update and causing redirects

Welcome to Major Geeks!

We need some additional info. Please run this: GMER - running with a random name and attach the log from GMER.
 

10 more replies
Relevance 50.02%

Hi everyone,

I got a virus/malware of some sort the other day after downloading what i thought was a book.. -.-

Basically, this virus/malware (not sure what it is..) prevents some antiviruse programs from running, I had Microsoft Security Essentials at first, but this got disabled and I couldnt use it so i downloaded AVG which installed fine, but wouldn't lauch, Windows Defender was also prevented from functioning.

But Antimalware bytes and Kaspersky seem to work fine and i removed several viruses/malware with them, though the problem still persists and Windows Defender/Microsoft Security Essentials still won't run!

Spybot search and destroy can scan, but when it gives me the option to remove the infections, an error occurs and says i need admin rights to do this (even though i am on an admin account..)

I would try to remove the virus through safe mode, but i cant get onto it! A message pops us saying something about the screen not being compatible or something

I was thinking of using ComboFix since it worked for me last time i had a serious virus, but im not sure i should use it since they say yo only use it with supervision from a PC pro..

Any help would be much appreciated!

Edit: Rkill didnt work, it just said "The system could not find the path specified"

Answer:Virus/Malware preventing my antivirus from working! Help please!

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 50.02%

Just occured to me to try using IE 64 on this Win7 64 machine as I've been reading this site from an alternate machine. It seems to work fine, but Firefox, Chrome or IE 32 won't work. I've checked the hosts file as well.

Microsoft Security Essentials Detected the following since this all occurred:

Trojan:Win32/Ertfor.A
Trojan:Win32/Hiloti.gen!D
Trojan:Win32/Wimpixo.E
VirTool:Win32/Obfuscator.KG
Rogue:Win32/Winwebsec
Trojan:Java/Mesdeh.C
Trojan:Java/Mesdeh.A
Trojan:Java/Mesdeh.D
VirTool:Win32/Obfuscator.KG
Trojan:Java/Mesdeh

Norman Malware Cleaner from 11/13 detected/removed 5 things but unfortunately I didn't log them.

I can't remember if ESET picked up anything- the history logs aren't showing anything, and it's not able to update itself (presumably the same protocol used as 32-bit browsing?)

GMER also has many of the options listed in the preparation guide greyed out:
 gmer.png   68.07KB
  1 downloads

---

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by John Doe at 8:53:01.79 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4060.2493 [GMT -8:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files�... Read more

Answer:Possible Malware Remnants Preventing Any 32-bit Browser From Working

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

10 more replies
Relevance 50.02%

Hello,

I believe my laptop is infected with malware, preventing it from performing any tasks, such as accessing the internet, or opening programs. It is a shared laptop used primarily for web browsing (google, facebook, etc.) iTunes, and paying bills online. I am able to boot the computer, logon (although noticeably slower), and then I receive two error messages. The first is:

rundll32.exe - Bad Image

"The application or DLL C:\WINDOWS\oparexurivikiki.dll is not a valid Windows image. Please check this against your installation diskette."

I click ok, then another error message immediately pops up:

RUNDLL

"Error loading C:\WINDOWS\oparexurivikiki.dll

%1 is not a valid Win32 application."

I then click ok, and now my desktop appears normal, although 9/10 times I notice that on the bottom right in my taskbar, my network icons do not appear (both LAN and wireless).

From trial and error, I've learned that sometimes I can open up 'my computer', text files, but once I try and open internet explorer or any exe files, my computer freezes. The computer will eventually lock up at some point even if I avoid opening exe files.

I've tried system restore to earlier points, and the problems have not gone away. I've been able to download programs like Malwarebytes' Anti-Malware, AVG 2011, and SUPERAntiSpyware Free Edition, and run them (without updating them; can't connect to internet) and although they have detected and quaranti... Read more

Answer:Suspected malware preventing operation of any programs

16 more replies
Relevance 50.02%

Hi.  I am helping a friend remove malware.  She is using Windows 10, 64 bit.  The symptoms were the inability to connect to the internet.  I booted into safe mode with networking and was still unable to connect to the internet.  I tried troubleshooting the connection using Windows built in troubleshooter.  The "unidentified Network" message persists.  I ran a program called "CleanUp!" to clear temp files, history, etc.  I ran Malwarebytes, Spybot, and Hitman Pro.  A slew of files and reg entries were found and removed.  There are some entries that keep returning when scanning with Spybot and rebooting.  I am now able to connect to the internet in Safe Mode with Networking.  Though, still unable to connect in normal mode.  I have ran FRST as directed.  I will include the following in the post: Spybot report, FRST.txt, and Addition.txt.  Thank you in advance for the assistance.
 
***Search results from Spybot - Search & Destroy***
 
1/20/2018 2:20:53 PM
Scan took 01:16:39.
7 items found.
 
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-612429805-3072876167-3422260051-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
  Category=Tracks
  ThreatLevel=2
  Weblink=http://forums.spybot.info/forumdisplay.php?54
 
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, noth... Read more

Answer:Unknown Malware preventing internet connection

Greetings davsnotn and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

8 more replies
Relevance 49.2%

Hi,I hope you are able to help with me this... I have a friends laptop that is currently badly infected with something that is preventing it from connecting to the internet and is causing the machine to have major slowdowns. I have tried a few fixes already by installing some anti malware software which did detect and remove some trojans, but still the problems are persisting. I am unable to fully update the anti malware software due to no net access but I did however install updates via a USB key that I downloaded. This also was a work computer if you are wondering why the CISCO VPN is showing up. Thanks in advance! Please see the following DDS Log, and I have also attached the two other logs required.DDS (Ver_10-03-17.01) - NTFSx86 Run by [usernameremoved] at 12:51:02.98 on Sun 05/23/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.172 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Acer\eManager\anbmServ.exeC:\WI... Read more

Answer:Malware preventing access to internet and major slowdown

Hi Rhythm,Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.Please before rebooting do the following: Reset the LAN settings:Open IE Go to Tools => Internet Options => click on the Connections tab, then click on LAN Settings. The following items should be unchecked:Automatically detect settings Use a proxy server for your LAN.Don't reboot yet.Open a notepad (Start > Run and type in Notepad )Copy and paste the text in code box into it.CODEREGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"Notification Packages"=hex(7):73,63,65,63,6C,69,00,00Save the file to the desktop as regfix.regMake sure the Save as type field says All files.Locate regfix.reg on the desktop and double-click on it and confirm. It should look like A window pops up asking if you are sure to add the file to the registry. Click Yes.You get another window popup saying that regfix.reg successfully added to the registry.Now you may reboot. Tell me how it went and if you have connection now.Note: You have to turn off any registry protector software you have in order the changes to be taken place.

20 more replies
Relevance 49.2%

Hello
My son recently started using his mother's old computer. I have no idea what he has been up to but the anti-virus software was about to expire so I tried a couple of different packages (AVG and McAfee) but the first would not run and the second would not install. I looked at one of the threads on this forum and followed the instructions to run ComboFix. Here is the log file. Could you please let me know if you can see issues and what I can do to fix them

kind regards

Michael

ComboFix 12-01-23.02 - Janet 25/01/2012 1:36.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.1022.367 [GMT 10:00]
Running from: c:\users\Janet\Desktop\J456.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PlaySushi\PSTExt.dll
c:\users\Janet\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Personal Internet Security 2011.lnk
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Janet\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Janet\AppData... Read more

More replies
Relevance 49.2%

I am trying to upgrade my VPN software to Cisco AnyConnect but I cannot get the software to install on my laptop. The installation process seems to make a fair amount of progress, but then it stops and says: "There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor."

I had a older version of Cisco VPN that worked fine for at least five years. I only ran into problems when I tried to install the newer AnyConnect. I have access to versions 3.1 and 4.1 of AnyConnect, but neither will complete the installation. I uninstalled the prior VPN software and Norton Antivirus before attempting to install AnyConnect.

I have looked through many forums to try to solve this problem, but nothing has worked so far. I have discovered that my Windows Updates are not installing (they won't even download).

Any assistance you can provide would be greatly appreciated.
 

More replies
Relevance 49.2%

Hello,
My computer is infected with malware. After a while of having my computer turned on eventually a message comes up that says "Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience" with the option of sending an error report to Microsoft. After this window comes up, the computer becomes very slow, and the internet connection eventually disconnects, with no chance of regaining internet unless the computer is restarted. Also, the sound on my computer goes mute and sound can only be regained if restarted. Also, at first my computer couldn't restart, it would simply freeze at the gray screen or blue "logging off screen" and I would have to force turn off my laptop by holding the power button down for a few seconds. Here is my HijackThis log file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:32 AM, on 10/5/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\L... Read more

Answer:Malware preventing internet access, crashing computer

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies
Relevance 49.2%

Im having similar issues. When I installed and ran Zemana it stopped due to no internet connection.
 

Answer:Suspicious Activity malware preventing access to Internet

Hello,
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

1 more replies
Relevance 49.2%

I'm having some problems with my computer. I can't open most programs that would help me (spybot, adaware, malwarebytes). When I try to open these I get a notification that "ana.exe" is trying to make changes and needs permission. Of course, I don't let it but the programs won't open. I can't open Firefox or Internet Explorer. I have tried to use system restore but it is shut off or something... I've never seen that before. I tried to use system restore from the boot process but it wouldn't let me.

I also get a fake Windows Security Center popup that tells me to download some security program. Any help would be greatly appreciated.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jordan at 18:55:37.15 on Fri 04/08/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2323 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.ex... Read more

Answer:malware preventing me from opening programs or using system restore.

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply... Read more

12 more replies
Relevance 49.2%

Ive barely been using the net for anything except pc advisor (!) and earthcam (right now), no downloads, yet a recent warning from avira reveals:'C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\4o5ge2n1.default\Cache' contains :-'HTML/Infected.WebPage.Gen' [virus]'C:\Documents and Settings\User\Application Data\Sun\Java\Deployment\cache\' contains :-'JAVA/Agent.nai' [virus]'EXP/Java.3243' [exploit]after a full avira scan, it was only these cache folders that contained infected files, and nowhere else. is it possible that all this supposed malware is due to merely browsing? or could unwanted/hidden installed software purposefully load things from web locations into these cache folders? I already have spywareblaster, malwarebytes and avira on this xp system together with online armor. If I disable certain settings for webpages in firefox such as javascript far too many sites refuse to work... aside from having a good antivirus scanner, is there anything else I can use to stop junk being loaded into these java and firefox cache folders? or is it likely that avira does this anyway and warned me immediately as soon as these files appeared on my system? I have recently updated avira, so im hoping they werent false positives that im being warned about as possible infected files.

Answer:software preventing malware in java+firefox cache?

is it likely that avira does this anyway and warned me immediately as soon as these files appeared on my system?Yes virus and malware can be downloaded to your machine via Java applets this is why some of use WOT to try and avoid nasty sites.Just delete the cache and rescan.

3 more replies
Relevance 49.2%

I ended up with malware from a family member who used my computer. Svcvmx and Suspicious activities are still on my computer (and more). Due to the Suspicous imitating a Windows blue screen of death, I can not use the internet (that pops up with a fake windows update and then claims to find suspicious activities and call a 855 number for support. I cant minimize or do anything though I hear my computer still working in the background. Even task manager wont show up. All I can do is turn off the computer and turn it back on and have the cable unplugged from my computer. I have to download all files on to a laptop and take them to my computer. So far, Rkiller found them but wont remove them even in safe mode and all others wont activate due to "Resource in use" whether I try in normal or safe mode, installed on my computer or still on the thumbdrive.

Any help would be appreciated, I am not computer literate, I just play games (Everquest and Everquest 2, for the most part) and read and watch YouTube videos.

Thank you
 

More replies
Relevance 49.2%

Thanks in advance with and help/suggestions to solve this problem--I can't access Internet to download virus killing software...after windows login, even in safemode, the desktop shows no icons, no task bar...just a fake virus protector quick scan window and pop-ups asking me to register. Task manager "disabled by administrator". Any suggestions?

More replies