Computer Support Forum

Antivirus Security Pro removal but cannot get into safe mode

Question: Antivirus Security Pro removal but cannot get into safe mode

I read the Antivirus Security Pro Removal Guide for this site but I cannot get into safe mode.  The F8 key doesnot work and I cannot run msconfig either so i am kind of stuck.  HELP

Relevance 100%
Preferred Solution: Antivirus Security Pro removal but cannot get into safe mode

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Antivirus Security Pro removal but cannot get into safe mode

Hello ac lets see if we can get a DDS log as per this guide...Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

7 more replies
Relevance 102.5%

We have a user who got the Antivirus Security Pro virus and I'm trying to remove it. All "how-tos" say to boot into safe mode, but this version of the virus won't allow me to do so, either with command prompt, networking or without. Without safe mode, I'm not sure how I'll be able to remove it. Any ideas would be great.

Answer:Antivirus Security Pro Removal - No Safe Mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

2 more replies
Relevance 99.22%

After removal Antivirus Security Pro virus with Malwarebytes Anti-Malware and SpyHunter 4 my e-mail AOL stopped working. I tried to restore the Dell Studio 540 computer to an earlier date. It did not help. I tried several earlier dates in safe mode. After that Windows 7 boots only in Safe mode whatever I do (msconfig, services.msc...). I conducted all diagnostics via F12 - everything is OK; F8 - reboot in normal mode - it does not, again in safe mode. 

Answer:After removal Antivirus Security Pro virus computer boots only in safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/507569 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 82.82%

Dear Computer Hope,I have been infected with this virus and need help with manual removal of files, dlls and registry entries. I can only run Windows in safe mode and I am unable to run McAfee, Hijack This, or any other spyware removal applications. I am running Win XP but don't know how to tell which service pack I have in safe mode, I'm assuming SP2. I hope you can still help. I have found instructions elsewhere on how to remove registry entries and unregister .dll files through cmd prompt but in following instructions at hxxp://wiki-security.com/wiki/Parasite/WindowsAntivirusPro I went ahead and (unwisely?) deleted the Programmes\Windows Anti Virus Pro\ folder altogether and now do not have the .dlls to unregister.  Any advice would be greatly appreciated, thanks.garddfon

Answer:Windows Antivirus Pro manual removal in safe mode

Stay out of the registry.You'll have to go here....http://www.computerhope.com/forum/index.php/topic,46313.0.htmlIf you've lost your connection, download the programs to a USB stick on a good PC and transfer them to your PC.If you have difficulty, you may have to run them in safe mode, tap F8 at start, .If you have difficulty, you may have to rename the programs when you save them.If you get stuck on a step, proceed to the next .Post the logs for step 3,4 and 6.

14 more replies
Relevance 82.41%

A friend brought me a computer because Anitvirus Security Pro would keep running on her laptop. I have had this on different computers and have been able to clean them but this one is really a beast.
 
Her system is running Win 7  the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG. Any suggestions on getting control of the system back?

Answer:Antivirus Security Pro - won't allow Safe Mode

here is my frst file
 FRST.txt   19.44KB
  2 downloads

28 more replies
Relevance 82.41%

Help I cannot get ito safe mode to remove Antivirus Security Pro! Please can someone help me?!

Answer:Antivirus Security Pro - won't allow Safe Mode

I also am running win7 64bit

6 more replies
Relevance 81.18%

Hello my name is Austin,
 
As many other posters this past month, my father recently got infected with the Antivirus Security Pro Malware. I built this computer 8 months ago for my father, so I'm almost responsible for anything wrong with it. I'm a novice at most programming lingo, but I am really good at following processes, as it's what I do for a living. I WILL be donating to the person helping, my father needs his computer to do work this weekend. So before we start this process, I want to say "Thank You" in advance.
 
Any way, I tried doing the bleepingcomputer.com solution for the malware, but I have not been able to enter safe mode (shuts down soon after log in).
 
I read a post today on the first step of run the frst.exe file in the infected computer. Please let me know if you prefer for me to paste the report results within my post or attach the file. Here are the text results:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-IPBE6V6 on 18-10-2013 17:10:41
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msse... Read more

Answer:Antivirus Security Pro Malware - No Safe Mode

Justsalsa,
 
 
to BC Forums!!
 
Thanks for the FRST report. I am presuming it was run from a USB pen drive.
 
Let's see if the following works for you to remove the Antivirus Security Pro Malware ...

  Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
 
start
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
HKLM-x32\...\Run: [] - [x]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\   \...\???\{c2c37fed-cd7d-2662-80ff-1651ebb34c7f}\GoogleUpdate.exe"
C:\Users\RichardRice\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\ProgramData\pvqdkqkjvbllroblbxh.reg
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, just once, and wait.
 
When done, FRST produces Fixlog.txt on the USB pen drive.
 
>> Please provide the Fixlog.txt on your reply.
 
 
  If (which I doubt) the computer is still under the 'spell' of the Antivirus Security Pro Malware, look for its shortcut on your Desktop .
Next, go to Control Panel > Folder Options
Click the View tab
Select/check: Show hidden files, folders and drives
Click: Apply > OK
 
Right click on the Antivirus Security Pro icon on... Read more

3 more replies
Relevance 81.18%

My dad's flash drive was infected with Antivirus Security Pro, yesterday I plugged it into my laptop and it got infected
I tried to remove it as I did on his computer but I just doesn't let me boot into Safe Mode, as it automatically reboots the system
I've googled about this and read some topics on this forum about this
as I read some things about the virus getting smarter, I've already did those FRST things and here is the log, as I know there's one specific way to do to each user
I'm posting on this section cause I realized I could've posted on wrong section before

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by SYSTEM on MININT-2JK5KHB on 28-09-2013 21:05:33
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b]

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [L... Read more

Answer:Antivirus Security Pro won't let me boot into Safe Mode

Hello pedrofortunato I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

25 more replies
Relevance 81.18%

Hey Forum!! I have a lappy here with a special version of this normally easy to remove virus and I need some assistance. Per other forum post instructions, I have scanned with FRST and here is my log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by SYSTEM on MINWINPC on 07-10-2013 11:15:50
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [hpqSRMon] - [x]
HKLM\...\Run: [HP Health Check Scheduler] - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\gX3ga333\gX3ga333.exe [550552 2013-10-04] ()
HKLM\...\Winlogon: [Userinit] c:\windo... Read more

Answer:Antivirus Security pro cant boot into any safe mode

Hello Huludrock I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

3 more replies
Relevance 81.18%

Hi, my mothers Compaq Presario Windows 7 became infected with Antivirus Security Pro.  I have tried to boot into safe mode with and without networking to no avail, it will look like it is working in but will bring up the windows screen and then indicate that it is logging off. I am unable to bring up tskmgr, mbam or rkill in regular mode.  Per a previous post I ran fst64 to get the information and am copying it below: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-5T4B15L on 18-10-2013 14:58:14Running from H:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [PC-Doctor for Windows localizer] - C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.)HKLM\...\Run: [AS2014] - C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe [659096 2013-10-18] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\6DXrl3Xn\6DXrl3Xn.exe -sm,HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM-x32\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM-x32\...\Run: [HP Remote Solution] - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solut... Read more

Answer:Antivirus Security Pro - Won't let me boot into Safe Mode

One more thing, in looking at the above log, is shows several restore points, however, when I tried to to access them, I was told that system restore was turned off.

8 more replies
Relevance 81.18%

Hi all, First time here at BleepingComputer.com. I just took a look through some of the forums and it looks like there's a fellow named "Gringo" who is adept at this one and may be able to help me out. I've got a computer that has the Antivirus Security Pro virus on it and it's beating me up pretty badly. I can't boot into safe mode, nor can I load any programs to clean it up. What can I do to get this off my system? Thanks for the help. DK.Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

Answer:Antivirus security pro won't let me boot into safe mode

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

4 more replies
Relevance 81.18%

Computer infected with Antivirus Security Pro; cannot successfully log on with Safe Mode as computer reboots at log on.

Answer:Antivirus Security Pro will not allow me to boot up in Safe Mode

KellyV6726,
 
to BC Forums!
 
When you start the computer and tap the F8 key until you get to the Advanced Boot Options menu, are you able to use
the arrow keys to select the Repair your computer menu item?
 
From there...
Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)
 
On the System Recovery Options menu do you get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors
Command Prompt
 
Are you able to select the Command Prompt?

7 more replies
Relevance 81.18%

How can i remove AV security 2012, with out safe mode, i have a family who has this virus but, i cant go to the safe mode! Please help.
 

More replies
Relevance 81.18%

How can i remove AV security 2012, with out safe mode, i have a family who has this virus but, i cant go to the safe mode! Please help.
 

Answer:AV Security 2012 removal without safe mode

Firstly.....click on "Follow This Topic" button...it is located on the right hand side of the page towards the top.....this will send replies straight to your inbox.
 
Download TDSSKiller and save it to your desktop.
* Extract (unzip) its contents to your desktop.
* Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
* If an infected file is detected, the default action will be Cure, click on Continue.
* If a suspicious file is detected, the default action will be Skip, click on Continue.
* It may ask you to reboot the computer to complete the process. Click on Reboot Now.
* If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
* If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 

 

2 more replies
Relevance 80.36%

Hello,
 
I have a Dell laptop which is infected with Infected Antivirus Security Pro, will not let me start in safe mode:
Windows 7 Home Premium, P4 Dual Core T4300 2.10GHz, 4.00 GB,  64Bit 500GB HD.
 
I tried running malwarebytes and all .exe file execution are blocked by Antivirus Security Pro, tried to restart in safe mode as soon as it gets to desktop it shuts down and restarts.
 
Need help removing please, Thank you

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Before you do anything just try and "activate" it using this code, its a longshot but sometimes it works and you will be able to run malwarebytes and other tools
 
AA39754E-715219CE
 
See video for help on to do this
http://www.youtube.com/watch?v=y58O8bqx9sQ

6 more replies
Relevance 80.36%

Won't let me do anything,try and boot to safe mode and it will kick me out and restart normally.
I have read alot of the topics on this issue,and have a flashdrive downloaded with the relevant stuff (combofix/dds etc..) that i've seen suggested.
All I have used so far is the FRST64 log.
Here is the applicable log,thanks for any help.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-6Q31KRG on 05-10-2013 23:53:47
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-17] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Webfetti Home Page Guard 64 bit] - C:\Program Files (x86)\Webfetti_52\bar\1.bin\AppI... Read more

Answer:Antivirus Security Pro infection-Safe Mode inop

Hello DefEddie I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

16 more replies
Relevance 80.36%

A friend brought me a computer because Anitvirus Security Pro would keep running on his moms laptop. I have had probably 5 different computers that have had this on them and have been able to clean them but this one is really a beast.
His system is running Win 7 and he tried a number of things before bringing it to me with no luck.
I printed off the Anitvirus Security Pro Removal instructions from this site but the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG.
Any suggestions on getting control of the system back?
 
Thanks
John
 

Answer:Antivirus Security Pro - won't allow Safe Mode, Regedit or msconfig

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

38 more replies
Relevance 80.36%

Hi,
 
I have a laptop running windows 7 that has been infected with Antivirus Security Pro.  When I try to start in Safe Mode the computer keeps restarting before I can do anything.
 
I can not download any malware removal or any other software.
 
I can not seem to start any programs.

Answer:Infected with Antivirus Security Pro, will not let me start in safe mode

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with FRST (Recovery Environment)To run FRST on Vista and Windows7:For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.Plug the flashdrive into ... Read more

36 more replies
Relevance 80.36%

So I found a previous topic that I couldn't reply to and here is what I have done...
It suggested that I use the Farbar Recovery Scan Tool via the system recovery options.  Here were my results....
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-JR029EJ on 30-10-2013 21:35:02
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-05-20] ()
HKLM\...\Run: [AS2014] - C:\ProgramData\DV7Uns33\DV7Uns33.exe [560776 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\DV7Uns33\DV7Uns33.exe -sm,
HKLM-x32... Read more

Answer:Antivirus Security Pro Virus won't boot Safe Mode

Hello scagigal I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 80.36%

Hey there,
 
My computer has recently been attacked by the Antivirus Security Pro virus. I'm a little lost on how to recover my computer because I can't boot into safe mode. I was told to purchase antivirus software to remove the ASP virus and install it in safe mode, but I can't even reach safe mode. Please help if you can!
 
Thanks,
 
CarPanthers

Answer:Antivirus Security Pro problems (can't boot into safe mode)

Can't boot in Safe Mode with Networking? (Antivirus Security Pro Virus blocks Safe Mode with Networking)
If you have more than one user account in your operating system - please log-in to the clean account and download the recommended anti-spyware software, install it and run a full system scan, remove all the security infections it will detect, however if you have only one user account please follow this guide (this guide will show you how to create a new user account using safe mode with command prompt - using this newly created user account you will be able to remove Antivirus Security Pro virus).
If Antivirus Security Pro virus also blocks your operating system's Safe Mode with Networking follow these removal instructions:
1. Start your computer in Safe Mode with Command Prompt - During your computer starting process press F8 key on your keyboard multiple times until Windows Advanced Options menu shows up, then select Safe mode with command prompt from the list and press ENTER.
 
2. When command prompt mode loads enter the following line: net user removevirus /add and press ENTER.
 
3. Next enter this line: net localgroup administrators removevirus /add and press ENTER.
 
4. Finnaly enter this line: shutdown -r and press ENTER.
 
5. Wait for your computer to restart,  then boot your PC in Normal Mode and login to the newly created user account ("removevirus"). This account won't be affected by the infection and you will be able to downlo... Read more

2 more replies
Relevance 80.36%

One of my salesmen's laptops is infected with Anitvirus Security Pro. His system is running Windows 7 Professional SP1. The system will not boot in Safe Mode (it loads through the welcome screen and then immediately logs out and restarts in normal mode) and It will also not allow access to task manager, Regedit or MSCONFIG.
 
Any assistance would be appreciated! Thanks.
 
Beth

Answer:Antivirus Security Pro - won't allow safe mode, regedit, msconfig

Hello BethI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", thi... Read more

4 more replies
Relevance 80.36%

Good evening--I've been reading through a lot of posts, and it appears after an FRST scan some of the moderators will create a customized fixlist.txt to combat the specific problem. The Windows Home Premium 64-bit box has all the classic symptoms of Antivirus Security Pro with the added bonus of not being able to boot into safe mode. I can run the FRST tool, and I've attached the FRST.txt and Addition.txt results, but I can't read them very well.
 
Can anyone shed some light on next steps? Please let me know if you need any additional information!
 
Thanks in advance!

Answer:Antivirus Security Pro - no safe mode, need FRST reading

Hello gr33d,Welcome to Bleeping Computer.My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.If you do not understand any step(s) provided, please do not hesitate to ask before continuing.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.I will be analyzing your log. I will get back to you with instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
HKLM\...\Run: [AS2014] - C:\ProgramData\ahrpDns3\ahrpDns3.exe [779952 2013-11-21] ()
HKCU\...\Run: [AS2014] - C:\ProgramDat... Read more

4 more replies
Relevance 79.54%

I am having the same issue posted by KellyV6726.  I have the "Antivirus security pro" virus but can't follow the fix instructions because it won't let me boot in Safe Mode of any form.   I followed the instructions from Aaflec in KellyV6726's  post and created a FRST.txt file, which I'll paste below.  Since Aaflec took Kelly's FRST file and created a fix file, I am hoping someone can do the same for me - or tell me how to do it.  (I initially posted this issue in the "Am I infected" forum, but received no replies so I'm assuming that was not the right place!) 
 
The contents of my FRST file:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common F... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Hello Dinx I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", th... Read more

26 more replies
Relevance 79.54%

Hi - I was following another post where Afflack (splng?) was helping someone with the same issue.  I was able to create a FRST text file as he instructed.  However, in the post I was following, Afflack took this info and created a fix file for the user's computer.  I am hoping the same can be done for me.  Here is the contents of the FRST scan.  If I need to provide anything else, please let me know.
Thanks - Dinx
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by SYSTEM on MININT-K0HBV6E on 01-11-2013 14:12:54
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /install
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NVHotkey] - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2010-06-09] (Symantec Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Micr... Read more

Answer:Infected with Antivirus Security Pro and cannot start Windows 7 in Safe Mode

Sorry for the mis-spelling - the person who was helping was Aaflac.

3 more replies
Relevance 79.54%

In step 2 of the self-removal process I need to reboot my computer in safe mode with networking. I do that and soon after my computer logs me off and restarts. What gives?

Answer:Infected with antivirus security pro - safe mode shuts down computer

I'll report this topic to appropriate helpers.
1. Please let us know what Windows version you have and if it's 32- or 64-bit.
2. Is the computer bootable in any mode?
Hold on there....

3 more replies
Relevance 79.13%

Dear all,
this is my first post here.
I am desperate for some help, as Security Tool has totally taken over my life since yesterday.

I am running XP professional
I got the Virus yesterday and used various online suggestions on how to remove it (stop process, delete exe and folder
delete regisrty etc.)
then XP did not start anymore
I started in Safe mode, ran Avast and had Avast delete a bunch of infected files
Still no regular start anymore
I then downloaded Spydoctor, which found a few more files. I deleted those manually.

Still cannot start XP other than in safe mode.
Tried to create a new user profile, but it is still stuck.
Cannot do system restore, even if I choose a very old restore point from 2008

I tried to reinstall XP booting from CD, but that did not work either.

I did manage to run DDS, but when I tried the root repeal scan the computer just froze so I cannot post a log.

I hope to receive some help here.
I did do a search and saw a few other posts, but I am not sure what to do.
So I figured before I make things worse, I ask for help.

Any feedback is appreciated.
Thanks
Vacky

More replies
Relevance 78.72%

Hello, the topic above says it all, here is the FRST.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013Ran by SYSTEM on MININT-8B86AOH on 08-11-2013 14:59:36Running from F:\repairWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [SigmatelSysTrayApp] - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe [424448 2007-05-06] (SigmaTel, Inc.)HKLM\...\Run: [MyFunCards Home Page Guard 64 bit] - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\AppIntegrator64.exe [548936 2013-08-02] ()HKLM\...\Run: [AS2014] - C:\ProgramData\9npDn373\9npDn373.exe [560776 2013-10-28] ()HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\9npDn373\9npDn373.exe -sm,HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [x]HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\User\AppData\Roaming\ShopAtHome\ShopAtHomeH... Read more

Answer:Win7 Ultimate - Antivirus Security Pro - can't boot into safe mode - used FRST

to BC, jasonbrianmerrill!Will be back with instructions shortly.

2 more replies
Relevance 78.72%

...and followed them to boot into the System Recovery Options and through the Command Prompt I've ran FRST and here is the log it generated-- trying to fix my dad's laptop, any help appreciated!
 
Yoni
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-G8V99FN on 12-10-2013 17:56:56
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
 
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [627360 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-05-20] (Atheros Commnucations)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM\...\Run: [AS2014] - C:\ProgramData\7ga7sn37\7ga7sn37.exe [683632 2013-10-10] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\7ga7sn37\7ga7sn37.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Progr... Read more

Answer:Antivirus Security Pro, can't boot to safe mode, read previous threads...

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
Download the following file => [attachment=142702:fixlist.txt] and save it to the USB Flash Drive.NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
 
Regards,
Georgi

6 more replies
Relevance 78.72%

Hello!
 
I'm trying to help a friend clean up her laptop.  It is a Windows 7 64-bit laptop infected with Antivirus Security Pro, and it is preventing safe mode (i.e. it comes up to the welcome screen, and then automatically does a restart.
 
I attempted to use the farbar scanning tool per the instructions in another post, but when I enter the H:\frst64 command, it simply returns to the command prompt.  Nothing else happens.
 
The windows version shows as 6.1.7600 when I bring it up in recovery mode.
 
Would certainly appreciate any guidance on how to move forward.  I fear that her backups may be compromised as well...
 
Thanks in advance.
 
 
 

Answer:Antivirus Security Pro, will not let me start in safe mode, farbar doesn't load

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Kaspersky Windows UnlockerDownload Kaspersky Rescue Disk (iso)Burn it to a cd or dvd, if you need a program to burn an ISO...use [email protected] ISO BurnerConfigure your computer to boot from CD/DVDNote : If you do not know how to set your computer to boot from CD/DVD follow the steps h... Read more

6 more replies
Relevance 69.29%

Hi.

I can't update my antivirus : BitDefender Free Edition v10.

I also can't enter windows xp in safe mode. An error msg will come out (like computer crash, in blue screen).

I also can't enter or scan online from any antivirus website.

Could this be virus?

Answer:Can't update antivirus, can't access any antivirus website, can't enter safe mode.

Hello it most likely is..I am moving this topic to the Am I Infected forum. Can you do these?You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..If for some reason you cannot perform a step, move on to the next.Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help . Then go here Virus, Trojan, Spyware, and Malware Removal Logs ,click New Topic,give it a relevant Title and post that complete log.Let me know if it went OK.

3 more replies
Relevance 67.65%

I have ran multiple malware removal programs, including hijack this. I have a clean network connection in safe made. Something is blocking the lan network connection in Normal Mode.

Here are a few log files

View attachment mbam-log-2010-09-22 (22-03-03).txt



View attachment hijackthis.log
 

Answer:Virus Removal (no network connection in normal mode) only in safe mode))

You did not complete all of the below:

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to lo... Read more

14 more replies
Relevance 67.65%

I'm new to this forum and not a very sophisticated user, but help would be appreciated. I am running Windows XP (Build 2600.xpsp_sp2_gdr.080814-1233: Service Pack2). My computer froze and I had to hold power button to shut down. Shortly before I froze a window popped open to tell me that windows security firewall had been changed to off. I switched it back to on, but then the computer froze up a few minutes later. When I try to boot in normal mode I can log-in, but about 3 seconds after I see my desktop the screen goes black and I need to hold the power button down to turn off. I am only able to boot in safe mode. I have run spybot and adaware in safe mode and they find 'Virtumonde'. Spybot also finds 'MicrosoftWindowsSecurityCenter_disabled'. I correct/fix these problems in the software, but when I reboot nothing has changed and when I run them again (in safe mode) they find the exact same problems.

I tried following the directions on 'Read and Run me First', but don't get far because I can only boot in safe mode... I can't use the program uninstall that is part of the control panel to get rid of the Java updates of which I have a few - this seems to be because I am in safe mode. Also, it sounds like steps 2 and 3 also require to be booted in normal mode. Is it possible to complete 'read and run me first' in safe mode?

Any advice on how to proceed from here would be appreciated. thank you.
 ... Read more

Answer:Can't boot in normal mode - Malware removal Safe Mode?

I decided to finish running the scans that were suggested in Safe Mode with the exception of Super AntiSpyware which I could not install in safe mode. After completing, I was able to boot in normal mode and so far it is working. I have attached the logs for you to look at and let me know if there are any other fixes I should undertake. Thanks for a great site!
 

6 more replies
Relevance 64.37%

Hi
 
I downloaded dodgy file last week. Afterwards my antivirus (Vodafone PC Protection) wouldn't run normally or in safe mode. Neither would AVG or malwarebytes. Before malwarebytes stopped its scan I glimpsed a message saying something like boot files hidden.
 
I decided to reinstall OS using drive partition.
 
Everything seemed fine until yesterday when I found a message saying the laptop had just recovered from a blue screen crash. Then this morning everything froze on startup. 
 
I can currently boot in safe mode but I can't run the antivirus.
 
I've just run Kaspersky TDSSKiller in safemode and when I included 'Loaded Modules' among objects to scan it reboots to normal, bypassing safe mode, then freezes at 75% installation of the Kaspersky utility. I can't copy and past the report. 
 
I guess my partition drive must have been infected as well. Any help would be greatly appreciated.
 
 
Evolver
Edited by hamluis, Today, 07:46 AM.Moved from Win 7 to Am I Infected - Hamluis..
 
Moderator Edit: Moved from the AII forum to the Malware Logs forum Due to Combofix Log
Roger

Answer:Antivirus won't run in safe mode

Have removed PUP.Optional.Conduit via MWB and a ton of trackers via Hitman Pro but the AV still won't open. 

5 more replies
Relevance 64.37%

My administrator disabled task manager when i tried to scan in safe mode neither d antivirus or windows defender will run

Answer:Antivirus will not run in safe mode

that is a virus defenitly a virus try to use command prompt if th works personal message me.else Download malwarebytes anti malware and rename the setup file to something random like sdggfhf and run it and install it.if the setup dosent terminate it will work.now goto the place were you installed malwarebytes rename the file mbam.exe to a random name too and run it.if it starts run a quick scan and remove the viruses then run a full scan.after all this is over(if)the task mgr will still not work.but i ll tell you how to after.

2 more replies
Relevance 63.55%

Hi, i am new to this forum and i have a pretty big problem with my computer. Dell Dimension 4550, windows xp home edition, service pack 3.

I first encountered the problem when i was bombarded by a ton of popups of random things in internet explorer, but i use opera as my main browser. so that was odd. The popups then turned into an automatic installation that looked to be authentic windows security center, but was a fake, and i could do nothing about it. if i ended the process, another would start.

The popups have now stopped, i ran superantispyware and found many viruses. I fixed all, but when i log onto windows, i get error messages of missing .dll files: ntuser.dll, calc.dll, sinuvili.dll, pofutuva.dll.

Another problem is my safe mode. when i attempt to run, a blue screen appears stating that windows has shutdown to prevent damage to computer, and at the bottom of screen i see: *** STOP: 0x0000007B (0xF7A46528, 0xC0000034, 0x00000000, 0x00000000)

I saw in another forum that to fix this, i could boot from the original xp disc, select "R" to repair, and enter "CHKDSK /R". I tried this, but nothing happened.

Another observation is my computer clock, it has changed to military time.

I have now tried to run a HIJACK THIS log, but i wasn't able to. So i ran rsit.exe, and came up with the attached log file.

Can someone please look over the log file and tell me if there is anything i can do? i am lost when it comes to this.

Thank you, ... Read more

Answer:Cannot Run antivirus programs, or run in safe mode.

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Go to Start > Run and copy/paste the following into the Run box and click OK:

C:\rsit\info.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

I need to see a gmer log in order to help you.

Delete your existing copy of gmer. Please run this special version of gmer:

Download GMER Rootkit Scanner from here and Save it to your Desktop. Double-click gmer.exe to run it. If asked to allow gmer.sys driver to load, please consent.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.



Click the image to enlarge it


In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it... Read more

2 more replies
Relevance 63.55%

If i restart in safe mode and run an antivirus scan with the AV installed on my PC, is that as good a scan compared to scanning in normal mode. (Do scans in safe mode miss anything that a scan in normal mode would pick up?)

Answer:AntiVirus scan in safe mode

you need to scan in normal mode not everything is running in safe mode

6 more replies
Relevance 63.55%

I have a host of problem that have developed of late. I installed a file conversion program called Audio Convert and during the install some odd 'windows related" messages came up. Awhile ago you helpedme solve an issue regarding a "No Disk" error. You saw that I had no antivirus engine and I've been tring with my IS{P to get their program working but still have had no luck, you suggested AVG and I tried and failed to get it to install and load properly. After that little incident recently, I've lost my "Run" button, after clicking stat, I ahve no Shut Down/REstart buttons, instead I have a switch user button. I lost my Msconfig, and can't restart in safe mode, in any of them, the computer goes into a restart.



I've got an HP Pavillion m7480n, P4 930, 2G of RAm, Wndow XP Media Center Edition, it's 2 months old



Can you help?

 




Relevance 63.55%

Hi,
I have an infected windows XP SP2 pc.
I do not have any active antivirus software on this pc ( ESET NOD32 is expired).
1. I tried downloading a few free antivirus softwares like avira/avg/avast/MSE but was unsuccessful as -
a) either they do not support sp2 or
b) on clicking download the page does not load
2. I have tried running online antivirus softwares like bitdefender (cannot load) and ESET (after running the activeX control tried downloading the .cab file but nothing happened)

Following is the info from SysInfo -

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel(R) Pentium(R) D CPU 2.66GHz, x86 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 501 Mb
Graphics Card: Intel(R) G33/G31 Express Chipset Family, 256 Mb
Hard Drives: C: Total - 39997 MB, Free - 24258 MB; D: Total - 39997 MB, Free - 218 MB; E: Total - 39997 MB, Free - 222 MB; F: Total - 32624 MB, Free - 398 MB;
Motherboard: Gigabyte Technology Co., Ltd., G31M-S2L
Antivirus: ESET NOD32 Antivirus 4.0, Updated: No, On-Demand Scanner: Enabled
 

Answer:Cannot run antivirus scan even in safe mode

-----------------------------------------------------------
Be sure to read the information in these threads about Windows XP risks and options:
Derek's post here is a view of the risks : End of Support For Windows XP
You have already taken this risk with an SP2 machine, and lost the bet.
My post concentrates on software options for saving the machine: Windows XP - The Elephant In The Room
Read it very carefully.
Your machine will support the simplest of Linux systems, but really will not be satisfactory with ANY of the newer Windows.
I don't think trying to Fix this will produce a good result.
Almost all of our Fixing tools actually require XP Service Pack 3 to work, and installing Service pack 3 on an infected machine will usually fail or produce an unstable system.
This may be why the programs you are trying to use don't work.
Windows SP3 came out in 2008, and Support for SP2 ended in 2010.
 

2 more replies
Relevance 63.55%

As I stated on my other post, my computer has been formatted for a month now. I?m using windows XP. My main antivirus (McAfee) just can?t complete a whole scan without the pc restarting by itself. It happens with all antivirus and anti malwares and some other kind of programs too. I just don?t know what to do anymore.

On the other post someone told me to try my scans on safe mode. McAfee restarted, SpyBot closed and couldn?t get open again and stinger had to close. Only hijack worked all the way through. I have disabled windows restore.
This is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:18:03, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe
c:\ARQUIV~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Softw... Read more

Answer:All Antivirus Canīt Go Through Even In Safe Mode (hijack Log)

Hello katia and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Thanks,Johannes

3 more replies
Relevance 63.55%

Okay so I am having major problems! Running Windows XP First I started getting all these BAD popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, tried to run antivirus. then I tried to run SuperAntiSpyware, it started to run, showed 2 trojans and something else, then stoped running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.

I can not run a Hijackthis....

Answer:Can not run Antivirus, can only boot in safe mode

You mentioned that you booted into safe mode with networking.
Have you tried regular safe mode?

3 more replies
Relevance 63.55%

Okay so I am having major problems! Run ning Windows XP First I started getting all these porn popups and nothing made them go away. So I ran a Ccleaner, and Spybot S&D. I was prompted to reboot. I did. when I got to log in screen, it immediately prompted an automatic reboot citing a NT Authority\system reboot. So I rebooted in safe mode with networking, came here and have tried to follow read and run me first. Now every time I try to run SuperAntiSpyware, it starts to run, shows 2 trojans and something else, then stops running and I no longer have access to it. So I tried running malewarebytes (also renamed it mb.exe). Same thing. Starts to run, dissapears then I no longer have access to it. Happened to spy bot S&D. Came here and tried to access the online SuperAntiSpyware. No go. Runs, picks up 2 Trojans and quits working. HELP!!! I can not boot in normal mode.
 

Answer:Can not boot with out safe mode can not run any antivirus

Not trying to bump, I have an update...


I finally got combofix to work. Ran it. It detected a rootkit. It removed a bunch of infected stuff. This allowed me to boot in normal mode and download/run malewarebytes
I've also attached a couple of logs. Not sure if they are time stamped. But the order of running was
Root repeal last night
CF alog fter running it
Malwarebytes


I still can not run SAS but am actively trying.
 

6 more replies
Relevance 63.14%

I have looked at the suggestions on removing this virus and understand going to safe mode is how I can fix it.
I know how to get to safe mode, (I can do it on other computers) but can't on the lenovo R500 think pad. At best I get to the Think Pad menu (in dos) but it doesn't have an option for Safe Mode, nor do any of the tabs/lists take me to safe mode.
When in Windows I have tried to click on Cntrl/Alt/Delete and navigate to Task Manager; as soon as I click on Task Manager the screen goes back to the ms virus. I can't get my antivirus program to work either.
There must be a way to get rid of this virus! And I've run out of ideas! Anyone out there that can help me would be great as this computer is the "work" one, and in a rather sensitive line.....
Thank you.

Answer:MS REMOVAL TOOL no safe mode

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 63.14%

Vista
Safe Mode
Windows installer service is not accessible in safe mode, I have gone through steps one through seven and want to start using Super Antivirus but I need to uninstall ESET first. When I boot in non-safe mode I get BSOD. Is there anyway around this?
 

Answer:Removal of software in safe mode

There is no need to uninstall Eset to run SAS. I think you should also post in the software forum to try to figure out your BSOD issues.
 

15 more replies
Relevance 63.14%

A computer tech friend of mine informed me that any virus removal utilities should be run in ?Safe Mode? in Windows XP for the most effective results. Is this true of Spybot, Combofix.exe or MGtools.exe? I don?t see any mention of running these programs in ?Safe Mode? at majorgeeks. I just wanted to double check. Thanks
 

Answer:Safe Mode for Virus removal

Hi hcrawfor!
Welcome to Major Geeks!

We have recommended running Spybot in Safe Mode and you can do that. The others you should run in normal mode and make sure your msconfig is set to normal system start. There are some tools that are more effective in Safe Mode and others which are not. If we don't tell you to run something in Safe Mode, then we mean for it to be run in Normal Mode.

abri
 

2 more replies
Relevance 63.14%

I have a friends computer, which was infected with a "Trojan Horse Clicker.IIP" and "Trojan Horse Generic7.CEN" (Probably from porn if I know my friend well enough)

I was able to run the virus scan (AVG) in safe mode and the files are now in the Virus Vault. The pop-ups have stopped but I cannot establish an IP address. I am at a loss as this is the first time I have had this issue. I have removed several Trojans for this friend already. This one was strange, it changed his desktop background image to this red radioactive symbol that was a hyperlink to some "system scanner." Any insight anyone can provide will be greatly appreciated. Thanks in advance!!
 

Answer:Trojan Removal in Safe Mode, now no IP

14 more replies
Relevance 63.14%

Hi.
Came here before, got great help from one of the team, JSntgRvr, and am back again after no success in trying to find out what is wrong with my brothers desktop.

Seems for a few months he's been having trouble, and he tried to run MBAM himself unsuccessfully, and then when he said he couldn't get into safe mode he thought it was just his bad timing. He dropped off his pc here.

I've since found I cannot access the internet via wifi on this pc, not set up for it, and.....
in trying to access safemode it just keeps rolling through, then back to the screen that asks which safe mode to enter to, etc.

I also noticed it reads in the upper corner during boot that it has an "invalid boot.ini - loading from c:/windows" problem (can't recall exactly what it said).

It boots slow.
Shuts down slow.
Has a fan running continously.
Freezes up unexpectedly and when it does this a shrill continuous beep tone occurs until we force shut it down.
He says he was having trouble logging onto the internet.

Again, any help here will have to be done on my end by USB drive, since I can't connect it to the 'net.

Thanks in advance for any help, and hopefully I didn't forget any of the issues!

~Neese

Answer:Can't enter safe-mode for MW removal..

Is the crew off for the holidays?
Just wondering. Last time I came here the reply was prompt, and probably same day. This time, not fast. Thought it may be due to Good Friday and Easter.

49 more replies
Relevance 63.14%

I've got a reallybad virus. Laptophas MSE installed and I have malwarebytes intaller on a thumb drive but can't install it because of virus. I've booted into safe mode alternate shell. What are my options from here? Can I run scans from here? Can I install malwarebytes off my thumbdrive in hed 4un itj

Answer:virus removal from within safe mode

Hello there, eduede!

Let's see, first, you have to boot into Safe Mode with Networking for the malwarebytes to update its database, install it, update it, do a complete system scan, and the rest should be taken care of...

After the scan finishes, select the infected items, delete them, reboot your PC and you could just do another system scan, to double check that the virus is no longer infecting your PC

Cheers.

9 more replies
Relevance 62.73%

Help, I cannot load Norton antivirus 2005 in safe mode (windows XP - service pack 1).

It generates an error and says the symantec integrator has generated an error??

Any ideas how I get this service started manually?
 

Answer:No Norton Antivirus 2005 in SAFE mode

Norton will not install in Safe Mode.
 

5 more replies
Relevance 62.73%

Hi all,

Last night my Acer Aspire One became infected with the Xp Antivirus 2012 virus. I have dealt with this once before and suspect it may be from a shared disk I used. Anyways, last time I was able to track the problem down using some tutorials, rkill, malwarebytes and a few other malware removal tools. This time though the damage was done too quickly. By the time I knew it, no programs would launch. I couldn't access the task manager either. My laptop froze and when I tried to reboot I'd get the laptop splash screen and then nothing. I attempted to boot in safe mode and no dice.

My next step was to use Hiren's Bootcd and use Mini Xp to boot up. I was able to do so successfully but once there I was not able to get much done to fix the boot up problem. I tried identifying the problematic system file in the system32/ drivers folder but found none than looked suspicious. There was no oddly named sys file with the size 0kb.

I am at a crossroads. Should I just back my files up (since I can access them with mini Xp) and restore windows to factory settings or do I have a chance to fix this thing?
Thanks!

Chris

Answer:Can't boot up using Safe Mode - XP Antivirus 2012

You could try to repair your Boot File? This can be done by selecting r when coming into the Disk or onboard Recovery. When asked type in fixboot That should get it booting again, but please, before you do any thing further Post in the "Am I Infected" Forum http://www.bleepingcomputer.com/forums/forum103.html and include a link to this? Once there you will get expert help on Malware.Ray.

43 more replies
Relevance 62.73%

I may be infected with a virus. I am scanning using Norton right now and OneCare won't turn on its firewall, telling me that I am 'At Risk'.

If nessesary, could I install antivirus software like Norton on my computer using Safe Mode? Note that it is likely I have been infected.

If you need anymore information, please feel free to ask.

-Elk

EDIT: Also know that recently my computer had been randomly freezing in the past three weeks. I remember I stumbled onto a website where it suddenly told me that 'MY COMPUTER WAS INFECTED'. From experience I knew it was spyware, and instead of saying YES or NO on the warning popup, I clicked the X. Norton immeditely told me I was infected and tried 5 times to remove it. Then the warnings from Norton stopped, thinking that it finally got the trojan.

More replies
Relevance 62.73%

My husband's friend brought his computer over. He thought he had a simple hijack situation. Whenever he opened IE, Firefox, Nortons, etc it woudl immediately close. My husband has tried numerous things. He cannot even get these programs to run in safe mode. Even in safe mode, these programs immediately close. We dont even know what we're trying to kill. Any suggestions???

Answer:Cannot run antivirus, antimalware, or internet even in safe mode

Sorry, he is on a Dell laptop, running XP.

1 more replies
Relevance 62.73%

after installing norton internet security2003computer will ony start in safe mode then certain programmes wont run have tried unistall but it wont uninstall os/windows 2000me.also get messagedriver installation failed ..how do i fix

Answer:norton antivirus computer in safe mode

Here are a few options for uninstall click hereIf none of these help then go back to 'support' and start again, putting in your version info etc and you may be able to find something on the knowledge base to help you

1 more replies
Relevance 62.73%

Please let me know if there is anything I can do to get rid of antivirus live. My computer will not run any security software and it will not go into safe mode.

Answer:Can not get into safe mode and laptop has antivirus live

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 62.73%

Hello,

I am unable to remove a stubborn rootkit problem from my computer. Even in safe mode, I am unable to run any antivirus program or Malwarebytes.

I checked Non Plug and Play drivers, but did not see anything suspicious except "Catchme".

Any help would be appreciated. The logs are below and attached.

Thank you,
Shootmenow

DDS (Ver_09-12-01.01) - NTFSx86 MINIMAL
Run by Administrator at 9:40:45.03 on Thu 12/31/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1721 [GMT -6:00]
============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\system32\svchost.exe -k netsvcs
D:\WINDOWS\Explorer.EXE
D:\Documents and Settings\Administrator.NLM-DUSTINB\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\progra... Read more

Answer:Cannot run Malwarebytes or any antivirus software even in Safe Mode

I tried running ComboFix a couple of times. During the Completed_Stage_2, I get the following error:PEV.cfxxe has encountered a problem and needs to close.After hitting close, ComboFix continues to run and spits out this log:ComboFix 09-12-29.06 - Administrator 12/31/2009 15:01:51.6.2 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1976.1468 [GMT -6:00]Running from: G:\ComboFix.exe.((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 ))))))))))))))))))))))))))))))).No new files created in this timespan.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((( [email protected]_17.51.21 )))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"FingerPrintSoftware"="d:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"TPHOTKEY"="d:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-09-30 68976]"LPManager"="d:\progra~1\THINKV~1\... Read more

3 more replies
Relevance 62.73%

Please help,

I'm running windows xp SP2 and have acquired "antivirus 2008". I tried following the steps in one of the forums disabling the needed things in AVG, and spybot, installing sdfix, and when I attempted to enter safe mode using the F8 method, I was unable to use the up/down arrows or the ones on the number key pads to select safe mode. I'm at a loss at this point and a newbie to the forum. I've attached a log from hijack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:03 AM, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files... Read more

More replies
Relevance 62.73%

HI GUYS. I badly need help. My PC is acting weird. The symptoms are enumerated below. Suggestions are very much welcome. I found a similar thread with almost the exact symptoms. The guy found a solution. I am really hope I'll find mine. Please do take time to read my post.


SYMPTOMS:
I first found out about the infection about two days after the internet connection at home was restored.(My provider had a routine maintenance check up for the lines in my neighborhood.) I can't really say when is the exact date of the attack. So here is a list of symptoms of the infection/attack?.

1. McAfee anti virus stopped working.

2. Can't install anti virus. Tried to install other anti virus. The list includes AVG, Kaspersky, and Nod 32 but all failed.

3. The IE and opera browsers does not work but firefox is fine.

4. Can't connect to Yahoo! Messenger. Prompts a message telling to try again. Every time I do, it prompts the message again.

5. Can't boot in safe mode. When I try to boot in safe mode, it loads all the drivers and reboots again. Normal mode is fine.



WHAT I TRIED TO DO:

Note: Since my pc is sooooooooo slow, I reformatted my pc hoping the problem would go away. Unfortunately, it didn't do anything good with regards to the infection. It did make my pc a little bit faster though. Also, I can now use the opera and ie. Still, the problems persist.


1. Installed SuperAntiSpyware. Scanned pc and detected infections. The Lo... Read more

Answer:can't boot in safe mode; can't install antivirus

Assuming you are trying to run the Read and RUn First instructions, you don't mention whether you tried running ComboFix and MGTools......we need more than just the SAS log to see what is happening in your system.

And yes, I would advise staying off the web (physically disconnect) until you have to attach logs here.
 

1 more replies
Relevance 62.73%

I am newly registered to this great site. I am also a very infected Dad trying to remove Personal Antivirus from our family computer. I could not download/then launch Malwarebytes tool in normal mode. I am now following another thread trying to progress in save mode...

Any help advice is appreciated running malware quick scan...

Safe mode allowed download and quick scan now completed
Malwarebytes' Anti-Malware 1.38
Database version: 2283
Windows 5.1.2600 Service Pack 2

6/25/2009 8:07:06 PM
mbam-log-2009-06-25 (20-07-06).txt

Scan type: Quick Scan
Objects scanned: 112670
Time elapsed: 13 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 157
Registry Values Infected: 12
Registry Data Items Infected: 0
Folders Infected: 31
Files Infected: 193

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfu... Read more

Answer:Safe Mode Stage Personal Antivirus XP

For what its worth after copying th deleted files into this thread and closing down the priogram in safe mode and restarting in normal mode I was able to access the malware program and have found an additional 21 infected files full scan continues.....more to follow..

3 more replies
Relevance 62.73%

i have some error while installing antivirus BIT DEFENDER in normal mode so i am trying to use safe mode but i am scared that what will be on that case
will any features be missed out when we install in safe mode rather than normal mode?
ANY DEMERITS PLZ MENTION

More replies
Relevance 62.73%

Greetings All!
I'm reaching out to the Pro's.

Huge mess on my bosses laptop - kids used it need I say more. It started with Internet Security 2010 which I thought I had removed and now Antivirus Live is in there. I can't get McAfee to load, rkill is now detected and blocked, won't work, can't get network connection any more. All this in just 6 hours yesterday!

I can't get on line to get HJT nothing is being allowed to run other than the fake infection warnings. This is a WinXP media center OS running IE7.

I'm open to suggestions, and need some help.
 

Answer:Antivirus-Live not able to boot into safe mode

16 more replies
Relevance 62.32%

I was able to remove the antivermins but found that I could not boot into safe mode. Since contracting the antimermins, when I would restart my computer, my monitor turns off. It will turn back on once windows has loaded. If I try to go into safe mode and press F8, everything just stops. The computer is still on but does nothing and the monitor gets no signal. I have to do an illegal shut down and allow windows to boot before the monitor with get a signal. Any ideas?
 

More replies
Relevance 62.32%

Hi, I was told that I should run my anti spyware etc.. in safe mode as it will be more effective. I tried with spybot and it found nothing new, so I was just wondering if I should use safe mode regularly, or only use it for stubborn malware as I see threads recommending it for specific problems.

I would be grateful for any advice

cheers.
 

Answer:Solved: malware removal in safe mode

7 more replies
Relevance 62.32%

Alright,
So I booted up into safe mode and it did take a bit. But once I got it running, I couldnt run any scanning/removal tools. I have one of this " Must scan your computer, its infected " malware thingys. Its icon is the windows shield, ya know to make it look legit haha.

ANyways, I thought in safemode you could scan and open tools. Did they find a way to not allow that now? I cannot open and scan, When I open it, it just closes automatically.

Any idea on what to do or where to start?
 

Answer:Question on malware removal in safe mode...

I was doing more reading online and someone said to use norton power eraser.. Doubt it will work, but Im going to see if I can get that to scan.
 

6 more replies
Relevance 62.32%

Hi ,
I've just removed some viruses from my computer using BitDefender and it seems that my internet is pretty screwed . I've gone into normal boot to find that all of my network connections are missing in both of the folders "My network places" and "Network connections ." No icons whatsoever , just a blank folder . However , in safe mode I am able to access the internet and my connections appear regularly within their respective folders . I've tried re-installing my ethernet drivers in safe mode and normal boot . No luck . So , I thought that I'd be just fine running in safe mode , but unfortunately I want to be able to play my online game since Safe Mode is limited in colors , therefore I cannot play my game ><;

So , I was just wondering how I can restore my internet connection within normal boot ?

Thanks , Andrew

EDIT : My computer internet was working JUST FINE before the removal of the viruses .

Answer:No internet after virus removal, only in safe mode .

You could try running System Restore and going back to a time before the infection or you could try booting with your XP CD and performing a Repair.

3 more replies
Relevance 62.32%

Hello,

First let me say "thank you" for having a resource available to get help with my problem. I have read numerous threads on the web but I haven't seen this issue addressed. I have been working through these issues all day now and am totally frustrated as I seem to have taken baby steps to get the problems resolved only to feel like I haven't accomplished much. And, it seems that every step I take in the process takes a ridiculous amount of time to complete.

If you can tell me where to find the AdwCleaner scan log, I will attach it or if I need to run again I can.

As I mentioned earlier, I've been at this since 8 am, so I'm ready to take a break because frustration has set in.

I appreciate any assistance you can provide...
 

Answer:Can only operate in safe mode after virus removal

Hi,
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.

***** NEXT *****​
Re-run FRST again, check Addition.txt, press scan and attach both fresh reports.
 

19 more replies
Relevance 62.32%

When I try to change my computer back from safe mode to normal mode - Run, then MSCONFIG - an "Open With" box appears rather than the System Utility COnfiguration in order for me to change it back to normal. I even restarted and hit F8 - clicked to start in normal mode, but still ended up in safe mode. Originally, I was removing the virus "XP Antivirus 2012" by removing individual files, but then I found Norton Power Eraser, used it and tried to get back to normal mode.What do I do?

Answer:Stuck in Safe Mode after Virus Removal

try these 2 progs in safemode with networking and fix all they find.1- Trojan Removerhttp://www.simplysup.com/tremover/d...2- Hitman prohttp://www.surfright.nl/en/downloadsSome HELP in posting on Computing.net plus free progs and instructions Cheers

8 more replies
Relevance 62.32%

I am in safe mode right now, earlier, I was on google, and got redirected from a website, I knew the computer was going to lock up and it never has, so then my computer restarts itself. It tells me through windows that I have Trojan.Zlob.G. It will not let me get online, open anything pretty much, so now I am stuck with safe mode and am going nuts, I have ran Norman Malware Cleaner, which found alot of things but wouldnt let me clean without buying, Malware bytes anti malware which removed 10 objects, and Vundufix. PLEASE help, I will be checking this VERY frequently.
 

Answer:Trojan.Zlob.G removal, I cannot be anywhere but safe mode....

Here is my HJT log
 

1 more replies
Relevance 62.32%

Hi,
I am running Windows XP SP2 Home Edition - current on all MS critical updates.
System is a home-built machine, based on Athlon 64 3200+ CPU with 1GB of RAM.
This PC has run essentially problem-free for it's first 6 months.
My DSL ISP is SBC Yahoo! (Now ATT) and I am using their "free" online protection package, which includes versions of Anti-Virus and Anti-Spy, provided by Computer Associates. Two nights ago, my system was behaving very sluggishly so i decided to run some maintenance. I ran the Anti-Spy program and it claimed to detect CWS.QTTasks. Surprisingly, given it's notarity, I had never heard of the CoolWebSearch suite of hijackers. Anyhow, I selected to have AntiSpy "remove" the detected malware. Then I went to reboot. That's when thing got bad.
The reboot would not go past the Windows logo screen, with the bars moving from left to right (forever). I had to hold the power button down to force the machine off. Ever since then I have only been able to succesfully boot into safe mode. I tried system restore, successively going back through a number of restore points. No joy. From safe mode I've run Ant-Virus. I've also run SpyBot Search & Destroy, AdAware personal SE and SBC Yahoo! (ca) Anti-Spy. They found a few things, which I cleaned up. I also ran CCleaner and got rid of a bunch of crap and broken regisrty links. But the PC still can only boot into safe mode.
I suspect that whatever the Anti-Spy scan detect... Read more

Answer:Can only Boot Safe Mode - Botched CWS Removal?

Welcome to Majorgeeks!

Doesn't your antispyware program have a restore of its own that you could use to restore whatever it removed. Using System Restore would only help if whatever was removed had been saved in System Restore but not all files are save. Sounds to me like you should be talking to SBC and complaining to them about what gave you to install and use; however, I would be willing to bet that you would not get very much help from them and if you do, it would not be too useful.

Removal of CWS.Qttasks should not cause a problem like this (if that is all they removed and if what they found was really Qttasks). The below shows a typical CWS.Qttasks infection:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453077875

Hopefully they were not confusing the above with C:\Program Files\QuickTime\qttask.exe
Either way, removal of either of these should not make your PC unbootable.
 

11 more replies
Relevance 62.32%

Hi, Thanks for your time.

I am running XP SP3 on 1.86 Ghz Laptop 2.49 RAM.

OS boots to desktop very very slowly but then grinds to a halt. Task manager opens in 2 minutes; 50-60 processes running at 100% CPU. mscofig.sys will not allo changes.
Realistically no other programmes will open (in Earth time)

Safe mode w/network allowed download and execution of MBAM but will not allow stopzilla to run - freezes on "collecting information". superadblocker will also not run and returns an "administrator has blocked" message. Comodo [previosly installed] also stalls on the 5% download level when tasked to update virus library.

I have ran MBAM and log is as below:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)
08/10/2009 22:00:54
mbam-log-2009-10-08 (22-00-54).txt
Scan type: Full Scan (C:\|)
Objects scanned: 211852
Time elapsed: 25 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) ... Read more

More replies
Relevance 62.32%

Hi, my laptop is a Dell Inspiron E1505 and I am using Windows XP

Problems (in order of appearance):
- Cannot perform System Restore (haven't been able to in a long time)
- Search engine redirects
- Cannot run Safe Mode (this has happened before, but that was due to a missing file, which I re-installed, and this time it's a different error... "A problem has been detected and windows has been shut down to prevent damage to your computer")
- Pop-ups (search engines ex. StopSearchClick, virus protection)
- Can't run Spybot: Search and Destroy, Malwarebytes' Anti-Malware, or HijackThis
--> "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
- Both IE and Firefox are crashing frequently

Things I may have done to exacerbate problems while trying to fix them:
- deleting (newly created) files in system32, temp and system folders

I've done a decent job of getting rid of problems in the past, by running searches (and finding great sites/forums like this one) or figuring out what to do on my own (ex. I've been able to locate those ridiculous and merciless pseudo- "virus protection" programs and delete them on my own), but I probably got overzealous and now I have too many problems to be able to find one solution for all of them. Please help? I greatly appreciate any time or assistance (it's amazing what people do on forums like this one to help o... Read more

Answer:Can't run Safe Mode or any spyware-removal programs

Please download gmer.zip and save to your desktop.Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.) Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Click on this link to see a list of programs that should be disabled.Double-click on gmer.exe to start the program.Allow the gmer.sys driver to load if asked.You may be prompted to scan immediately if GMER detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.Select all drives that are connected to your system to be scanned.Click the Scan button to begin. (Please be patient as it can take some time to complete)When the scan is finished, click Save to save the scan results to your Desktop.Save the file as gmer.log and copy/paste the contents in your next reply.Exit GMER and re-enable all active protection when done.

5 more replies
Relevance 62.32%

Hi - I know there are plenty of VirtuMundo posts/threads already listed, but most of them (from what I've read) suggest downloading this or that program and uploading HJT files. My problem is somewhat different - the computer that's infected has no internet connection, so I can't upload anything or download any programs.

My question is this - is there a way to safely remove the virtumundo trojan without downloading any other spyware/adware program?

Problem files/clsid:

c:\\windows\system32\jkklk.dll
HKLM\SOFTWARE\CLASSES\CLSID\{8B96DBDD-3F3D-4688-A167-16B924360240}
(There were others with the same bracket codes, but I don't have them off hand)

I'm currently running Windows XP Media Center Edition. It's a work computer, I'm in the office now, on another employee's computer. (We have no TechGuy, so I'm hoping you can help!) I somehow got this nasty virus yesterday and have been trying to get rid of it ever since. I was able to dwnld HJT, and followed some other directions on what to "Fix" after running a scan, and it seemed to help. Windows Defender, when initating a scan, will run for about 10-15 minutes and come up with nothing, but then when I'm trying to work (without internet), it will pop up with a Severe Alert - highlighting Virtumundo as the culprit. I try to quarantine or remove it, but it keeps coming back, even after restarting.

I tried the VirtuFix, and it seemed to make things worse. I quickly del... Read more

Answer:Solved: Virtumundo Removal in Safe Mode?

16 more replies
Relevance 62.32%

Hello, This is the firat time I am posting and would nned some help. I am infected with Spydawn and can't seem to get rid of it. I found the instructions on your site however, whenever I go into safe mode the link is no longer on my desktop. The SMITFRAUDFIX is there in regular mode but not in safe mode so I can't continue with the removal. Please help. SassyMod Edit: Topic moved to a more appropriate forum.

Answer:Spydawn Removal Tool In Safe Mode

Try saving it to somewhere other than the desktop, such as My Documents. Then when in safe mode navigate to My Documents and run it from there.

2 more replies
Relevance 62.32%

Hello!  My brother in law's computer has been infected with Antivirus Security Pro.  I followed the removal guide however I am unable to boot into safe mode.  I read through the forums a little bit and see that I can use the FRST program to remove it.  Are you able to assist with this?  Here is the log it generated.  Let me know if anything else is needed.Any help is appreciated, thanks so much!  [- C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3179288 2010-01-06] (Dell Inc.)HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5712896 2010-02-02] (Dell Inc.)HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj [207350 2011-01-25] ()HKLM\...\Run: [AS2014] - C:\ProgramData\ngpipn37\ngpipn37.exe [547464 2013-10-28] ()HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-05] (Dell)HKLM\...\Winlogon: [Userinit] userinit.exe,C:... Read more

Answer:Antivirus Security Pro removal

romanodog,
 
 to the BC Forums!!
 
Please post the entire FRST report.
 
Its heading is missing, and possible some initial entries:
 
Example:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by SYSTEM on MININT-UEPEJKJ on 30-10-2013 22:05:30
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

11 more replies
Relevance 62.32%

My daughter's laptop, with Windows 7 operating system is infected with the aforementioned virus. Unfortunately it will not allow me to download "RKILL". Your instructiions indicate to go to another computer, which I am doing now, and download the link and transfer to my daughter's PC. My computer is on "Windows Vista". And, do I save or run?Thank you. JohnEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

Answer:"Antivirus Security Pro" Removal

Try this, does not always work but makes it a hell of a lot easier to remove if it does!
After it has done its fake scan, press remove threats, activate for full protection, i already have a key.
 
Type in this key
AF03E-A1B69411-5E496BEE-92A70D00-1AD697F6
 
If that key does not work try this one
AA39754E-715219CE
 
 
Did that work?
If it did work you should now be able to run rkill, after rkill has ran you should download and install malwarebytes free from the following website.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
 
(Decline the 7 day trial if it offeres it to you)
Run an update then do a full scan and remove anything it finds.

1 more replies
Relevance 62.32%

Hello,

I have the Security Antivirus trojan on my laptop and would really appreciate it if anyone could help me remove it. Everytime I turn on my laptop it pops up saying I have numerous infections. These fake warnings keep popping then constantly. My operating system is XP.

Please see below details and attachments. Thanks alot.



DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 14:52:05.59 on 19/02/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.592 [GMT 0:00]

AV: Security Antivirus *On-access scanning enabled* (Updated) {577FC62B-DCD1-4681-BC11-83E0DFB48ADA}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Security Antivirus *enabled* {8A01CF8A-FB35-42C0-BA2A-7CD55758D962}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Application Data\4a03424\SA4a03.exe
svchost.exe
C... Read more

Answer:Security Antivirus removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

19 more replies
Relevance 62.32%

I have a windows XP pro infected with antivirus security pro.  I am able to get into safe mode but once I sign onto windows,  I get shut down immediately by something (not sure if it is the antivirus security pro or something else)  and am unable to run Rkill and MBAM. Any ideas on how to deal with this?
 
Thanks! 
 
Tawny

Answer:Antivirus security pro removal

use this code to register it.. AA39754E-715219CE
 
then you should be able to run apps to remove it.
 
edit: assuming you can get into Windows explorer at all... if it just dies the second you log on, I dunno. soz.

2 more replies
Relevance 62.32%

i have a virus in my desktop called Antivirus Security Pro.  I have been uable to remove it using your guides.  I am communicating using my laptop.  Can you help me please.

Answer:Antivirus Security Pro Removal

Hello jttpo I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

32 more replies
Relevance 61.91%

Microsoft XP media centre edition SP2

have seen other threads talking about things like "combofix" will this work on my laptop? Also saw one saying remove "enable third party browser extensions" which I have done but no change.

This is what happened:

I became infected by "Antivirus Trigger" which stopped everything working except thier pop ups of course.
I then was told to download Smitfraudfix which I had to download on to a disk on another computer and then could only run in "safe mode " on the infect laptop, which I did.

result - Anitivirus trigger does not now come up when machine is switched on, but nothing works in normal, very slow opening and as I try to open IE it totally freezes and says (not responding).

error says:
szAppName : iexplorer.exe
szAppVer : 7.0.6000.16735
szModName : hungapp
szModVer : 0.0.0.0
offset : 00000000

and
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\iexplore.exe.mdmp
C:\Docume~1\gary\Locals~1\Temp\WER8555.dir00\appcompat.txt

in short, I am doing this from the safe mode on my laptop as nothing works when starting up normally,

any advice or directions would be GRATEFULLY received.

Have added HJT and here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:17, on 05/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\... Read more

More replies
Relevance 61.91%

Hi,

I am facing a major virus problem with my system. Task manager, registry edit and folder options of my operating system got disabled and also I am unable to boot in safe mode. If I press F8 and chose Safe Mode (with networking or any other option), pc is getting restarted again so again I had to start my pc normally.

I downloaded avira and avast and when I tried to install them, installations were being closed at the starting without any prompt messages. While googling, I came to see this forum I had downloaded hijackthis and here is my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:00 PM, on 2/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin ... Read more

Answer:Unable to install antivirus & cannot boot in safe mode

Hello, sundeep38.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

22 more replies
Relevance 61.91%

I am following instructions to remove the system care antivirus on my computer, but using F8 upon startup won't work, the computer just freezes up and will not boot. If I do not use F8, it will to boot normally, but nothing opens up when I go try the Run --> msconfig method.
How can I wipe out this virus?

Answer:how to remove systemcare antivirus when safe mode will not load

Hello Campfire and elcome -
 
Do you have Malwarebytes' Anti-Malware Free (aka MBAM) already installed on your computer ??
 
Please list your Make / Model and Operating System Version (XP /Vista / Windows 7).
Also list your Antivirus and any Antimalware programs already installed -
 
Can you open the computer in Any mode (Normal / Any Safe Modes / Etc) -
 
Thank You -

4 more replies
Relevance 61.91%

Ok. I've read all these threads regarding this horrible malware. Yesterday i noticed I was infected with this antivirus pro 2010. The computer wouldn't allow me to do much so i tried to reboot in safe mode. That was the last time I was inside Windows xp operating system. Now I can't get in through safe mode, normal mode or anything else. My computer boots just up to the Windows Xp logon screen and then shows the fastest blue screen and reboots. It repeats this cycle endless times. The last thing I tried was using the Windows xp cd to repair. Unfortunately it tells me the partition1 is (unknown) so they want to format my drive and reinstall. I'm trying to recover files on this laptop. BTW its a Compaq Presario. I even tried the recovery console to simply get a prompt and my c: drive wasn't even listed. Only some D:\MinNt

Help Please!
 

Answer:antivirus 2010 can not boot in safe mode-tried everything advised here

Antivirus Pro been removed- Hijackthis log review

Please review the log below:



Edit by chaslang: Inline and incomplete HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

2 more replies
Relevance 61.91%

Hi there,
Have been infected with Antivirus Live.
Printed off removal guide and downloaded rkill.com and mbam-setup.exe to USB flash drive
tapped F8 during reboot and choose safe mode with networking as requested in guide
Was given message that windows has detected a problem and shut down to protect computer.

Technical information:
0x0000007E (0xC0000005, 0x80537009, 0xF89DB3E0, 0xF89DB0DC)

Ant ideas as this is all i get every time the systen tries to boot up........

Answer:cannot enter safe mode to remove antivirus live

Have you tried using normal mode?

3 more replies
Relevance 61.91%

I am having an issue with my computer since I updated my iTunes and QuickTime and now anytime I try to open or run a program, it pulls up "view downloads" page and asks if I want to run or save the file. Neither option works as it simply re-opens another "view downloads" page and won't allow anything to run. I am operating in Safe Mode but same issue arises. See attached picture as anything I try to open goes to this page and keeps adding the same item over and over if you try to click run or save.
Can you steer me in the right direction?

Answer:Virus won't allow any downloads or internet in safe mode. Won't run antivirus

Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

3 more replies
Relevance 61.91%

I've tried to run some malware programs.... I can't install avg or eset and I can't boot to safe mode either.. Hijack This install gives an error not a valid 32 etc...
when i try to install the antivirus it says i have problems with privileges of being an administrator.. i am the administrator.. HELP!!

Answer:Help. Cant Install Antivirus Software Or Boot To Safe Mode

Hello malpert and welcome to BC

In order to assist you, we need a bit more information.

What is your operating system: Windows XP, Vista, etc.?

I see that you have problems installing security programs. Do you have security programs already installed? If so, please name them, and let us know if these programs are working.

Orange Blossom

1 more replies
Relevance 61.91%

My colleague 'accidentally' ran the 'Folder Virus' in my office computer,

Symptoms,

the usual,
Creating a replica of itself inside a folder with the same name as the folder
Copying itself to any external peripheral connected via USB (Pen drives, HDD etc.)
Task Manager Disabled
Regedit Disabled
Internet Explorer not working, Homepage reset to 'googleinindia.blogspot.com'

the unusual,
Cannot enter safe mode (pc reboots)
Unable to run existing antiviruses, including McAfee and Spybot S&D
Unable to run certain existing applications including MATLAB and Adobe Reader

McAfee displays an error during system startup, Spybot just sits there quietly, MATLAB encounters a fatal error (in matlab.exe)

I ran the DDS.exe, but it could only output a 'DDS' report and no 'Attach' report. I have also run the RootRepeal.exe
I am posting the DDS and RootRepeal Logs.

An early reply will be highly appreciated

Regards

Answer:TaskMgr, Regedit, Safe Mode, Antivirus not working!

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Post the contents of C:\ComboFix.txt in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: Combofix.txt log.txt info.txtThanks

2 more replies
Relevance 61.91%

My computer was hit with the Security Tool virus. It's possible I even allowed it through spybot -- the little spybot messages come up while I'm typing, sometimes, and if I hit the "a" key for allow, then who knows what just happened?

Anyway, I can only run ANY program from safe mode -- including task manager and any antivirus program -- and running any antivirus software will cause the computer to turn itself off. I can't download winzip from safe mode, so forgive me that the logs attached aren't zipped.

Thanks in advance for the help.

Also, I'm having difficulty with the gmer program. It only allows me to check five boxes: Services, Registry, Files, C:, and ADS. All other boxes are greyed out. Also, it only allows me to save as a .log file, which I'm not allowed to upload...

I opened the gmer log and re-saved it as .txt... hopefully nothing's lost in translation?

Ah. Completely missed this: "Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post"

Well, that explains that.

Also, here's the DDS. My apologies for losing track of some of the very simple instructions.

DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Qris at 15:50:19.86 on Mon 02/21/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1617 [GMT -8:00]

AV: AVG Anti-Virus Fre... Read more

Answer:Antivirus software forces shutdown in safe mode

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

Open your task manager and stop this process in bold.

uRunOnce: [gDbLmCf05200] C:\ProgramData\gDbLmCf05200\gDbLmCf05200.exe

To get to the Task Manager press the CTRL+ALT+DEL keys simultaneously.

When done delete this folder in bold.

C:\ProgramData\gDbLmCf05200\

Restart the the computer normally if you can.

Submit a fresh DDS log for my review.

Let me know what problem persists.

3 more replies
Relevance 61.91%

The compter is locked.  I have tried to restore system earlier date- did not work.  I get into the advance boot options window but when I chose either of the safe modes-  it shuts down before I can get to anything-Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, at the request of Malware Removal staff. ~ Animal

Answer:fbi money pak virus removal- has infected my safe mode- HELP

Don't give up on System Restore after one try!  I have removed this virus twice this week for people and they have a newer version than anyone talks about on forums or can see in removal videos on Youtube. 
 
My solution was to run system restore more than once trying a couple different restore points till one completed successfully.  In one case, it said it was unsuccessful but when the computer rebooted normally afterwards, it actually was successful.
 
Press F8 when rebooting to bring up boot options and select "Repair Your Computer".  Log in as administrator and select system restore and try again if you can on an available restore point before the infection.  It may take a few tries.
 
Post back here if it is not.

15 more replies
Relevance 61.91%

My ISP had been blocking my internet connection because they claimed I had a "bot" on one of my systems. After much dealing with them they instructed me to try running tools to remove zeroaccess. I ran the tool that can be found here 
 
http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx
 
It found TDSS something and told me to reboot my system.
 
After rebooting my system flashes the blue screen with white writing and then reboots again asking me if I want to start in safe mode. 
The system starts normally in safe mode. 
System restore does not seem to run in safe mode.
A pop-up instructs me to run safe mode manually with a command, but it still does not work. 

Answer:System only restarts in Safe Mode after rootkit removal

Hello, lets first see if we can find a BSOD code here. We Need to Diagnose Your BlueScreenWhen you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe ModeSelect "Disable Automatic Restart on System Failure", as shown here:When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:Please post me the error(s).

16 more replies
Relevance 61.91%

Hi,

My sister's computer - XP SP3, Optiplex 755 - was recently infected with System Protection rogue av. After following instructions found at Beeping Computer, I removed Rootkit.Boot.Pihar.a with TDSSKiller and the rest of the rogue with Malwarebytes. I uninstalled the previous expired AV, McAfee Total Protection, from Add/Remove and installed Avast free. Everything seems fine and back to normal, but...

Since the removal procedure, the internet has not worked in Normal boot mode. It will ping, RDP and open files on networked computers but no browser will pull up a web page. In safe mode, however, web pages work fine. I've uninstalled and reinstalled IE, FF and Chrome but they all still will not connect. I ran McAfee removal tool and it found a few things but didn't resolve the issue (Security Check found no sign of McAfee afterwards, Windows firewall is off). Ran Dial A Fix, Winsockfix, uninstalled and reinstalled TCP/IP. Tried SFC /scannow as well as a repair install but issue persists. Route print and netstat shows nothing strange. I've created lists of services and tasks running in both normal and safe mode but there are literally three times as many services running normally so it's really not feasible to start turning them off and rebooting.

I'm trying desperately to not have to reformat. Of course, I may HAVE to but to wipe and reload for one thing is a disappointment.

Thanks for any help! I'd really appreciate any insig... Read more

Answer:After virus removal, internet only works in Safe Mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

1 more replies
Relevance 61.91%

I got hit by the virus wgsdgsdgdsgsd.exe three times in the last 3 weeks. It came from "questionable sites," but since I am unafraid of viruses, I keep going back for more challenges. So I finally learned the easy way to get rid of this virus. If I had no Norton backups (dont worry, not needed now) I would never have been able to figure it out.First off, my firewall caught the file wgsdgsdgdsgsd.exe asking permission to run, and I prevented it from running. But the file was still present in Windows\system32 on my disk. I tried to delete it...I couldnt. I tried to end a possible linked process with WINDOWS TASK MANAGER (Ctrl-alt- del), but Task Manager wouldnt run. Humm...I also knew from past experience with this virus, that SAFE MODE would NOT run (Blue Screen of Death)- even after the virus was deleted.RogueKiller available here on Bleeping Computer came to mind...Always have that file on your hard disk! IT FOUND THE VIRUS chain and deleted the process. BUT, the file wgsdgsdgdsgsd.exe was still in Windows\system32. BUT this time I could easily delete it! And double check check that it's not in your RecycleBin.Now, the trickiest part...SAFE MODE will still not work...even though the virus chain is gone. Previously I had to reformat and load my hours old backup, and once I swear even a long reformat didnt work - I couldnt get into SAFE MODE...just that blue screen after rebooting. I had to write zero's to the drive and reinstall my backup -... Read more

More replies
Relevance 61.91%

Hi, so my computer gets stuck on the 'starting windows' screen and only starts up fully in safe mode. Just went into remove programs to see if there were any clues to why and found PileFile reminder installed. Tried to uninstall but was unsuccessful (get this message:'You do not have sufficient access to uninstall pilefile reminder. Please contact your system administrator' I cant take it in to a computer shop until next week so would appreciate any help. Thanks. Ps. I am running Windows 7. Have also tried system restore with no success

Answer:Removal of PileFile reminder (computer in safe mode)

Hello -
We can try and get you into Normal Mode first, as this would be better, but Safe Mode with Networking will work.
 
First -
Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully (this will also run in Safe Mode)
At most the tool will run for about 2 minutes
Copy / paste the log back here
 
Important: Do not reboot your computer until you complete the next step.
 
 
* Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 
 
You will usually find Pile file reminder and Oxy both in the Programs and Features area.
The o... Read more

11 more replies
Relevance 61.91%

First off let me say thank you to all the great people who run this site. I've been reviewing it for a few days and I'm ready to get started on going through all the proper cleaning steps before I post my HJT log....but first, I have some questions I hope can be answered.

1 - When booting into Safe More, do I log in as the Administrator or as my account name that I normally use on a daily basis?

2 - I cannot empty my Recycle Bin. It makes the emptying noise, but the files stay in there. I did a search here for this problem but couldn't find anything. When I tried to empty the protected files, it ran & ran for 15 minutes before I just gave up and shut down the PC.

3 - My computer is infected (among other things) with the W32.HLLP.Sality virus. Norton finds it & deletes it...but a minute or 2 later I get the same message. This happens over & over & over. What's the deal with this?

Thanks again! I'm so glad I found this forum!! At first, this place looked so good that I thought it was setup buy the malware & spyware bastards to look like a helpful site but would actually make things worse for me!! LOL.

-Kliph
 

Answer:Safe Mode, Recycle Bin & virus removal question

Kliph said:



1 - When booting into Safe More, do I log in as the Administrator or as my account name that I normally use on a daily basis?Click to expand...

Depends on what you are doing, if you are doing cleaning I would do it under each account.





Kliph said:



2 - I cannot empty my Recycle Bin. It makes the emptying noise, but the files stay in there. I did a search here for this problem but couldn't find anything. When I tried to empty the protected files, it ran & ran for 15 minutes before I just gave up and shut down the PC.Click to expand...

There is an infection that causes this however without checking logs it's hard to tell.





Kliph said:



3 - My computer is infected (among other things) with the W32.HLLP.Sality virus. Norton finds it & deletes it...but a minute or 2 later I get the same message. This happens over & over & over. What's the deal with this?Click to expand...

Norton isn't a good AV simple as that. I recommend AVG but there are many that are better than Norton.
 

8 more replies