Computer Support Forum

Need Help With Malware Removal

Question: Need Help With Malware Removal

I'm currently enrolled in the Malware Training Program, but my brother brought his machine that he says has a virus.  He cannot access the internet.  I've already had to wipe this machine for him once because of a very nasty virus.  I'm hoping someone can help me get rid of whatever is ailing it now.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19298  BrowserJavaVersion: 1.6.0_30
Run by Chris at 13:34:42 on 2013-05-25
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1763 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080506
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080506
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe"  /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [MotoCast] "c:\program files\motorola mobility\motocast\MotoLauncher.lnk"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\chris\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://cabinetstogo.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{38D253E0-B96D-4342-A944-60A6070B444E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6A54D737-AFBB-45B7-B1A7-8ECE6A52F569} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{74E3391A-3346-4BDB-86C3-F1E162F4D766} : DHCPNameServer = 75.75.75.75 75.75.76.76
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\k9i5ei9k.default\
FF - prefs.js: browser.search.selectedEngine - Xfinity
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/?cid=insDate03272012
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - ExtSQL: !HIDDEN! 2011-04-04 12:19; [email protected]; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2011-4-4 21728]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-26 176128]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\lite\NServiceEntry.exe [2012-6-5 87400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-22 655944]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2012-6-4 116632]
R2 PST Service;PST Service;c:\program files\motorola\motforwarddaemon\ForwardDaemon.exe [2012-6-15 65657]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-2-20 2253688]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2011-5-26 826896]
R2 WSWNA3100;WSWNA3100;c:\program files\netgear\wna3100\WifiSvc.exe [2011-4-4 278528]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-22 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh6.sys [2009-11-6 699896]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-6 30192]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2011-4-4 50704]
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0;PCDSRVC{E9D79540-57D5953E-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2012-8-17 22640]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
.
============= FINISH: 13:35:35.89 ===============
 
 

Relevance 100%
Preferred Solution: Need Help With Malware Removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Need Help With Malware Removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Try this and see if the internet is restored.Click the button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.at the cursor type:ipconfig /flushdns <-- (A space between g and / is needed)repeat withipconfig /renewThen hit Enter, type Exit, hit the Enter key.You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilegehttp://www.mydigitallife.info/2007/02/17/how-to-open-elevated-command-prompt-with-administrator-privileges-in-windows-vista/<<<>>>Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe and follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt Note: Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please paste the logs in your next reply DO NOT ATTACH THEM.Let me know what problem persists.

9 more replies
Relevance 47.56%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 47.56%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 47.15%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 46.33%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 46.33%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 46.33%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 46.33%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 46.33%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 46.33%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 45.92%

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

Answer:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Relevance 45.92%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.51%

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

Answer:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 45.51%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 45.51%

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says &quot;The server at topsearchfeed.com is taking too long to respond&quot; For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

Answer:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

2 more replies
Relevance 45.51%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 45.51%

I was surfing the web today and I believe I clicked on a pop up by mistake when I shouldn't have. Avira then blew up with Malware alerts and I knew I had a problem...

I did a virus scan and it removed the detections found but when I did a restart they were back again. Also, the virus seems to move itself around to other .exe files. I found it had infected moviemaker.exe so I manually deleted the file as I don't need it but as soon as I emptied my recycle bin the moviemaker.exe file returned back to its original folder.

I'm afraid something really nasty has infected me. Avira is detecting it as a W32/Infector.Gen2 and Maleware Bytes is detecting 2 Malware.Packer.Gen files.

I went through the Read Me First steps on this site and preformed everything it asked. However, I was unable to uninstall my previous JAVA (ver 19) and was not able to install the newest version of JAVA. Both gave me errors that the installation program wasn't working.

I'm attaching the logs here. Can anyone help me get rid of whatever is infecting my machine? I would really appreciate the help!
 

Answer:HELP-Requested Malware Removal (Infector.Gen2 / Malware Pacger Gen)

Here is the 5th log.
 

6 more replies
Relevance 45.1%

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

Answer:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

0 more replies
Relevance 45.1%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 45.1%

Had a machine in riddle with viruses which we duly cleaned up and removed without incident. Uninstalled the applications one at a time, restarting each time it was required and all was good.

After removing the last app (dont ask me which one it was I cant rememebr) the machine no longer starts.

It's boot cycling but once we disable automatic restart on system failure it brings up a STOP 24 error.

Have booted to puppy linux and examined the hard drive (which is SATA btw) and the data seems intact so we can assume, physically at least, that the drive is good.

Booting to an XP CD and attempting to access the recovery console to run chkdsk /r and it appears the drive is either not detected or is empty (the latter we know not to be the case)

Boot to an X CD to attempt a repair install and it tells me there is no hard drive present.

Check the BIOS and the drive is detected properly. swap the hard drive for a SATA CD and it detects the CD without issue which makes me thing the SATA controller must be functioning too.

Now it seems that the this single disk system has some kind of RAID configured on it according to the boot screens. My next step would be to remove the RAID but I'm concerned it might format the drive. Is this likely? It has an ASUS A8R-MX/S motherboard but the info I get from their site is a little vague.

Am I on the right track with the RAID thing or way off base, help me folks its driving me nuts.
 

More replies
Relevance 45.1%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 45.1%

Please find attached the logs from the scans in the Windows XP Cleaning Procedures. I followed the Cleaning Procedures but still have a problem. The problems can be pinpointed to yesterday when I surfed to a web site without having an up-to-date Anti-Virus definition files. Before I knew it, I had an infected machine.
There seems to be 2 problems.

(1) After restarting the computer, Windows File Protection gives following message.

Windows File Protection
Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Profession CD2 now.

I have Dell OEM Windows XP Media Center 2005 installed on my Dell Dimension 5150/E510. Problem is, Dell has a Windows XP re-installation CD but Dell states there is no 'CD2'.

(2) I keep getting pop ups every time Internet Explorer is open. The pop ups occur on their own.

Hopeful you can help me to fix the problem. :confused
Thanks,
Ankur

p.s. Please note, the AVG Anti-spyware log is not attached because it was not generated by the tool. I scanned my computer using Trend Micro (after updating virus definition files) and I can provide the logs if you need.
 

Answer:Malware problem not fixed with Malware Removal instructions

Welcome to Major Geeks!

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
Java 2 Runtime Environment, SE v1.4.2_03

Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: (no name) - {3F7BDD0B-0462-4F19-8B87-54D83601B87C} - C:\WINDOWS\system32\mlljg.dll
O2 - BHO: (no name) - {B8AFD866-6B8B-490E-DA2E-39E671810F96} - C:\WINDOWS\system32\mknamps.dll (file missing)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

Extract avenger.exe from the Zip file and save it to your desktop
Run avenger.exe by double-clicking on it.
Check the 'Input script manually' box.
Click on the magnifying glass icon.
Copy everything in the Quote box below, and paste it in the box that opens:




Files to delete:
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\mlljg.exe
C:\WINDOWS\system3... Read more

9 more replies
Relevance 45.1%

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Answer:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

5 more replies
Relevance 44.28%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 44.28%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 44.28%

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

More replies
Relevance 44.28%

About a week ago, I noticed that when running Internet Explorer www.google.com that clicking on a website would take me to an add instead of the website. If I clicked back and clicked on the website again, it would correctly go to the website.

A day or two before noticing this issue I had upgraded to AVG 8.0 Free and had installed the latest Firefox version.

I am running a Windows XP Professional SP2, Intel Pentium 2.8 GHz.

I ran the instructions at forums.majorgeeks.com/showthread.php?t=35407 and am still experiencing the same issue as described above.

Any help would be greatly appreciated! This is the first forum I've ever posted to so be patient!

Thanks,
Deb
 

Answer:Malware - Exists after running MalWare Removal

This is the last of the Malware log files.

Thanks again!
Deb
 

2 more replies
Relevance 44.28%

Hiya

Im running XP, avg detected trojans, the first one it got rid of, the second one Generic13.ATHP it could only remove it partially, apparently located in in c:\windows\system32\svchost.exe

Started the Malware Removal Process as recommended, SuperAntiSpyware wouldnt install, so I changed the filename, and it has installed but when I attempt to run it I get an error message -

SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience

The same happens with any other malware/spyware removal program, Spybot S&D, Malwarebytes etc...

Is there anything I can do to fix this?

Thankyou!
 

Answer:malware halps/malware removal not running

Hi again,

also tried doing this (as seen in another thread)

Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

* Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
* Then search for TDSSserv.sys
* Let me know if you find this or not.
* If you do find it, right click on it, and select Disable. Do not try to uninstall it.
* Also if this is found and you disable it, then reboot and see if you can run the cleaning procedure and attach the requested logs.


but the device mentioned is not present (although there are a few that have error "!" things next to them, but 30 or so others.

:confused have no idea if any of this will help you lovely helper person, but i guess im just trying...
 

2 more replies
Relevance 44.28%

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

Answer:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 43.05%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 42.23%

My computer recently became infected. At first, my taskmanager and regedit were locked. Next, my desktop background was locked. I fixed these problems, but continue to be bombarded with malware in my running processes which regenerate upon rebooting. Eventually, I could not startup Windows. Once the Windows loading page was finished, my computer would restart. I upgraded to XP Pro, can now log on, but still have malware. Please help! Thanks for your time!
 

Answer:completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have malware

Re: completed steps in "READ & RUN ME FIRST MALWARE REMOVAL GUIDE" and still have mal

Here is my MGTools.zip log. Thanks in advance for your help. Any addition info needed please let me know. Take care.
 

4 more replies
Relevance 42.23%

I have followed recommended protocols to suceessfully remove the "Trovi" malware from my computer.
But have one minor problem.
The virus removal programs successfully removed the malware programs, as the program no longer runs on my computer.
But the malware appears to have left code in the windows startup directing the computer to run files which are now no longer present on my computer.
Problem is that this causes the following Windows Popup box "Run DLL" to come up , before any other windows startup programs run.

The Pop up box contains the following wording"

" There was a problem starting
C:\Users\LESTER\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
The specified module could not be found."

Does anyone have any suggestions on how to get rid of the code lines in start up that lead to the popup box, so that it will no longer occur at computer start up.

Thanks.
Lester
 

Answer:Trovi Malware - "Run DLL" pop up box remains on windows startup after malware removal

Follow this thread and attach requested reports

http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 41.41%

I ran the steps in the Malware removal guide, i haven't seen any new pop-ups, but i noticed that there were a few problems that bitdefender could not fix, and my laptop is still running slow.

I am running windows XP, and will attach all logs.

Thank you in advance for all you assistance.
 

Answer:ran all the steps in "Read & Run Me First malware removal guide," still have malware

Re: ran all the steps in "Read & Run Me First malware removal guide," still have malw

Here are the last three logs.
 

10 more replies
Relevance 41%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 40.18%

I have access to windows install disc.


DDS (Ver_10-03-17.01) - NTFSx86
Run by owner at 11:39:20.39 on Thu 23/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3316.2248 [GMT 10:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k im... Read more

Answer:malware removal help

Scan With RootKitUnHooker
Please Download Rootkit Unhooker Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

19 more replies
Relevance 40.18%

Hi there,
Once again I need help

I'm attaching all the logs except Root Repeal, I got two errors while running that utility and attached them both in a word document.

Thanks in advance for your help,

Leah
 

Answer:Need help with malware removal

Here is the last log.
 

8 more replies
Relevance 40.18%

Hello everyone,
I recently was infected with the following malware that I cannot seem to remove from my computer. I tried removing it with AVG antivirus and malwarebytes, and some were removed, but some cannot be, and now my computer turns to a blue screen when I try to boot it up (unless in safe mode). The following viruses were detected with AVG antivirus program, and are said to be located in the recycle bin:
 
Trojan horse generic32.cemu
Trojan horse generic29.AJGE
Luhe.sirefef.A
Luhe.sirefef.A
 
Thank you for all of your help!
 

Answer:Please help with malware removal!

Hello chillinatbu! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems.Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions. STEP 1 Please download RogueKiller and save to the desktop.Close all windows and browsersRight-click the program and select 'Run as Administrator'Press the scan button.A report opens on the desktop named - RKreport.txt Please post it in your next reply.STEP 2 Please download Junction.zip and save it to your desktop.Unzip it and put junction.exe in the Windows directory (C:\Windows).Press the Windows Logo in the bottom left corner of your screen.In the box, enter notepad and press Enter.Navi... Read more

3 more replies
Relevance 40.18%

Need help! Both IE and Chrome are being redirected. Both DDS and Attach files are attached to this post.

Answer:Help with Malware Removal

DDS File Output...
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Michong at 12:41:56 on 2013-05-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4093.1747 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\Ap... Read more

12 more replies
Relevance 40.18%
Question: Malware Removal

Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.
 

Answer:Malware Removal

Jag5050 said:



Hi all! Its unbelivable the things that are out on the internet that can be annoying to say the least. The only thing that worked for me was to just do a system restore. Take your computer back in time a few days before the spyware imbedded itself into your registry. It works, believe me.Click to expand...

This doesn't work in every case because sometimes your restore points holds the infection. The best way to remove it is to never get it. The best way to never get it is to surf safely, keep windows up-to-date, have an updated antivirus and firewall installed.

How to Protect yourself from malware!
 

1 more replies
Relevance 40.18%
Question: Malware removal

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.Please run the following tools in the order listed.Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please c... Read more

Answer:Malware removal

heres the log from aswMBRaswMBR version 0.9.8.986 Copyright© 2011 AVAST SoftwareRun date: 2011-09-16 15:52:24-----------------------------15:52:24.822 OS Version: Windows x64 6.1.7600 15:52:24.822 Number of processors: 4 586 0x50315:52:24.823 ComputerName: VANCE-PC UserName: Vance15:52:28.263 Initialize success15:52:49.834 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-515:52:49.837 Disk 0 Vendor: ST31000528AS CC3E Size: 953869MB BusType: 315:52:49.840 Device \Driver\atapi -> MajorFunction fffffa8003e305c015:52:51.843 Disk 0 MBR read successfully15:52:51.844 Disk 0 MBR scan15:52:51.844 Disk 0 Windows 7 default MBR code found via API15:52:51.844 Disk 0 unknown MBR code15:52:51.845 Disk 0 MBR hidden15:52:51.845 Disk 0 MBR [possible unknown [email protected]] **ROOTKIT**15:52:51.846 Disk 0 trace - called modules:15:52:51.847 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003e305c0]<<15:52:51.848 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80035d4060]15:52:51.848 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80032d2520]15:52:51.848 5 ACPI.sys[fffff88000fa3781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80032d1060]15:52:51.850 \Driver\atapi[0xfffffa80035429b0] -> IRP_MJ_CREATE -> 0xfffffa8003e305c015:52:51.851 S... Read more

9 more replies
Relevance 40.18%
Question: Malware removal

I have gotten quite the infection from behaving badly... lesson learned but now I would greatly appreciate some help saving my machine.

After several attempts I have completed the four scans, in normal mode, after following the steps to clean up the machine (add, remove / java, etc)

The machine is behaving much better but it still will not allow a browser to stay on a site like trend micro long enough to perform a housecall scan, the browser will just close (firefox, chrome and IE) I am also getting an application error message box that chooses what seems to be a random program (it program changes almost each time the error appears) the error reads that the instruction at "0x7c910193" referenced memory at "0x5030570e" the memory could not be "written" sometimes the error references an inability to "read"... in all cases if you click OK or Cancel the machine will crash, if you move the window to the side and continue the machine will continue to operate. I had to completely remove Mcafee to get the machine to perform the scans so I currently have no virus protection, I am not connected to the internet with that machine and I don't want to install anything new until someone a lot smarter that I can weigh in on the logs.

Any help would be greatly appreciated I have been going on this for about 48 hours.

Thanks
 

Answer:Malware removal

Some of your issues may not be malware related, but lets do this:

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
o If it is not on your Desktop, the below will not work.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
c:\windows\exitwx.exe
c:\windows\system32\wuyamoba.exe
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\wuyamoba.exe
C:\WINDOWS\system32\vawabodi

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the prvevious file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Combo.
 

5 more replies
Relevance 40.18%

Hello,

For about the last week I have been getting a lot of pop-ups, sometimes several per minute. Spy-bot and Spy Sweeper both identified and removed virtumonde several times, but the pop-ups continued. For the last two days they have not found virtumonde or anything other than cookies - but the popups continue. I also frequently receive warnings from SpyBot about system changes being attempted (even when I'm not downloading anything), and once I got a warning from Symantec that the page I was on (which was my main Yahoo page) had characteristics of a phishing page.

I followed the requested five-step process except I was unable to download Panda ActiveScan (I did not receive registration instructions even though I tried it twice with two different e-mail addresses), and I have left Norton, Spy Sweeper, and SpyBot enabled.

I have pasted the Deckard's main text below and attached the extra text.

Thank you for your help.

Rod Smith

Deckard's System Scanner v20071014.68
Run by Roderick Smith on 2008-07-05 17:21:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-07-06 00:22:01 UTC - RP1188 - Deckard's System Scanner Restore Point
86: 2008-07-05 23:54:41 UTC - RP1187 - Software Distribution Service 3.0
85: ... Read more

Answer:Need malware removal help

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Combofix
We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that ComboFix is saved directly to your desktop**

Please ensure you read this guide carefully and install the Recovery Console. This will help us restore your system in the event of a serious crash. It's very simple to complete and will only take a few moments. A quick guide is detailed below.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See here for a... Read more

19 more replies
Relevance 40.18%

Well, where to start. My computer has been getting progressively more problematic the last few months. I can't specifically remember where or how it started. The earliest symptoms I remember are applications taking anywhere from one to 4 minutes to open, or just timing out completely. I would have to create tabs in my browsers and never close them to avoid this. This went on for a while, and every now and then it would clear up and act fine. After that my computer, namely the internet, started to lag constantly. Just recently it began to lag so bad that I couldn't load any pages without waiting up to 5 minutes. So I began to run some cleaners, CCleaner and MBAM. This resulted in my computer getting worse. Firefox would no longer open, so I had to uninstall it. Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on. I attempted the windows XP cleaning procedure in the sticky. SAS wasn't able to run at first so I ran it last when it allowed me to. My registry at first wouldn't allow me to edit, for a while my computer had created a separate administrator account. Both of these are fixed for now. Firefox is still not opening, my automatic updates are still not allowing me to turn them on. Some things are still lagging. Thank you for taking the time to read this.
 

Answer:Please help with malware removal

Welcome to Major Geeks!





Axsca said:





Explorer kept giving me multiple pop-ups, so I uninstalled it.. although unsuccessfully. Automatic updates are turned off, unable to turn them on.Click to expand...

You should NEVER attempt to uninstall Internet Explore (which is not the same thing as Explorer). You need Internet Explorer or you will not be able to get all of your Windows Updates and will not be able to access many websites that require it. Attempting to uninstall could break your ability to get updates.

Uninstalling these programs would not help you anyway. The infections are the source of your problems and the infections need to be removed, not IE or FireFox. Your Windows Operating System files are infected and this can be problematic to remove. The first thing you should do is backup important personal data since the act of trying to fix these kinds of infections could cause your PC to become unbootable. Do not backup any executable type file since they may be infected.

We will have to perform your fixes in stages to avoid make your PC unbootbable. So the below is only the first step. It is not a complete fix. From now on do not run anything except what we ask you to run. Do not download or install anything but what we request. Once we finish your malware removal you will be free to do what you wish.

You are way out of date with your version of SUPERAntiSpyware.
Please uninstall your current version (this is neces... Read more

13 more replies
Relevance 40.18%
Question: Malware Removal

I am using a Win 7 64bit laptop. My Norton 360 expired last month and only now I renewed it. Before I renewed it, my computer started showing malware activities. My AbBlock did not work, audio plays (either online or offline) did not give sounds after about a minute, downloaded unintentional programs etc. I ran a full scan from Norton 360 but still I those issues.
Thank you.
 

Answer:Malware Removal

Hello, YACwade

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and then attach the requested logs to your next reply when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a diffe... Read more

14 more replies
Relevance 40.18%

I was directed to post this from this threadhttp://www.bleepingcomputer.com/forums/t/333614/problem/GMER didn't work because I am running on a 64bit windows 7.DDS (Ver_10-03-17.01) - NTFSX64 Run by Juan at 19:07:51.48 on Fri 07/30/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.1440 [GMT -4:00]AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\WTouch\WTouchService.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\SYSTEM32\WISPTIS.EXEC:\Program Files\Trend Micro\BM\TMBMSRV.exeC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Windows\SysWOW64\svchost.exe -k AkamaiC:\Program Files (x86)\Bonjour\mDN... Read more

Answer:DDS Log for malware removal

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

8 more replies
Relevance 40.18%

Ok, I'm an idiot and have learned my lesson. I tried to download (what I believed to be) a keygen program from the Internet.

I can download Malware Bytes but I can't run the program (even when I download/install in safe mode).

I tried downloading Super Antispyware but I can't get past the download link in Internet Explorer (I get a 'page not found').

I'm sure I have been infected with something.

Can you please provide me some needed direction? Would greatly appreciate it.

Thanks!
Angela
 

Answer:Help with malware removal?

Welcome to Major Geeks!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.

TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid addtional delay in gettin... Read more

1 more replies
Relevance 40.18%
Question: Malware removal

Hi all!
First of all... Hello!
My name is António and I'm from Portugal.

After this introduction here goes my problem:

I was severely attacked by a rootkit that ended up messing all of my computer (running XP, SP3)
Searched the web for all possible solutions regarding "Bagle" and "Virtumundo" (showed up in scans)
Used allready: Combofix, Vundofix, Malwarebite's Anti-Malware, Dr. Web Live CD, RegRun6 and, after everything looked "aparently" normal, was able to run online scans from Kaspersky, Bitedefenders, Symantec, and Panda. All came clear.

In this final step (I hope!), just need a confirmation on my HJThis log, from you expert guys, to be sure the "ugly bug" went REALLY away.

Finally, I'm currently running "Spyware Doctor with Antivirus" (full version) and PCTools Firewall (offered with Spyware Dr).

==========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:11, on 16-01-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.ex... Read more

More replies
Relevance 40.18%

have tryed steps 1-8 in "preperation guide", none of the steps seem to have worked as described. for example dd.scr is being called infected by the malware on my machine and its execution is being blocked. likewise with defogger and firewall settings. is there another way or perhaps stronger software? the infected machine has been isolated from network and internet connections (unplugged) OS: Windows XP Pro, version unknown and not accessable due to malware control of machinemalware points to "ANTIVIR Solution Pro" any help will be welcome thank youikan

Answer:malware ? removal ?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

3 more replies
Relevance 40.18%

According to AdAware, I have win32.trojandownloader.agent on my computer. I tried to quaranteen/remove through adaware, but of course it continues to come back. Also, I ran Norton Antivirus and they found and "resolved" the issue, but I am not sure if it is truly gone. So I thought I'd be safe and check to make sure. What should be my first step? Thanks for anyones help in advance. Just nervous about using anything sensitive on my computer now (viewing any type of statement, entering passwords, etc)
 

Answer:Help with Malware removal

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 40.18%

I had a serious infestation of trojans, adware, and other issues after downloading a file from a trusted website in which I have been a member of for several years. I am running Vista 32-bit and I followed everything on the "Read and Run First" sticky post for my OS.

I am now down to a message when Windows starts up that says something like "Error loading d3dpwi.dll. Module could not be found." I don't recognize this driver and I'm assuming that there is still something dirty in the registry that is trying to call on this driver.

The only other thing is the mysterious appearance of 2 "desktop.ini" files, in hidden mode, that are now on my desktop. They showed up after I ran the malware programs listed on this site.

Also, I couldn't get RootRepeal or ComboFix to work. RootRepeal would crash after a while and ComboFix caused my computer to crash with the blue screen of death, twice. To be honest though, I made the assumption that all was right with msconfig. Then, out of curiosity, I checked it and found that the Startup Selection was set to "Selective Startup" with all options checked.

So, what do you think? How do I get rid of that message at startup? Do you still want to see the files, or should I start the process over?
 

Answer:Almost There: Malware Removal

Please attach the logs you have.
 

3 more replies
Relevance 40.18%

here are my logs from the removal process

View attachment HitmanPro_20150116_1946.log



View attachment TDSSKiller.3.0.0.42_16.01.2015_18.16.25_log.txt



View attachment mblog.txt



View attachment RKReport.txt



View attachment history.txt
 

Answer:Help with malware removal

Still need the log from running MGTools.exe -> C:\MGLogs.zip.
 

14 more replies
Relevance 40.18%
Question: Malware removal

Okay, gang, the computer illiterate is back. I have voices doing commercials coming from my computer even when I'm offline. I assume it's some sort of Malware. I bought and DL McAfee, but I can't get it to either scan or open. It says it updated and I needed to reboot, which I did. But nothing is happening. Any ideas how to get the program to work?

Answer:Malware removal

No guarantees it will solve ALL your problems.
However, for malware removal, nothing is better than Malwarebytes, in my opinon.
Here is the link to download.
Scroll down to the bottom and Download the Free version first and run it.
If you like it , you can buy the Premium version later.
I use the free version for at least 3 years now. It works great for me.

https://www.malwarebytes.org/antimal..._medium=social

Adding.....................
Malwarebytes is probably only the 1st of many other steps to solve your problems.
You might have inadvertently installed something pretty bad.
I am no expert on this subject matter.
My contribution to your query stops here.

16 more replies
Relevance 40.18%

Hello I am new to these forums. I HAVE read and followed the "generic" steps to getting rid of adware/spyware etc, but are still in need of some help. This all started with my Norton Antivirus picking up a virus called "Downloader", which it deleted but kept picking up backup files of that virus. I ran all of the neccesary programs listed in the forum post and im pretty sure SpyBot - Search and Destro y got rid of that one for good. Anyways, I used BitDefender, Panda ActiveScan, and HijackThis and have the logs attached. Bitdefender picked something up which I do not know what it is but it says it was deleted.

"BehavesLike:Win32.ExplorerHijack" <--- From Bitdefender log.

Panda Active Scan picked up 8 listings, but 5 of those were Internet Explorer cookies (I have been using Firefox for a while and have now switched all users to using Firefox as the default). I followed all the procedures for preparing the logs. Hopefully someone can get this fixed for me
 

Answer:Malware Removal Help!

Sorry double post but after browsing the forums for a while I noticed I had the same additional problem as someone else. When Internet Explorer opens it redirects me to |www.syssecuritysite.com| I don't use Internet Explorer anymore but this seems to be a problem so I will post.

Thanks in advance!
 

7 more replies
Relevance 40.18%

computer running really slow, white line at bootup. Zone Alarm does not pickup anything.

Heres my Log. Somethings up and I cant figure it out.

Thanks for your expertise!
 

Answer:Malware Removal, Which One do I need?

Re: Malware Removal, Which One do I need now?

i ran all of the stickies before i posted my log. some didnt want to run completely and computer would go blank. Am i missing something that I need run that is not listed here?
 

2 more replies
Relevance 40.18%

Hello all,

I have a problem on a friend's computer. I am usually pretty good at "rooting out" malware and recovering -- pun intended-- but unfortunately this one is beyond me. I was able to get AVAST installed on the machine and run a scan, but it crashed out when it got to what I believe is a rootkit. Although the malware blocked Avast eventually, Avast was able to schedule a scan on reboot... this scan successfully discovered and deleted the first two of the following three discoveries:

Min32:MalOB-EM [Cryp]
Java:Agent-KN[Expl]
Win32:Sirefef-O[Rtk]

I think Sirefef-O is the big problem; even on the reboot scan the computer crashed when deleting the infected Sirefef-O file. I also think it is hidden/buried in the RECYCLER part of the C:Drive.

The network and several services are disabled on the computer with the problem in both safemode with networking, and normal mode.

Malwarebytes, Avast, and HijackThis all run and were blocked upon discovery of the malware. I am no longer able to run, rename, copy, or delete these anti-malware files or the folders in which they reside. Even as Administrator, I do not have permission: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I have run Defogger, dds.scr, and GMER as Administrator in safemode with networking... the log files are posted below.

Thank you for any assistance you can provide on this issue.
DDS (Ver_2011-08-... Read more

Answer:Malware Removal Log

Has working AII topic here they requsted to stay in.

http://www.bleepingcomputer.com/forums/topic423180.html/page__gopid__2438671#entry2438671

1 more replies
Relevance 40.18%

Hello,

I performed the malware removal instructions but I believe I still have malware. It isn't as bad as before (website redirection) but I've noticed that just about every website I go to still has highlighted links on certain words that link to some website. I've attached the logs for you.

Thank you for all your help.
 

Answer:Please help with malware removal

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\Spencer\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-138681602-465770297-215592984-1002[...]\Run : SearchProtect (C:\Users\Spencer\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND
[TASK][SUSP PATH] Updater21804.exe : C:\Users\Spencer\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [-] -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Do not reboot your computer yet.

Now run Hitman and have it fix everything it found, including the PUP's.

Reboot and rescan with both RogueKiller and Hitman and attach those logs as well.
 

5 more replies
Relevance 40.18%
Question: Malware removal

Hi
I am new to this forum so I am really hoping for some help )

I managed to pick up the latest Personal Shield Pro Malware and have so far spent the best part of two days trying to sort out my PC.

So far I have managed to get the malware to think I have paid for it so it doesn't keep popping up. I have run malwarebytes and AVG (for good measure).

My initial problem was that I only had a balck screen with a flashing _ top left but, eventually, managed to boot from the XP CD. With this forums help I have managed to get to the recovery mode and now I am completely lost.

Any help would be sooooooo much appreciated.

Mot44

Answer:Malware removal

Hi Forum

I'm not sure how to let you know I have decided to call in an expert to sort out my PC as I use it for work.

Hope this post is the right thing to do.

Great site and really appreciate that people give their time voluntarily so really needed to let you know.

Many thanks
Linda

2 more replies
Relevance 40.18%

Hi there everyone. I am prettty new to the whole Hijack this scene but I have a family friends computer that I was given to fix, and I am looking for a spot of help.
The computer uses Dial-up Internet via PeoplesPC (???) I will try to include as much information as I can but I will probably forget to include something

The issue - The computer will not let you access the internet via a web browser even though it connects to a working network.

What I have already done - I installed AVG and ran a full virus scan on the computer and also a full computer comandline check in Safe Mode. It doesn't seem to be working as right after it says it has quarantined/ move to vault, the problems just keep showing up on a rescan.

I also tried to do a windows update but it kicked it back telling me that certain services were missing, ie the Windows Update Service and some other services

I have included in this a Log I generated Via HijackThis, followed by a DDS Log (I suppose this may help?) and a RootReal log
Computer specs -

Dell Inspiron 6000
Microsoft Windows XP - Media Center Edition - Version 2002 - Service Pack 3
Intel Pentium M Processor 1.73GHZ
504MB Ram

Here is the HijackThis log that was generated when I scanned it -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:12 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32... Read more

Answer:Malware Removal Help

Here are the DDS and RootRepeal Logs (wouldn't let me fit em in with the original report)
DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 19:55:07.35 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.109 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\PeoplePC\ISP6300\Browser\Bartshel.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Upd... Read more

2 more replies
Relevance 40.18%
Question: Malware removal

I have had some malware on my Dell Inspiron laptop for a few weeks now, but non of the anti spyware software you suggest comes up with anything wrong.
The problem is, the sound volume goes down or is muted and it tries to access 'my documents' and tries to 'log off'.
I have tried all the steps on the website, but non of the have seemed to resolve the problem.
Can somebody help me remove this nasty critter.

Regards
David
 

Answer:Malware removal

Welcome to Major Geeks!

You need to attach the below logs which were also requested whether they find anything or not. We do not ask for a HijackThis log. Please attach the logs from the below scans:
SUPERAntiSpyware
Malwarebytes
MGtools
Also note that your problems may not be due to malware.
 

7 more replies
Relevance 40.18%

I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it said not all files could be removed and then the... Read more

Answer:Malware Removal - Help!

ncaione1 said:





I have had my computer for four years and never ever had problem - I perform regular maintenance and I am careful when surfing.

However, yesterday I was surfing several sites using tab browsing and I believe it was a guitar tab site that I clicked on by accident that downloaded a virus to my system before I could close it.

Suddenly some sort of rogue program popped up on my screen and began scanning all my files and my system went crazy so I shut it down manually. Next thing I knew I had the blue screen of death on restart.

I rebooted the computer in safe mode and looked around and found at least one system file called "ndisio.exe" that looked to be causing problems.

I performed the "Read & run Me First" malware removal guide and then proceeded to the Windows Cleaning for XP.

I had a few issues with my internet after running SUPERAntispyware but I reset winsock and repeated this after each program and it is fine.

My system seems to be running almost normal but I am concerned that I may have missed something since I am an complete amateur in this area

I am posting the logs from each of the four programs. I hope I did everything right.

Also, I could not locate my "folder Options" in my control settings to change my viewing of hidden files which is odd because I have changed them before. Not sure why this is.

I also ran Malwarebytes twice because the first time it sa... Read more

13 more replies
Relevance 40.18%

Hi,

I am new to this forum and would appreciate help in getting rid of a malware on my computer. My Dell Dimension 8400 (Pentium4) running XP and loaded with Norton Internet Security 2007 seems to have been infected. Initially the internet connectivity and computer processing slowed down and there was a periodic popup message indicating that the computer is infected and copies are being made of my files. Clicking the popup took me to a site where AVS system care offered downloads to correct the problem. I did not use the downloads and ran the Norton full scan on my machine. It picked up a few files / trojans and removed them. But the problems persists (except the popup) and the NIS scan does not help further. Reading some of the threads on this website I realized I probably have a AVS System Care trojan. At this time the system and internet works off an on and I do not have access to task manager. I would appreciate any help I can get to remove this malware and be rid of the problems.

The Hijackthis log file is attached below for reference.

Thanks. Kb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:01 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchos... Read more

Answer:Need help with Malware removal

16 more replies
Relevance 40.18%
Question: Malware Removal

Here is a great guide on removing malware.
Malware Removal Guide for Windows
I know that there are several members who really appreciate this information.

This is for your own persnal use. Lets not take a chance with the OPs computer; lets contact Jacee or Corrine in case of questions about Malware infestation.

Source Bill2

Answer:Malware Removal

Rich very good I like this one a lot, lots of info but if someone has to use this they should also get the advice of Jacee or someone on the forum to guide them through the process (First).

Thank you.

Tom

15 more replies
Relevance 40.18%

Hello,

The problem I have is that when I use google or any other search engine and get results (on Firefox and IE) and then I click the link in search results I get routed to another website trying to sell me something. When typing the website directly in I t works normally. ALso, I am having problems loading Google Chrome..it won't load on my computer. Lastly I get error messages saying Google Loader encountered and errort adn must close (or something like that). ANy help is appreciated.

Answer:Malware Removal Help

Sorry see the copied and pasted txt file below.
DDS (Ver_09-03-16.01) - NTFSx86
Run by keith johnson at 14:34:45.23 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1297 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12&#... Read more

4 more replies
Relevance 40.18%
Question: Malware removal

Can anyone find anything harmful on the attached logs? Bitedefender came up with nothing wrong.

Thank you.
 

Answer:Malware removal

Welcome to MGs!

Did you miss step 0 of the READ & RUN ME?

I see Need2Find in your Panda log and also your HJT log shows Weather Bug. These are both in included in the list of programs to uninstall. Let me know if you find them in Add/Remove programs. Need2Find may not be there.

Is your version of Spy Sweeper a paid version? Is it up to date (what version and reference file is it)?
Have you run a full system scan with it? Please attach a log from Spy Sweeper after running a full scan?
 

10 more replies
Relevance 40.18%
Question: Malware Removal

Hello, my computer is running improperly and it seems to be seriously infected. Please help :cry


Thank You, Eric
 

Answer:Malware Removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 40.18%
Question: malware removal!

Hi,
Cleaning an infected computer where the owner likes to use gambling software. :/
Just wanting to make sure everything is clean. Thanks in advance!
-jt
 

Answer:malware removal!

There is a bunch more to remove.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ecc745e1000000000000944452706ded
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=ecc745e1000000000000944452706ded
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25503
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV0.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: (no name) - {5C... Read more

5 more replies
Relevance 40.18%
Question: Malware Removal

Working on malware removal
I can hear ads running in hidden web browser process.
Task Manager does not show the processes, but scans by other tools (hijackthis and GMER) show them.
GMER scan is running and shows 4 hidden iexplore.exe processes running.

Here is the DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by chazemery at 7:53:10 on 2012-09-08
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3071.1346 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: AVG Anti-Virus Free *Disabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: AVG Anti-Virus Free *Disabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"C:\Windows\system32\svchost.exe"
"C:\Windows\system32\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32�... Read more

Answer:Malware Removal

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.Please do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e... Read more

3 more replies
Relevance 40.18%
Question: malware removal

The OTL log is included but the computer would not allow me to run aswMBR log.
 

Answer:malware removal

Hi and welcome to the MALWARE TIPS forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessita... Read more

9 more replies
Relevance 40.18%

Hi!I have followed instructions to delete temp files and have run Spybot. Most of the found problems in Spybot could not be fixed. Please see hijackThis log below. Appreciate any help. Logfile of HijackThis v1.99.1Scan saved at 7:42:01 p.m., on 18/01/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\vso\mcshield.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeC:\WINDOWS\system32\msasvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEc:\program files\mcafee.com\agent\mcupdate.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.5.0_09\bin\jusched.exeC:\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/R1 - HKLM&#... Read more

Answer:Malware Removal Help

Hello,Your system is terribly infected. You are also dealing with A LOT of different infections either.Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download, install, and update AVG Anti-SpywareLoad AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.After the update finishes (the status bar at the bottom will display "Update successful")Close AVG Anti-Spyware. Do not run it yet.* Download SDFix and save it to your Desktop.* Double click SDFix.exe and it will extract the files to... Read more

2 more replies
Relevance 40.18%

I have Vista 64-bit Asus computer. Upon start-up it is missing two .dll files that I know are malware of some sort, but it is constantly slowing the computer down and when you try to search in google it takes you to an entirely different page than it should have. There is a teenage boy in the house who probably was looking at some things he shouldn't have.

The names of the .dll it is missing are: ecinibekepem.dll and cnd3101a.dll. Some other errors that have popped up involve scanidiskdv31.dll ecload77.dll and nvcpldaemon.dll.

Your assistance in helping me fix this would be fantastic. As I am very grateful with any assistance you can give me. Thank you so much in advance.

Answer:Malware removal help

Hello Naomi0709 and welcome to the forums

I am currently doing a malware removal course so I will be unable to assist you with the malware removal itself. But I can help diagnose the problem to make it easier for other users to assist you. Can you do the following for me please?

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

aswMBR

Please close any open work because sometimes this will cause a BSOD
Download aswMBR from here and save it to your desktop
Right click on it and select run as administrator
When it opens, click ... Read more

1 more replies
Relevance 40.18%

2 viruses popped up on my dads laptop this morning and after many scans nothing has been found, but now this message keeps popping up:

generic host process for win32 services has encountered a problem and needs to close

followed by

Windows XP home must restart because DCOM server process launcher service terminated.

Can anone help me fix this?
 

More replies
Relevance 40.18%

So it would appear that I am infected with WinantivirusPro 2006, I get the pop ups constantly but I have not installed the program. I also get blank windows popping up to a certain ip address that contains information on what I was currently doing. Such as this "http://85.12.25.85/trafc-2/rfe.php?cmp=vm_mg_ff_nonusa_fail&nid=ec&uid=AB11DEAC21A011DB973F00167647FA98&guid=e0f30edd+1D10514769CC421B8E80F83036AF28EA&lid=forums%3E&url=http%3A%2F%2Fforums.majorgeeks.com%2Fshowthread.php%3Ft%3D38752&affid=862"

So I went through the steps you guys have posted and I have lots of logs for you read, I really need your help and I hope that I can make it as painless as possible. I already ran VundoFix as well and it deleted a lot of .dll files that I noticed were spyware.

Oh and for future notice, I am unable to load safe mode. My computer simply loads it and I cannot do anything but move my mouse. I do not know if this is related to spyware or not.

Attached are the various logs that were requested in the steps.

Thanks in advance,
Ryan
 

Answer:Various Malware, need help in removal Please

Here are some additional files that were requested.
 

8 more replies
Relevance 40.18%
Question: Malware removal

It worked fine for a while then I did not use it for while. It is now acting funny again. One major issue is the Wifi will randomly turn off and it runs slow.

I have attached newly ran scan reports. thanks in advance.

ME
 

Answer:Malware removal

Your original thread was from over a year ago and you didn't follow up on it after given the first set of instructions.

I have moved your post to a new thread since you last thread was locked due to our new policy on locking old threads automatically once they are 6 months old.
 

8 more replies
Relevance 40.18%

I appear to have gotten some type of malware or virus that wont allow me to run anything type of .exe file. Neither AVG nor Malwarebytes will run, they open up then crash. I installed the latest version of Hijackthis and attempted to run it and same thing, it scans for a few seconds then the program shuts down. When I try to open it back up it says "windows cannot access the specified device, path or file....etc". This is for both normal mode and in safe mode.

Not sure where to go from here since I cant even get a Hijackthis log.

Any help would be appreciated!
 

Answer:Help with malware removal

16 more replies
Relevance 40.18%
Question: Malware Removal

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:07 AM, on 9/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\D... Read more

Answer:Malware Removal

6 more replies
Relevance 40.18%

I was infected with some malware while downloading some email forwards. The system was severely disabled and was getting a fail message -1073741482 NT Authority/System services.exe and it was going to shut down.

I have been able to restore quite a bit of functionality, but am unsure whether I have rid it of all the problems.

Please see my attached logs. Thank you so much for your help. I do not have much experience with this type of infection and want to make sure that I get it totally gone.

I will also post a few independent notes I found while going through the install

Thanks,

Keyser
 

Answer:Malware removal help

I had two rrlogs because I couldn't get it to run without the errors the first time and had to start over. Wanted to include both in case it mattered.

Thanks,

Keyser
 

4 more replies
Relevance 40.18%
Question: Malware Removal

Hi,

I recently downloaded a bad file that brought with it Virtumonde.Crack, 'Spyware Detection Alert' (an icon in the system tray with two circles - red and green - with an exclamation mark in the red one) and something called 'OptionInfo' which also appears with an icon in the system tray.

I've run Spyware S&D, Ad-Aware, AVG Anti-Virus/AVG Anti-Spyware and SmitFraudFix - all to no avail. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:37 AM, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EX... Read more

Answer:Malware Removal

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 

3 more replies
Relevance 40.18%

Hi everyone, I've started through the malware removal process but whatever is on my computer will not let me navigate to my harddrives through My Computer. Is it allright to create a folder in shared documents to put all this stuff in or is there a way to work around this problem. I know I had read it was best to put everything in root c:.
 

Answer:Malware Removal Help

I found the work around on that one and moved on to superantispyware and malwarebytes... neither of which will run. I was able to get them installed by changing their names but the programs themselves won't run in normal or safe mode. Superantispyware also won't run using the alternative startup. My question is should I go ahead and move on to the combofix and continue or do I need to find a way to run one of these.
 

7 more replies
Relevance 40.18%

Okay...so, my wife's old dell dimension 2400...slow slow slow, didnt run spyware protection only because that makes it just as slow as well, having a virus. (what it is) the "windows vista antivirus" or system32 something and insits to be installed on my PC. (symptoms) everythings so slow...i can tolerate the dell-nish...but now its ridiculous. i can slowly surf the web thru the search menu out of start menu...with firefox and IE out of search mode it will load pages like weather.com or yahoo but once you try to use the site...it eternally loads. furthermore, it will randomly pop up its windows and fake scan my computer and the whole nine yards to con me. (countermeasures in place) i have Ad-aware, Spyware doctor (registered) , avg free, and spybot S&D running and ran and scanned and deleted and so forth. done the hijack this thing, removed malicious this and that...to no avail. SO im turning it on to you all that are smarter than me. fair enough i hope? thanks for the help if you so choose to bless me with it-sethLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:59 PM, on 6/29/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\S... Read more

Answer:Malware Removal Help

Hello IbesethroPlease rename your C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to Ibesethro.exe.Then run HijackThis (Ibesethro.exe) and post the log back here

8 more replies
Relevance 40.18%
Question: Malware Removal

Hello,
I am troubleshooting for a friend who is having PC issues related to Trojans/Malware. She has a Dell Inspiron 560 with a Pentium (R) processor Dual Core CPU E5800 3.20GHz with 3 GB RAM installed. Windows 7 Home Edition. Received BSOD prior to my perfroming scans. I do not know what the error message was. Attached are the logs from scans on this PC performed in Safe Mode with Networking. Noted improvement in processing speed and online after scans were ran. Any guidance is greatly appreciated. Thank you for your help and time.
Sincerely,
Fred
 

Answer:Malware Removal

I'm sorry, but logs from safe boot mode are really not that helpful unless there is no other choice and you did not say that you could not boot in normal mode. Please attach logs from Malwarebytes and also MGtools obtained from Normal Boot mode.
 

3 more replies
Relevance 40.18%
Question: malware removal

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:43 PM, on 4/11/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal


Edit by chaslang: Inline HJT log removed. READ & RUN ME FIRST. Malware Removal Guide sticky not followed.
 

Answer:malware removal

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. ... Read more

1 more replies
Relevance 40.18%

Hi All,

I'm a little bit stuck here with a friend's computer. I ran through the removal steps and got rid of a ton of junk but still can't get this machine to connect to the net. I can see my router by entering in the local IP but I cannot connect anywhere outside of the router. I've also tried installing a usb network card but that too can't get to the outside world. What is my next step? Things that I do know about the machine...

1. Teenage kids; although I couldn't find much for messaging and the like but they may have tried to manually delete stuff without realizing the consequences once they saw all of the junk popping up.

2. Anti-Virus was pretty much non-existent on this machine; there was a hodge podge of the freebies with your subscription to internet service kind of things but nothing up to date and nothing worth while. I just added the AVG to hopefully put a stop to anything new while I'm tinkering.

3. Tried SuperAntiSpy's "repair broken network connection (winsock LSP Chain) but that also didn't help.

4. The DHCP does assign the machine a valid IP and I appear to have no problems on my local network.

Thanks in advance for the help.
 

Answer:I need help... malware removal...

It is not malware. Your system is fine regarding that issue...just a few pieces of junk to remove.

Have you tried connecting each computer directly thru the modem, bypassing the router?
I assume you have also recycled both the modem and router? I would suggest you post in either hardware or networking.

Lets clean up:
Run this: Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Now use add/remove programs to uninstall:
Java 2 Runtime Environment, SE v1.4.2_03
Viewpoint Toolbar (Remove Only)

Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




R3 - URLSearchHook: (no name) - {C3F50901-871A-4650-85D8-9D53E2534A3B} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dllClick to expand...

After clicking Fix, exit HJT.

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it a... Read more

1 more replies
Relevance 40.18%
Question: V9 Removal Malware

Hi, I've used this site for free software for a long time but this is my first time posting. I appreciate any help you guys can give me. So my troubles started when I downloaded Bioshock Infinite FLT "http://thepiratebay.se/torrent/8300549/BioShock_Infinite-FLT". I also downloaded the program "Virtual Clone Driver" from "http://virtual-clonedrive.en.softonic.com/". Then after the downloads finished, and i had installed both programs, until this time I had been using one session of Chrome, I opened a new Chrome window and my homepage had been set as "http://en.v9.com/". This page with full images will load with or without an internet connection. I have tried many removal guides but none have worked. Now I have turned here. Thanks for your help!
 

Answer:V9 Removal Malware

Well, at least now you know the piratebay is one of the most dangerous sites out there.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

* C:\MGlogs.zip

Make sure you tell me how things are working now!
 

1 more replies
Relevance 40.18%

Hi there,

I have read and run your "read me and run me first" page and now I'm asking for support.

I have run all the programs you suggested and will attach the log files.

I can't seem to get rid of Trojan.Downloader.Swizzor. The programs say it's been deleted, quarantined and disinfected, but it keeps popping up.

I'm also having some trouble with having my browser time out. I happens constantly and I have to reboot to get it to behave. Everything esle is also super super slow.

I really appreciate any and all help that you can provide.

Thanks so much.

It looks like I'll have to post the log files in stages.
 

Answer:Help with Malware Removal

Log files part 2.
 

8 more replies
Relevance 40.18%
Question: Malware Removal

I had the same symptoms as this guy:
http://forums.techguy.org/malware-removal-hijackthis-logs/597372-trojan-w32-looksky.html

I ran the "combofix.exe" and here's the log from it:

ComboFix 08-02.03.1 - Administrator 2008-02-02 20:41:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.400 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Error Cleaner.url
C:\Documents and Settings\Administrator\Desktop\Privacy Protector.url
C:\Documents and Settings\Administrator\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Administrator\Favorites\Error Cleaner.url
C:\Documents and Settings\Administrator\Favorites\Privacy Protector.url
C:\Documents and Settings\Administrator\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\aslpmqk.dll
C:\WINDOWS\bxsnvqt.dll
C:\WINDOWS\dopfwrlqox.dll
C:\WINDOWS\egodktf.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down... Read more

Answer:Malware Removal

Go to here and download 'Hijack This!' self installer.
Save it to the desktop or other suitable place. DO NOT just press run from the website
Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu.
Click on the entry in start menu to run HijackThis
Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.
 

3 more replies
Relevance 40.18%

First of all Hi.Thanks for Helping me.
I am using Limewire to download songs sometimes and i thing i downloaded some Trojan or something.Usually i can tell witch files are "Bad" and witch are not but sometimes i do it by accident.Anyway when the download finished, Nod32 Trial(antivirus that i am using) warned me about a Trojan file.It gave some options to quarantine it or delete it and i deleted it.But i dont think the problem is solved cause i notice a reduction on my computers general speed.Opening programs slower,Ram runs out sometimes without any particular reason or heavy program running.No pop ups by the way.I hope i gave u a general idea of my problem.

I did everything as u say but i lost the "info.txt" .I runned RSIT again but it didnt produced the info.txt .And i cant upload the Gmer file.Its sais there is somekind of upload error.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:02 μμ, on 25/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.ex... Read more

Answer:Need Help About Malware Removal!!!

It worked after some changes and i uploaded Gmer Normally as u see :)

5 more replies
Relevance 40.18%

Hi, I have a roommate and keep my computer on most of the time. I am gone half the week so he is usually on it when im gone. I dont do much web browsing myself and I have never had any known problems of me getting internet viruses. Well I come home today and my computer is infected. Every once in a while an antivirus sotfware app will pop up saying im infected. This program was never installed and must be part of the malware. As of now I am unable to install any antivirus because it says I have another one installed everytime I try to install one which I dont. I am also unable to access google and some other sites as I am redirected to another link when on the internet. A page will also pop up saying certain sites I try to access are a danger like known good sites hotmail, youtube, etc....RIght now I am running windows 7 on another partition. Xp is the one that is infected. Any help would be awesome and sorry for my low tech knowlege. Thats why I'm here
This scan was ran in windows 7.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:10:36 PM, on 2/21/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Windows\explorer.exe
E:\Program Files\HiJack\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HK... Read more

Answer:Help with Malware Removal Please!!!

I am also getting the system denied write access to the hostfile error.
Here is the scan in Windows XP

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:26:17 PM, on 2/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\HiJack\TrendMicro\HiJackThis\HiJackThis.exe
E:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Se... Read more

2 more replies
Relevance 40.18%
Question: Malware Removal

I followed instructions....Anti-Spyware kept crashing, Malwarebytes kept freezing up (not responding). Ran combo fix Log attached
 

Answer:Malware Removal

Welcome to Major Geeks!

You need to follow all of the instructions properly. The instructions explain what to do if SUPERAntiSpyware crashes. Did you try those steps?

Did you try renamining Malwarebytes? Did it hand during installation or while running a scan?

As stated in the READ& RUN ME, you need to finish all steps which means you need to run MGtools and attach the log.
 

1 more replies
Relevance 40.18%

I am a total novice PC user and I have recently connected to the internet via broadband. On the advice of some friends I have AVG anti virus software installed, and the Zone Alarm free firewall. My AVG scanner repeatedly finds a trojan which it claims to heal, but which has always returned the next time I scan. I have downloaded and run all the programs in your read and run me first thread, but the pesky little blighter is still there. I need some expert help.

I have saved the logs from counterspy, bitdefender, panda, runkeys, newfiles and hijackthis. I think all of them have come up with a problem at some stage, with a virus/program that they cannot disinfect/heal etc. I will attach these logs to my next post when someone replies, as I'm unsure as to which is the most important and I cannot attach all of them, can I?

Here's hoping someone can help me,

Mudrock
 

Answer:Malware removal - please help!

Here is some more info to help any would-be saviours to diagnose the problem:

Specs:
Intel Celeron II, 733MHz (11x67)
256MB (SDRAM)
Windows XP Professional (SP1)
Hard disk space 19083MB (60% free)

Problems:
2 programs requesting internet access on a regular basis:
w?auboot.exe (from C:\WINDOWS\System32\SKS~1\WAUBOO~1.EXE)
fkzr.exe (from C:\PROGRA~1\COMMON~1\fkzr\fkzrm.exe)

persistent trojan (from C:\WINDOWS\S?mantec\wucrtupd.exe)

I don't know if any of the above are causing serious damage to my machine. Many operations are slow, but is this just a reflection of ageing technology? [see specs, above]

Surely somebody is willing to help...

I will attach the counterspy, bitdefender and panda scan logs now, and post the other logs later.

mudrock
 

13 more replies
Relevance 40.18%
Question: Malware removal

We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.
 

Answer:Malware removal

jallenaz said:





We have malware in one computer. After running all the programs Iminent is still the home page and other pop ups keep appearing from the browser. Please help. Thank you.Click to expand...

I think I have rid the Iminent web page that kept opening in Chrome. Now everything seems to be working as it should.
 

18 more replies
Relevance 40.18%

Please help me in removal.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:23 PM, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\RegCure\RegCure.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AGI\core\4.2\AGCoreService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Sierra\Planner\Plnrnote.exe
C:\PROGRA~1\Webshots\315~1.761\WEBSHOTS.SCR
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\Outl... Read more

More replies