Computer Support Forum

Virus Removal / Spyware Removal

Question: Virus Removal / Spyware Removal

My laptop does not work properly. I think virus has attacked my laptop. How to remove virus from laptop ?

Relevance 100%
Preferred Solution: Virus Removal / Spyware Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Virus Removal / Spyware Removal

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save to your desktop then attach it to your next reply    Scan with Gmer rootkit scannerPlease download Gmer from here by clicking on the "Download EXE" Button.Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.In the right panel, you will see several boxes that have been checked. Uncheck the following ...
SectionsIAT/EATShow All ( should be unchecked by default )Leave everything else as it is.Close all other running programs as well as your Browser.Click the Scan button & wait for it to finish.Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.Save it where you can easily find it, such as your desktop.Please post the content of the ark.txt here.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

3 more replies
Relevance 87.74%

Hello Major Geeks,

I am here once again, as I can not seem to get rid of Spyware FunWeb Products.
I have ran Spybot and Adaware Ten times to no avail.
Any help greatly appreciated.
Also my son visited a web site for video game cheats and we were inundated with pop-ups and I beleive a virus or two.

I found out that my Symantec Norton Anti-Virus has expired. What is the best Anti-Virus software to purchase.
I have ran a HighJack This log entered below. All help so appreciated.
Thank you,
River

Edit by chaslang: Old version, unrequested, inline log removed
 

Answer:Spyware Removal & Virus Removal - please help

Please read the announcement and sticky threads. HJT logs should only be posted when requested and then they must be attachments to your message. Your HijackThis version is way out of date too.


Please run the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem, boot into normal mode and make sure you follow these directions:
- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

4 more replies
Relevance 80.36%

Hello,

I need some helps. The problem I'm currently having is a suspicious software called AKM Antivirus 2010 pro is automatically installed on my computer somehow...it disables everything on the computer from start running...I tried add or remove programs and it pops up alert saying it's infected...I've tried Hijack this and try to produce a log, but it couldn't start. I've also tried ComboFix and it couldn't run either, I even tried save ComboFix and rename it to Combo-Fix and run from there and it still couldn't get going.

The only thing I got going is RSIT, which I run in the safe mode and produced the following log, please take a look on the two logs I pasted. I tried ComboFix in the safe mode, but it couldn't run...

I am kinda running out of options, so please help me and let me know what I need to do now...

Thanks much!!


Info:

info.txt logfile of random's system information tool 1.04 2010-05-08 14:51:25

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Fla... Read more

Answer:Need spyware/virus/trojan removal help (AKM Antivirus 2010 pro spyware)

Alright, somehow I got HijackThis to run in the safe mode and I pasted and attached the log. I still couldn't get comboFix to run...also tried to install Kasperskey Internet Security 2010 in the safe mode, but got denied and said Administrator set rules not to run this, I guess it's the malware doing the trick...

Someone please take a look on these logs and give me some helps...

Thanks!


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:10 PM, on 5/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Thunder5.7.6.426-Lite-Final\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Thunder5.7.6.426-Li... Read more

17 more replies
Relevance 78.31%

Hi All,

I am new to this site, but need some computer advice.

I have an old HP desktop. A few months ago, my neighbor took my computer, reformatted and added more memory. He put XP on it (I had ME before - worst operating system EVER), and made my old machine run beautifully.

My wonderful, irresponsible brother stayed with my husband and I last week while my parents were on vacation. He decided to use my desktop and carelessly download all sorts of lovely things, and now my computer is giving me a lot of trouble. When I run Symantec, here are some of the threats I am getting:

Trojan Dropper
dr. smartload[1]
adware.linkmaker
adware.qoolaid
adware.zquest
adware.dollarrevenue
adware.look2me
Downloader

Thats just a small sample - I get a TON more of those adware.whatever things, a couple of things that say something like W32.Spybot, and more. I downloaded Ad-aware, ran that and deleted a bunch of things...I have run a full virus scan with Symantec SEVERAL times, but the stuff never actually deletes from my computer.

Even better - I was trying to manually remove this stuff using some instructions on the Symantec website, which instructed me to turn off my system restore option and run a virus scan in safe mode. I didn't realize what I did, but now I found out that I can't even restore my computer to how it was at an earlier date (I should have thought to do that immediately). I am currently running my virus scan in Safe Mode, and nothing has come up yet...but I kno... Read more

Answer:Spyware/virus Removal

Hello allie1105Lets try a few other anti-malware programs that will supplement your current anti-virus.Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.Download and scan with Spybot S&D 1.4. Setup & Configure as shown here.[DO NOT choose the option to install TeaTimer]Note: If you encounter any error messages while downloading the updates, manually download them from here.download and scan with Ewido Anti-Spyware v4.0 in "SAFE MODE".Print out the Ewido Install and Scan Instructions. Then perform this online Virus scan:[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]Trend Micro Housecall Scan

2 more replies
Relevance 78.31%

I did not get a extra.txt after running dss.exe. but here is my hijackthis log...

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-23 14:24:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:28 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\lphcgdaj0e5d1.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Li... Read more

Answer:Spyware/Virus removal

Bump.

19 more replies
Relevance 78.31%

Working to remove some viruses and spyware from a computer and some assistance would be appreciated. I am also trying to remove what is left of AVG I have tried uninstalling it and it just sits there and never comes up. Google gives me about 3 or four can't load profile issues on load and IE doesn't want to run at all gives all kinds of errors on load up. I have run est online scanner and sypbot search and destroy as well as installed avast, which would be a preferred anti-virus.
 

Answer:Virus/Spyware removal

16 more replies
Relevance 78.31%

here are the logs. thank you

More replies
Relevance 78.31%

Lately whenever I open a webpage I've been getting strange pop ups and a program that warns me that my computer may be infected with spyware, and then it tries to install a program on my computer. I'll try to cancel out of it and it will cause my computer to freeze up.

Norton doesn't detect that the virus is there, so I downloaded a free scan from Kaspersky and it detects three problems.

detected: adware not-a-virus:AdWare.Win32.Virtumonde.cnr File: C:\WINDOWS\system32\qomnlih.dll

detected: adware not-a-virus:AdWare.Win32.Virtumonde.bxc File: C:\WINDOWS\system32\gebyy.dll

deleted: adware not-a-virus:AdWare.Win32.Virtumonde.din File: C:\System Volume Information\_restore{00439613-6CDA-497F-BBC3-1AB1F866F71B}\RP346\A0023232.dll


I tell it to neutralize it, but when I reboot it's back again. I also ran SuperAntiSpyware that detected it but could not remove it. I also tried it in safe mode as someone had suggested, but it's still there. I read about HiJackThis and downloaded it, but I dont understand the log good enough to trust myself deleting something :confused I sent it in to have it analyzed and went to sysinfo.org to check out one of the unknown applications running, but I didn't find it listed there.

I read through the sticky post here about analyzing your hijackthis file, but I could not get any further with it. Would it be ok if I posted my file? If not is there anything else I can do? I'm pretty much stuck at this... Read more

Answer:Help with spyware, virus removal please. New to this :(

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 78.31%

I have these pop ups in IE that include heavy.com and winviruspro and my computer seems much slower, ive tried a bunch of different removals as im sure most people do and they still come, here is my HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:05 AM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Stickynotes\Stickynotes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settin... Read more

Answer:removal of spyware/virus

If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt Even if it does not find anything.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click th... Read more

3 more replies
Relevance 78.31%

When clicking links on Google searches, I get forwarded to weird pages ( to include one that says "Please take a second to help us identify click fraud"). I use Panda Global Protection 2009 for my firewall, anti-virus, etc. and it can't seem to identify nor clean this thing out. I attached a Hijackthis file report. Please help! Le5t me know if you need any more info...Oh yea, and my System Restore Log has been wiped AND periodically my Panda Anti-Virus will be de-activated...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:01:02 PM, on 10/24/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Fi... Read more

Answer:Spyware/Virus Removal

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

10 more replies
Relevance 78.31%

I have reviewed the Computer Hope Virus & Spyware section Guidelines and was wondering if this process work on a HP Pavilion dv6 Notebook PC with Windows 7 OS.

Answer:Virus and spyware removal

Yes. Everything should work.

8 more replies
Relevance 78.31%

Hey guys can someone help me out, the other day i got a virus but was too busy to fix it. The stupid virus's just won't go away, i keep getting icons on the start bar, *right side where time clock is* which keeps saying i have a virus, and i can't get rid of it. I've tried to use Spybot Search and Destroy but it still won't do anything. I tried ad-aware Se Personal but it keeps freezing during the middle of it. Some problems that occur are:Desktop keeps crashing *explorer.exe gets removed*, I have to do alt,ctrl,del and open explorer.exe again and againAlso before that nothing would work so i saw some keys i needed to put in registry which people said to use , i used them saved it as a registry and it worked.Another problem is that when i have explorer and stuff on, sometimes it randomly just goes away, and i have to start it again. And my firefox, goes extremely slowly, when i double click it, when i use it it's fine, but when i double click it i normally have to do atl,ctrl,del find firefox and put it on high or something so it can start without waiting like 5 min. Anyways i'll post the HiJack this Log, can someone please help me ... Thanks for all the help, as i know i'll be needed lots lol...Oh before i post the HiJackthis log, i just want to tell you that software's which i have right now that remove virus's and stuff are:Spybot Search and DestroyAd-aware those are the big two, so i don't have to download them, anyways here is the log:Logfile of Trend Micro HijackThis v... Read more

Answer:Virus & Spyware Removal Help!

hey i just want to say that it's getting worse and worse, i'm afraid that my computer will crash soon. Can someone please help me fast, my computer is going much worse now, it's very slow sometimes, keeps crashing, start bar/desktop keeps going away, not sure how much longer i can take this, since i have alot of work on the computer...

3 more replies
Relevance 78.31%

My laptop has recently been infected by some sort of Virus/Spyware/Trojan that Trend Micro PC-cillin and Spybot Search & Destroy both cannot detect or remove. The virus made my Windows Automatic Updates stop working and makes my browser randomly open up on its own to strange advertisement sites such as [.right-ads.com/?0[/url] and some other weird sites that aren't even found. Today something even weirder happened, my laptop speakers just randomly started playing some random noises and music from some movie, which I listened to closely and googled a quote from and found it out to be some football movie "Rudy". I can't get my speakers to stop playing the sounds, and my browser is still opening up to wierd sites on its own, as a matter of fact while i was typing this it opened tourl.adtrgt.com/cpv[/url]and now its playing some commercial for some weird products...I have absolutely no idea why this is happening, and what could possibly be causing this.Anyone have any advice on what to do? Is there any diagnostic report of any kind that could show some insight on what is wrong with my laptop?{Mod EDit: broke links to dangerous sites posted in topic~~boopme}

Answer:Virus/Spyware Removal Help

Hello and welcome. Let's get a scan ang from MBAM first...Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progre... Read more

3 more replies
Relevance 78.31%

I am experiencing "Common Files.dll" during initial start-ups and "Bad Image Errors" during Outlook start-up. Please help correct these issues.

Info is attached and zipped.

Thanks!

e-bama


DDS (Ver_09-05-14.01) - NTFSx86
Run by 410Brantley at 21:00:02.26 on Mon 06/15/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1861 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Intel\Wireless\B... Read more

Answer:Spyware/Virus Removal - PLEASE HELP!!

Hello and welcome to TSF.

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

Download ResetTeaTimerand Save it to your Desktop.
Double-click ResetTeaTimer.zip
Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
A DOS window will open and close again, this is normal.
------------------------------------------------------
Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.

===============================

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please ... Read more

2 more replies
Relevance 78.31%

Hello,I think i've got a virus or spyware on my computer. I could do with some help removing it.I've posted my hijack this log below:(Moderator edit: log post moved to HJT team forum for analysis and assistance. jgweed)Logfile of HijackThis v1.99.1Scan saved at 20:44:02, on 12/04/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\eManager\anbmServ.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\mssearchnet.exeC:\WINDOWS\system32\nvctrl.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program File... Read more

Answer:Spyware/virus Removal

Hello,First of all, you didn't unzip/extract hijackthis.. and it's still in the tempfolder.So I strongly advise to unzip/extract hijackthis.zip.Read here how to unzip/extract properly:http://metallica.geekstogo.com/xpcompressedexplanation.htmlCreate a permanent folder and move hijackthis.exe into it. The reason is because hijackthis creates backups and when it's in your temp-folder it can be accidentally deleted.How do you make a permanent folder:Click My Computer, then C:\ and then on Program Files.In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".Now you have C:\Program Files\HijackThis. Put your HijackThis.exe there.Also, it looks like you have never scanned with an antispywarescanner. I see Windows Defender present, however, I have my doubts you scanned with it. I am going to let you download, install and run another scanner as well, because I know it should get rid of most what is present.But first, perform next:Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:ISTsvc and/or IstbarRXToolBar and/or SemanticInsightp2pNetworksNotification UtilitySecurity ToolbarI also see you have Bearshare installed. I am pretty sure you installed the free version and that may explain why you also got infected, because the free version of Bearshare contains Spyware. That's why I want you to uninstall it as well.REBOOT ... Read more

4 more replies
Relevance 78.31%

help please virus & spyware removal. Also can't install Microsoft updates. logfiles attached
THANK YOU!
 

More replies
Relevance 78.31%

I used Smitfraudfix and Adaware to remove some spyware that was coming up as pcsecuresystem. Was having constant pop ups with warnings that the PC was infected. Also a virus as zlob was mentioned briefly with avg then disappeared before I told it to do anything. So, not sure if this is on here or not. I just removed Norton Security and put the AVG on here. I hope that Norton is all gone from the system now. Will be putting on ZoneAlarm tomorrow.

Here is the DSS Log:

Deckard's System Scanner v20071014.68
Run by Christina on 2007-10-25 02:34:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2007-10-25 09:34:59 UTC - RP82 - Deckard's System Scanner Restore Point
25: 2007-10-25 09:17:03 UTC - RP81 - Software Distribution Service 3.0
24: 2007-10-25 06:18:28 UTC - RP80 - Installed AVG 7.5
23: 2007-10-25 06:02:08 UTC - RP79 - Installed HP Update
22: 2007-10-25 06:02:02 UTC - RP78 - Removed HP Update


-- First Restore Point --
1: 2007-07-22 08:27:58 UTC - RP57 - System Checkpoint


Ba... Read more

Answer:Spyware and virus removal

Here are the results of the Panda Activescan. I couldn't place this in my first post for it being too long. I'll have to upload this.

19 more replies
Relevance 78.31%

I am running Windows Xp Home Sp2 and recently got rid of a couple of nasty virus's... or so i thought. Do not remember the name but they were nasty backdoor trojans. I ended up having to use bitdefender online and combofix to rid myself of them. But i found that when i rebboot my computer, something it still disabling my virus protection and file still sometimes take a long time to open. I ran kapersky online scanner and it found more than my other scan had not. Here is my kapersky log

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 20, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 20, 2009 07:48:39
Records in database: 1819939
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan statistics:
Files scanned: 125266
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 03:02:23


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Program Files\VirusRemover2008\VRM2008.exe.vir Infected: not-a-virus:FraudTool.Win32.VirusRemover.az 1
C:\WINDOWS\system32\drivers\Start2Driver.SYS I... Read more

Answer:Virus/ Spyware Removal Help

Hi wallgood358

I will need more information before I can help clean your system

Please go to this link and follow the instructions there

thank you

1 more replies
Relevance 78.31%

Hi there my name is justin i have a gateway fx6800 series although i have replaced the motherboard and gpu also added 3g's of ram.Now to my issues one is i recently discovered a virus named mscj.exe and mscjm.exe i have attempted to remove them but i was not successful i did disable mscj.exe in running process and at start up and seems to have helped a small bit with system performance. Second is it seems like i have a ton on spyware running in the background i can hear my hdd running its not to loud but noticeable compared to recent months of healthiness. I ran hijackthis and it seems to have a large list also my current running process is at 80 which seems kinda high i will post log below thank you in advance for any help Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:49:48 AM, on 4/24/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18904)Boot mode: NormalRunning processes:C:\Windows\MHotKey.exeC:\Windows\ChiFuncExt.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Pr... Read more

Answer:Virus/spyware removal help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.31%

Google Redirect Virus
I have access to installation CD's. I am a computer teacher, and have experience with spyware/virus removal, but this one is a tough. Thanks in advance.
---------------
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Rob at 9:26:51 on 2012-02-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2047.919 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Windows\System32\svchost.exe -k LPDSer... Read more

Answer:Virus Spyware Removal Help

Hello robla64 and Welcome to TSF.

My name is JonTom
Malware Logs can sometimes take a lot of time to research and interpret.
Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Please be patient with me during this time.

19 more replies
Relevance 78.31%

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU E5500 @ 2.80GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 6143 Mb
Graphics Card: NVIDIA GeForce GT 240, 1024 Mb
Hard Drives: C: Total - 939767 MB, Free - 187568 MB; E: Total - 715375 MB, Free - 12730 MB;
Motherboard: Acer, EG43M
Antivirus: Microsoft Security Essentials, Updated and Enabled

My main problem is that I have a difficult time getting a secure with the internet. I can get online but then when I need to go to a site it takes forever and sometimes it just doesn't go on at all. We have Clear for our internet service. I haven't had any antivirus protection for at least the last year so I know I have a virus. My system is way to slow for the system it is.
I am sorry I cannot be more specific because I don't ever get error messages but sometimes it will say I have a DNS problem but I was just told that Spy Hunter 4 has just made changes due to that problem. I am not sure How spyhunter 4 has loaded but they want me to buy the full version and I am not sure I should even trust them.
Should I be trusting this site. I really want to, I need someone that will honestly help and not take advantage of people like me.
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-29 18:31:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0.0... Read more

Answer:Virus Removal and Spyware

16 more replies
Relevance 78.31%

My PC has picked up a virus and malware or spyware. Can someone advise me how to get rid of them. I run Windows XP. Currently I am unable to use IE7 as it either shuts down immediately or falls into "not responding". Firefox seems to work just fine.There is an issue with the internet connection. Our default DSL network connection no longer seems to connect, throwing up a dial-up connection box. Although the PC still manages to get online via Local Area Connection/Internet Connection Gateway (both show they are connected within the Network Connections Folder). I have downloaded and run various scanners - Malawarebytes, Spybot, Superantispyware and Webroot AntiVirus with Spy Sweeper (Free trial). The Webroot software is telling me I have several spyware cookies as well as the following:Virus: Mal/FakAvJs-AAdware: CWS-AboutBlank and www.the-exit.com hijackIs there a simple way to clean these up?

Answer:Help with Virus/Spyware removal

u plz just download AVAST prof antivirus with full updates install it and scan ur system in boot time scan methodand this will take hrs according to the size of ur harddiskthnx and regards

5 more replies
Relevance 78.31%

As soon as I log on, I get Adwareplus pop ups, VaccineZERO, and several other pop ups and errors which are really irritating. I need help on getting rid of these & any virusus I may have downloaded also. I read the 1st steps on Malware removal and I am ready to begin. I need assistance really bad!!

Answer:Need SPYWARE/VIRUS REMOVAL BAD

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 77.49%

Hello,

I'm a very safe user and don't visit any shady sites or fall for phishing scams or anything like that. In the past I used to run without any sort of protection and only had an infection about once a year if that, at which point it's format time anyway so it worked well.

But now I have an itch to try something new. Thing is, I'm not the type of person to have Spybot for immunization, MSE for general security, a Comodo Firewall running, checking HiJackThis every 6 hours and Malware Bytes scan every day. Especially since I'm on a laptop and battery is important to me.

I really am looking for an all in one solution. I know it's nowhere near as good as standalones, but I'll take the risk.

So from your findings if you're into this stuff, what is the most effective program? I'm leaning towards MSE but I just read a CNET review for it and apparently is bogs down the system more than I was hoping for, as well as adding I think it was 12 seconds to bootup time.

According to AV comperatives, F-Secure is the best, with MSE coming in second. How is F-Secure on resources and how is its spyware detection?
Free and paid both accepted

Thanks in advance!
 

Answer:Best all-in-one Spyware/Adware/Virus removal?

no one thing is the best. you are already doing it right. don't change it
 

14 more replies
Relevance 77.49%

Hi everyone. Love this site. It has so much good information in one place. I am wanting to make what I am calling a toolbox for removing viruses and spyware. I see there is so many different ones on here. Is there a guide already posted or could someone tell me what I they recommended I place on a thumb drive/CD far as the most common tools to do virus removal? I sometimes get out in places without anyway of connected to the net to get info on a paticular virus but, I would like to have something that I could use that most likely would help me out. Thanks.Mod Edit:Moved to AntiVirus, Firewall and Privacy Products and Protection Methods

Answer:Virus/Spyware Removal ToolBox

Welcome to BC.Choosing a security toolkit with anti-virus, firewall and anti-malware programs is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. You may need to experiment and find the one most suitable for your use and your system. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. For more specific information to consider, please read Choosing Your Anti-virus Software and How to choose a firewall.Use trustworthy security tools like:Malwarebytes' Anti-MalwareSUPERAntiSpywareI recommend taking advantage of the Malwarebytes Anti-Malware (Pro) Protection Module in the full version which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect you... Read more

3 more replies
Relevance 77.49%

i need good spyware and virus removal programs!! my avg says viruses detected, but it dosen't do anything to delete them! does any one know why this is?

Answer:spyware/virus removal programs.

Check in my guide

1 more replies
Relevance 77.49%

DDS (Ver_09-06-26.01) - NTFSx86
Run by MUHAMMED at 21:03:40.39 on 28/Jul/09
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.3326.2552 [GMT 3:00]

AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Intel\IDU\awServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\b... Read more

Answer:Virus/Trojan/Spyware Removal

i cant open local disk c or d by double click

1 more replies
Relevance 77.49%

My computer keeps redirecting me from google, it's really slow, I keep getting random pop-ups from it just sitting here not doing anything. MBAM doesn't pick up anything, neither does SUPERanti-spyware, or avast!. none of them get anything.

Answer:Virus, maleware, spyware, and everything else removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.Download DDS:Please dow... Read more

28 more replies
Relevance 77.49%

Please help I just got a new computer and its already slower than my old one. I downloaded a file from limewire that contained all this malware and nwo i cantget rid of it. I constantly have pop ups such as Loginrevenue.com, http://ww.smashits.com/vendare.html and other free giveaways. Also my desktop changed color all the items now are highlighted blue light like i slected all of them. I ran superantispyware and norton anti virus but pop ups still happen randomly as well as my commit charge in the task manager is now constanly at 2045 where as it used to be 3-400.
Logfile of HijackThis v1.99.1
Scan saved at 1:55:23 PM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C... Read more

Answer:Help Please...Spyware, Virus, Trojan removal

Hi and welcome

Run ActiveScan online virus scan:
http://www.pandasoftware.com/products/activescan.htm

Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your Country.
Enter your State/Province.
Enter your e-mail address and click send.
Select either Home User or Company.
Click the big Scan Now button.
If it wants to install an ActiveX component allow it.
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan.
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
 

1 more replies
Relevance 77.49%

Need help in removing viruses and spywares from your computer for FREE?

PM me and I'll try my best to help you out. I'm a support engineer from a well known antivirus company and I've been working there for almost three years now. Basically, my job is to provide technical support for the company's products and of course, manually remove viruses in the event that the product failed to detect and remove such computer malware.

I can help you via email, chat and/or remote assistance. My service is FREE but if you're kind enough to drop donations via my PayPal account, that would be much appreciated. (Just like the free services you can find on online forums).

You may simply send an email with your detailed problem description to [email protected] and I'll try my best to respond as soon as possible. Once I receive your email, I'll provide you step by step instructions on how to resolve the issue(s) that you're having. Or we can set a schedule as to when we can chat via YM or AIM or schedule fo a remote assistance session based on your and my availability.

For chat schedule, I can be online from 8AM to 5Pm US Pacific Time.

::::::::::::::::::::::

Yahoo Messenger: free_virus_help
AOL Intsant Messneger: freevirushelp

::::::::::::::::::::::

We have to set a schedule because I may not always be online as I am still working as a support engineer for this antivirus company. Therefore, my priority is to provide assistance to the company's paying clients... Read more

Answer:Virus/spyware Removal Assistance

Awww, i thought this was a question. I was going to suggest format c:

3 more replies
Relevance 77.49%

I am not sure if I posted in the right are, so feel free to redirect me.

I was given a Dell Vostro 1510 laptop with Windows Vista Basic originally loaded on it but Windows XP SP3 installed via the computers company.

The user advised he could'nt open anything, I booted the computer, any double click on an icon would load a window then disapear, I removed the hard drive and placed it into a HP DV9000 and scanned with AVG, AVG removed several trojons along with various other objects (258 total objects), 48 appeared on the 2nd scan. I scanned with SpyBot Search and Destroy as well as AdAware (All up to date on the HP). I scanned with all these until I was not recieving any other faults.

I placed the hard drive back into the original computer, did a start up scan removing 78 objects, scanned AVG. I downloaded AdAware onto the computer, it installed fine, and does a basic scan but will not update, I recieve some issue about a data connection in a standard windows error window. It will not allow me to install SpyBot as I recieve the same message.

I scan with AdAware (Just the basic non update definitions)
I scan with AVG (Up to date)
I do this until I find NO issues. I attempt to access Windows Update and I am redirected to Google 90% of the time, even typing to URL in the browser redirects me to Google. I can access certian sites, however it seems any site, trusted or security related sites I am redirected.

I scan with AVG removing a few errors, this happens ove... Read more

Answer:Virus/Spyware Removal (Issues)

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

1 more replies
Relevance 77.49%

Please help! My computer has been infected with Anti-Virus-1 spyware and it is nearly unusable.

Anti-Virus-1 initially appears to be a legitimate antivirus program and claims that the computer is infected with 41 items - trojans, malware, spyware, etc. It says that it is an unregistered version, and that only the registered version has the capability to remove the infections. The registered version costs something like $59.95.

This takes over the computer by opening up an endless stream of popup windows and message bubbles, redirecting the browser to the registration website, opening what appears to be the Microsoft Windows Security Center stating that no virus protection is found, and even the little yellow bar at the top of the Internet Explorer window stating that an unregistered version of Anti-Virus-1 has been found - click here to register.

It will sometimes let you view one website, but then the next site you try to load or link you try to click will redirect you to one of their messages.

Anti-Virus-1 appears in the Windows notification area (bottom right corner near the clock) as an official-looking icon, but doesn't show up in the Add/Remove Programs list or in the Task List. It seems to disable existing antivirus software.

It is an extreme nuisance. I would appreciate any help to remove it from my computer.

Note: I'm using Windows XP Tablet Edition, Virus Scan and IE7 on a Gateway M275 tablet PC.

Thanks!

================================... Read more

Answer:Anti-Virus-1 Spyware Removal - Please Help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

19 more replies
Relevance 77.49%

Hello. I've just recently acquired some viruses and/or spyware, and don't really know too much about getting rid of them. It seems as if lately my computer has bent it's evil will on destroying me (and my bank account heh). I just finished installing a new motherboard and PSU after my previous garbage emachines PSU went out, taking the motherboard along with it. Anyway, back on topic, I have followed all of the instructions in the "READ AND RUN ME FIRST. Malware Removal Guide" thread. I think my PC seems a lot better, but I'm still getting some popups, and virus results when I scan. I just want to make sure that my computer is clean, as now I'm a little nervous logging into various accounts because one of the scan results said there was a virus that logged certain keystrokes.

I have most of the log files required...I ran into a few problems with BitDefender and PandaScan, but I have everything else. Bitdefender would do a full scan, but then after it finished it would say there was some type of error with Internet Explorer or something like that, and would close. I'm not including the log because I've run the scan at least 3 times, and it's taken a few hours each time. I just don't have the time currently to run it again. If it's really required, please let me know and I will have to try again later. On the last scan, when I got the error popup, I disabled a file which it said was causing the problem. That file wa... Read more

Answer:Virus/Spyware Removal Process

And I will include the HijackThis log with this reply.
 

11 more replies
Relevance 77.49%

Is there a bootCD that can automatically run Virus & Spyware removal tools?a la: Darik's Boot And Nuke (hard drive wipe)Ophcrack (Windows Password Cracker)If not, WHY? This seems like an obvious solution if a computer is infected, just pop in the BOOTCD and let it run. The opensource community should pick this up and run, keep it updated on a consistent basis with the latest Virus Definitions and spyware removal definitions.BTW, I am already familiar with BartPE (pain to compile) and UltimateBOOTCD (hasn't been updated since May), and these don't just run upon boot. There should be an easier solution.

Answer:BootCD - Virus & Spyware Removal

Hello BassKozz.Very good question. I don't believe there is such.If not, WHY?I don't feel there is an advantage over the products that already exist.Detection of infection does not improve from a disk (there are exceptions that I won't go into).There are dangers of a boot disk that removes infections: when Windows is not running, any file on the hard drive can be deleted. While this is good to remove tough infections, a false positive, or a driver file removed without the driver being disabled and..Just my opinion. Please give some reasons as to why you think this tool would be useful.With Regards,The panda

4 more replies
Relevance 77.49%

Hello I have a lot of malware on my pc the information boxes that pop up are telling me I have viruses that include: [email protected], PSW.x-vir and [email protected] it also pop up saying that my memory is down to 47% etc.

Would be extremely grateful if somebody could help as i have tried everything that i can and i cant seem to get rid of the virus!!

Thanks
 

Answer:Spyware trojan virus removal

7 more replies
Relevance 77.49%

I have multiple viruses on my computer. I am currently going through the steps in the "DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal" http://forums.majorgeeks.com/showthread.php?t=35175&goto=nextoldest

I have a few questions- In the following step, what do I do with the information I receive after doing the Symantec Security Check. It just lets me know I have all these viruses, but doesn't get rid of them.

b) And Windows XP, 2000, NT, ME, users boot in "safe mode with networking support" (and remain in there). See how to boot in safe mode below.
do an online scan at Trend Micro's Free Online Virus Scan
do an online scan at Symantec Security Check
run McAfee AVERT Stinger

Also, I am not able to get any updates from Symantec during the security check. I haven't been able to get updates for some time. Is that a problem in going through these steps?
Thank you.
 

More replies
Relevance 77.49%

i decided id try an help a friend get rid of a nasty virus they had. I believe that i av got most of the spyware 2. i would really appreciate it if someone could check over what i have done and tel me if ive missed anything

this is the 1st hjd log wer the laptop was infested:O
1st log
Logfile of HijackThis v1.99.1
Scan saved at 7:53:15 PM, on 3/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
... Read more

Answer:Urgent: Spyware/Virus removal

7 more replies
Relevance 77.49%

Hi my name is Angel

I was searching around a lot because I'm trying to fix my cousin's PC that was severely infected. I used AVG, Mcafee and regedit to remove everything I could find that is harmful. Here is my log file, can I please get some help to know if it is safe now? Thanks.


HTML Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:43 PM, on 12/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOW... Read more

Answer:Virus & Spyware Complete Removal Help

Please follow the instructs from this webpage (sticky):

http://www.techsupportforum.com/secu...oval-help.html

You shall have a proper set of logs for us after that. Someone shall be along shortly

* Kindly note that threads without the proper logs shall likely be ignored.

2 more replies
Relevance 77.49%

First the speed of my computer was slow and there was a Spyware warning that poped up saying "your computer is infected" and it directed me to a website for a spyware removal program (I can't remember which one) the warning came from an icon that was a red circle with a line through it that flashed to a green wheelchair which was next to the clock on my desktop, then there were pop ups when I wasn't even online for online casino and adult websites, and the Windows Intaller keeps popping up trying to intall something, it won't say what. I have done several scans to try and figure this out on my own, for everything I always updated the definitions first. I have run Norton 2006, Ewido, Ad-aware and AVG. I also downloded and ran smitRem.exe , Roguescanfix, and smitfraudfix.cmd - these were able to get rid of the infection warnings from the icon next to the clock as well as the adult website the pop-ups but the performance of my computer is very slow and the Windows Intaller keeps popping up. And now Norton keeps alerting me to a virus, it says that it deleted it, but then it pops up again saying that the same virus was found and deleted again.I ran Hijackthis, but in when in Normal mode I was not able to save the log. When I ran the scan in safe mode I was, so here it is:Logfile of HijackThis v1.99.1Scan saved at 6:50:45 PM, on 5/8/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\Syste... Read more

Answer:Virus And/or Spyware Removal Problem

Hello ees86,Welcome to Bleeping Computer I suggest you remove NewDotNet unless you deliberately installed it. It is extremely dubious and commercially sponsored:First, please open Add/Remove programs and uninstall New.Net or NewDotNet from there if listed. If it is not listed, follow these instructions:? From a computer that has Internet access, click on the following link:http://www.new.net/support/uninstall6_90.exe.? Download and save uninstall6_90.exe to the Desktop.? Go to the Desktop and double-click on uninstall6_90.exe? Click on the OK button.? After removal, you may be prompted to reboot. Please reboot even if not prompted.You should know that you're actually doing more harm than good by running 2 Anti Virus programs. ( AVG and Norton) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable the other one, and use it as an on demand only scan occasionally.Reboot your computer after the scan finishes. Report anything bad it finds, and post a new HijackThis log please. Also let me know how your computer is running.Thanks,tea

6 more replies
Relevance 77.49%

Hi I was told to start a new thread..I'm a illerate when it comes to this so please bear with me! I have cyberdefender on my system which I can't seem to get off Thanks

Answer:Virus/Trojan/Spyware Removal Help

Hello and welcome to TSF.

As you were advised, please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 77.49%

I am using Windows XP Media Center Edition and I believe that I have a virus and/or spyware on my computer, but I have no idea how to go about removing it. Can you please help? Thank you in advance.

sss12
 

Answer:Solved: Virus/Spyware Removal

16 more replies
Relevance 77.49%

I've had this "alien" in my computer since last April. I've spent over $1500 taking my computer to people getting it "cleaned", new versions of Windows, etc., can't take it anymore. He, she or it has complete control over it now. Has their own Windows, own Netscape, own everything. I can't download ANYTHING. He, she or it DESTROYS it. The last guy who really did get rid of it for a couple of days made me the user instead of the administrator. So, of course, they made themselves administrator through the network. Then, remarkably, today, I get on, and now, I am the administrator. But, I still can't do anything. I've been trying to install the internet connection firewall I saw on this website. There's no box in front of where I'm supposed to check. Or, I still wasn't in the right mode. I ran SmitFraud for the last time and here's what I got: SharedTaskScheduler's.dll, VacFix, Winsock2 Fix, GenericRenosFix, IEDFix, Agent.OMZFix, 404Fix, RK, DNS, Winlogon.system, RK.2. Before it finished, it was slashed by the alien. So nothing got fixed. All this is still on. And I don't know how to run anything anymore without it being compromised. Please help!

Answer:Spyware/Malware Removal/Virus

Welcome to BCLet's see if we can get you startedRunning this tool should allow you to complete the suggested scansPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Any time the computer restarts you will need to run the application again===========================Step2:Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click o... Read more

1 more replies
Relevance 77.49%

Hey all,

My father-in-law was complaining that his 2.5g intel PC was running slow.
I automatically thought it was spyware or a virus. He used to have McAFee but he didn't renew it after the 30 days.
So I DL'd AVG, as soon as I DL'd it it detected Trojan horse and some backdoor virus?
I ran it and it found several viruses and corrupted files. AVG fixed several corrupted files and viruses. It still has 16 corrupted files. I disabled the System Restore to see if it could fix the rest but it didn't. So I DL'd the McAFee Avert Stinger and another scanner/ repair program. I also DL'd trusty AdAware, ran it and it found tons of spyware, includint that tagent thing.
Neither did any good. Can anyone reccomend any better ones that are free?
Are the ones that cost like $29/39 garuanteed?

I remember the names of the ones that AVG detected and couldn't fix/remove were something like androa, bspy, and one other. Sorry I can't remember.

Thanks for any help!
 

Answer:Recommended for Virus and spyware removal?

Run it all again in safe boot mode. They may have been active at the timeof the scan. I used to have AVG and had to remove some things manually .
 

33 more replies
Relevance 77.49%

As per the instructions I have saved and am now posting the logs that you said I should. Thank you very much in advance for the help.SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 12/04/2011 at 02:05 PMApplication Version : 5.0.1136Core Rules Database Version : 8012Trace Rules Database Version: 5824Scan type       : Quick ScanTotal Scan Time : 00:07:50Operating System InformationWindows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)UAC On - Limited User (Administrator User)Memory items scanned      : 738Memory threats detected   : 0Registry items scanned    : 39982Registry threats detected : 0File items scanned        : 8564File threats detected     : 89Adware.Tracking Cookie   .adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]   .adbrite.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]   .pro-market.net [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]   C:\USERS\SHARON\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGKRTP05.txt [ Cookie:[email protected]/ ]   .atdmt.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CYQPTSS0.DEFAULT\COOKIES.SQLITE ]   .atdmt.com [ C:\USERS\SHARON\APPDATA\ROAMING\MOZILLA\FIR... Read more

Answer:Virus and Spyware removal logs

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Download OTL to your desktop.* Open OTL* Copy and Paste the following text in the codebox into the Custom Scans/Fixes win... Read more

8 more replies
Relevance 77.49%

I wanted to find out what some of the popular removal tools are for field use when you are working on a customers computer. I am sure that there are many methods I don't know about, if the computer is able to connect to the Internet there are many online tools, but what about that stubborn PC that has been seriously infected. Or what about the trip to a customers house or business where you don't want to spend hours trying various removal tools. I think a lot of people would benefit from this exchange of information on this subject. I for one look forward to learning something new from all of you.
 

Answer:Virus / Spyware Removal Tools

7 more replies
Relevance 77.49%

I am new to this forum and I really need help. I had these messages (still do) popping up telling me I am infected with numerous viruses. Scared me of course. Bought the update they offered for it - and now it appears to be a scam. Okay - so I will deal with the money part later. Now I can't get to the internet at all because these stupid FAKE messages about my computer being infected are blocking me. I am not that computer saavy, but I need help!

Answer:Virus/Trojan/Spyware Removal - Need ur Help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

See if this restores your internet:

For IE, go Tools > Internet Options > Connections > LAN settings, and uncheck 'Use a proxy server for your LAN' or restore your previous settings and click OK.

For Firefox, go Tools > Options > Advanced > Network > Settings, and check 'No proxy' or restore your previous settings and click OK.

------------------------------------------------------

If you still cannot connect, download the tools to a USB drive on another computer and transfer them to your desktop, then transfer the logs back here.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post/attach the logs in your next reply.

------------------------------------------------------

If you have trouble running the tools in Normal Mode, try runnin... Read more

4 more replies
Relevance 77.49%

MY COMPUTER HAS A SERIES OF PROBLEMS, MY INTERNET CONNECTION HAS BEEN DELETED AS WELL AS MY VOLUME CONTROL, I ALSO CANNOT COPY/PASTE ANYTHING, EVEN WITH CONTROL + V. MY COMPUTER HAS A SERIES OF ERROR MESSAGES.
TYPICAL MESSAGE LIKE "Win32.Banker.FSTrojan.SpyAgent.DA"
"SYSTEM CRASHED" ETC
IVE SEARCHED THIS FORUM AND FOLLOWED ADVICE SO IM ATTACHING FILES THAT ARE NEEDED TO HELP SOLVE THE PROBLEM.
OH I CANT DO SYSTEM RESTORE, CANT INSTALL NEW PROGRAMS. ITS A VIRUS FROM HELL!!!!
IM NOT EXPERT SO IF ANY MORE INFO IS NEEDED TELL ME , PLEASE HELP.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Michael Hanratty at 23:36:55.26 on 03/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: BitZipperSearch Toolbar: {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - c:\program files\bitzippersearch\tbBitZ.dll
uURLSearchHooks: Best Security Tips Toolbar: {da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\best_security_tips\tbBest.dll
mWinlogon: Userinit=c:\windows\system32\us... Read more

Answer:Virus/Trojan/Spyware Removal Help

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

2 more replies
Relevance 77.49%

I have done the needed scans such as AVG virus removal, Panda Scan, and Hijackthis.

can you help me?
 

Answer:adware/spyware virus removal

11 more replies
Relevance 77.49%

i have tried everything to remove viruses/malware from my pc. (malaware bytes mostly). we are trying a shop next? if my software cant do it, how will they be able to do it?

Answer:Virus,spyware, malware removal!!

What have you tried so far and how?

8 more replies
Relevance 77.49%

Greetings, I am new here so bare with me. I got this virus a few days ago, it kept giving me massive popups and trying to install random virus cleaning programs. I ran several scans and got rid of popups and such but my computer still runs massively slow and reboots randomly for no reason. I know its still infested and need help cleaning out my system of these bugs, ive tried everything I can think of. Some of the stuff my last virus scan cleaned(supposively) was w32 trojan, virtmundo virus, purity scan and a bunch of others i cant remember. Any help will be greatly appreciated.

Thank you in advance!
 

Answer:Popups/spyware/virus removal help!

Sorry, didnt notice the trend in other threads til now.

Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:03 PM, on 5/30/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Netropa\Traymon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Sys... Read more

2 more replies
Relevance 77.49%

today my computer has turned on me! i was on the internet and suddenly everything moves in slow-mo...the mouse the computer response everything...so i immediately logged off the internet and restarted my computer...ran ms config but didnt see a whole lot of new things (just update aol to 9.0) I have twice gotton this messege...to the effect of (titile) "we're sorry" then something about not having enough resource and to close some programs. THis was while no major programs were up and running. This is for my old IBM computer aptiva e series 190. yes it is terribly old and DOES have low rescource but we had everything wiped off except most ness. stuff for browsing etc. i use Mozilla firefox to browse, avast, ad-aware se, spybot S&D and just recently put in hijack this (for yall to PLEASE help me) and am unzip program from download.com...win.zip i think. i have logitech quickcam and Download accelerator. i've not had any problems until today other than when i tried to use too much stuff at once which was my own fault. but today i was doing my normal thing. Now the computer acts fine except took additional attempt to get on line (dial up)...but earlier when it displayed a messege and took so long to do anything (even just to open a folder) there was this weird sound like open dead air...not frm the modem part but out of my speaker...like i had recorded dead sound. PLEASE PLEASE help me..! here's my hijack log:
Logfile of HijackThis v1.99.1
Scan saved... Read more

More replies
Relevance 77.49%

hi
i run your tool in my computer and i attach to see u
thanks



DDS (Ver_09-03-16.01) - NTFSx86
Run by hq6873 at 9:47:17.94 on Sun 05/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2527.1876 [GMT 5.5:30]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS.0\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS.0\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS.0\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS.0\system32\igfxtray.exe
C:\WINDOWS.0\system32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS.0\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
... Read more

Answer:Virus/Trojan/Spyware Removal Help

Hello and welcome to TSF.

Apologies for the late response. If you still need help, please post a fresh DDS.txt as it has been a while since you posted.

Your internet explorer is set to use a proxy. Is that an intentional setting?

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies
Relevance 76.67%

 Hijack Analysis Report.txt   4.03KB
  3 downloads

Answer:My Virus,trojan,spyware and malware removal log

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

4 more replies
Relevance 76.67%

When browsing earlier today Firefox suddenly crashed and I was inundated by various warnings and error messages stating my PC was infected by various viruses and spyware and offering to sell me security software. Since then my PC has crashed 3 times as well as frozen a number of times. I have been unable to reboot using Ctrl Alt Delete and have had to switch off the PC at the socket before restarting.
I have followed the advice in the Preparation Guide and run the DDS files which are copied below.
I have also tried to run the GMER scan but the PC has frozen before completing this so I am unable to attach this log.
Thanks very much in advance for your assistance.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sally at 18:50:32.27 on 11/03/2011
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.104 [GMT 0:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prog... Read more

Answer:Virus, Trojan, spyware and malware removal

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

2 more replies
Relevance 76.67%

Im having issues with my laptop. I keep getting tons and tons of pop ups. I ran Panda and its not finding anything. Yet its scanning a little too quick so Im not sure if its even working right. I click on the Hard Drives Scan and it scans for virus' in less than 5 seconds... Its never done that before.
I have been having blue screens a lot lately & ive never had them before. When the computer restarts it says that it had a serious error and had to close or something like that...Im worried.
Can u guys help me... Please

I ran HiJack-This... Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:12 PM, on 1/6/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Microsoft IntelliPoint\dpupd... Read more

Answer:Help...Spyware/Virus Removal...& Blue Screen

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 76.67%

Web Search homepage took over....Sex icons popping up on desktop...ran spybot search and destroy and Ad-Aware SE...tried cutting and pasting log but there were too many characters...

What do I do next?

Perry
 

Answer:Solved: Virus/Spyware removal help needed...please help

14 more replies
Relevance 76.67%

I apologize if I am posting this in the wrong place, but I am not really sure where to post it. I downloaded a fake virus protection program, antivirussoft platinum, and you guys directed me to the New Instructions for Virus/Trojan/Spyware Removal thread. I backed up my documents and changed passwords, I downloaded and ran DDS, and I downloaded GMER, but when I tried to run GMER it shut my computer down, four different times. Each time my compter went to a blue screen with the message:

Stop: c000021a {Fatal System Error}
The windows Logon Process system process terminated unexpectedly with a status of 0x0000005 (0x00000000 0x00000000).
The system has been shut down.

Any idea what is going on there?

Also, please direct me to the appropriate place to post such questions so that I don't post in the wrong place next time I hit a wall.

Answer:Using Instructions for Virus/Trojan/Spyware Removal Help

Post what logs you can in your new thread (not here) and explain the situation.

I'm wondering...is gmer causing the bsod when it first starts? Did you see this part of the instructions:

Quote:




Please note:

If (and only if) there are problems using gmer as indicated above, save a scan from the initial startup scan.




Something else you may be able to try is run the scan in Safe Mode.

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account.

1 more replies
Relevance 76.67%

This may prompt a general discussion.
I try and look after some PC's for Senior Citizens on a voluntary basis. The usual complaint is that 'it has gone slow'. Inspection finds that there is some form of infection. I usually go through the process of running Avast 'Boot Scan' and then a full system scan, followed by scans with Malwarebytes, Superantispyware, Hitman Pro, AdwCleaner and JRT. I sometimes find that on completion of running the scans, to ensure the system is clean, I run them again. Problem is they keep showing some form of infection or another. I have just run these continually for three days on a laptop and still one or two show some issues. This leads me to take on a complete reformat and reinstall.
Even after this, questions arise. I ask people to back up their date before I look at their PC's. My question is, if they restore their backup, are they then not reloading possible infections?
My other question is when do you decide to give up on infection removal and go for full reformat?
Hope that's clear and would be interested in comments?

Answer:Virus, Malware, Spyware Removal. Best Way Forwards

Are any of the PC's you look after running an antivirus software programme ? Or a firewall ?
You may need to educate your Senior Citizens on running regular scans and on not just clicking 'YES' when a pop-up window appears.
CCleaner will remove many 'infections' plus do a registry clean but even that can leave a few problems.
Assume you have checked 'Task Manager' for any unwanted software running in background.
The problem is from my own experience 'you can lead a horse to water but .....'.
If you go for a full reformat you are giving yourself a great deal of extra work and the possibility of the complaint 'my PC does not look the same'.

5 more replies
Relevance 76.67%

Hi, I ran across this information in a local computer store and thought I'd share it with you all. I had many viruses and spyware in my startup. I could easily find them with hijackthis & autoruns. But nothing would stop them. I spoke with a guy at the computer store and he directed me to a website " http://www.silent-sword.com " ... Got to say this software was easy to use and has a 30 day trial. Also, it found all my bugs and disabled them from startup so I could easily remove them.
Enjoy!
 

Answer:Great program for virus and spyware removal

ironsled said:



Hi, I ran across this information in a local computer store and thought I'd share it with you all. I had many viruses and spyware in my startup. I could easily find them with hijackthis & autoruns. But nothing would stop them. I spoke with a guy at the computer store and he directed me to a website " http://www.silent-sword.com " ... Got to say this software was easy to use and has a 30 day trial. Also, it found all my bugs and disabled them from startup so I could easily remove them.
Enjoy!Click to expand...

And who do you work for?????

I see you are the only one that review the product at download.com and gave it 5 stars!

We'll wait and see on this one!
 

5 more replies
Relevance 76.67%

If you get some kind of a mass mailer or DDOS virus and its flooding you of the interwebnet, this is my manual procedure I use to clean up an infested system. I am hate waiting for the apps to do the scan (especially Norton)

The Following applies to mostly Win2k and WinXP. You can use parts of this to fix WinME and Win98. ME is just a pain tho.

First off all go disable your system restore Viruses Love to hide there...(Right Click on My computer go to properties them System Restore Tab)

Download the following software and install them and update all of them as well.

Adaware
CCleaner @ www.ccleaner.com
Spybot Search and Destroy
Beta MS Antispyware tool.. www.microsoft.com

If you don't have anti-virus you can get one from www.grisoft.com (avg7 free) Its really quite good.

Reboot into Safe mode:
1. Make sure you Unhide all system folders and files
2. Go into (x= your drive) X:\Documents and Settings\%User%\Local Settings\Temp (Delete all files)
3.Go into (x= your drive) X:\Documents and Settings\%User%\Local Settings\Temporary Internet Files\Content.ie5(I forgot this one The Brophyte remided me *Note You will not see this dir if your loged on your own profile, if your cleaning other users profile using your own account you will see it (Delete all files)
Note: I suggest that you perform this on each user, Viruses like to spread to all temp dirs on every user. If you can't see your own Temp or Temporary Internet Files Folder then type the folder n... Read more

Answer:Share your Spyware/Virus Removal Procedure!

My method is alot simpler...

1. Insert Linux CD
2. Reboot
3. Install Linux
4. Reboot
5. Update software
6. Enjoy Environment
7. Put away migraine pills




---This was a poor attempt at humor, please don't get mad at me
 

49 more replies
Relevance 76.67%

MY SEARCHES GO ELSEWHERE WHEN I SEARCH IN GOOGLE....

HERE IS THE LOG

Answer:Virus/Trojan/Spyware/Malware Removal

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 76.67%

I am getting a lot of pop ups. I ran spybot and ad aware, but this did not resolve the problem. I also ran my anti-virus (panda) scan, but some malware could not be deleted nor renamed. Any help is appreciated.

-mronederful1911

Answer:Need help with virus and spyware removal [moved from Security]

Which browser are you using? What do the popups say? Do they appear only when you visit certain sites or all the time? What details do you have for the malware that "could not be deleted nor renamed"?

Please follow the instructions here (5 pages) and then post all the requested logs in a new thread here for the security analysts to look at. If you have any trouble running any of the scans, leave them and move onto the next.

The security forum is always busy, so please be patient and you will receive a reply as soon as possible. If you go to Thread Tools > Subscribe at the top of your new thread you will receive an email as soon as a reply is posted.

12 more replies
Relevance 76.67%

This is my Panda Activescan report:

Incident Status Location

Spyware:spyware/whazit Not disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:adware/tubby Not disinfected C:\WINDOWS\SYSTEM32\MTC.ini
Dialer:dialer.yz Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\Ole32ws.inf
Adware:adware/sahagent Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\sporder_.dll
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/twain-tech Not disinfected C:\WINDOWS\satmat.ini
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM32\FLEOK
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Erick Kuhlmann.D71KJQ21\Application Data\Lycos
Adware:adware/cws.searchmeup Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MYWAYTOOLBAR.SETTINGSPLUGIN
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Erick Kuhlmann.D71KJQ21\Desktop\Unused Desktop Shortcuts\HsFix\HSFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Erick Kuhlmann.D71KJQ21\My Documents\Computer stuff\HSFix.zip[Process.exe]
Adware:Adware/IST.YourSiteBar Not disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\F70869DA-A89A-4FD1-A76A-4C5996.asq
Spyware:Spyware/Apropos Not disinfe... Read more

Answer:Solved: PLEASE HELP with removal of dialers, virus and other spyware

12 more replies
Relevance 76.67%

I did it - the dreaded mistake of opening an email attachment that I thought was safe. It brought a virus I am guessing. Have done avg scan/adaware scan/ca frontier scan (from my isp) to no avail. Getting constant things coming up saying my computer is at risk and I have a virus blah blah blah - cannot make them stop. Any ideas or tips would be appreciated. Need the computer for work TONIGHT LOL - Thanks :)

Answer:virus/malware/spyware removal warnings

http://www.techsupportforum.com/secu...oval-help.html

4 more replies
Relevance 76.67%

This week I contracted the winreanimator trojan onto my computer. I kept getting a red X in my system tray telling me to download some software. I used Malwarebytes Anti-malware, spybot-search & destroy and also created a HijackThis log. I'll go ahead and post it here. The problem with my internet is that my download speeds are still the same as before about 150kb/s but when browsing from page to page it is extremely slow. I have DSL and and I don't know whether this is significant or not but my bytes sent compared to my bytes received is like 1 to 4. i.e 800,000 sent to 3,400,000 bytes received.

This is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:34 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Network Associate... Read more

Answer:Slow internet after spyware and virus removal

bump
 

1 more replies
Relevance 76.67%

ive tried every virus and spyware removal program that ive looked up but it only finds viruses first time around. norton keeps blocking atatacks thankfully but its starting to bug me.

also, spybot finds Win32.Delf.uc but cannot remove and when i retry in safe mode when ive come back on my norton security if down.

can someone please help me sort this.

heres a HiJackThis report

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 00:20:54, on 18/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\lxdxcoms.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Fi... Read more

Answer:Tried every virus and spyware removal programs but still have infection

16 more replies
Relevance 76.67%

Hello,

I am seeking help removing a Trojan virus on my computer. The virus pops-up through Windows Defender and is called "TrojanDownloader:Win32/Renos.IO. I did the necessary steps..Here they are..


DDS (Ver_09-05-14.01) - NTFSx86
Run by Adem at 1:14:47.27 on Sat 06/13/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3581.2072 [GMT 3:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Window... Read more

Answer:Virus/Trojan/Spyware Removal Help NEEDED

Hello

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

7 more replies
Relevance 76.67%

Specs:
IBM R40 Notebook
MS Win XPP w/Serv. pk 1
Intel Pent M 1.3
597MHz
256MB RAM
40GB Hard Drive

Internet Providers:
AOL
Comcast Broadband


Good evening,
I am having problems with Malware and its apparent effects on my computer. I currently am running the latest McAfee AV (provided by AOL) with auto updates, as well as Zone Alarm (v 5.5 - free download version). I get random alerts with attempts to access my computer by .exe programs and .dll applications. Such examples include "xmlfont.exe, xmlanti.exe, dbdns.exe", etc. I have followed all suggested steps in the "How to: Spyware, Trojan and Virus Removal" guide, and I still have the following noticeable problems:
a.) I cannot access the following websites via my IE browser (using my Comcast Broadband wireless connection)
- google.com
- 53.com (Fifth Third Bank)
b.) I cannot access 53.com on either IE nor via my AOL web browser (although I can access google through the AOL browser)

c.) when I restart/turn off my computer, a warning message pops up saying " 'odbcras.exe - DLL INTIIALIZATION FAILED' The application failed to inizitialize..."

I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.

Thanks for your help!

bmontana
 

Answer:Malware/Spyware/virus help - already done How to removal guide...

bmontana said:



I have run the Killbox program, and have a log file created. I know it says not to post unless asked, so let me know if you would like me to send as attatchment.Click to expand...

I believe you mean you have run HijackThis and created a log, not Killbox.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
 

46 more replies
Relevance 76.67%

Hello Everyone. New to this forum, been reading it for a few days and couldn't find anything on what I'm about to ask.

First let me thank everyone who gives of their time helping others.

A lot of us have an older computer sitting around. The question is about setting up this box to use in cleaning our computers.
Can a machine be set up to accept the hard drive from an infected computer for cleaning? Does Ad-Aware/SpyBot/etc. need to be running on the infected machine; or will
they work on the drive from another, infected computer?

What tools would you install on the cleaning machine? Would you allow the cleaning machine to go online - Housecall, etc? Or keep it completely offline?

What other question did I neglect to ask?

Thanks for reading this.

Answer:Dedicated Spyware/virus Removal Machine

Or not...

1 more replies
Relevance 76.67%

Hope someone can help me. I have been having difficulty with pop ups. I continued to delete all from my settings but 5 or 6 continued to be allowed even after adjusting my settings on the blocker. I recently had a blue screen and my desktop picture was replaced with a message that said my computer was infected.

Defender showed the following problems
trojan downloader win 32 renos
trojan downloader win 32 fakeinit

HELP!!

DDS (Ver_09-07-30.01) - NTFSx86
Run by LMARROQU at 19:42:28.20 on Wed 08/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.441 [GMT -5:00]

FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {C6006F4C-6C52-4E30-B523-2A0EC8F8E1BE}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {E1C0E6F4-4206-4A34-8264-A9E870042813}
FW: Trend Micro OfficeScan Enterprise Client Firewall *enabled* {9BB28EB7-00CD-4C18-96B0-A546F5F862B7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctalogd.exe
C:\Program Files\Cisco Systems\CiscoTrustAgent\ctad.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Syn... Read more

Answer:Virus/Trojan/Spyware Removal Help-logs

Hello...I haven't heard from anyone yet. I wanted to add more information.
Defender continues to say I have trojan win 32 fakeinit and renos even after being removed.

Trend Microsoft was able to clean or delete the following files after another scan for
Virus name:
Cryp_Zbot-2
TROJ_INJECT.ANY
HTMLSCRIP.AA

Hope this can assist you to help me solve this bug.

Appreciate any help you can give me!!

Lily

I have these sites that continue to show up on my pop up blocker settings that I think allow advertisements to pop up. I delete all and they continue to show up.

ads.arcade-hq.com
ads.quixsurf.com
ox.arcade-hq.com
www.arcadehq.com
www.arcade-hq.com

How can I permanently block them??

1 more replies
Relevance 76.67%

I am having alot of trouble. I had psw.x-vir and i ran some spyware and stuff now everthing is really slow and desktop picture is gone please help
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:33 AM, on 2/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5... Read more

Answer:Running Really Slow After Virus And Spyware Removal!! Help

http://forums.techguy.org/malware-removal-hijackthis-logs/682367-computer-so-slow-takes-30-a.html

Hi and welcome. Please DO NOT repost for the same problem. Please review the VERY FIRST post in this forum for the proper methods of getting assistance.
 

1 more replies
Relevance 76.67%

While browsing the net a online virus removal ad pops up, prompting that I click it (while exluding access to all my other tabs until I either click it or ctrl-alt-del firefox, which is what I've been doing). How do I get rid of this? I'd appreciate the help thanks.

Answer:Virus Removal Spyware that Hijacks my Browser

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 76.67%

Whats up first time poster to this site just looking for some help with this menacing virus which is attacking my computer. The vundofix found an infected system file but was unable to delete live or on reboot. The following is my hijackthis log and combo fix log. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:42:19 PM, on 10/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\pirdelmy.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\winshow.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\WINDOWS\?icrosoft.NET\m?hta.exeC:\PROGRA~1\PANICW~1\POP-UP~1\... Read more

Answer:Outerinfo Fake Spyware Removal Virus

Hi miamifan22 and Welcome to the Bleeping Computer!Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallAfter posting those logs,please consider these free options for some Antivirus and Firewall Software to help secure that machine. Avira AntiVir PersonalEdition ClassicandZone Alarm Free

3 more replies
Relevance 76.67%

Yesterday I went to my cousin's house to fix their computer. I noticed that the AVG free I had installed was no longer on the computer. I found that strange. Well after running Malwarebytes, SuperAntiSpyware and Trojan Remover I got rid of quite a few malware and trojan viruses. However after trying to install AVG free again I can't get past an error and it won't allow me to install it. I have tried 4 times to do it and same thing everytime. I get a pop up from ZoneAlarm firewall saying stub.exe is trying to access the internet. If I deny this then AVG hangs up and won't connect to install. If I allow this it connects then asks me if I wanna download the free version or 30 day trial of a paid version but then a box pops with an error code. I cannot get past this error code to install. I assume it is the stub.exe preventing me from installing AVG. I have looked up stub.exe and there isn't alot on this topic. It appears it is a virus but I am not quite sure. What should I do? I was gonna try to do a system restore but will that affect the router recently installed? What should I do to get AVG to work. I really do not wanna reformat this computer again after only 3 months. Thanks.
 

Answer:Cant install AVG free after virus and spyware removal

12 more replies
Relevance 76.67%

I seem to have run into a mutating virus/malware/spyware. After trying 5 or 6 anti virus programs it seems to be popping back up on the computer. It seems to be tamed to a point now where it seems only to be giving some pop up ads when surfing however not all functions of the computer are acting as they should. A few instances:

- I'm trying to remove a trial version of a virus scanner and before it removes it seems to undue the uninstall
- it is taking an unusually long time to power down when I choose that option
- it is not displaying the task box when I depress CTRL, ALT, & DEL key
- seems to work with Firefox but when attempting to run IE it hijacks the searches to some other site of its choosing
- I have Firefox set to save the downloaded file until I decide to remove it from the display box but it is not functioning like that anymore
- some tasks which used to run rather quickly now seem to take a fairly long time

I did some reading on how to go about posting for help so here are the files that were requested with this post:

DDS.TXT


DDS (Ver_09-02-01.01) - NTFSx86
Run by The Parente's at 16:20:11.20 on 18/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.2941.1561 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Mic... Read more

Answer:Help requested for malware/virus/spyware removal

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

It appears that you have three antivirus programs installed and/or running, avast!, AVG, and Norton 360. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the others via Add or Remove Programs in your Contro... Read more

19 more replies
Relevance 76.67%

I am not sure if this exists or if it has been asked before, but I was wondering if there was a live Linux CD out there, which could boot up into Linux and then be able to scan a hard drive for Windows Virus / Spyware. Sometimes Viruses make a computer virtually unbootable into Windows, so it would be amazing if you could pop in a live linux cd which would load the software into memory, update the virus/spyware definitions from the connected network (if connected), and then perform & remove virus / spyware from the attached hard drive that is running Windows. Is there anything like this out there today? Thanks.

SuperG
 

Answer:Live Linux - Virus / Spyware Removal?

It should be possible in theory. The problem is, you only have a few "good" AVs for Linux, and they all cost money. The free ones I've seen are total crap.

To be honest, a virus that effective is pretty damn rare, and you're better off using an imaging program like Acronis to back up your drives every few days, and if anything catastrophic happens, you can get yourself back in action within an hour.

OR, if you're using XP or Vista 32, a sandboxing program like Returnil or Sandboxie would prevent something like that from EVER happening in the first place.
 

7 more replies
Relevance 76.67%

HP Compaq Desktop SR1925AN Win OS XP Media Centre SP3Zone alarm Security suite version 8.0.400.020The following anomilaties noticed- disk defragment will not run on C partition, worked on the D partition . Error just reads "Disk defragmentor could not start"- Antivirus/spyware updates download error, no other info given,so will not update the virus or spyware files- Malwarebytes will not open, tried renaming Mbam,but still nothing happens- Superantispyware will not download- HijackThis will not run,again tried renaming and nothing happensSo I have been able to perform the following:-checked Add/remove programs for suspicious looking programs-Run Ccleaner-updated Java, removed old versionsRun ZASS deep scan for both virus and spyware, 3 virus's quarantined, and a number of spywares rated low removed.Volume C has 21% free space, was worse but have removed a number of unused programs and filesHave run Secunia and updated anything required.I'm after some help please on what to try next, particulary as I can't run any of the malware detection programs in the recommended list at the start of this topic.I'm guessing that the systen is still heavily infectedThanks

Answer:Virus/spyware removal tools blocked

I have now managed to run HiJackThis in safe mode by renaming it as suggested in do this first.This is the logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 5:20:23 PM, on 10/09/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\sniper.exe.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=64&bd=PRESARIO&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=64&bd=PRESARIO&pf=desktopR1 - HKLM\... Read more

13 more replies
Relevance 76.26%

Hi Guys,
Recently I have gone through a serious virus which is not catchable by updated anti-virus symantec 14 october 2009.
When i put my pendrive, the system shows autorun.inf deleted. But the underlying virus,
autorunme.exe exists in location Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe.

Even I delete this virus, this gets automatically generated by itself or recreates itself.
autorunme.exe is not the actual virus, but it is just a duplicate.

Then actual underlying virus which triggers autorunme.exe is SERVCE.EXE
Note SERVCE.EXE is not service.exe or services.exe. It is new named SERVCE.EXE

Manual removal autorunme.exe process:
After connecting your pendrives, when it shows the file RECYCLER in hidden state,Open your task manager and end the process SERVCE.EXE

Now delete the entries Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe , Drive:/RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\desktop.ini and Drive:/autorun.inf.
They will not recreate now.

Then open C:/WINDOWS and find SERVCE.EXE and to be on safe side just make a local copy of file to some other place and delete SERVCE.EXE

Now even if you restart your computer, since SERVCE.EXE is not running at start up of system, the system is safe and manual removal of virus is complete.

SERVCE.EXE is the actual culprit. http://static.techguy.org/smilies/biggrin.gif
 

More replies
Relevance 75.85%

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.Please refrain from running tools or applying updates other than those w... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

2 more replies
Relevance 75.85%

hye,i just downloaded the combofix and run it. and now, i really need help on what to do next. here's the log:ComboFix 10-05-03.06 - zahidah 05/04/2010 23:21:00.1.2 - x86Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.766.287 [GMT 8:00]Running from: c:\users\zahidah\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkc:\users\Public\mds.sysc:\users\Public\mdt.sysc:\users\Public\winbrd.jpg.((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 ))))))))))))))))))))))))))))))).2010-05-04 15:30 . 2010-05-04 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp2010-05-04 10:50 . 2009-12-14 09:52 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe2010-05-02 15:27 . 2010-05-02 15:27 -------- d-----w- c:\users\zahidah\AppData\Local\Yahoo!2010-05-02 03:37 . 2010-05-02 03:37 3280 ------w- C:\bootsqm.dat2010-05-01 02:18 . 2010-05-01 02:18 -------- d-----w- c:\users\zahidah\AppData\Local\Diagnostics2010-04-30 04:41 . 2010-04-30 04:52 -------- d-----w- c:\users\zahidah\AppData\Local\Ares2010-04-30 04:15 . 2010-04-30 04:15 -------- d-----w- c:\program files ... Read more

Answer:Beginners for virus,trojan,spyware and malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 75.85%

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Download random's system information tool (RSIT) by random/random from here... Read more

Answer:Infected virus, trojan , spyware , and malware removal

Thank you for your response.... here are the following logsLog:Logfile of random's system information tool 1.06 (written by random/random)Run by User at 2010-03-09 10:36:20Microsoft Windows XP Home Edition Service Pack 3System drive C: has 142 GB (93%) free of 153 GBTotal RAM: 510 MB (8% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:36:45 AM, on 3/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exeC:\Program Files\Apoint\Apoin... Read more

33 more replies
Relevance 75.85%

Previous topic

http://www.techsupportforum.com/secu...ease-help.html

Please help with the remaining steps in cleaning my computer. ComboFix.txt log listed below.

THANKS!


ComboFix 09-06-21.01 - 410Brantley 06/22/2009 10:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2279 [GMT -5:00]
Running from: c:\documents and settings\410brantley\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\410brantley\Application Data\mllntuec
c:\documents and settings\410brantley\Local Settings\Application Data\mllntuec
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\NetworkService\Application Data\mllntuec
c:\documents and settings\NetworkService\Local Settings\Application Data\mllntuec
c:\program files\Common
c:\recycler\S-1-5-21-1233931459-2918598142-4291659859-1005
c:\recycler\S-1-5-21-703021747-2940346758-2480081977-500
c:\windows\system32\drivers\pdmpdpgu.sys
c:\windows\system32\drivers\wjuzuyas.sys
c:\windows\system32\gkbqdlu.dll
c:\windows\system32\spkdmqm.dll
c:\windows\Tasks\At1.job
c:\documents and settings\410brantley\Application Data\mllntuec\profiles.ini
c:\documents and settings\410brantley\Application Data\mllntuec\P... Read more

Answer:Spyware/Virus Removal (cont'd from previous thread)

Hello -

As amateur noted in the initial reply you received, this forum is very busy. Three days seems like plenty to return a reply. If there are extenuating circumstances which might prevent a reply in that time, it's a good idea to let the volunteer know, as we all only take on a certain amount of active topics. This then prevents us from helping someone else during that time period.

Please try to complete these steps more promptly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

ComboFix seems to have done a good job.


Open NOTEPAD.exe and copy/paste the text in the codebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

c:\windows\Rnojetasoyuy.bin
c:\windows\Kfawocub.dat
c:\windows\mdgmemsg.dll
c:\windows\sh32df.dll
c:\windows\iforobif.dll
c:\windows\mdgxdl.dll
c:\windows\ukegajekumibol.dll
c:\windows\cmp320n.dll

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to ... Read more

4 more replies
Relevance 75.85%

I need to know what the best free spyware/virus scans is that I could run in or out of windows or online that will remove the spyware/viruses. Any help would be greatly appreciated.
 

Answer:What is the best free spyware/virus removal scans or software.

A combo of Avast! Home Edition and SUPERAntispyware is what i use and recommend, btw, both are freeware
 

9 more replies
Relevance 75.85%

I made it as far as step 2. start-->run-->services.msc I got a box that said

Program error
mmc.exe has generated errors and will be closed by windows. you must restart the program.

Then there is a "cancel" box.

It does this with every program I ttry to run, except internet explorer.

Please help.
 

Answer:Re: DO NOT POST UNTIL YOU HAVE READ THIS: How to: Spyware, Trojan And Virus Removal

Just skip step #2 for the time being. Pick up at #3 and finish them as best you can.
 

1 more replies
Relevance 75.85%

I had my account to starcraft 2 hacked and obvious whant it back. The email account i used with sc2 was my msn account and i've noticed that it also been hacked (spam has been sent from it). When i contacted Blizzard they told me to follow the instructions on the following page: hxxp://forums.wow-europe.com/thread.html?topicId=5383442401&sid=1

I have now done step 1-6 on that list.

Have not noticed any other problems besides the one described above.

I dont have access to a Windows Install disc, or a Boot CD.

Thank you for helping me!


DDS (Ver_10-03-17.01) - NTFSX64
Run by Marcus at 18:27:00,81 on 2010-08-28
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.46.1053.18.4091.2696 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\Syst... Read more

Answer:1st time user using your Virus/Trojan/Spyware Removal Help

BUMP, please

1 more replies
Relevance 75.85%

I'm having several problems and believe they are virus/trojan/spyware related.

1) Recently my Symantec anti-virus auto-protect has been automatically disabling itself. I enable it and seconds later it becomes disabled.

2) My Windows automatic updates are disabled and when I try to turn on automatic updates I get a security center message:

"We're sorry. The security center could not change your automatic update settings. To try changing these settings yourself, go to System in Control Panel. On the automatic updates tab, select Automatic (recommended), and then click OK."

When I go to Control Panel and then System, the Automatic Updates tab already has Automatic selected.

3) Whenever I restart my computer I get the same message that appears after you change startup/boot/services settings in msconfig and restart your computer.

4) I have no system restore points even though I know I had some a couple weeks ago.

Attached is my hijackthis log and my combofix log. I ran hijackthis first and then combofix.

I appreciate your time and want to thank you in advance. Normally, I can Google whatever problem I'm having and fix it myself, either by deleting something from the registry, or running a tool I find online, but this is causing me a lot of grief.

Below is what I got from DSS. I also have a combofix log and a hijackthis log.

Thanks,
Jason


DDS (Ver_09-03-16.01) - FAT32x86
Run by Jason Shay at 20:46:08.23 on Wed 05/06/2009
Internet Explorer: 6.0.290... Read more

Answer:virus/trojan/spyware removal help needed have logs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 75.85%

OS: XP Home, SP3

A trojan infected my PC, Windows Defender tried to remove it but it couldn't. I rebooted my computer and my desktop background had been changed. It said: 'WARNING you are in danger of spyware...' etc. Now the only program executable is this 'spyware removal tool' that tells me I must register to mend all the 'infected' files. Every single executable file on my PC has been infected, conveniently, except this one program meaning that I cannot run IE, Word, Windows Defender and every other piece of software on my PC.

It is obviously a virus and has rendered my PC useless. Please can someone help me to remove this virus as I desperately need full funtionality of my computer.

I cannot reinstall windows at the boot stage as my CD-ROM drive is broken, so that isn't an option!

Any help is gratefully accepted. Thank you.

P.S I am posting this via another PC before you ask as I cannot use IE or any other executable file.
 

Answer:VIRUS has infected PC posing as spyware removal software

Do you know the name of the Trojan?

Can you access Task Manager via CTRL-ALT-DELETE?

What happens when you try to go in via safe mode?

Is there a CD/DVD drive you can borrow from the computer you are using now? It would only be for a few hours.

Did you make restore points?
 

2 more replies
Relevance 75.85%

Can someone help me stop this from happening. At startup after reaching the desktop error messages pop up. The messages all say the same thing, "couldn't find path/file". They aren't anything that I recognize. I just removed a bunch of spyware/viruses, nothing is showing up with the AVG and SAS scan. Yet these .dll files are trying to launch at startup. The .dll files are:

elgpnxel.dll
wfszsjsv.dll
bfugfcbp.dll

Any help with this matter would be appreciated.

Answer:Error Dialog At Start Up After Virus/spyware Removal

This is not an uncommon occurance after malware removal. Windows is trying to run the program but iywas the malware that is now removed. So now you have a broken path to those dll's. You need to remove this registry entry so Windows stops searching for the file when it loads. Using this tool should clear that up.Please download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click HERE if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.

3 more replies
Relevance 75.85%

 ark.log   4.38KB
  4 downloads
 Attach.txt   15.9KB
  5 downloadsHello, I am requesting help with getting my computer rid of some pesky files I had on it. Last week I starting getting pop ups that said my pc was infected - blah, blah, blah to make a long story short I learned I had accepted (I assume) the av security suite program - (no idea how or where - perhaps allowing someone else to use it could be the culprit - since it lol)anyways, I read a few articles on how to find the files and remove them - problem is I didnt fully understand some of it and I think I messed things up because I have started to recieve error messages when I boot up something I have never had before and now it seems I cant use my printer which never gave me problems before. One of the error messages I got upon boot up after removing files that day was "Cant find script file" C:\users\monica~1\Appdata\local\temp\prpl_clean.vbs - I suspect this is from a file associated with bellsouth accelarator however an internet search for prpl_clean.vbs returned nothing except a website that the search engine claimed was a risky site so I didnt dare click on the link. Another error message I am getting says trayctl.exe - Unable to locate component - this application has failed to start because psystray.pyd was not found. Re-installing the application may fix this problem - I believe this probably concerns my printer - right? However I believe when I was dele... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

11 more replies
Relevance 75.85%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 12:32:35.75 on Fri 04/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1789.899 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program... Read more

Answer:Virus, Trojan, Spyware, and Malware Removal Logs

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 75.85%

I posted logs and request for help 4 days ago in Virus, Trojan, Spyware, and Malware Removal Logs. I know the time is 5 days BUT am a little worried. Hundreds of other topics since I posted seemed to get picked up and get attention and fixing, while mine sits there unattended.
 
I don't understand how this works--is there an assignment process for that forum? Or do volunteers just pick what they want? Did I not write a "cool" enough description and title? Or use certain buzzwords???
 
Will it get looked at by tomorrow? What do I do if it doesn't? Is there some poor person who goes back and cleans up all the ones not looked at. Delete and re-post with keywords that get attention?
 
 I don't see the process to get helped for sure, and I do see some other poor little requests like mine that aren't being helped scattered in among those getting lots of attention.
 
Thanks for help and perspective!  

Answer:Will I eventually really get help in Virus, Trojan, Spyware, & Malware Removal?

Hello grfWhile we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help members with malware issues. Although our Malware Response Team work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.New and more devious malware infections are released almost daily. It then takes time for our Team to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Not all staff members have access to or are familiar with every type of operating system version...some may only have Windows XP as they cannot afford to upgrade while others may only have Vista or Windows 7.Although we try to take logs in order (starting with the oldest) but it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skil... Read more

3 more replies