Computer Support Forum

Fake App Attack: Misleading Application File Download 3

Question: Fake App Attack: Misleading Application File Download 3

Hi all,
 
I am also experiencing the crashing of Chrome and IE every 3 mins with a warning from NIS about a Fake App attack.
 
Would be very grateful if someone could please help.
 
All the best,
David

Relevance 100%
Preferred Solution: Fake App Attack: Misleading Application File Download 3

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Fake App Attack: Misleading Application File Download 3

Hi all,
 
The problem has just spontaneously disappeared within the last hour.
I've absolutely no idea why. My PC was unusable for two days.
 
Best wishes,
David

5 more replies
Relevance 110.2%

Mod Edit: Merged posts and cleaned ~~boopmeHi,first of all I apologise for my poor English. From yesterday, when I use Firefox or Chrome, Norton closes them after few minutes and appears this notification 
 Immagine.jpg   153.5KB
  0 downloads I've tried a complete scan and also Norton Power Eraser but the problem is not solved. Can you please help me? Thank you in advance Nycky    DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428Run by Home at 15:17:41 on 2014-02-04Microsoft Windows 7 Home Premium   6.1.7601.1.1252.39.1040.18.4008.1237 [GMT 1:00].AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Program File... Read more

Answer:Fake App Attack: Misleading Application File Download 3

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523164 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 110.2%

Hi there!. I see a lot of people having this very same problem (fake app attack: Misleading application file download 3) causing Firefox and Chrome to crash. Can anyone please help? I downloaded SecurityCheck and AdwCleaner but I'd be happier with someone expert guiding me through the deleting process.
 
Thanks a lot!

Answer:Fake App Attack: Misleading Application File Download 3 AGAIN

Problem solved =)

2 more replies
Relevance 110.2%

I too have the same issue.  Norton catches it, and then it shuts down on Chrome.  Very confusing...  can't understand why, nor fix.  Anyone?
 
Moderator Edit: Split off of another topic to better allow help
Roger

Answer:Fake app attack misleading application file download 3 also

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

1 more replies
Relevance 110.2%

Hi there,
Thanks for reviewing my question. 
Every few minutes, Norton pops up saying that “Norton blocked an attack by Fake app attack misleading application file download 3.”  This causes my browser (both Chrome & Firefox) to crash.  I ran a full system scan and it found nothing.  I also did a system restore to a few weeks ago (the problem started today).  Any help would be appreciated!  Thanks.
 
Moderator Edit: Moved for the Virus, Trojan, Spyware, and Malware Removal Logs forum to a more appropriate forum due to no logs.
Roger

Answer:Fake app attack misleading application file download 3

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

3 more replies
Relevance 109.04%

I've read this topic http://www.bleepingcomputer.com/forums/t/519643/firefox-crashes-norton-fake-app-attack-misleading-application-file-download-3/And followed nasdaq's guide. But my results were:
RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
 
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Bameoi [Admin rights]
Mode : Remove -- Date : 02/04/2014 12:14:40
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[BLPATH] OptimizerPro.exe -- C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 1 ¤¤¤
[V1][ROGUE ST] schedule!3036567561.job : C:\ProgramData\BetterSoft\... Read more

Answer:About Error "Fake App Attack Misleading Application File Download 3"

2 files contain the same text (The text above)

17 more replies
Relevance 106.72%

Hi everybody!
 
At first I'd like to inform you that I'm not an advanced computer-user and that I'm not a native english speaker. So it may be, that I'll be a bit slow in understanding, but I'll try my very best!!! I'd be glad if you could try to write to me in an easy and understandable language... THANKS!
 
I use a DELL-Notebook (Vostro 1510) with these system-informations:

 System-Informations.jpg   77.14KB
  2 downloads
 
All software on my computer is updated (as far as I can judge...) and I use Norton Internet Security, CCleaner and Auslogics Disk Defrag daily.
 
My computer-problem occured three days ago: When I use Mozilla Firefox 26.0 (x86 de) it only takes a few minutes and then Firefox crashes (doesn't matter which website I'm on...). It happens every time! I can restore Firefox, but then it keeps crashing.
 
Norton Internet Security appears with the following note (Fake App Attack Misleading Application File Download 3):

 Norton-Warning1.jpg   155.11KB
  1 downloads

 Norton-Warning2.jpg   178.36KB
  0 downloads
 
I read a few postings and discussions on the internet (though not understanding every detail...) and found out, that you may help me getting rid of this "something" on my computer, helping me step by step to clean it.
 
I'd be very thankful for any professional help from you!!!
 
Cheers!
cisumdog

Answer:Firefox crashes. Norton "Fake App Attack Misleading Application File Download 3"

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+==============

Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.
IMPORTANT

If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the ... Read more

7 more replies
Relevance 106.72%

Hey, I'm struggling to find anything to remove this fake app attack virus thing. I don't know what site I got it from and I have tried numerous full system scans and searching online for help. I came across this site and was wondering if anyone would be able to help me out.
 
Toshiba
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz 2.30GHz
RAM: 8.00GB (7.89 GB usable)
System type: 64-bit Operating System
 
couldn't tell you anymore than that I am afraid.
 
I saw this thread http://www.bleepingcomputer.com/forums/t/519643/firefox-crashes-norton-fake-app-attack-misleading-application-file-download-3/ and was wondering if I did the same thing would it work?
 

Answer:Google Chrome crashed -Fake App Attack: Misleading Application File Download 3

Hello -
Please note that link was from Virus, Trojan, Spyware, and Malware Removal Logs        
 
Each system is looked at one at a time, and yours may not be exactly the same.
Any small alteration to the O/S may mean another method should be used.
 
If you need more assistance, please Fully read and follow the instructions in the Preparation Guide For Requesting Help starting at Step #6.
 
NOTE :If you are unable to complete any step, still post the topic and leave a full description of your problems.
 
When you have done that, start a new topic and post the required logs to  Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT Here, for assistance by the Malware Response Team Experts.
 
Please Use Copy and Paste for all your responses, and Do Not Attach them unless your helper requests this.
 
If HelpBot responds to your topic, please follw his Step #1 so the team will be notified.
 
After doing this, please reply back in this thread with a link to the new topic so we can close this one.

1 more replies
Relevance 98.89%

Hello there,
As it says in the title, I've been having this error thrown at me by Norton the past couple of days merely by having my browser open. There's a managed extension that may be involved with it but despite my best efforts I cannot remove it (multiple uninstall/reinstalls, Norton Power Eraser, a reasonably thorough (albeit amateur) purge of any files related to Chrome, and fiddling with Regedit).
 
Though the problems might not be related, I suspect they are as they both appeared around the same time. I currently have Chrome uninstalled (As it is quite useless) but much prefer using it over Internet Explorer, so any help getting it back would be greatly appreciated.
 
ASUS ROG
Windows 7 64bit
 
Thank you.

Answer:Chrome: Fake App Attack: Misleading Application Download 3

Hello Dashiva I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

26 more replies
Relevance 83.52%

Over the past 3 days, norton has caused google chrome to crash every few minutes... my computer is almost unusable in terms of the internet... I have no Idea what to do, and I really need the internet for my work! Please help!

Answer:Norton - Fake App Attack: Misleading Download 3

Hello Munkzzy I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more

3 more replies
Relevance 97.58%

Hello,
 
Recently, whenever I visit a new web page, I receive a notification from Norton that it has blocked an intrusion from "t.cttsrv.com".
 
I have tried uninstalling any programs that I've recently added, as well as running a full scan with norton to no avail.
 
I've also done a scan with AdwCleaner, and have included the log below:
 
___________________________________________________________________________________________
 
# AdwCleaner v4.111 - Logfile created 01/03/2015 at 12:29:59
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : User - USER-THINK
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384... Read more

Answer:Web Attack: PUP/Adware/Fake Application Download 4 Malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

9 more replies
Relevance 96.35%

My system web browsers were coming to a complete halt before or sending me to a web search called omiga, I unwittingly added the virus to my system by installing a free program called ''fast video player''. I ran the Norton anti virus full system scan first and later on a quick scan. It picked up and removed some Malware which now allows me to use my browsers without grinding to a halt or being redirected. However I am still getting a pop up that my Norton firewall is detecting as "Web Attack:PUP/Adaware/Fake Application download 4". I have attached the Norton scan results as well as the quarantine list. Below I have the DDS log and I have attached the attach.txt. Thanks in advance.
 
|DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344
Run by Clarence at 14:58:38 on 2014-10-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.8177.5735 [GMT 11:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\... Read more

Answer:Web Attack:PUP/Adaware/Fake Application download 4 intrusion attempt

Hello Godel112358, welcome to Bleeping Computer's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.  
 
======================================================
 Please read through the points below to ensure this process moves as quickly and efficiently as possible.
Please read through my instructions thoroughly, and ensure you carry out each step in the order specified.
Please do not post logs using the CODE, QUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
Topics are locked if no response is made after 4&... Read more

14 more replies
Relevance 91.02%

I wanted to check and see if my computer is clean or not. The previous time I had an issue I was getting a constant computer attack blocked message. This time I have only received two (one yesterday and one today). Also yesterday I received a message from Norton about an iexplore.exe. It said I was one of the first users to use the program and suggested I not use it. I chose the option to wait on using it (or something to that effect), instead of deleting it encase it was a legit file. Previously I had two backdoor trojans on my computer. I know that one was quarantined and I am not sure about the other one. Here is the info on those two items. A0342005.sys (located in a RP265 folder-c:/system volume information/_restore{0ef90d3e-5690-4367-bdef-72890fc4db64}/RP265/A0342005.sys) shows up as unresolved risk, but not in a computer scan and the other imapi.sys.vir (located in the Drivers folder-c:/Qoobox/quarantine/C/WINDOWS/system32/Drivers/imapi.sys.vir) shows up in the scan and since it is quarantined I assume there is no concern. As for the resent ones:Yesterday: HTTP Misleading Application Page Request and the iexplore.exe messageToday: HTTP Fake Scan Webpage 5Below are the logs:DDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 12:04:24.01 on Thu 06/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20============== Running Processes ===============C:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\eh... Read more

Answer:HTTP Fake Scan and Misleading Application Page Request

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

16 more replies
Relevance 86.92%

Hello. I have Norton 360. I ran across a disturbing message earlier today. A notice popped up saying something about malicious activity on the computer. I had ended up on a web page I did not intend and the message looked kind of fake. At the same time, Norton notified me that it had blocked an attack called "Fake App Attack: Misleading Application Suspicious Notification". I tried to navigate away from the notice, but it appeared as though it wanted me to take action right away. I wasn't going for it, so I got away from it. Am I infected? Is there anything I can do about it? Thanks.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:Fake App Attack: Misleading Applicatio​n Suspicious Notificati​on

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

9 more replies
Relevance 76.67%

Randomly started yesterday after browsing Facebook.
Ran Norton full system scan.
Ran Norton Power Tool.
No luck.
Shutting down browser.
Ran DDS.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by elaina at 9:03:17 on 2014-02-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4095.2569 [GMT -6:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\... Read more

Answer:Fake App Attack Download 3

Also tried unistalling and reinstalling Google Chrome and Firefox with no luck.
Thank you for your time.

4 more replies
Relevance 71.34%

Hi all,
For the past 2/3 weeks now I have been getting the following message (after I have done a scan with Advance System care 7 pro) and it is always on the malware part, and it reads:
Misleading.Fake AV HKEYCURRENTUSER\Software\Micro\Internet Explorer \Main\Feature Control
FEATUREBROWSEREMULATION
I am running windows 7
It is set to Repair but it keeps coming up after every scan, I have also ran MalwareBytes (pro) and nothing came up, I have used eset (online) and even did a clean with Trend Micro Anti Theft Toolkit, all were ok.
This problem seemed to have started after I updated Explorer, I did a roll back but still get it. Any help/advice would be appreciated.
kind regards Ian

Answer:What is this ? misleading fake AV (feature_browser_emulation)

Looks like your Av ha only partially removed an infection
There are a couple of fake AV programs that case this Antivirus Security Pro is one of them.
Try running your protection programs in "safe mode with networking" or possibly try Malwarebytes.

1 more replies
Relevance 68.88%

Currently hve Norton antivirus blocking this threat with every second click of any link in any webpage
 
Here are my DDS logs:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 23/10/2012 1:02:25 PM
System Uptime: 21/10/2014 1:32:35 PM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2ACB
Processor: AMD A8-3800 APU with Radeon™ HD Graphics | P0 | 2400/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1847 GiB total, 1778.171 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 1.964 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP140: 1/10/2014 4:56:27 PM - Windows Update
RP141: 9/10/2014 8:35:04 AM - Scheduled Checkpoint
RP142: 16/10/2014 3:57:55 PM - Windows Update
RP143: 20/10/2014 11:13:10 AM - Removed Bonjour
RP144: 21/10/2014 8:12:56 AM - Restore Operation
RP145: 21/10/2014 12:56:17 PM - Norton_Power_Eraser_20141021125615584
RP147: 21/10/2014 1:25:37 PM - Revo Uninstaller Pro's restore point - MyBestOffersToday 027.70
RP149: 21/10/2014 1:27:05 PM - Revo Uninstaller Pro's restore point - C:\Program Files (x86)\mbot_au_70
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7500_7600_7700_Help1
Adobe AIR... Read more

Answer:'PUP: Fake application download 4' opens popups in all browsers Windows 7

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552721 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 67.65%

Good Evening,I can't imagine I'm having an issue that hasn't been dealt with a million times before but I can say I'm just as frustrated either way >.< The problems all seemed to start when I downloaded an update for Java and now I have some sort of fake anti virus software popping up and causing all sorts of issues. I was able to find this place through Google and was able to stop the onslaught of execution errors by hijacking this step from another thread:You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.Rkill.exeRkill.comRkill.scrRkill.pifOnce you've gotten one of them to run then try to immediately run the following. Now download and Run exeHelper.Please download exeHelper from Raktor to your desktop.    * Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.      Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).I read that every situation is different and following all the steps that worked for that user might adversely effect my machine. I am willing to do any an... Read more

Answer:Application Cannot Be Executed. The File *** is infected - Under Attack

What is your situation now? Are you able to boot into Normal Mode? Can you connect to the internet?

1 more replies
Relevance 66.42%

Hi guys
One of my pet hates are those programs that you can download from the Net (such as Scan for Drivers / Registry cleaners) etc etc as even if they don't contain viruses etc are nothing more than "Sneakware". What happens is that the system does the initial scan and the poinst you to a "paid for" or "upgrade" site to actually perform the upgrade / registry cleansing stuff etc.

I've been looking at a collegues computer (bored out of my mind at the moment ) and he'd been running one of these horrible little programs called Malware Cleaner).

This is a NASTY cheat -- it reports all sorts of malware / spyware that actually DOESN'T exist on his machine - I tested this with a 100% clean install of the W7 BETA 7000 which came from the Microsoft site, having first FULL formatted the disk, wrote Binary zeros on every sector and re-installed the brand new MBR. He'd have probably gone out and bought an expensive "Malware" cleaner package.

So

1) DO NOT USE ANY OF THESE ONLINE PROGRAMS THAT DETECT DRIVERS/ CLEAN REGISTRIES etc etc whilst you are actually ONLINE.

2) DON'T BUY ANYTHING RECOMMENDED BY THESE SITES.

Now I'm not particularly keen on AV software in any case but if you use it DO know what you are doing and always check on "False Positives" before installing / uninstalling anything.

So far the security in W7 seems to be holding up but if you let stuff execute via a Browser then "all bets are off".

Ch... Read more

Answer:Malware Cleaner -- Misleading (false) application

Agreed, it's 1 of my pet hates too

8 more replies
Relevance 64.78%

Whenever I go to a web page, I am redirected to another page. My virus software NORTON 360 blocks the attack, but it is a pain to keep having my page redirected and then having to close the page. How can I stop this from happening? I just ran Norton Power Eraser and did remove Platypus.dll. But this page: hxxp://pcspeedplus.com/dl/ that says "Viruses were found on your computer!" pops up at random. Norton says it blocked Fake App Attack: Fake Av Websited 20 when the page redirect happens.

Answer:Fake App Attack: Fake Av Website 20 redirects my page. How can I get rid of it?

Welcome aboard  Which browser is affected?  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure ... Read more

1 more replies
Relevance 63.14%

any idea ?..
My Free Download Manager can't download any EXE file. Every i clicked download the status always showed message that "*.exe - Stopped"

Answer:Download Manager can't download any application file

VIRUS REMOVAL / PROTECTION 1. Download MalwareBytes. Malwarebytes
2. Disconnect from the Internet.
3. Disable your present antivirus software.
4. Remove your present antivirus software.
5. Install and run the MalwareBytes Quick Scan (remove any bad guys)
6. Reconnect to Internet.
7. Update MalwareBytes.
8. Run malwarebytes quick scan again.(remove any bad guys)
9. Download and Install Microsoft Security Essentials.
http://www.microsoft.com/security_essentials/

Now I advise you disable MalwareBytes and only enable again when and if you need it..

1 more replies
Relevance 59.04%

Intrusions from two different Ips, one is HTTPS tidserv & other is HTTPS misleading Application detection, how do i get rid of them?

Answer:PLZ HELP- Intrusions not stopping - HTTPS tidserv & HTTPS misleading application deletection

Hi archie21:

These notifications are what we are seeing on the Norton forum that indicate that you have a TDL3/4 rootkit attempting access to the net. Norton is blocking it.

You will need to ask the Malware Removal Team for assistance.

2 more replies
Relevance 56.99%
Question: Fake App Attack

Hey,
I don't really know all that much about viruses and malware, but think I may have picked one up. My browser (tried both Google Chrome and Firefox) keep crashing due to my security provider, Norton, blocking this:
Fake app attack misleading application file download 3
 
It says no action is required, but it happens after 10 minutes everytime I reopen the browser. I've tried doing a system restore, but that didn't work. Any suggestions?
 
I'm using a Windows 7 64-bit laptop.
 
Thanks in advance.

Answer:Fake App Attack

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

1 more replies
Relevance 56.99%

Hi,
I just started to see this today on my HP netbook, which runs Windows 7 Starter.  I can't seem to go online more than a few mins without Norton finding this:
- Fake app attack misleading application file download 3 -
 
This appears to be a popular problem in 2014; hopefully you can help me too.  I find that this is happening in IE 10, Chrome, but, haven't seen it happen (yet) on Opera.
 
From similar posts, I see that I will need to download and run a few items, then post the results back here.  If you provide me with similar steps, do I need download and run each step, then post ALL results back here?
 
I also own a Mac, so, can I download the programs to a memory card and then run them on my Netbook?
 
Thanks in advance!

Answer:Fake App Attack - got me too

As you see this is a bogus AV trying to trck you.. Lets run these..Try booting to Safe Mode with Networking.. Then run these.If needed you may have to download from another computer , copy to a Flash drive or CD and install or run from there.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.>>>>>Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can als... Read more

7 more replies
Relevance 56.99%

Hello!
 
I was using Google Chrome for homework yesterday when all of a sudden chrome stopped working.  Now whenever I try to use chrome I can only be on for 5 minutes or so before chrome stops working again and Norton says that it blocked an attack from Fake App Attack: Misleading Application File Download 3.  I can still use Internet Explorer, but I would really like the help to get Google Chrome back!
 
 
Thanks
The Dancing Banana

Answer:Fake App Attack-Help!

Hello DB, for now I moved this to the Am I Infected forum.As you see this is a bogus AV trying to trck you.. Lets run these..Try booting to Safe Mode with Networking.. Then run these.If needed you may have to download from another computer , copy to a Flash drive or CD and install or run from there.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.>>>>>Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of ... Read more

8 more replies
Relevance 56.58%

Faulting application name: iexplore.exe, version: 11.0.9600.17937, time stamp: 0x55a7fb4f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xdc4
Faulting application start time: 0x01d0e337fd5d8b3f
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: unknown
Report Id: 794dcfc7-4f2b-11e5-a1c3-14feb59f2af2
Then this error 1001 :

Fault bucket 36117055, type 27
Event Name: BEX64
Response: Not available
Cab Id: 0
Problem signature:
P1: iexplore.exe
P2: 11.0.9600.17937
P3: 55a7fb4f
P4: StackHash_6c37
P5: 0.0.0.0
P6: 00000000
P7: 0000000000000000
P8: c0000005
P9: 0000000000000008
P10:
Attached files:
C:\Users\Lori\AppData\Local\Temp\WER896A.tmp.WERInternalMetadata.xml
These files may be available here:
C:\Users\Lori\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_iexplore.exe_d53624b2ebd1de94a7cdd241fb375f95efccbf18_111acca1
Analysis symbol:
Rechecking for solution: 0
Report Id: 794dcfc7-4f2b-11e5-a1c3-14feb59f2af2

More replies
Relevance 56.17%

My system is infected with fake antivirus software. I used to log on with admin privelage user id, now I am not able to log on. I have another user ID which does not have admin privelage. I can log through this 2nd ID. and I executed HijackThis software using this 2nd ID with run as my first id which had admin privelages. I am copying the result of HijackThis log file below. I tried installing sdasetup.exe but it is not installing even though I have run it as admin privelaged user. Please tell me what to do.

Below are the HijackThis result:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:00 AM, on 2/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program... Read more

Answer:Fake Antivirus Attack

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 55.76%

My comp is running on windows xp and i seen someone below my request is having the same problem as me. My comp was running fine until i tried updating my internet explorer to 8 but it didnt work right, by that i mean my comp started acting weird and wouldnt load any icons at the bottom next to the time so i uninstalled 8 and went back to what i had before ever since then i keep getting a fake antivirus attack with non stop pop ups saying a file is infected. it woulnt let me even open the task manager it said it was infected and could not load. Someone please help

edit - also i 4got to mention the fake antivirus thing says i have 34 viruses on my comp. dont know if its true or not but ill load a HJT log in a sec

edit -- i was going to but it wont load now, says its infected
 

Answer:Fake Antivirus Attack with pop up windows

whats the best malware remover out right now i could DL and try to remove this? anyone have any good programs they could recommend? I need to remove all my anti virus software anyway soon and get a new one thats really good something that detects more then viruses. I need something that can detect viruses,spyware, malware,trojans, worms, etc.
 

3 more replies
Relevance 55.76%

Hi all; Well last nite I awoke to find a brandy new security suite in my sys. tray that I didn't download. This is a nasty bugger. My avira anti-virus was all up to date and running but alas -failed me. It is worse than the IS 2010 Fake Virus from a year or so ago. It, of course, told me everything on my comp. was infected. I managed to end some proccess' but didn't help. I could not run "Malwarebytes" even in safe mode. I have reinstalled it about 4 times now, It WILL not launch nor will Super-anti spyware. I uninstalled Avira because it was corrupted and I'm mad at it. Don't think I could install it anyway. The only way I could gain any control was to do a system restore from Safe-mode. It's reasonably stable now but big browser-hijack still here. Also still can't launch or update MBAM and such. FYI.....The program name is just "Security Suite"....lime green splash screen. Kina cheesy lookin'. And the best part....The home page it tried to bring me to purchase them was called..."antivircat.com"...hmm I have posted the log files you asked for. Hope someone can help!! Thanx. My comp. is an older Dell Desktop. Running XPPro, 128mb ram....I know....Avira anti-virus...SP3..And various anti-spyware stuff.
 

Answer:Fake security suite attack!

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please i... Read more

3 more replies
Relevance 55.76%

My Dell coputer is running Windows Vista and having major problems.
I have windows poping up saying my computer is infected and asking if I want to activate antivirus software and also a window keeps coming up that says the rundll32.exe file is infected.
It started a couple of days ago and I ran Malwarebytes and it said it had cleaned a couple of things, but today it is much worse and I really could use some help.
thanks in advance.
 

Answer:Fake Antivirus Attack with pop up windows

16 more replies
Relevance 55.76%

I was at barns and nobles today and started getting a notice from norton that a fake app attack misleading application file download 3 from www.dataukmyscan.info only a couple of minutes will pass before the browser will crash no matter what site I am on.
I am running windows 7 64 bit

Answer:Fake app attack crashes browsers

Hello Legosteve I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

9 more replies
Relevance 54.94%

Hi,

Yesterday my antivirus gave me a couple of alerts about tmp files in the windows directory. Then my PC rebooted itself by itself.

And since then every time I try to log in to eBay I get this page:

Title: "Enter your info"

Text: "We have noticed an increasing fraudulent activity recently. In order to provide your security and protect you from fraudsters we have introduced a new system of identification that will help us to avoid any kind of fraud or unauthorised access.

Please enter as more information as possible to provide your complete identification and to activate all the features of the new system."

It is asking me for personal info such as SSN, credit card details. Clearly it is a fake page.

I also have a laptop, so I am accessing ebay from there with no problem.
I have saved the source code of that page, and have attached it to this post.

Since the infection I've run all kinds of tools such as smitfraudfix, Malwarebytes' Anti-Malware, system restore to a point where the virus should not have existed, and then microsoft update. No luck, whatever it is, it's still there.

Any help would be greatly appreciated.

Thanks,
Roy
 

Answer:eBay fake page, phishing attack

I'd also like to add that I checked, and this happens both with Internet Explorer AND Firefox.
 

1 more replies
Relevance 54.94%

Hi am new to this site
hope you can help

Have been attacked by Trojans Gendal, Kazy & Fake
thru an Adobe update process.

Have run scans says: system is fine
no malware or virus detected.

Can only start up in safe mode with no networking
am using 2nd PC looking for some help

Get a "Windows Activation Required" screen on regular start up
cannot get to OS .
System Restore will not work either.

Hope you can suggest something that will help with this problem.

Thanks
Bigbear33

Answer:Trojans Gendal Kazy & Fake attack

Hello,Please go here....Preparation Guide ,do steps 6,7 & 8.Create a DDS log and post it in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

6 more replies
Relevance 54.94%

Earlier this morning SophosLabs noticed a new scam designed to fool users into viewing a web site where they would be hit with a malicious script that installs a spy Trojan. We saw several spam messages alerting users to the supposed shooting of the e-Gold founder...Browsing to each of the domains redirects to a malicious page on another server...The script attempts to exploit several client-side vulnerabilities in order to download and install a Trojan... This is yet another example of the attackers using a blend of spam and malicious web sites to infect victims...http://www.sophos.com/security/blog/2008/03/1238.html

More replies
Relevance 54.94%

I'm running Windows XP with service pack 3. I have Mbam spybot and zonealarm installed.
My computer is infected with something that I can't get rid of.
When I log into my xp account, this fake antivirus appears as my background and then opens up a program that tries to 'scan for viruses'
I can't open anyting or do anything in my account. The guest account is okay as far as I can tell. I've ran scans with mbam and spybot, but they don't find anything.

I ran the Hijack this log in safe mode as I was unable to run it any other way. Under the guest account, access is denied. I was also unable to run GMER.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:40 PM, on 2/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fw... Read more

Answer:fake antivirus attack ( with hijack log DDS and Attach))

I updated MBAM in safe mode and ran a full scan. It found several things, and deleted them. I then ran full scans with spybot and SuperAntiSpyware and they also found several entries. The computer seems to be running fine now, but I want to make sure that everything has been wiped out. I will repost the logs shortly.
 

1 more replies
Relevance 54.94%

Just got hit with the SMART fake AV program. Tore right through the corporate WebWasher, firewall and M/S Security Essentials on my XP laptop. First attempt to clean was using M/S ES, which spotted one of the infected files, but failed to fully remove the whole program. ES only found this instance: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFPUCYJMMNEAXAA.EXE. On reboot, the software activated and resumed hiding files.

Successful removal using Super AntiSpyware. Logs follow:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2012 at 12:59 PM

Application Version : 5.0.1150

Core Rules Database Version : 8698
Trace Rules Database Version: 6510

Scan type : Quick Scan
Total Scan Time : 00:17:01

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 439
Memory threats detected : 0
Registry items scanned : 29145
Registry threats detected : 1
File items scanned : 9010
File threats detected : 923

Trojan.Agent/Gen-FakeAntiSpy
[TfPucyJmMneAxaa.exe] C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFPUCYJMMNEAXAA.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TFPUCYJMMNEAXAA.EXE
C:\DOCUMENTS AND SETTINGS\GEORGE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U21BPOEN\README[1].EXE
C:\WINDOWS\Prefetch\TFPUCYJMMNEAX... Read more

Answer:SMART fake AV attack - 6/7/12 resolution and logs

Hello, I moved this over to the Am I Infected forum. Yell me how it is after doing this.....Please follow our Removal Guide here Remove Smart HDD [/url] .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

8 more replies
Relevance 54.53%

Miscreants are using a fake Twitter profile in a bid to spread malware that harvests login credentials for Orkut.
Updates to the fake Twitter profile are supposedly being followed by 17 punters, but they're all fake, according to Chris Boyd, director of malware research at IM security firm Facetime.
Twittery Trojan

The profile is designed to trick would-be marks into viewing a photo album on Orkut, which supposedly requires a Flash update to view. This bogus Flash update is contaminated by malware, specifically the OrkutTron Trojan.

OrkutTron performs a variety of malicious actions including an attempt to snaffle login credentials for Orkut, the Google-run social networking site that's particularly big in Brazil. Fitting in with this theme, the fake Twitter profile is written in Portuguese.
Attacks targeting Orkut are relatively commonplace, but as Boyd notes, the use of Twitter represents an innovation in such hacking attacks.

Fake Twitter profile punts Orkut attack | The Register

More replies
Relevance 53.71%

Logfile of HijackThis v1.99.1Scan saved at 1:33:16 PM, on 02/07/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\dcomcfg.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exec:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\svchost.exec:\PROGRA~1\mcafee.com\vso\OasClnt.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\... Read more

Answer:Pornographic Popups, Fake System Warnings, Fake Antivirus Download Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

6 more replies
Relevance 53.3%

Hi, I'm Ben and have suffered my first significant virus/malware attack.

Trend Micro Titanium was active and up to date. It stopped one program but failed to catch windows opening while surfing suggesting I had a hard disk failure. I closed a couple of these and then a very convincing fake AntiVirus/system error window opened.

I closed these windows and ran a quick scan which found no errors. After restarting my laptop my system has been changed;the start menu has been cleared of programs,

the desktop has only one icon, a fake looking Windows Explorer icon with 'The Internet' as a title,

folders in the root directory appear empty but the disk useage shows space has not been released. Recycle Bin unchanged,

cannot now get to Task Manager using Ctrl-Alt-Del, to see what is running.
A full scan with Trend Micro Titanium finds no issues.

Any help would be greatly appreciated!

Thanks . . Ben

----------------------------------------------------------------------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Ben at 15:08:35 on 2011-06-01
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2046.891 [GMT 1:00]
.
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
==============... Read more

Answer:Fake AntiVirus attack, no programs in start menu and folders now empty

Do not have system backup and never had Vista OS disk. . . . Ben

4 more replies
Relevance 52.07%

hi

my children have been downloading not so good sites. and now my pc is totally flooded with every thing. I can barely get on here. I tried to download one of the antivirus programs but nothing seems to work. I lost the ability to get explore.exe . and every program i try to run a program it gives me what program you would like to run this with. Also when i downloaded the programs to try to run it I get application not found. Please help I am not good at this I think I have made things worst. :confused
 

Answer:virus attack application not found

Please can some one help me with my post i cant seem to download anything on to my pc i get an application not found after I try to run and application. Also when I reboot my system I get a blank screen. I have to use task manager to try to get on any applications but I still get application not found. My system is completely run over by virus and trojans and it is entirely affected its memory base. I will try to put the errors that I get on here. Any help or suggestions will be completely appreciated.:cry
 

6 more replies
Relevance 52.07%

Greetings Bleeping Comp!

First time here and must admit I'm generally a novice on techie stuff. So, please have patience! ;-) Thx. Below you will find the posted DDS.txt info and the 2 attached file requests (ark.txt and attach.txt files).

But first... Here's a sequential description of what happened in the past 24 hours (BOTH PC status and my actions). I've apparently had some success, but I'm not sure it's fully clean. Given the strangeness over the past 24, I'm still wary. ... thus, the request for help.

(1) Last night (Jan. 10), my Norton Internet Security 2012 protection repeatedly showed an infection pop-up in the lower right corner that noted "Tidserve Activity 2" and "manual removal" as necessary.

(2) After about 10 minutes of these repeated pop-ups, my PC was attacked by the fake antivirus virus called "XP Antivirus 2012" (or similar). It was the well-documented malware that displayed MANY fake intrusion notices and warnings and asked me to buy product. I, of course, did not buy. Just closed the boxes when I could. Google searches were also redirected when seeking fixes. I ran a Norton system scan and it was fruitless. No viruses found...even though the Norton pop-up identified one.

(3) While troubleshooting over the next hour or two, these symptoms continued (both the "XP Antivirus 2012" alerts and the Norton "Tidserv Activity 2" pop-ups.

(4) I first tried to fix wi... Read more

Answer:"Tidserv Activity 2" Norton pop-up...a fake "XP Antivirus 2012" attack... and strange Google behavior

Hello again Bleeping Comp...

Perhaps I spoke too soon. I can't be sure but some of the recent strange behavior that followed/coincided with the virus attack (in original post) may have corrupted something in my wireless internet device or driver. Been having intermittent and slow connectivity from it when I reboot. Sometimes it doesn't connect at all.. in which case I've had to either change drive or reset address (disable/enable) a few times, etc. Not sure if this is fixed/temporary or will continue. Ugh.

Can these malware tank a wireless adapter device/driver??

OK, I'll shut up now.

Thanks!

13 more replies
Relevance 51.25%

Doctor Web warns users of iOS devices about two fake Dr.Web applications avaialable on Apple iTunes store. Both illegally use the Dr.Web's internationally registered trade mark and logo while their respective developers are in no way connected with Doctor Web, Ltd.

The applications in question are SYStem Monitor Dr.Web Light Pro and System Services Anti-virus Dr.Web Light. Dunkin assassin nguyen and BUI MAI are listed as their respective developers.

None of these products is present in the Dr.Web product line. Dr.Web Mobile Control Center and the utility Dr.Web CureNet! are the only available Dr.Web products for iOS. A complete list of Dr.Web products on Apple iTunes can be found here: Doctor Web, Ltd Apps on the App Store.

Therefore, Doctor Web is not responsible for any consequences that may arise from downloading and installing the above mentioned applications.

Apple's technical support was notified about the incident on August 8, 2016, however, by 8PM MSK no response has been received.

Doctor Web, Ltd. is an exclusive owner of the Dr.Web trademark. We encourage our customers to check application's developer information before purchasing the program to make sure that it has been developed by Doctor Web, Ltd. Specifically, on Apple iTunes click View More by This Developer to check the company name and the information about other applications from the developer available for download.
 

More replies
Relevance 51.25%

Here are my hijackthis log and my filelisterLet me know of anything else you need. Please help - on work computer and desperately need to fix it ASAP.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:41:05, on 5/13/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Viewpoint\Common\Viewpo... Read more

Answer:Insecure Internet Activity - Threat of Virus Attack (Security Center Alert for (fake) Win32.Brontok

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 51.25%

Hi,
 
Recently my system has become very slow and stops responding to anything after a while. if it is restarted, it starts working again for sometime and same thing happens. i have avast installed and tried the boot up scan and ful system scan. it removed some infected files but the problem still persists.
 
Pls advice

Answer:possible virus attack, laptop application shows not responding

There can be multiples reasons for a slow computer. BC has a nice post for slow computers. Please go through each step in this checklist and report back if you face any problems during and /or after this. Will be happy to help.
http://www.bleepingcomputer.com/forums/t/44694/slow-computer/
 
Cheers.
~K

1 more replies
Relevance 50.84%

Like others on this site, I have been infected with a program that says it's Google Chrome but actually isn't.  Briefly, there is an executable file named “XSIAKQJE.EXE” (in Task Manager, the image name is the same with *32 afterwards) and has a description name of “Google Chrome” in Task Manager.  Google Chrome is not installed on the computer, nor any other Google application, but there are a minimum of 4 processes of this application running at the same time at any given time which easily goes up to 15 or so processes within a short period (<15 minutes) of computing.  As long as the internet connection is disabled, each running process is below 70mb of memory usage; after connection is made, 2-4 of the processes jump up to 100-400+MB of memory usage.  The application is running on an HP DV6T laptop computer, i7 Q720 Intel processor, 8gb ram, Windows 7 professional w/service pack 1 and all current updates performed.  The internet browser used is IE version 11.
 
Shown below is the DDS.txt file contents.  I have also attached the "attach.txt" file and 3 other files in a Zip file which details more specific information that I found while researching the behavior of this rogue application that I have not found others to have reported.  These 3 other files are in a Microsoft WinWord document - please let me know if that format is not able to be read.
 
I really do appreciate any help you can provide me... Read more

Answer:Fake Google Chrome application

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554736 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

23 more replies
Relevance 50.43%

Hello,
 
I am hoping you guys can help me with my problem. I keep getting fake google processes and I don't know how to get rid of them. In users/user/appdata/locallow I see a number of things that, when I try to delete them, they auto-regenerate.  I am at a loss and would greatly appreciate any help you could give me. here are the scan logs from FRST, and thank you very much in advance.
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Slaight (administrator) on JOHN on 30-10-2014 19:50:06
Running from C:\Users\Slaight\Downloads
Loaded Profiles: UpdatusUser & Slaight (Available profiles: UpdatusUser & Slaight)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\... Read more

Answer:Vinylinfinity (browser.exe*) fake google application

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy a... Read more

3 more replies
Relevance 49.2%

I have developed windows phone apps project using windows phone 8 sdk . I want to execute exe file on this project

More replies
Relevance 48.79%

On Thursday, Microsoft made available for download the final flavor of a new, highly useful tool for developers, IT professionals and Independent Software Vendors (ISVs), namely the Attack Surface Analyzer.
The application was made available for download in a beta flavor last year, in an attempt to provide people with the possibility to have a look at the changes that software installs bring to Windows systems? attack surface. More..

Answer:Download Attack Surface Analyzer 1.0

I did read about it - but well it didnt make much sense to me!

1 more replies
Relevance 48.79%

In windows 7 pc whenever trying to attach a file on outlook nothing is happening or no file/folder is opening and whenever select any file on application for mounting no file or no drives are opening....

More replies
Relevance 48.38%

I went to a website I trusted, and I left with this. (See attached files)

I believe it was an advert for the site because of the bottom left of my Firefox browser I saw it loading from a site I never heard of before named "Dual-Boxing.com". At first I thought nothing of this because I thought it was just an advertisement... but as soon as I left the site Symantec found the virus and 'cleaned' it, but I am still getting the messages seen in the attachments.

Also, I kinda find it strange because dual boxing seemed to be a pretty trusted site based on my search results.

And when I went to Dual-Boxing.com (on my phone) yesterday it seemed to be moving to a different location. And today it seems to work perfectly, they even have a post up talking about an infection/rootkit thing they had.

Should I try to sort it out there? They seem like they are trustworthy and just had a few problems? Or Can you help, thanks!

Answer:Web Attack: Suspicious Executable Image Download

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwareNOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program bef... Read more

6 more replies
Relevance 48.38%

I received multiple messages from Norton saying that a high risk intrusion attempt was blocked with IPS Alert Name of Web Attack: Suspicious Executable Image Download. After the blocked message, there were multiple IPS Detection Statistical Submissions. (I'm not sure how to post the entire Norton security history with complete details).
 
These messages came up as I was watching a video on acfun.tv and I have been using this website for a long time and have never received any sort of notification from Norton before.  All I had open on my Google Chrome Browser was reddit and the acfun video. It was towards the end of the video when these Norton alerts came up, but the video was still running fine and my laptop was running fine as well. I was also able to reload the video again on acfun again and didn't receive any Norton alerts.
 
I wanted to ignore this alert as I have seen a few posts with a similar issue and it seemed like the issue might have been on Norton's end in misidentifying the web attack. But on the other hand, I don't want to make any hasty assumptions and I want to make sure that my laptop is not exposed to any sort of risk.

Answer:Web Attack: Suspicious Executable Image Download

That site according to Wikipedia does not store any of the downloads itself. So, depending on which video you select
to download determines which domain you are actually downloading from or streaming from.
 
You can use the programs below to clean up the computer and find and remove adware and malware. I good idea if you haven't
scanned your computer using them before.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (th... Read more

5 more replies
Relevance 47.97%

Hi,

My girlfriends computer was infected this morning while she was working at home. Neither of us are really sure how it became infected since she was replying to e-mail via outlook at the time it started coming up on the screen.
We would really appreciate help on trying to remove it.

Her operating system is: Windows XP Pro (2002 Version) Running SP3

Thanks,

-Jason.

Answer:Rouge fake anti-malware application Live Security Platinum Infection

Hi Jason,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

4 more replies
Relevance 47.97%

Q /Wechat 987739625 Fake UWO Buy a diploma University of Western Ontario , fake diplomas, fake degrees,
Q /Wechat 987739625 Fake UWO Buy a diploma University of Western Ontario , fake diplomas, fake degrees,
Q /Wechat 987739625 Fake UWO Buy a diploma University of Western Ontario , fake diplomas, fake degrees,
Buy a degree is more and more important for someone couldn?t get a degree from his university. How to buy a degree and

where to buy degree that means your choose.
Our degree  will service for you online everyday!
Our company is specialized in Australia, Britain, Canada, the United States, France, New Zealand, Singapore, Japan, Malaysia and
 other countries of the fake diplomas production and research and development work. Our company was founded in 2003, is located
 in southern China's a coastal city - shenzhen, adjacent to Hong Kong, who create numerous miracles in this city, we are just one of

them. We already have the high-end printing equipment, all kinds of import the original paper, mature processing technology and
 perfect service system. No matter from watermark, seal, or hot stamping or laser, we can do it 100% of similar!
Why you should just buy your degree?
1.Get yourself work promotion.
2.Get better job, better salary ? good money.
3.Save lots of money ? tuition fee getting extraordinarily high.
4.You can save whole lot of time.
5.You don?t have to sit for endless examinations and do assignments.
How to buy a ... Read more

More replies
Relevance 47.97%

I had a fake Microsoft Malware removal program popping up on my computer.  I found it's location, and deleted it.  I would have to delete each time I starting the computer, as it was re-installing itself.  I also couldn't download.  I tried to restore the system, but it would not let me (unidentified error).  So I searched bleeping computer and followed it's instructions for this problem.  I downloaded Rkill, TDSSKiller, and Malwarebytes on another computer, and ran them.  The first two did not seem to detect anything.  However, malwarebytes detected several, and I checked them to be removed.  After this was done the popups went away.  However, I still cannot download anything (It will say that it detected a virus and deleted it).  Below is my DDS log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Paul and Shannon at 9:26:33 on 2013-07-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4008.2206 [GMT -10:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svcho... Read more

Answer:fake MRT, ran malwarebytes, still cannot download

Hello paulwp I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

35 more replies
Relevance 47.97%

Q /Wechat 987739625 Fake McMaster University Buy a diploma , fake diplomas, fake degrees,

More replies
Relevance 47.56%

More than half a million web pages have been compromised with malware as part of a new attack, Trend Micro warns.
Badly configured PHP bulletin board applications are being used to plant malicious JavaScript on web forums. The JavaScript is used to push variants of the Zlob Trojan that come disguised as a video codec installer.

The Trojans change DNS and browser settings on infected PCs leaving them open to further attack. Many of the compromised forums were already used to spamvertise knock-down drugs and smut sites. In the UK most of the infected websites belong to small- to medium-size firms whose weak security controls have left the door open to hackers.
The malware is served up from systems based in the US and Russia. Trend reckons the latest attack bears the same hallmarks as previous attacks by a Russian and Ukrainian gang punting the Zlob Trojan. Trend has more on the attack in a blog posting here.
Cybercrooks are increasingly looking toward planting malicious script onto regular sites rather than attempts to trick users into visiting obviously dodgy sites touting warez and porn. Fake media codecs are becoming a favourite vector for spreading spyware and Trojans.
Last week McAfee warned that hundreds of thousands of samples of new Trojan that poses as a media file had flooded onto P2P networks. The booby-trapped files in that case and the Zlob-infected media codecs in the latest case both turn infected machines into zombie clients under the control of hackers.
In bo... Read more

More replies
Relevance 47.56%

Hi! Just thought I'd try posting here before I go to class. Will be back around 7 pm PST.
 

Answer:ad by pass now and fake download suggestioms

Hi,

Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...

Close any open browsers
Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

Double click on zoek.exe to run the tool .
Please wait while the tool does not start...

Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code:

createsrpoint;
gpt.ini;z
C:\Windows\System32\GroupPolicy;v
C:\Windows\SysWOW64\GroupPolicy;v
StandardSearch;
emptyfolderscheck;
installer-list;
installedprogs;
uninstall-list;
Click on button.
Please wait until a logreport will open (this can be after reboot)

Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"


Please download aswMBR and save it to your desktop.

Double click aswMBR.exe to start the tool.

Select Yes if prompted to download the Avast database.
Click Scan
Upon completion of the scan ( Scan finished successfully ) click Save log and save it to your desktop, and post that log in your next reply for review.
Note: do NOT attempt any Fix yet.

 

3 more replies
Relevance 47.56%

I see that other users have had problems with the fake Google Chrome. I may have more than one problem since I've been having issues with heavy CPU usage involving a COM Surrogate process - which may or may not be malware. The Google Chrome usage just started a few days ago. I tried to follow the instructions for preparing for assistance but have been unable to download the FRST file. Any assistance greatly appreciated!
 

Answer:Need help with fake Chrome but can't download FRST

Just looked at other posts. When I started having the COM Surrogate issue, I also used Task Manager to open that file. It's located in a sysWOW64 file as another used reported. Looks like I need lots of help. Thanks.
 

14 more replies
Relevance 47.56%

Hello,
I hope someone can give me some advice. Yesterday, as I was browsing online (no naughty sites, I promise) I opened a window that appeared to have one of those classic fake antivirus programs.. you know the kind, "Your computer may be infected get a free scan now!!" The green progress bar at the bottom of my IE window started to move across as if something was downloading so I didn't stick around. I tried to close the window by right clicking on the task bar, that didn't work, so I shut down my internet connection. To close the window I shut down my computer. I restarted, and all seemed to be well. I have the Norton fraud monitoring active on IE and it didn't show any errors, but just to be safe, I scanned with both Defender and my Norton (both up to date). Nothing came up. I checked my software explorer with Defender, no new startup programs, no unfamiliar processes. The computer is acting normal. No pop ups, no unusual CPU activity. The one thing that worries me is that when I went looking into the reports and activities section of my Norton software, under 'firewall activities' starting yesterday at around the time this all happened, I saw this message showing up.


30/01/2009 06:08:51,"Rule ""Default Block Microsoft Windows 2000 SMB"" blocked (24.30.160.130,microsoft-ds(445)).",


I don't know what this means and I have not been able to find out on the web.
Can anyone shed any light? From the way the computer is acting, I... Read more

Answer:Advice on a possible fake virus download

A google search does not seem alarming "Default Block Microsoft Windows 2000 SMB" - Google Search

What Norton you run? 2009 version is the way to go if you stick with Norton.

Im asking because you mention Windows Defender. Dont know about old Norton but newer disables Windows Defender and they dont recommend you to enable it after wards. Make sense or just what they have to say, dont know. I know Avira suggest the same except they dont disable during install.

There is a problem with AV products without out much HIPS protection avoiding Defender. Does not take much effort to find some malware which they skip and Defender stops Is far from useless.

Unless you actually downloaded and installed the "scanner" computer is not infected. Infection do not come from screwing up browser and making you turn off computer. Also how close you were depends on how Vista is set up with UAC, protected mode and what not. Firefox also dont make it that easy to run programs off the net. What site was trying to do by making it hard to get rid of. Use task manager next time, close IE/whatever browser process. The idiots exploits peoples panic and/or lack of knowledge.

If you want some supplement to Norton/Defender try Malwarebytes Anti-Malware Malwarebytes.org Easy to update and dont conflict with anything and if you get infected it is very good at removing.

5 more replies
Relevance 47.56%

Accidentally downloaded Flash Player update link and got my Safari infected, how do I determine what it is and get it removed?
 

More replies
Relevance 46.74%

Google Chrome OS is a project by Google Inc. to develop a lightweight computer operating system devoted to using the World Wide Web and today Google has made available first preview build to everyone. It is based on Google?s Chrome web browser and the Linux kernel. It runs on systems with either x86 or ARM processors. Here are few features of Google Chrome OS as Google promises: Featured software in Chrome OS: GNOME 2.24 desktop environmentGoogle Chrome 4.0.207 web browserOpenOffice.org 3.0 office suiteFlash Player 10.0 pluginand much more! System requirements of Chrome OS: Processor: Intel Pentium, Xeon or newer; AMD Duron, Athlon, Sempron, Opteron or newerRAM: min. 256 MBHard disk: min. 1 GBGraphics card: supports most modern graphics cards Download Chrome OS virtual appliance and give it a try! Thanks for Verification.... The title has been changed... I have just came to know its fake Google OS Chrome OS.

Answer:FAKE: Google Chrome OS released, download available!

It's a fake from what I've read

6 more replies
Relevance 46.74%

Warning!
Fake AVG Antivirus 2015 on YouTube takes users to download unwanted software.

Read more: http://blog.anti-virus4u.com/2014/05/new-fake-avg-antivirus-2015-on-youtube.html
So far, no one gets to download AVG Antivirus 2015
 

Answer:Fake AVG Antivirus 2015 for download on YouTube

@Malware1 can you check out the links under this video
hxxp://youtu.be/BvWGHB2FzpA
 

3 more replies
Relevance 46.74%

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 10:25:33.53 on Thu 01/08/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1135.340 [GMT -8:00]

FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\Owner\Application Data\gadcom\gadcom.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging&#... Read more

Answer:All kinds of weird pop-ups trying to download fake updates

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

2 more replies
Relevance 46.33%

I think I have downloaded the hacker file as reported in PC advisor - how do I remove it?Statement in pc advisor - The malware attack comes in the form of a Wall message supposedly posted by a friend that urges members to click on a link to view a video on a website supposedly hosted by Google. The link takes users to a web page that isn't hosted by Google, where they are told they need a new version of Adobe's Flash player and are urged to download an executable file to watch the video. The file is really a Trojan horse, Troj/Dloadr-BPL, that funnels other malicious code detected as Troj/Agent-HJX into users' machines. Once it has done that, it displays an image of a court jester sticking his tongue out.

Answer:Face book fake flash download - how do I remove it

Type ... Fake Flash download removal ... into Google and you will find a Free Removal Tool. I have not used it myself as I do not need it, so I cannot say how good it is. But worth a try - Good Luck!

1 more replies
Relevance 46.33%

to:windows 7?‹? ? Blog Archive ? ?œ€?–?windows 7 7070?„?œ??‹??€??ˆ??›??›??…‰?€‘

Answer:FAKE - Windows 7 Build 7070 download leaked!!!

i Doubt its real..

9 more replies
Relevance 46.33%

My adroid HTC EVO 4G is now infected too!! I get pop ups as well. I've tried ad-aware, TDsskiller, and others in safemode and doesn't find anything.
Thank you so much.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Jean Paul at 9:46:25 on 2011-08-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1824 [GMT -5:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system3... Read more

Answer:Google redirects, fake websites, play download ads

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/413413 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the low... Read more

2 more replies
Relevance 46.33%

Hi,
 
whenever i try to access youtube or facebook i get redirected to a fake adobe flash player pro download site. i also cant watch any embedded youtube videos or flash videos on other sites
 
I checked the forums and other sites on how to remove that fake adobe player malware but so far it didnt work. Ive used malwarebytes, ccleaner, adwcleaner. I also restarted my computer in safe mode with networking and used the programs to scan my pc but it didnt find anything

Answer:redirect from youtube, fb to fake adobe player download

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

2 more replies
Relevance 46.33%

im testing out different traffic shaping settings on my firewall to see how gaming pings react with different levels of uploading. im wondering if there is such a tool as one that lets you specify a download or upload speed, then it artificially transfers that as if you are really downloading something or uploading something via your internet connection.

I tried bittorrents, but it just isn't accurate enough for my tests. thanks for any help
 

Answer:networking tool to fake upload and download speeds?

are you looking for something like this or did i not understand your question

http://freshmeat.net/projects/trafficgenerator/

some reading material on the same topic

http://www.icir.org/models/trafficgenerators.html
 

1 more replies
Relevance 46.33%

Hello,
 
My system is a Intel Core2 Duo that runs Windows Vista Home Premimum
 
The last few days, I've been having extreme difficulty using my other Internet Explore web browser,  About 3 days ago, I open up the browser and right away it's brings me to a google error site that says 404, "that's an error", So I searched the wierd google link and found a bunch of listings about something called "virtumonde".  Also, when I try to log on to game websites, I get redirected to Fake Java and Adobe download websites. 
 
I honestly have no idea how my browser went crazy like this, all I flippin do is play computer games on it, right now I'am using Mozilla with no issues at all. I would truly apprecitate any help, I want my bleeping computer to be normal again.
 
So far I have tried the following
MSE (Full Scan)
RKill
Malware bytes (full scan)
Also tried VundoFix with no success.
 
 

Answer:I.E browser is hijacked and redircting to fake download sites

Hello, 
 
Start with the following programmes, and let me know how you get on.
 
STEP 1 AdwCleaner
Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
Follow the prompts. 
Click Scan. 
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
Ensure anything you know to be legitimate does not have a checkmark, and click Clean. 
Follow the prompts and allow your computer to reboot. 
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 STEP 2 Junkware Removal Tool (JRT)
Please download Junkware Removal Tool and save the file to your Desktop.
Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
Temporarily disable your anti-virus software. For instructions, please refer to the follow... Read more

33 more replies
Relevance 46.33%

Hey guys,
I finally got a pop-up ive been wanting for a few months now. It is one of those fake virus scanning websites trying to run a fake scan (just a .gif picture) and it tells me to download their AV.
Ya let me get right to that! REALLY!
I want to download, not install to my main computer, but just download the installation files to transfer to my old sandbox comptuer. This will be my first attemt at this, and i just wanted peoples input on what you think of this?

Am i alright to download this? A second opinion never hurts. Cant know everything. Damn hard pill to swollow haha!

Thanks everyone,
Ben

Answer:Infected website, download fake AV for testing. Safe?

Well, if you're going to let it run its course to see what it does, make sure that the computer is completely isolated with ZERO and I mean ZERO information on it.

Also, keep in mind that not only can this sort of thing mess with your software, but in rare cases it can kill hardware if it's really horrid.

9 more replies
Relevance 46.33%

ican't download any materials because of the the internet download manger is regeristered with fake serial number. I am always asked to enter the registeration nuber, so could't able to download any of the materials I needed.

Answer:Remove internet download manger registered with fake key

See if you can uninstall the download manager from "Control Panel > Programs and Features". They are not essential - windows can handle downloads.Also run these three programs in the order given to give us an idea about the malware situation. They often fix what AV's miss:AdwCleaner:http://www.bleepingcomputer.com/dow...(blue Download button near top - not anything else on the page).Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.Junkware Removal Tool (JRT)http://www.bleepingcomputer.com/dow...(blue Download button near top - not anything else on the page).Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.MalwareBytes:https://www.malwarebytes.org/Download the free version.Install and Run the program but before doing its Scan go to "Settings > Detection and Protection" and put a checkmark in "Scan for rootkits". Quarantine anything it finds. Please copy/paste the logs on here.Always pop back and let us know the outcome - thanksmessage edited by Derek

7 more replies
Relevance 46.33%

I was infected by fake spyware that falsely posed to protect my system. I was only allowed to access online by being directed to their website. I went on a different computer, successfully downloaded Malwarebytes' Anti-Malware, and put it on my infected computer. When I first ran it, it detected the malicious infection and quarantined it. I no longer have the annoying pop-ups and am not continuously redirected to their website every time I try to access the internet. However, despite Malwarebytes' telling me I no longer have any infected objects, I still cannot access the internet despite my strong, connected internet connection. It simply states, "This webpage is not available" with "Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error." Any suggestions??

Answer:Post Malwarebytes Download Problems with Fake Spyware

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

1 more replies
Relevance 46.33%

Hi,
 
Yesterday as i was clicking the "login" button to my email, a site opened in another tab asking me to download an outdated "program". I obviously just closed out of it, but every so often another web page will pop up when i click anywhere on my browser. i went ahead and ran MBAM, MBAR, TDSSKill, Adw cleaner, and McAfee (my current antivirus). None of them found anything, except McAfee will sometimes block these pop up sites. This is happening in the two browsers I have installed, Chrome and IE.
 
Here's the log from DSS (I also attached the "attach" file):
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.5.1
Run by Katy at 16:14:51 on 2014-05-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5992.3557 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k Loc... Read more

Answer:Possible browser hijacker, random pop ups asking to download fake utilities.

I am going to close this topic since I figured out the virus was in my router, not my computer. I just had to change a few security setting and it went away.

3 more replies
Relevance 46.33%

Hello! My browsers continue to get redirected to fake websites such as www.xyzd.com and then prompted to update / download the new version of flash, to which it then Automatically downloads a setup.exe file. There are pop up messages that continue to show up when i try to close out or say "no" to downloading. No idea how to remove this thing! i have tried Malware Bytes, Anvi Smart Defender, Hitman Pro, TDSS killer all to no avail! please help!
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Soh (administrator) on SOH-PC on 25-03-2015 17:47:56
Running from C:\Users\Soh\Downloads
Loaded Profiles: Soh (Available profiles: Soh)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program... Read more

Answer:Browser gets Redirected to Fake Webpages to Download Flash

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully: My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.If I don't reply within 24 hours please PM me!Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Revo Uninstaller FreeDouble click Revo Uninstaller to run itFrom the list of programs double click on the listed program(s), to remove it:Google Chrome When prompted if you want to uninstall click YesBe sur... Read more

13 more replies
Relevance 45.92%

Ok...i have just gone through all the steps above because i have the same trojan horse, the dreaded startpage.19.j but what i have realized is after the CW Shredder takes out both about:blank and the 2nd from last problem....i restart...and they are back there....even if i scan it straight after solving the problem it is there again!! i have done a HJT file and a Shredder file to show what i have to see if you can pin pint the problem....because after a short period of time online the startpage virus comes back!!

Logfile of HijackThis v1.99.1
Scan saved at 14:04:09, on 01/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite ... Read more

Answer:Trojan Attack! HJT file + CWS file inc.

Download CW-Shredder at the link below:
http://cwshredder.net/bin/CWShredder.exe
Download http://www.derbilk.de/SpSeHjfix112.zip to the desktop and then
right click a blank part of desktop & select new folder, call it spfix
unzip the file into that folder

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage

Now run the Shredder - Hit The FIX button!

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab
Post a new log - after you get cleaned you need to get the MS Critical updates
 

3 more replies
Relevance 45.92%

Quote:

Security researchers warn about fake emails purporting to come from the Miles & More frequent flyer programme and leading users to a Zbot drive-by download website.

The rogue emails bear a subject of "ITINENERARY RECEIPT" and have their header spoofed to appears as originating from a [email protected] address.

The contained message makes use of an old social engineering trick to trigger the recipients' attention by suggesting their credit cards were charged without their knowledge.


Fake Miles & More Emails Lead to Zbot Drive-By Download - Softpedia

Answer:Fake Miles & More Emails Lead to Zbot Drive-By Download

Oh my - that's a a new reason not to collect miles at Miles & more. Torsten @ Mighty Travels - travel savings, error fares, mistake fares, rewards credit cards, hotel mistake rates

1 more replies
Relevance 45.92%

Source: http://blog.anti-virus4u.com/2015/04/fake-norton-internet-security-2016.html

The new version of Norton 2016 still not here, but there are new posts on shady websites, which offer a chance to download the new Norton Internet Security 2016.
The fake Norton Internet Security 2016 has over 9 thousand downloads, and the exact number of victims is not known. The link takes users to download unwanted software, when the site promises exclusive access to Norton Internet Security 2016 file. Even if you regret, and you no longer wish to download the file, it's still hard to cancel the download process.

So far, no one gets to download Norton Internet Security 2016, which is still in the works by symantec.
A similar website takes users to download malware under ?Norton Internet Security 2016?.

We recommend that you keep your security software up to date, and download your product only from the manufacturer's official links.
NOTE: Norton Internet Security discontinued and replaced by Norton Security.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
 

More replies
Relevance 45.92%

Hello,
I originally posted in the Am I infected forum here. Last Monday, 3/21 my ISP cox communications sent me an email stating that I may be infected with Alureon/TDSS. I called 3 times and did everything they suggested. I ran MalewareBytes, Norton Power Eraser, Microsoft Safety Scanner, TDSSKiller, and Roguekiller. Plus my usual real time scanning Antivirus- MCafee Security suite.
 
Today while on my local news website, another window suddenly opened and contained a fake adobe flash update. I noticed right away because I hadn't clicked anything and it even appeared to take me to a different website. The domain was aaliyamericanapparel.com. I immediately shut down the fake installer and pressed the back button which took me back to the news article I was reading.
 
I have 1 desktop and another laptop that needs checking. My desktop also has a seagate external harddrive connected to it which is holding my backed up photos. Here is the Farbar scan for the desktop.....
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by smithfamily (administrator) on JNK-PC (29-03-2016 11:37:12)
Running from C:\Users\smithfamily\Downloads
Loaded Profiles: smithfamily (Available Profiles: smithfamily)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-... Read more

Answer:ISP says Possible Alureon/TDSS, fake adobe flash download pop-up today

Malwarebytes scan logs
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Remediation Database, 2016.2.12.1, 2016.3.18.1,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Rootkit Database, 2016.2.8.1, 2016.3.12.1,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Domain Database, 2016.2.16.8, 2016.3.21.11,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, Malware Database, 2016.2.16.6, 2016.3.22.6,
Update, 3/22/2016 9:18 AM, SYSTEM, JNK-PC, Manual, IP Database, 2016.2.8.1, 2016.3.21.3,
Scan, 3/22/2016 9:41 AM, SYSTEM, JNK-PC, Manual, Start:3/22/2016 9:18 AM, Duration:22 min 1 sec, Threat Scan, Completed, 0 Malware Detections, 22 Non-Malware Detections,
(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 3/22/2016
Scan Time: 9:18 AM
Logfile: malwarebytes2.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.03.22.06
Rootkit Database: v2016.03.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: smithfamily
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 421701
Time Elapsed: 22 min, 1 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 1
PUP.Optional.HomePageHelper, HKU\S-1-5-21-454114346... Read more

21 more replies
Relevance 45.92%

Hi,

Hopefully someone can help me.

My laptop was recently infected with the fake anti virus pro trojan which I have managed to clear. I originally used Norton to remove the virus but after doing so was still unable to download any files from IE8.

I have run rkill and malwarebytes and they did not find any infected files.

It has definitely affected IE8 so what I presumably need to do is to re-install this (when I am able to).

Have looked through some of the other topics but still unsure what to do - I am running Windows Vista.

Thanks in advance.

Stripes

Answer:Unable to download files after fake anti virus pro trojan

Hello and welcome. please run these and see if things improve.TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, th... Read more

1 more replies
Relevance 45.51%

I am being plagued by a file called Rundll32. It slows the computer almost to a standstill. I dont know where it came from but it randomly starts running. It is in C:\WINNT\system32 so Im afraid to delete it without knowing what it is. The description says "Run a DLL as an App". The type of file says: "Application". It says its been on the computer since the begining but I never before had trouble with it! If you know definetly what to do with this file please share. If you are unsure do not tell me to delete it!
 

Answer:Run! Attack of the File!

13 more replies
Relevance 45.51%

Starting last week I noted that fake security warnings and software downloads were occurring as popups and redirected tabs in all my web browsers =
 
Firefox 33.1.1
Chrome 39.0.2117.71m
Internet Explorer 11 (rarely use it)
 
There are no other effects occurring on the computer.  In fact, I watch movies, work with multimeda, play PC games through the STEAM platform and have no problems.  Nor do I have email issues or running productivity software such as MS Outlook (email) Excel, Word, PowerPoint, Publisher, etc. etc.
 
I had Kaspersky Internet Security, but uninstalled it and installed Webroot Security Anywhere.  My current computer configuration =
 
Dell XPS8300 Desktop 
OS = Windows 7 (64Bit)
Webroot Security Anywhere
 
This issue described above continues and is not resolved or solved despite my best efforts.  In fact, I canot identify the specific program, virus, malware causing the trouble.  I have tried the below programs =
 
Ad Aware
Malwarebyes
Hitman Pro (64Bit)
RKill
Rouge Killer
Hijackthis
Combo Fix
 
Here is the current DDS.txt =
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2
Run by AKMARK5000 at 17:51:33 on 2014-11-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12270.9665 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Disab... Read more

Answer:Fake seurity warnings and download popups and redirection browser tabss

********** issue solved **********
 
I uninstalled some programs that I thought I wouldn't need or use and just uninstalled every single add-on extension in my web browsers... even if I recognized them. I then re-ran the scans that I had previously done before... made sure to use RKill in-between each scan and also reboot in-between each scan and some more Reg-entries and PUPs showed up.
 
After all that, I tested my web browsers and the issue has stopped. So, I am still not sure which program or add-on extension was the culprit, but the issue is gone. I'll have to work on reinstalling and testing each one as I go.
 
I just want to followup and remain in good standing for future incidents.
 
... issue closed.

2 more replies
Relevance 45.1%

Logfile of HijackThis v1.99.1
Scan saved at 3:56:54 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qtt... Read more

Answer:HiJackThis File - Under Attack

8 more replies
Relevance 45.1%

Hello again everyone. due to the fact that Im not comfortable reinstalling XP on my own, and my IT guy is off in Flordia for who knows how long, my computer is still its mentally ill self.

Anywho, i found this weird bunch of files in a temp folder on my computer. I cant delete them or anything. ive even tried via the cmd.exe. Even in safemode, the files are undeleteable. They also act like they are huge, GB's big. Even though they actually arent. Here are some screenshots: http://i3.tinypic.com/303fwif.jpg http://i12.tinypic.com/3z1ingy.jpg

If anyone has any sugguestions, please let me know. Also, if this is in the wrong forum, please move it for me.

Answer:Attack of the undeleteable file.

Many files can only be deleted before Windows boots. You could try a program like MoveonBoot. This marks files then removes them the next time you restart.

18 more replies
Relevance 45.1%

I have been attacked by CWS and cannot get rid of it. I found this forum and saw some threads with HijackThis log files so I downloaded HijackThis and ran it. Here is my log file:

Logfile of HijackThis v1.99.0
Scan saved at 8:51:07 PM, on 2/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\crix.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\d3xi.exe
C:\WINDOWS\System32\tibs5.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Progr... Read more

Answer:Help! CWS Attack - HijackThis Log File

6 more replies
Relevance 45.1%

Hi.

Windows 7 Pro SP1 64 bit
Intel i5 CPU @2.67 GHz
8 GB RAM

This problem just started recently or I only noticed it in the past week or so. When I'm in any application that launches the File Open dialog, including any browser's "Select File/Browse" button to choose a local file, when I select a file (even a small 1K file) from the dialog and the dialog closes, there is a 5 - 10 second delay before the app responds and either opens the file or in the case of a browser, displays the file name. In those 5-10 seconds, the app is non-responsive. In a browser, other fields on the form cannot be clicked or selected for the 5-10 second period -- then the selected filename appears on the form.

This happens in all 4 browsers I tried: Chrome 32, IE 11, Firefox 26, and Safari.

I also booted Windows in safe mode and the problem still occurred.

I also ran KingSoft Office Writer and selected File->Open and the same issue occurs after selecting the file -- there is a noticeable delay that wasn't previously there.

In a code editor (PSPad), opening a file does the same thing as well (hangs for several seconds after selecting the file).

Randomly during testing, (but probably < ~5% of the time) it doesn't delay and works properly.

I ran System File Checker and MS Security Essentials, but both turned up a clean machine.

Has anyone else experienced anything like this lately?

Thanks,
Vinnie

Answer:File Open or Choose File dialog hangs application after selection made

Figured this one out... It turns out a network attached drive was not on for some reason and I had a drive letter mapped to it. Once I turned the drive back on, the hanging symptom went away!

1 more replies
Relevance 45.1%

I was attempting to download iTune 7.5 and when I clicked the download button the appeared over my mouse arrow a windows like ikon with a red circle with a slash through it. I disconnected Zonealarm and it still happened. I tried it on my wireless laptop with vista and it downloaded fine. What's up. Thanks in advance.

Bill
 

Answer:Cannot download an application

What browser are you using?
What version Of iTunes Do you currently Have?
If you have iTunes 7+, try using the "apple Software update" that gets installed in the start Menu.
 

2 more replies
Relevance 45.1%

Why did I get a pop-up from Microsoft for "make msn my homepage?" msn.com is and has been my homepage. Scam or what. They offered to download and "run" an application.Thanks for your help.CoffeeBreakmessage edited by CoffeeBreak

More replies
Relevance 45.1%

any *.exe application file i try to download, the dialog box says you have choosen to open *.exe which is a : Binary File

Answer:when i try to download an application it is d

Not sure what you are trying to do. You want to Save the EXE without opening it ???I have not done that in awhile. But Right Click on the EXE, then click 'Save As...' or may say 'Save Link As...' or may say 'Save Link Target As ...'

3 more replies
Relevance 45.1%

HI, I got a pest from a "fake bittorrent (type) download called bycicle solitare... now my system seems slow and keeps getting itself in trouble. ie: seems to be getting a virus.

I've followed the 5 steps.

My system is a Dell, Dimension 4550, win xp Pro, P4 2.53GHz, two hard drives (C: 60 GB, D: 200 GB) drive C: is the system drive.

Do you require more information, I'm here for the looong haul.

Here are the attachments and logs that were required:

Deckard's System Scanner v20070426.43
Run by topbarhive on 2007-06-02 at 10:53:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2007-06-02 14:53:40 UTC - RP176 - Deckard's System Scanner Restore Point
60: 2007-06-01 01:49:10 UTC - RP175 - System Checkpoint
59: 2007-05-30 20:43:44 UTC - RP174 - System Checkpoint
58: 2007-05-29 14:13:24 UTC - RP173 - System Checkpoint
57: 2007-05-28 04:11:22 UTC - RP172 - System Checkpoint


-- First Restore Point --
1: 2007-03-06 01:55:06 UTC - RP116 - Removed Blaze Media Pro


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as topbarhive.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:55:13 AM, on 6/2/2007
Platform: Windows XP SP2 (WinNT... Read more

Answer:I got a pest from a "fake bittorrent (type) download called bycicle solitare...

BUMP Please

1 more replies
Relevance 45.1%

Hello,
I was given this relatively new computer used one month ago. The problems have been around since then, but I do not know how long before that the problems existed. I have Windows 8 and mainly use Chrome. I originally noticed a lot of fake Flash update popups which seem to be getting more common. Now I'm getting a lot of other ad popups (the one I'm seeing right now has this link. Also a lot of AdChoice popups that I'm not sure if they are legitimate or not but I don't get them on my other computer like I do on this one. Chrome does not show any extensions as being installed.
 
I've got WIndows Defender running and nothing else. When I did a scan using Defender nothing was found. 
 
 
The flash popup redirects me to this page (http://www.vplayer.us/download/Player/F/CA/auload.html?installer=Video_Player_for_Other_Browsers&browser_type=KHTML&dualoffer=false) and also downloads a file Setup.exe
 
These are some links from the popups I'm getting. 
 
http://www.medtech-itsupport.com/rp/?aff_id=www.bleepingcomputer.com
 
http://www.clicktrack.eu/affiliate/referral.asp?site=prospl&url=vcc/en/sp12usd/default.asp&aff_id=3213_11484_13934_56215_4_249_3-www.bleepingcomputer.com|TSCP
 
http://clicks.eyereturn.com/?tokenID=806182&click=http%3A//as.chango.com/links/click1399992305.28%3Facid%3D12045%26adid%3D299776%26atid%3D56463%26wh%3D300%26ht%3D250%26stid%3Dzdnet.com%26url%3Dhttp%253A%252F%252Fwww.zdnet.com%252F%26dom... Read more

Answer:WIndows 8, fake flash popups and "Setup.exe" download, popup ads/vids over pages

Any help is appreciated.
Thanks,
Mrmac

11 more replies
Relevance 44.69%
Question: Misleading

Hi, i like downloading music from the net frequently, and most of the time its from singingfish.com but from last week everytime i try to logn to singingfish it takes me to http://video.aol.com/, i had avg 7.5 and avg spyware (latest version) running on the sys, i ran a scan suspecting sypware but nothing came up, i replaced avgs with another software and scanned , couple of them came up but it did not solve the problem i wonder if there is anything in the registry that i can chage or delete to solve this. And also i suspect that many other sites (mostly music) arnt comimg up or have misleading links when i try to download and this has happenimng from past one week.
I apprieciate and look forward to your help.
I have o/s WinXp Prof, browser Opera 9.1, protection Bitdefender
 

Answer:Misleading

http://en.wikipedia.org/wiki/Singingfish
 

2 more replies