Computer Support Forum

Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Question: Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Greetings,

This morning my pc got hit with this awful trojan called "Security Shield"...which has led to browser / search hijacks, Microsoft Security Essentials being disabled and unavailable to restart, and even an annoying flashing Windows login screen that prevents me from putting in my login password if I lock my pc.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thank you for your help!

art_vandelay
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by glindholm at 9:53:50 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe
C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
c:\Windows\SysWOW64\srvany.exe
c:\Windows\sysWOW64\SDIOAssist.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\System32\tcpsvcs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\X3watch\x3watch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\IDM Computer Solutions\UltraEdit\Uedit32.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [RCUI] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCUI.exe"
uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [x3watch] C:\Program Files (x86)\X3watch\x3watch.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\GLINDH~1.PGT\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTS~1.LNK - C:\Program Files (x86)\Dell\Feature Enhancement Pack\SmartSettings.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://65.117.82.194/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B} : DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B}\C6962656274797 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{14AD5675-4691-4364-8947-7B655C97A51B}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{51A19E0C-BBA3-4D80-9A98-CBA585538076} : DhcpNameServer = 192.168.20.7 192.168.20.10
TCP: Interfaces\{AAA890EB-1F5C-497E-8E9C-6F34F0D31BC8} : DhcpNameServer = 192.168.20.7 192.168.20.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
LSA: Authentication Packages = msv1_0 wvauth
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [x3watch] C:\Program Files (x86)\X3watch\x3watch.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-4-18 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2011-5-13 1043872]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2011-5-13 36768]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2011-8-24 2279320]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 LatitudeJobScheduler;Latitude Job Scheduler Engine;C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.JobScheduler.exe [2012-5-22 55808]
R2 LatitudeTS;Latitude Terminal Server;C:\Program Files\PathTech\Latitude\bin\PathGuide.Latitude.TerminalServer.exe [2012-5-22 1015808]
R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-4-24 210784]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-4-18 1997416]
R2 O2SDIOAssist;O2SDIOAssist;C:\Windows\SysWOW64\srvany.exe [2012-4-18 8192]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-5 378472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-18 2656536]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-4-30 11839488]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-8-20 370872]
R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000]
R2 ZcfgSvc7;Intel® PROSet/Wireless ZeroConfig Service;C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [2010-12-23 992256]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\accelern.sys --> C:\Windows\system32\DRIVERS\accelern.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cvusbdrv;Dell ControlVault;C:\Windows\system32\Drivers\cvusbdrv.sys --> C:\Windows\system32\Drivers\cvusbdrv.sys [?]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 O2MDFRDR;O2MDFRDR;C:\Windows\system32\DRIVERS\O2MDFw7x64.sys --> C:\Windows\system32\DRIVERS\O2MDFw7x64.sys [?]
R3 O2SDJRDR;O2SDJRDR;C:\Windows\system32\DRIVERS\o2sdjw7x64.sys --> C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-1 116648]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 O2MDRRDR;O2MDRRDR;C:\Windows\system32\drivers\O2MDRw7x64.sys --> C:\Windows\system32\drivers\O2MDRw7x64.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2012-08-07 16:05:55 462848 ----a-w- C:\Users\glindholm.PGT\AppData\Local\yhrczuokfc.exe
2012-08-07 02:02:48 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9970E41B-4336-43EF-857A-5AC118FEDE04}\mpengine.dll
2012-08-06 00:24:13 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 23:22:49 -------- d-----w- C:\Program Files (x86)\Softland
2012-07-24 12:00:37 83968 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPA0.DLL
2012-07-24 12:00:37 28672 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDA0.DLL
2012-07-17 08:18:25 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{22D94497-86EC-4DB2-84A1-19545ED88714}\gapaengine.dll
2012-07-17 07:51:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-17 07:51:31 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-15 04:59:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 04:50:07 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 21:05:38 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 21:05:38 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 21:05:38 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 21:05:37 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 21:05:37 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 21:05:37 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 21:04:41 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 21:04:41 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 21:04:41 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 21:04:41 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 21:04:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 21:04:41 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 21:04:41 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-11 21:04:41 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 21:04:41 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
.
==================== Find3M ====================
.
2012-08-03 14:33:32 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 14:33:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-17 08:19:36 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:54:04.55 ===============

Relevance 100%
Preferred Solution: Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Security CheckDownload Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

9 more replies
Relevance 78.3%

MS Security Essentials comes up disabled. The only user (who has admin priv) can not start service because of permissions.I can't run HJT even in safe mode - it just stops. Same with Malwarebytes.In safe mode, I see a process called something like 4007435508:30078589.exeYahoo searches get redirected.Running Win7.DDS log.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22Run by Farrell at 19:56:41 on 2011-09-18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1547 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\407323933:3803887847.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Pr... Read more

Answer:MS Security Essentials Disabled & browser hijacked

I tried running gmer but it too stopped prematurely. I tried to re-run and I again got the "Windows can not access the file. You may not have the apprpriate permissions to access the items." error. I extracted gmer.exe and called it gmer2.exe , re-ran but it stopped before I could save. I did see it flag imapi.sys as suspicious PE.

22 more replies
Relevance 103.32%

Hi guys, I'm having a horrible time at the moment with my computer. This started last night with what I think was a security shield virus, which I followed steps to remove. Then came a ping.exe virus and a constant browser redirect and no matter how many times I run super anti spyware, avg or anti - malaware I just can't seen to rid it. Also getting threats from trojan detected by AVG coming in on i8042prt - whatever that means. I've run a hijackthis log, the DDS log and tried to run the GMER log but twice it forced a shut down on my computer.

Also, security center seems disable and won't start. Can't figure out why. Running AVG. Tried to install Zone Alarm but I couldn't access the internet with it.

Really hope someone can help.

Can't seem to upload attachment? Shall I post attach.txt in here, or is there something i'm not doing right?

Thank everyone.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:42:34, on 02/02/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19170)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\ATK... Read more

Answer:Can't get rid of browser redirect, ping.exe, security shield, trojan -arrrrgghh help!

16 more replies
Relevance 95.53%

Hello, and thanks in advance for helping

Today i picked up what appears to be a Trojan similar to that of a couple of other requests on the board that are reporting search engine redirection. I'm currently running Win 7 Home Premium 64 SP1 , using Firefox as a browser and am having what appears to be some root-kit trouble. Malwarebytes was able to detect the virus and after Quarantining and removing the file, follow-up scans would show the same result in the same directory. Redirection of Google queries and website links was the first noticeable problem. Some links and queries will work perfectly fine while others result in the problem mentioned above,attempting to alter any Windows Security Settings such as changing Firewall specifications or activating the Security Center will throw an error message at me and point me in the other direction.

Awaiting a response on how to proceed and prevent any additional trouble. Looking forward to getting this OS back on track, your time is greatly appreciated everyone.
Here are the attached logs from both DDS & Malwarebytes
________________________________________________
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Mr A at 20:20:41 on 2012-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6515 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:&#... Read more

Answer:Trojan.Dropper.BCMiner Browser Redirection & Windows Security Disabled

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

11 more replies
Relevance 92.25%

I have a client computer that I have been trying to determine what virus or trojan may have infected it. It has been running Microsoft Security Essentials. Now it has a red X and then disappears from the task bar. When I check to see if the service is running it shows Disabled. I enable the service but then it goes to disabled again. I have downloaded and installed Malwarebytes and was able to complete a full scan with no infections found. I ran tdsskiller and it showed no infected files. When I looked in the running processes I found rundll32.exe running. I ended the process and was then able to start the MSE service and run a full scan but no infections found. When I reboot the rundll32.exe file is running again and the same symptoms. I have also noticed that my google searches are being redirected to various sites.

Could this be a trojan or hijack of some sort?

Answer:Microsoft Security Essentials keeps getting disabled

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

1 more replies
Relevance 92.25%

Hello,
About 2 days ago my computer started acting strange. I believe it was after an update was installed but I do not recall. It has a BSOD episode and I was able to get it working after messing around with the command line with the restore dvd. Yesterday or the day before my computer completely became unresponsive and the windows explorer crashed. I could not open a run window, alt + ctrl + del also did nothing. I had to do a hard reset but it seemed to work after that. Just today when I started my computer microsoft security essentials was disabled and I know for a fact I did not do that. I scanned with MBAM and nothing came up. I am not scanning with MS Security essentials but I doubt it will show anything either. I am suspicious that I somehow have gotten something but I really have no idea how. I know my apartment complex was recently setting up the wifi and I had to call some tech support number and a guy added my computer to the network and I don't know if he could have done something or if maybe the fact that the wifi was unsecured when they first had it up could have done anything but I would really like to have this resolved. 
 
OS: WIndows 7 64 bit
 
I wanted to make sure it was't the RAM that caused the crash as I was having crashes on arma 3 due to memory issues but memtest completed 4 times with not one fail so I don't think it is related to that.
The primary errors in the application logs is just this error "Event filter with query "SELECT * FR... Read more

Answer:MS Security Essentials Disabled and Other odd Behavior

This just happened while scanning with Microsoft Security Essentials.
 
http://tinypic.com/r/rko6qb/8

2 more replies
Relevance 92.25%

I've just noticed this today as I turned on my computer, but MSE seems to have been disabled. Whenever I try to start it up, I get an error message that says "The specified service does not exist as an installed service." I have no idea how it got to this state and am thinking that I might've been infected. I've ran TDSSKiller and Malwarebytes to see if it could find anything and it did see some items, though I'm not sure if it got everything. Even after running those two, MSE still refuses to start up. I don't know if I need to reinstall it or if there are more viruses left.

Also, I don't know if this is relevant, but I seem to disconnect with my router fairly frequently when using this machine.

Here is my DDS log and the attach.txt as well:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by JISET at 18:36:24 on 2012-08-16
Microsoft Windows 7 Ultimate 6.1.7601.1.932.81.1033.18.3062.1512 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\... Read more

Answer:Microsoft Security Essentials Disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465507 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 92.25%

Hello
 
I have discovered tonight (using Malwarebytes) that I had the Trojan Fake.MS on my Win7 64bit laptop which has disabled MS Security Essentials and Windows defender so with a bit Googling I arrived here and read up on other peoples problems with similar events...
 
As the first thing they are told is to download and run FRST I downloaded FRST64 and ran the scan and have attached my TXT files showing the results.
 
I understand you may not be able to provide the fix straight away so I have disconnected it from the internet and reset all my important passwords and will use a tablet for access in the meantime.
 
This is the first time I've been caught out in over 35 years of using computers (I started out using mainframes back in 1976) so this is embarassing but we all have to be grateful for guys like yourselves in this instance.
 
Thanks for any help you can provide
Peter

Answer:MS Security Essentials and Defender disabled

Hello peterg1955 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

19 more replies
Relevance 91.84%

Previous topic: preview.tinyurl.com/7dv6wcs.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Nicole at 21:13:06 on 2012-07-19Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2220 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\mfevtps.exeC:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exeC:\Program ... Read more

Answer:Security Shield 2012, Infomash, & Firewall Disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461544 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

49 more replies
Relevance 91.84%

About two weeks ago started noticing google searches beging redirected to spammer sites. Then last week, Security Shield popped up. I downloaded and ran MBAM and that seemed to cure Security Shield. However the next day I noticed that my firewall was not activated. I tried to do some self-help with some online reading and guides, but after fruitless attempts to reactivate my firewall, I need some help. I don't know how to figure out what malware I've got or what the best approach is.Here's my logs in the order I took them:MBAM:Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.05.08Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Owner :: OWNER-HP [administrator]6/5/2012 10:18:02 PMmbam-log-2012-06-05 (22-18-02).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 366685Time elapsed: 44 minute(s), 53 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|mjraxw (Trojan.LameShield) -> Data: C:\Users\Owner\AppData\Local\mjraxw.exe -> Quarantined and deleted successfully.Registry Data Items Detected: 1HKCU\S... Read more

Answer:google redirect + security shield + disabled firewall

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete ... Read more

37 more replies
Relevance 90.2%

Platform: Win 7 Ultimate. 2.5 GHz QuadCore. Well, I somehow caught the Google redirect virus. When I click a link from a Google results page, I get redirected to spam/adware crap, such as hxxp://www.scour.com/search/web/Google%20Redirect%20Virus/a51/rs4-4876_19377/v3. I have run a superantispyware quickscan and quarantined all results. I have done a MBAM full scan and removed all results. I have run TDSKiller, which found nothing. I am running a superantispyware full scan, which so far has detected 48 files.

Here's a HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:19:40, on 5/3/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\dcw\Adobe CS2\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.e... Read more

Answer:Google Redirect Problem/MS Security Essentials Disabled

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 90.2%

Hi, I think my computer caught some kind of malware, I couldn´t run security essentials or uninstall it, after some tweaking I´ve managed to uninstall it but I cannot install it again the installation stops with error code 0x80070643. Also I can´t open windows defender it seems like its folder permissions have changed, any suggestions? I´m running windows 7 64bit
 
pd: the issue is similar to the one in this posthttp://www.bleepingcomputer.com/forums/t/496263/access-is-denied-and-disabled-windows-defender-microsoft-security-essentials/
 
 

Answer:Security Essentials and Windows Defender Disabled after malware

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txtAttach.txtSave both reports to your desktop.   Sca... Read more

2 more replies
Relevance 90.2%

Greetings.  I am new to the forums and do greatly appreciate any help that can be offered with an MSE problem. 
 
First off - the computer belongs to a family member and is running Windows XP Service Pack 3.
 
The main symptoms revolve around Microsoft Security Essentials.  The service is stopped and when I attempt to restart (the Start Now button) I get the following error message:
 
            The service couldn’t be started.
                        The system cannot find the path specified.
                        Click Help for more information about this problem.
                        Error code: 0x80070003
 
In addition, all of the other tabs in Microsoft Security Essentials are disabled.
 
Chronological Account:
1)  On startup a folder opened onto the desktop.  The folder (with path) is C:\Documents and Settings\John\Local\Packages.  I took a deeper look into the folder along this path: …windows_ie_ac_001\AC\Dashlane and then a few subfolders containing what I presume to be Dashlane data.  I updated Mal... Read more

Answer:Microsoft Security Essentials disabled & canít restart service

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517059 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 90.2%

Good day,
 
My problem started yesterday after I found that it isn't possible to start microsoft security essentials anymore.
During that time, MBAM scan found pum.disabled.securitycenter and pup.blabbers on several registry data and keys - all of them were checked for removal - but till now I'm not able to start security essentials yet and It seems that I can't follow some of the links in google search regarding the problem as I get redirected to blank page.
 
I've included logs from MBAM, MBAR, tdsskiller, adwcleaner, OTL AND FSS.
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2013.06.19.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: ZAI [administrator]
11/08/1434 03:00:56 م
mbam-log-2013-06-19 (15-00-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218905
Time elapsed: 15 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted succes... Read more

Answer:Advice is really appreciated, disabled microsoft security essentials

adwcleaner, OTL and FSS logs are here
 
# AdwCleaner v2.303 - Logfile created 06/20/2013 at 10:23:54
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - ZAI
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Linkury
Folder Deleted : C:\Program Files\BrowserCompanion
Folder Deleted : C:\Program Files\Linkury
***** [Registry] *****
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows... Read more

24 more replies
Relevance 88.97%

Hello,
 
From post: http://www.bleepingcomputer.com/forums/t/498328/suspected-sirefef-infection/
 
It started from when Windows notified me that my antivirus, firewall and a driver was disabled.
I cannot run, change, uninstall or download* Microsoft Security Essentials. The warning prompt says I do not have permission or the application/file was not found. I checked acct permission, all OK. I checked file/application location, all OK. Googling lead me to suspect Sirefef infection.
 
*Using my default Internet Explorer 10 browser, I am unable to download anything that merely resembles a program. This even includes photo's or videos from a browser-Email program (Hotmail). The download notice says the file was a virus and has been deleted, and I think deletes the file from the computer (I've tried looking). I tried saving as a filename that looked innocent - to no avail. I believe I have found a workaround by using Firefox to (as of this post) download and run Rkill and DDS from a USB stick. I expect to be able to download and run any necessary tool/application that I need via Firefox.
 
I've shut-down and started the computer once, and also did a restart. There seems to be no other noticeable activity - no change in boot times, no changes in windows activity (weird system tray icons etc), no other notifications, PC is running at regular speed, no noticeable changes in browser activity or redirections. Everything seems fine, other than my AV disabled.
 
... Read more

Answer:Sirefef/ZeroAccess-Infected-Microsoft Security Essentials Disabled

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

20 more replies
Relevance 88.97%

I encountered a virus entitled Security Shield. After running Malware Anti Malware and Symantec and Rkill the virus does not pop up any more or appear anywhere that I can see however I am now having difficulties in other areas of my computer.
When trying to access Steam I get this error message.
Unable to connect to server. Server may be offline or you may not connected to the internet.-102

Unable to connect to server. Server may be offline or you may not connected to the internet.

I also cannot connect to Internet Explorer nor can I successfully run Windows Update.

Please let me know if there is any more information needed to fix this problem and than you for the help!

Answer:Security Shield and Browser Issues

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 88.15%

Hi,
 
I would be honoured to have some assistance regarding a possible infection on my computer.
 
Unfortunately, I believe my computer has been infected with a possible Rootkit\Backdoor Trojan Virus, which has disabled both Windows Defender and Microsoft Security Essentials. When attempting to launch Windows Defender & MSE, I receive an error regarding: "Specified location path not found". I decided to look into the directory of both WD (%WINDIR%Program Files\Windows Defender) and MSE (%WINDIR%Program Files\Microsoft Security Client) and some of the icons have changed to shortcuts that point directly to "C:\Windows\system32\config." Even as an Administrator,  I'm unable to make even add write permissions to the folder as my access is denied.
 
I was able to uninstall Microsoft Security Essentials but my Windows Defender will not launch. My issue is practically identical to the following topic in this forum:
 
http://www.bleepingcomputer.com/forums/t/494835/lost-access-to-microsoft-security-essentials-directory-and-application/page-10?hl=%2Blost+%2Baccess#entry3059425
 
Would anyone be able to assist me in this issue? Your help will be greatly appreciated.

Answer:Access is denied and disabled: Windows Defender & Microsoft Security Essentials

Hi asoft, Welcome to the forum. Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.   

10 more replies
Relevance 88.15%

So the past day or two, my browser has been redirecting me a lot. I'll open google, search for something, and then upon opening the links, it either opens a new tab with some random website or redirects the page I clicked on to something else. This morning, I start getting Security Shield popups. I downloaded Malwarebytes, ran it in Safe Mode w/ Networking, removed everything that popped up, and reset the hosts file but I'm still having issues with websites redirecting. I haven't seen anymore Security Shield popups. I uninstalled Microsoft Security Essentials because I was given an error every time I attempted to open it that basically said... no, you can't open this.

Here's the requested logs.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:58:29 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winamp... Read more

Answer:Security Shield fake AV and browser redirecting.

9 more replies
Relevance 87.33%

Here's the link to the topic in the "Am I infected?" forum that I posted up: http://www.bleepingcomputer.com/forums/topic460619.html

As stated in the topic above, Google redirects to other sites when I use their search engine. I also hear random audio advertisements with no visible browser and Microsoft Security Essentials is disabled for some reason. I ran a Malwarebytes scan, removed a few malware, then restarted my computer. Promptly after booting up again, my computer again played audio ads after about an hour or so. In addition, all of the other problems continued to happen.

Currently, all my programs still work correctly, including all browsers and games. My computer runs Windows 7 32-bit Professional.

Any and all help is appreciated!
DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Telesis at 0:25:27 on 2012-07-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3068.1761 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C... Read more

Answer:Google redirect, random audio ads playing, Microsoft Security Essentials disabled

Hi,Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

12 more replies
Relevance 87.33%

Well about a week ago I caught a virus which falsely identified itself as Microsoft Security Essentials and also called itself Thinkpoint. The virus hijacked my computer and eventually made it so that when I started the computer I would get nothing but a black screen. So at this point I used my Computer's system recovery CD's to wipe the C Drive and restore my computer to factory settings while still keeping all my files on the D Drive. This worked and allowed me to access windows again and I haven't seen the Thinkpoint interface since then either but there were still several problems with my computer such as: whenever I click on a google search results link I am redirected to a different unrelated site, Not being able to install Antivirus software such as Malwarebytes and AVG, the soundcard being disabled, and occasionally getting popups and warnings from the Micorsoft Security Essentials. Also, my taskbar will always turn gray for some reason. At this point I downloaded the AVG Rescue CD from another computer, put it on a CD, and then ran it on my computer. The AVG Rescue CD identified several trojans, malware, and adware and I then deleted eveything it identified. But once I restarted the computer it was still plagued by the same problems as before (Google redirects, sound disabled, unable to install certain programs, security alerts etc.) I've tried a number of proposed solutions that I've found on the net but nothing has worked. Can anybody help me?

Answer:Fake Micorsoft Security Essentials Alert, Google Redirects, Soundcard Disabled etc.

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKillerDouble-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.When the program opens, click the Start Scan button.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.Link 1Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal ToolHow to use the Kaspersky Virus Removal ToolDouble-click ... Read more

12 more replies
Relevance 87.33%

Hello,I've been having a problem with Google searching (it keeps redirecting me to sites other than where I want to go) and random audio ads playing in the background with no open browser window. I tried running a Malwarebytes scan and got rid of several malware. However, I re-scanned right after I restarted my system (to finish the scan) to be sure I got rid of everything and, to my surprise, it still picked up one malicious item: Rootkit.0Access. I tried to quarantine this again, but the ads kept playing, Google kept redirecting to the wrong sites, and the virus kept showing up in recurring scans. As of now, all programs work fine such as my video games (I'm a gamer at heart) and Firefox, IE, Malwarebytes, etc., but I'm still having these problems. I should note that I am running Windows 7 Professional as well. I also noticed that Microsoft Security Essentials was disabled - I tried to restart it but said it wasn't an installed service. Scans show that I did have Security Essentials at one point but is now disabled. Any help/ideas? This problem has been happening for a while now (it might have been infected 2-3 weeks ago, but I've recently been on vacation so I couldn't fix it)P.S. I should also mention that I had the Live Security Platinum virus on my system as well, which I removed successfully by using the self-guide on this site. I'm not sure if I was too late in removing it, and if it left some trace of it on my computer.

Answer:Google Redirect and Random Audio ads playing, Microsoft Security Essentials disabled

Welcome aboard Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 86.92%

Hello! I am new to this site so I hope that you will be patient with me if I make some mistakes in courtesy.

I am running an HP Pavilion Elite e9260f with 64-bit Windows 7 Home Premium. Two or three days ago I noticed that my browser (Internet Explorer 9) was being hijacked to ad sites. I ran a McAfee Scan and it came up with 6 infections. Here's the messy part - the scan was still running late at night and I fell asleep so I do not know what else happened and I have been trying play catch-up ever since. As well, I am getting a warning that Windows Security Center Service is turned off, but I cannot turn it back on, either through the Action Center or with Windows Defender.

I am not very knowledgable about the inner workings of computers so I will need to be talked through any repairs.

The MalwareBytes program identified 5 infected registry keys : two with Adware.SmartShopper, one with Adware.Softomate, and two with Trojan.FakeAlert.SA . There was also one file infected with Trojan.FraudPack. The report states that all infected items were quarantined and removed successfully.

Unfortunately, the problems are still occurring - the browser is redirected and I cannot start Security Essentials.

I have read the Welcome notice and I believe that I have my original Windows backup, but it was factory installed.

I have run scans with McAfee, MalwareBytes, McAfee Stinger, Microsoft Malicious Removal, and SUPERAntiSpyware (which reported Malware.Trace on 1 registry key and ... Read more

Answer:Browser hijacked and Security Essentials will not run

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C... Read more

17 more replies
Relevance 86.1%

Hi,I have a fairly barebones Windows 7 laptop that was just previously infected with My Security Shield (from a website ad? I wasn't downloading anything at the time) and now seems to be infected with a hijacker after removal. I followed the removal instructions here and I seemed to be fixed. Afterwards I upgraded Firefox from ver.3.5 to the current release 10.0.2. I primarily use Firefox, but also use Chrome (17.0.963.56 m) - and both seem to be infected now.When I try to pull up websites, most of the time they work. Otherwise I get:- redirect to buzzcrazy- blank page with expected URL (eg.http://en.wikipedia.org/wiki/History_of_Firefox)--- hitting enter or reloading the page makes it appear per ususal- blank page with unexpected URL (eg. http://83.133.124.21/TVG2hEXe8r5X10u0YmlkPWVtcHR5X3ZhbHVlJmFpZD0zMDQ1MSZzaWQ9MCZ1PWFIUjBjRG92TDIxbGRHRXVOM05sWVhKamFDNWpiMjB2WTJ4cFkyc3ZZMnhwWTJzdVlYTndlRDk0UFZkbVoyRnNVV2xSYlVwNlVVeGxSbTk1UzI1T2VrRWxNMlFsTTJSZk5rWTVhWGRzVDBKbVNXMUtKVEptYTAxMWJraExja1J3VVRjMlNGQjRNME13VDJWd1YwTXlhamRLWkdaRFREQndUbE1sTW1aNFlrWjNjbVl5SlRKaVVrcHRZMmgzVFZkWVFUSnJTMHhLYzFKRlNUSjNhMGhhVjNkRFJqQkJZbWxUVUZOME5IWmhVamg1Y1dkV1ZXOVhTVFJKZG5WcE16ZFJaRFE1Wmt0d0pUSmlOM2M1UjI1QmNsaG1NbmcwZFZWcFZHWWxNbUl4Tlc1RlJVWnpRbVkxTlROU2RYRTVTMk5CYUhSRmJIWmpUbWRSZFZvMlZGVjNkV2RoWWtOVVpYTkNka1JDSlRKaWFGaERkM1p0YVdkd2IyYzFNM1ppV0ZodmRteDNlalJXYVZoUmRGQWxNbVoyT1ZoRlpVSk5RMmhVT1VWSU1pVXlZa3RQYVdreldtdzBZMk5DWmtOR0pUSmllbEZpWkdjelQwVnhSRmQ2VjFvd1EwSk1hWFZFT0doVmFrNW9WMkp4VlZaVFRsaEJNR... Read more

Answer:Browser Hijacker Buzzcrazy.net, prev infected w/ My Security Shield

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

31 more replies
Relevance 86.1%

When I try to start Microsoft Security Essentials, it doesn't come up at all. Also, if i try to start the service from the flags in my toolbar, it gives me a message saying "The Windows Security Center service can't be started."..
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Benji at 0:00:32 on 2011-05-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3957.1046 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\UnsignedThemesSvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\... Read more

Answer:Can't start Security Essentials and Browser keeps re-directing

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

15 more replies
Relevance 85.69%

Virus on my daughter`s computer. Can only open browser in Safe mode. Anti-virus scans don`t seem to work and updates are blocked. Pop-ups and redirection to other web sites.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Daphne at 10:09:47.58 on 15/05/2010Internet Explorer: 8.0.6001.18904Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.2.1033.18.3000.2426 [GMT -4:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Expl... Read more

Answer:Security Essentials Trojan

Hello dbestrieWelcome to BleepingComputer ========================One or more of the identified infections is a backdoor trojan or rootkit.This type of infection has the capabilities to allows hacker to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

3 more replies
Relevance 85.28%

So I noticed my computer was having some redirect issues using Firefox and searching through google. I am running windows xp service pack 3.

I then attempted to use Microsoft Security Essentials which disappeared when i tried to mouse over the tray icon. I tried to restart MS security essentials, once it opens up it is in red status:PC at risk. If i click on start now it gives me the error "Couldn't start the security essentials service. error code 0x80070424"

I then used malwarebytes and it found trojan.happili, supposedly quarantined but I found it later on while in safemode using malwarebytes again.

I also ran HitmanPro which found a sirefec.fc, hitmanpro claims to have removed it.

I have used the microsoft support to restart the windows update, from this link (http://support.microsoft.com/kb/971058) the windows fixit to reset it will not run, so there is no windows update listed still in services.msc

If i try to go update.microsoft.com I am redirected to http://support.microsoft.com/kb/2497281 and cannot update.

In addition if i try to click on windows firewall from the control panel it says "Due to an unidentified problem, windows cannot display Windows Firewall settings." and does not run.

My attempts at fixing this are not working and any help would be appreciated.

Answer:Windows update, MS security essentials, and possible browser redirects

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/459955 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

20 more replies
Relevance 84.87%

Help

I am infected by the above named trojan. I tried to follow the bleeping computer instructions to remove the program, but the rkill program recommened to interrupt the program shuts down immediately. The other two renamed versions also didn't work. I ran Malware Bytes antivirus, but it did not detect it as the trojan was still running. I also tried House call and Avast with neither detecting the trojan. I can't get normal internet access with Firefox, Safari, or Internet Explorer or the task manager to boot up. I can use go online with an ancient copy of Netscape, which I am using to write this post.

Thanks

Answer:Windows security essentials trojan

Please run RKUScan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"

13 more replies
Relevance 84.46%

I have both Microsoft Security Essentials and Windows Security Essentials (incl. Firewall, Auto Updates and VIRUS PROTECTION) running on my old pc. Since they both have a virus protection, do I need both? It seems that this pc is always downloading updates and slows the pc terribly.Wellgo

Answer:Microsoft Security Essentials vs Windows Security Essentials

"Windows Security Essentials"Are you sure that is the exact name? Maybe I've missed something but I've never heard of it.It is not good to have two Anti-Virus programs running in real time, for the reason you gave. They tend to "check each other" and cause slow downs.Always pop back and let us know the outcome - thanks

4 more replies
Relevance 84.46%

Hi and thanks in advance for your help. I'm having a heckuva' time trying to get this issue cleaned up and figured I'd better turn to someone who knows what they're doing before I ruin something. Issue started while browsing a fox sports forum at fightonstate.com. It immediately shut down my browser and Outlook and I got this pop-up, ostensibly from Microsoft Security Essentials. I came here, searched it out and used rkill and MBAM to clean it up. No luck. Multiple other tries with MBAM, Ad-Aware, SpyBot S&D and AVG have gotten me mostly clean, but the browser hijacker persists. It's taking over in IE, Firefox and Chrome and redirects the search result links to sites like findstuff.com. I also get new tab pop-ups from winnerweekly about a WalMart gift card and they end up locking up the browser.Lastly, programs are slow to start up now and that was never an issue. I also am intermittently getting a Rundll32 error; I keep forgetting to write down the specifics, but the GUI on my XP reverts to a Windows 3.1 style when that happens. Also, at the moment, my browser can't post in this Forum. I can navigate to it, but I can't post. All three browsers are getting a page not available error when I click "post new topic". I'm currently using a terminal connection to my office to post this. Is it usual for a browser hijacker to block access to BLEEPINGCOMPUTER forums?!This has been ongoing for almost a week and I'm a... Read more

Answer:Fake Microsoft Security Essentials / Hotpoint led to browser hijacks

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

15 more replies
Relevance 84.46%

I just had what seems to be a fake Security Essentials popup warning me that I have a virus on my machine and to call a phone number immediately to resolve.  This pop up is a new tab that opened inside my Chrome Browser.  I'm on Windows 10.  The popup in the new tab says:
 

"There was a dangerous try to get an access to your personal logins & bank information and to track your browser activity.
Luckily, your Firewall managed to block this suspicious connection.  We recommend you to freeze your account until some measures will be taken.
There is a great threat of leaking of your personal data.
So, you need to respond swiftly!
Trojan Virus may have already hurt your hard disk and its data.
That is why we are checking and verifying your current system security.
Do not waste your time and consult one of our service centers or call us.
 
Contact Number +1 (888) 664-2106 (TOLL-FREE)
 
Your urgent response is needed.
To deal with this problem, contact our network administration.
We would ask you not to open your browser until the problem will be solved in order not to become a victim of the data corruption.  You can contract with our customer service department at +1 (888) 664-2106.
 
Info about Virus:
Acting as a backdoor, a Trojan horse virus can easily contact a controller and get a free access to the computer, which is under attack.  It is not that easy, to detect the Trojan and its backdoors, but you can notice some slowdow... Read more

More replies
Relevance 84.46%

Hi. Earlier this week, a writing site I visit was attacked. Unfortunately, I visited the site before they caught it. The first sign of trouble I saw came from Windows Defender, which alerted me to two trojans: Win32/Fakeinit and Downloader:Win32/FakeInit. Within seconds, Windows Defender and My AV were both entirely disabled. After some research from another computer, I found instructions on bleepingcomputer for removal of Security Essentials 2010, which had been installed on the computer as a result.

Anyway, I'm still having issues with searches redirecting to random sites. I believe Security Essentials is gone now, but there's obviously still some malware related to all of this.

I've uninstalled and reinstalled my CA Antivirus ( which had been running, but wasn't updating properly), and run it until no issues were found. I've run AdAware, SpyBot, and SuperAntiSpyware and MalwareBytes. All of them are coming up clean at this point, but the redirect issue is still occurring. I would greatly appreciate any guidance you may be able to provide.

My hijackthis log is below.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:01 PM, on 5/20/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Syn... Read more

More replies
Relevance 84.46%

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by Khalil (administrator) on KHALIL-PC on 17-06-2015 10:25:43
Running from C:\Users\Khalil\Downloads
Loaded Profiles: Khalil (Available Profiles: Khalil & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program F... Read more

Answer:Microsoft Security Essentials Keeps turning off and My Internet browser keep crashing

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by Khalil at 2015-06-17 10:26:40
Running from C:\Users\Khalil\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-552273560-753560788-1521440802-500 - Administrator - Disabled)
Guest (S-1-5-21-552273560-753560788-1521440802-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-552273560-753560788-1521440802-1002 - Limited - Enabled)
Khalil (S-1-5-21-552273560-753560788-1521440802-1000 - Administrator - Enabled) => C:\Users\Khalil

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ĶTorrent (HKU\S-1-5-21-552273560-753560788-1521440802-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 17 Acti... Read more

25 more replies
Relevance 84.05%

Hi,

My parents' computer is stuck with the 'Security Shield 2012' fake-ware. I suspect more maleware is involved as Malwarebytes has discovered 'Trojan.Oaccess' in c:\windows\assembly\GAC\desktop.ini.
Microsoft Safety Scanner discovered 'Sirefef.R' but encountered a critical error while trying to remove it.

A scan in Malwarebytes while in Safe Mode will pick up and clean the infection, but it returns when the machine is returned to normal mode.

I would appreciate any help and assistance.

DDS.txt below, Attach.txt and ark.txt (zipped) are attached.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Ron at 19:10:21 on 2012-07-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3071.2265 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows ... Read more

Answer:Persistent 'Security Shield 2012' popups, possible trojan.0access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

14 more replies
Relevance 83.64%

I would like help from you experts on whether i have removed the "Microsoft Security Essentials" trojan from my desktop machine. The machine is running XP SP3, is up to date on MS updates, runs McAfee and is up to date [after resetting to an old restore point...]. Rkill and other methods failed to work, but resetting to an old restore point and then scanning with McAfee and Ad-Aware did seem to quarantine the trojan.

The HijackThis log run after all that is attached for review. Thanks in advance.

Answer:Microsoft Security Essentials trojan removed?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 83.64%

I guess I put this in the wrong forum initially... Copied from my other topicThis morning, I woke up to find that Windows had restarted during the night, after what I assumed to be an auto update. When I logged in, I had a window pop up that had "Microsoft Security Essentials Alert" in its title. It warned me that 3 of my autoupdate processes were "unknown Win32/Trojan" and prompted me for action. When the clean computer button was pressed, it brought up links to a couple of anti-virus programs. I immediately suspected a problem. I cannot access the ctrl-alt-delete series of menus to look at the task manager nor can I access any of my browsers, including using them in safe mode with networking. I use Firefox exclusively, but have Explorer and Chrome available. I ran dds per the instructions on this site, and was in the middle of an hours long gmer scan when it crashed. Instead of waiting 6 more hours on the gmer scan, I decided to go ahead and post the dds log and see if you guys could help. All of my other files are accessible, except for the previous mentioned. I grabbed a laptop to get online.Here is my dds log:DDS (Ver_10-10-10.03) - NTFSx86 Run by Steven at 9:57:32.10 on Thu 10/14/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1643 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchos... Read more

Answer:Microsoft Security Essentials Alert Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

2 more replies
Relevance 83.64%

Hello,I'm new to the forum. Hopefully, someone can help me out. Thanks in advance.A friend dropped off her ThinkPad Z61t running windows XP (SP3) and asked me to help her get rid of the "viruses" on it. Here is what I've done, so far.Ran CCleanerRan Malwarebytes (it found several infections and I instructed the program to clean them - I can post the logs, if necessary)DDS.txt file follows:DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 13:52:41.31 on Sat 08/07/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.373 [GMT -4:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\IPSSVC.EXEC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\WINDOWS\system32\acs.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ThinkPad\Bluetoot... Read more

Answer:Trojan/Security Essentials/Infiltration Alert

Hello rjohnson57 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.In order to better assist you I will need the following:Disable your antivirus along with other security programs such as Windows Defender or TeaTimer before running the following. Instructions can be found Here.Download GMER Rootkit Scanner from here to your deskto... Read more

3 more replies
Relevance 83.64%

I have communicated twice with grinler via pm on this issue. i am tryint to keep my computer off line so as to minimize possibility of attack.here is a hijackthis log v.2.04 hope that you see something that will help with a fix. i apologize for being out of form. Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:11:11 AM, on 10/1/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18498)Boot mode: NormalRunning processes:C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exeC:\Program Files (x86)\NSNetMon\netmon.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Wave59 RT\History59_IB.exeC:\program files (x86)\avira\antivir desktop\avcenter.exeC:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exec:\program files (x86)\avira\antivir desktop\avconfig.exeC:\Program Files (x86)\Internet Explorer\ieuser.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exeC:\download\HijackThis204.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Li... Read more

Answer:Microsoft security essentials trojan virus.

Hello cobalt5002Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

2 more replies
Relevance 83.64%

This is not the legitimate Microsoft Security Essentials program.

You can read about it here.

Here is a screenshot of the fake trojan program.

------------------------------------------------------------
 

Answer:Warning! SECURITY ESSENTIALS 2010 Is A Trojan

7 more replies
Relevance 83.64%

I have a pop up saying its from Microsoft Security Essentials with a win 32/Trojan. It is a networked computer. I am unable to close the program without doing a scan that I think wants me to download malicious malware protection. Below is my Hijack this log and Ark log. I am unable to run the dds program to include an attach file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:54:56 AM, on 10/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Documents and Settings\Grat... Read more

More replies
Relevance 82.82%

I tried following the directions from a different post but now I'm not sure if the Trojan is gone. I'm still getting a pop-up from malwarebytes but when I scanned it yesterday it didn't come up with anything. The computer is running at the same speed -- it's choppy at times but not terrible. Also, sometimes when I start up the computer it automatically does a complete system check instead of going to the start menu. Any help would be greatly appreciated.

Answer:Microsoft Security Essentials found trojan:dos/alureon.j. Not sure if it's gone.

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop For 32bit system or For 64bit system Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+=======Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the proc... Read more

9 more replies
Relevance 82.82%

Microsoft security essentials detected several sirefef trojans. I tried cleaning my computer using Microsoft security essentials but halfway through the cleansing it started restarting every 60-90 seconds. I used the system configuration in administrative tool to restart the computer in diagnostic start up. I then tried enabling Microsoft security essentials again but as soon as I started it my pc began automatic shutdowns again. so I enabled my internet and found this forum then I followed the instructions in the READ & RUN ME FIRST Malware Removal Guide thread I followed every step to the letter but i'm still having problems I will attach my logs
 

Answer:Microsoft security essentials finds sirefef trojan please help

Please download ComboFix to your desktop and run it. Do not mouse click or do anything while it runs. Attach the log when it is finished.
 

1 more replies
Relevance 82.82%

Hello I am new to the board. My computer was recently infected with the Microsoft Security Essentials Alert Trojan. (link: http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert) When I tried to open a web browser, an IM client, etc., just about any program that accessed the Internet, the Microsoft Security Essentials box popped up. I ended up downloading an anti-virus program called Hitmanpro 3.5 and it removed the virus. Malawarebytes does not find anything now in scans. I think that the hitmanpro removed it because my computer now seems to function normally and I can open up programs again. However, I do not have the knowledge to know if it is completely removed or if there is some other malware I am infected with. I am running Windows XP Home w/ Service Pack 2. I have attached logs and tried to follow the instructions I saw in the "before you post." Please help me clean my computer completely. Thank you. DDS.txt :DDS (Ver_10-03-17.01) - NTFSx86 Run by Jeffrey at 18:17:28.45 on Thu 01/06/2011Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.287 [GMT -8:00]AV: Doctor Web Anti-Virus *On-access scanning enabled* (Outdated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B}AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running P... Read more

Answer:Infected with Microsoft Security Essentials Alert Trojan

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

10 more replies
Relevance 82.82%

How do I remove this pesky malware.
I tried and ran rkill
then ran ccleaner
then ran malware

first i did this in safe mode then did in normal mode.

OS xp por..I still can not remove this any suggestions
 

Answer:Microsoft Security Essentials Alert trojan removal

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using... Read more

3 more replies
Relevance 82.82%

Every five minutes, a MS Security Essentials notification window appears with a green banner, "Detected threats are being cleaned.", and a white message field with, "No action needed."
Opening the MS Security Essentials window with the Quarantined Items button selected shows a long list of Detected Items.  Every item is the same: "Trojan:JS/Medfos.B"
The Alert level is "Severe" for each. The Date shows the date and time (each is five minutes after the one prior).  Action taken is "Quarantined".
 
Selecting any one of these shows identical details (below):
 
Category:
Trojan
Description:
This program is dangerous and executes commands from an attacker.
Recommended action:
Remove this software immediately.
Items:
containerfile:C:\Users\James Thomas\AppData\Local\d5a90e9e-d057-4cf3-98ff-b9e2befdcfd6.crx
file:C:\Users\James Thomas\AppData\Local\d5a90e9e-d057-4cf3-98ff-b9e2befdcfd6.crx->manager.js
Get more information about this item online.
 
The last line is a link to a Microsoft definition of the threat, apparently a malicious JavaScript which redirects searches for popular search engines, and which generally operates as a Chrome browser extension.  I do not use Chrome and I don't have Chrome installed on my system.
 
When I click Remove all, the list is erased, but it just builds up again as MS Security Essentials continues to find the beastie and attempts to quarantine it.
 
I ran Microsoft's latest Malicious Software Removal Too... Read more

Answer:Trojan:JS/Medfos.B appears every 5 minutes in MS Security Essentials

Hello Sliderule Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at ... Read more

9 more replies
Relevance 82.82%

My computer is running strange, opens different web sites, slow, when I tried to run Microsoft
security essentials I get an error message that states Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item.
Another error message state Windows host process (Rundll32) has stopped working.

I read the rules, and I ran the logs, hope I got everything I was suppose. This is pretty much new to me and I'm a bit lost.
before doing this I contacted Acer support , sent me to My Tech support http://acer.mytechhelp.com/?cpid=35049&gclid=CObixtD38bcCFZFFMgod6HUArQ They assisted my by taking over my computer told me I have a trojan and showed me lots of files that need to be removed because it is controling my computer. Then they told me it would cost me a one time cost of $150. I became nervous said that I couldn't do that before I talked to a tech person.
Please advise as what I can do to fix the computer.
Post was too long so will send GMer in 2nd post?

I have an Acer Aspire 5560-7696 Window 7 less than 1 year old. AMD Quad-Core Processor A6 3420 M
Thank you. Pam Lowe [email protected]

Logs attached below.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:29 AM, on 6/20/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Download\iCloudServices.exe
C:\Program Files (x86)\Google\Chrome\Application\chrom... Read more

Answer:Trojan? Microsoft Security Essentials error message

16 more replies
Relevance 82.82%

Hi

I was hit by 3 or 4 trojans, at least 4 virus files and who knows what else. Right now, I cannot start or run Microsoft Security Essentials. Therefore my netbook must still be infected. I have no idea what to do next, and need help.

I have a Netbook with windows XP home edition. No CD rom, disabled Boot from external (so I can't boot from a USB key)

- had the trojan dos alureon.a which seemed to allow fqb.exe, fqc.exe, fqd.exe, and fqe.exe to be installed. The effect of these programs, among other things, was to disable Microsoft Security Essentials and the windows firewall
- I manually disabled my internet connection
- I used TDSSKiller to remove the one trojan, and rootkit virus was detected and removed
- I ended up going into safe mode with DOS prompt to force delete the fq*.exe files
- ran malwarebytes' anti-malware (full scan) and found and quarantined 2 trojan downloaders and 1 trojan fraud.pack
- used regedit to remove O4 - HKUS\S-1-5-18\..\Run: [8DDYX0ZBPZ] C:\WINDOWS\TEMP\Zqd.exe (User 'SYSTEM') and O4 - HKUS\S-1-5-18\..\Run: [XMZH42I4GI] C:\WINDOWS\TEMP\Zqc.exe (User 'SYSTEM')
- ran HiJack This
- ran DDS by sUBS and saved files DDS.txt and Attach.txt
- ran GMER.exe from the desktop, no activity reported

However, I can't get MS Security Essentials to even open. I have

- deleted and reinstalled the program
- used Process Explorer on run32dll.exe to see if it was pointing to an alternate DLL to run (the command line says giv... Read more

Answer:Microsoft Security Essentials won't run after rootkit/virus/trojan

I've rebooted a few times while trying to resolve the issue. It's really taking a very long time to start up, and there's some kind of wickedly bad sound coming out of it now. I mean, the startup tune sounds like it's vibrating the speaker due to volume. The virus did have a sound feature which was some voices, guys talking, no idea what they were saying or if it was English. Any ideas folks? Or do I just copy what I can salvage and take it in to Best Buy to have the thing fixed and a newer OS installed?
 

3 more replies
Relevance 82.82%

Hi all,
 
What a great site. You've helped me out in many ways over the years, but I'm not getting this one resolved.
 
Microsoft Security Essentials is detecting trojan:dos/alureon.J. It is detected multiple times, I've performed a "Remove All" which appears to be successful, but then then it is detected again and again. I have run TDDSKiller, Malwarebytes, but indicate clean.
 
Your help and advice are appreciated.
 
Kurt

Answer:trojan:dos/alureon.J, Security Essentials detects but can't remove

Hi & to Bleeping Computer Forums!My name is Jürgen and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully: Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.Step 1Please run a FRST scan. This will help us diagnose your problem.Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.... Read more

21 more replies
Relevance 82.82%

Security Shield 2009 (Total Internet Security) Find Security Shield 2009 at click hereSecurity Shield 2009 gives you the best protection available today. Our Triple Threat Protection is a unique set of technologies that protect against identity theft, confidential data leakage and all Internet threats. Add privacy and parental controls, an integrated firewall, a new and improved interface and much, much more! Powered by Kaspersky Labs technology, Security Shield 2009 has defended against more than 80,000 malicious Internet attacks - more than 200 a day. The volume is unprecedented. To guard against these threats, Security Shield 2009 now offers Triple Threat Protection. PCSecurityShield provides free technical support for The Security Shield virus protection customers as well as all PCSecurityShield products. Security Shield 2008 is Vista Compatible.Automated Hourly Anti-Malware Updates Independent tests show Security Shield is #1 for detecting viruses and spyware. Our Internet Security Lab is world renowned for the fastest response to Internet threats - less than two hours once a threat is discovered. Combined with our standard hourly updates, you're only minutes away from the latest protection directly from the Lab! Intelligent Proactive Heuristics Zero-day exploits can attack and destroy in seconds. PCSecurityShield runs all files that don't match our signature database in a safe, isolated section to check for malicious behavior. This failsafe method checks the code withou... Read more

Answer:Security Shield 2009 (Total Internet Security)

You are not allowed to advertise on here.Even so maybe this review might put folk off.click here

4 more replies
Relevance 82.41%

I can close the window, but every time I click to start my browser, the same window pops up. It always suggests installing one of their spy removal tools. I have not done so. How do I remove this malware???

I am running Windows XP on Dell PC

More replies
Relevance 82%

I just removed the trojan Security Shield from my computer (Windows Vista Home Premium, Service Pack 2, 32-bit, copyright 2007) thanks to your step-by-step tutorial (THANK YOU!)
I got Security Sheild somehow right inbetween deleting an old antivirus program and intalling a new one--what are the chances!?
I do have an antivirus program up and running on my system now: ESET Smart Security. I have also scanned my computer with this.

Here's my concern:
Upon rebooting after reinstalling the default HOSTS file, things look different.
The START menu and the whole bottom 'bar' are white instead of the usual Vista appearance.
Also, the Sidebar is white--completely blocking out that section of my desktop background.
When I come online, Internet Explorer toolbars look different as well--looking more like Windows 98 instead of the modern Vista look.

How can I get the toolbars, etc. back to the original Vista style?!

Thanks in advance for any advice/help you can provide.

Answer:Start Menu, Sidebar & Internet Explorer look different after removing Security Shield Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

4 more replies
Relevance 82%

Hello,DDS logs attached and pasted below. Did I get it all? Thanks in advance :-)My dad called me at work to tell me that his XP Security Center was going off, warning him that his AV product wasn't running and/or up to date. The thing was, MS Security Essentials was as happy as it could be: definitions were up to date, realtime protection was on. A reboot didn't help either.That was weird. So I got to his house. By then, XP's Security Center had calmed down and reported no issues. However, opening and closing Firefox with Google as his homepage would create a detection in MS Security Essentials. MSSE called it a Blacole or Blachole exploit kit. It would show up in his Firefox cache.MSSE would quarantine it. I would delete it, and it be gone until I opened and closed Firefox again. Then it would appear again and MSSE would quarantine it again.So, I unplugged his computer from the net, and I ran a full Scan with MSSE. It found a Java exploit in some Java cache files with the common vulnerability name thingy CVR-2010-0840. It may have found some other stuff, but its not in the history any more.Than I ran a MBAM scan. It found a few more things:Files Detected: 6C:\Documents and Settings\Ernie\Desktop\Brian\Sony PC and nLIte and TinyXP files\(ACCUXP)\kv.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.C:\Documents and Settings\Ernie\Local Settings\Temp\ICReinstall_PDFReaderSetup.exe (Adware.... Read more

Answer:It started with WinXP security center reporting that MS Security Essentials wasn't running

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and a... Read more

2 more replies
Relevance 82%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by kanne at 20:38:50,58 on ti 26.04.2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.1015.301 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\svcho... Read more

Answer:can't turn on windows security center, Redirected web pages and MS Security Essentials Will Not Open

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 82%

I am running windows 7 home and using security essential. but yesterday i found my security essentials not working and showing red alarm. When i take the pointer to show it ............ the program close and the security
center service disabled........ and i went to see the security center service to run it and make it automatically run this message appear to me " Windows could not start the security center service on local computer.
Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it"
And i removed security Essentials and tried to run the security center service ......but the problem still exists the service runs only 2 minutes and disabled again.
Please help QUICKLY ................ because i am working without
ANTI-VIRUS      

Answer:Security Center service for Windows 7 cannot start & Security Essentials not working

Hi,
 
The Security Center service cannot be started due to virus destruction.
 
Have you tried the repair for Windows? If not, you can go to following SkyDrive to load the registry and import it to check the result.
 
http://cid-9fb18a384ebfc662.office.live.com/self.aspx/.Documents/wscsvc%5E564%5E6.zip
 
Before importing it, please back up the following registry key first. Just find the key and right click it, choose export and save to desktop.
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
 
After importing the correct registry, please go to services Windows to check if Security Center starts properly.
 
Best Regards,
NikiPlease remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

44 more replies
Relevance 82%

Rogue security product claims to be Microsoft Security Essentials.

F-secure reports:
This malware is distributed via drive-by-download attacks as hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46).Click to expand...

-- Tom
 

Answer:Rogue security product claims to be Microsoft Security Essentials - Oct 22, 2010

Thanks for sharing.
 

2 more replies
Relevance 82%

It?s not uncommon for security solutions to have issues with products offering functionality that overlaps or conflicts theirs, and Microsoft Security Essentials is no exception.

Apparently, Microsoft Security Essentials 2.1 fails to play nice with antivirus products and with some solutions designed to let users manage their computers.

In such cases, users will get an error message when launching MSE, according to the software giant.

Specifically, when they see Microsoft Security Essentially display the following: ?You haven't run a scan on your computer for a while. This could put your computer at risk,? they should know that something is wrong.

?This error appears as the result of third party anti-virus and/or system cleaner products conflicting with Microsoft Security Essentials,? Microsoft said.Click to expand...

Read More

Well for anyone using MSE and CCleaner then follow the method on the link.
 

Answer:Microsoft Security Essentials 2.1 Conflicts with Security and System Cleaner Solution

why MSE is always problematic?
while ago, chrome they considered it malware or something.
:S

what's the problem?
 

9 more replies
Relevance 82%

Following on from http://www.bleepingcomputer.com/forums/ind...p;#entry1928024. C:\Windows\Temp\reoD7D.tmp (Rootkit.Dropper) shown by MBAM, along with some trojan results. I think the trojans have gone after telling MBAM to remove them, but apparently the rootkit is still there.GMER crashed a few times and caused some blue screens, managed to get it to finish eventually but only in safe mode.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Andy at 22:00:20.77 on 15/09/2010Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.2046.1357 [GMT 1:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe ... Read more

Answer:Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

2 more replies
Relevance 82%

Problems:While googling it redirects me to sites - "http://directagain.net/in.php?source=7777&q=&suid=1101&rnd=3xz%2B1mgzFz9AZ7RtJ0%2Bx2w%3D%3D"and"http://www.ihavenet.com/?search=&n=1355828587"(there are some more redirections, but at the moment these are the most frequent)After copying "http://www.ihavenet.com/" from address bar or search bar it pastes "google.com" (I'm using Firefox atm).Bigger problems:Microsoft Security Essentials starts only for the moment on the boot-up and after that is gone.I can't turn on Windows Security Center Service.I tried:Starting WSCS from services.msc and setting it to "Automatic (Delayed)" and after restarting PC..same.Reinstalling MSE didn't work.I used CCleaner. And please tell me is cleanpcguide.com valid site?Did the scan with AdwCleaner and deleted all the threats.Did the scan with Malwarebytes Anti-Malware and deleted all the threats.Did the scan with TDSSKiller and deleted all the threats.I've made "Windows Defender Offline" Bootable USB and did the scan. It only found keygen that I've never used. Deleted it.I did a little "house cleaning" (nice, yeah) but the problem is still there!If someone have an idea what's the problem, please help. Thanks in advance.Sorry for this big post, and I appreciate for you time.

Answer:Can't turn on Windows Security Center Service, Microsoft Security Essentials is also off

[delete this post]

21 more replies
Relevance 82%

I created an account on my computer for my roommate. It appears that there was something nasty on a USB storage drive she had from several years ago.

Microsoft Security Essentials found many Trojan:Win64/Sirefef and Trojan:Win32/Sirefef files along with a VirTool:INF/Autorun.gen!B and VirTool:Win32/VBInject.gen!EP that I told it to remove on 7/12. Today the scan came up with a multitude of the same Sirefef files.

I scanned her USB with MSE, and had it remove the Inject thing from that too.

On 7/12, I ran a scan with SB-S&D and found tracking cookies only. Same result today running SuperAntiSpyware via alternate start.

Need to stop them from coming back. Read a little bit of online lit about the Sirefef being stealthy, so I guess the core has gone under MSE's radar. Please help.

Answer:Microsoft Security Essentials found Trojan:Win64/Sirefef

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run, install or uninstall any programs, unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, se... Read more

7 more replies
Relevance 82%

A week or two ago, I created an account for my roommate to use my computer. Evidently there was something bad on an old USB storage stick she had, because shortly after she used it, Microsoft Security Essentials found many Trojan:Win32/Sirefef files along with a VirTool:INF/Autorun.gen!B and VirTool:Win32/VBInject.gen!EP shown as created that day. I had MSE remove them, but a new set of Sirefef reappeared a few days later in another MSE quarantine.

I scanned my roommate's USB with MSE, and had it remove the Inject thing from that too. On 7/12, I ran a scan with SB-S&D and found tracking cookies only. Same result on 7/19 running SuperAntiSpyware via alternate start.

That was when I posted for help here.
http://www.bleepingcomputer.com/forums/topic461530.html
We ran TDSSkiller, SecurityCheck, FSS, MiniToolBox, Defogger, and GMER, before I was referred here.

I have kept my computer off as much as possible, because the MSE quarantine log showed created time/dates for the files as being every 4-5 mins. Figured keeping it off would slow the progress.
I just completed the Prep. Guide, and my DDS log will follow. However, when I tried to use GMER, the only selectable options were Services, Registry, Files, C:\, and ADS. Everything else was greyed out. Scan found no system modifications, and no log was made.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Rhythian at 15:17:36 on 2012-07-21
Mic... Read more

Answer:Microsoft Security Essentials found Trojan:Win64/Sirefef

please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

12 more replies
Relevance 82%

My brothers computer has become infected with what I believe to be the Fake Microsoft Security Essentials Alert Trojan. How do I remove it?
 

More replies
Relevance 82%

I have followed the removal instructions for this malware but the infected PC in Safe mode will not let me run MalwareBytes AntiMalware or regedit or cmd.

It took me about 20 tries to get it to run rkill but it wouldn't run Malwarebytes after that.

Help

Answer:Fake Microsoft Security Essentials Alert Trojan & AntiSpySafeguard

Hello,Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

1 more replies
Relevance 82%

I was infected with the Fake Microsoft Security Essentials Alert Trojan as described here http://www.bleepingcomputer.com/virus-remo...ssentials-alertI'm running Windows 7.Whenever I'd logon to windows (regular or safe mode), the Microsoft Security Essentials Alert and I would immediately blue screen (irql_not_less_than_or_equal was the reason).I put the Kaspersky rescue cd on a usb disk and it found a lot of malware which it removed. Logging back into windows, however, still blue screened.Back in kasperky, I went to the file explorer and poked around, and found "hotfix.exe" in appdata/local/temp, which I promptly deleted (I'd done this for someone else recently). Now I could login to windows, but I still wasn't out of the woods yet.Logging into windows in regular mode would show a black screen with no explorer, I had to launch it from task manager. Full scan with MalwareBytes showed that there was a registry entry in policies/explorer which turned it off, and some driver with a random name (sqbzeh.sys) was an infected file. Neither MalwareBytes nor I was able to delete this file, so I had to go back into Kaspersky to do it.Running Sophos rootkit finder flagged some temp files, and Security Task Manager found another file in the temp dir that was bad. Now MalwareBytes gives me a clean bill of health, but I still see a lot of strange activity in TCPView. Here's my dds file output:DDS (Ver_10-10-10.03) - NTFSx86 Run by D at 9:15:24.05 on Sun 10/1... Read more

Answer:Infected with Fake Microsoft Security Essentials Alert Trojan

BTW, the network icon in the taskbar shows that I'm not connected, even though when I click on it and open up the dialog, it says I'm connected. More fallout from the infection? Any way to get this back to normal without reformatting?

2 more replies
Relevance 82%

Hi,

Here is the attached logs. I have run GMER but it only lets me select Services, Registry and Files - all the options above it are greyed out.

Thanks in advance for your help,

Jon

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by JC at 16:31:37 on 2012-06-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4094.1511 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\... Read more

Answer:Microsoft Security Essentials keeps finding Trojan:Win64/Sirefef.W

Hi Jon,

I will be handling your logs to help you get cleaned up. Please give me some time to look them over and I will get back to you as soon as possible. Thanks in advance for your patience.

16 more replies
Relevance 82%

Fake Microsoft Security Essentials Alert TrojanDid you mean 5 or 6?Thanks

Answer:Feedback - Fake Microsoft Security Essentials Alert Trojan

Did you mean 5 or 6?These five rogue programs are:Red Cross AntivirusPeak Protection 2010Pest Detector 4.1Major Defense KitThinkPointAntiSpySafeguard or AntiSpy SafeguardIs this what you are referring to ?? Updates get added and not All the text is updated to suit -

1 more replies
Relevance 82%

Hello, I recently caught a virus on my pc. Microsoft Security Essentials labels it as Trojan:WIN32/Sirefef.AB. It claims to have removed the Trojan and it no longer detects it during a scan, but my computer randomly shuts down now with no warning. If I enter safe mode it will shut down VERY fast. I'm using Windows XP home edition. Any help with this would be greatly appreciated. I'm not very computer savvy. Here are my dd.txt and attach.txt logs. Thanks!

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Faithfulfly at 15:51:18 on 2013-01-03
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1391 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Immunet Protect *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Immunet Protect\2.0.17\agent.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Immunet Protect\2.0.17\iptray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Fi... Read more

Answer:Trojan:WIN32/Sirefef.AB was detected by Microsoft Security Essentials.

Please do the following:Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exewhen the window opens, click on Change Parametersunder ?Additional options?, put a check mark in the box next to ?Detect TDLFS File System?click OK Press Start Scan
If Malicious objects are found then ensure Cure is selectedIf TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)Then click Continue > Reboot nowCopy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)NEXTDownload ComboFix from the following location:Link 1 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to ... Read more

2 more replies
Relevance 82%

I run Windows 7 on a 64-bit system.

Earlier this month, after clicking on a google image link, Microsoft Security Essentials's scanner detected Trojan:DOS/Alureon.E on my computer. Whenever I tried to remove it, I receive an error encountered message. "Error code 0x800704ec. This program is blocked by group policy. For more information, contact your system administrator." Under the items section, it is listed at boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17). Afterwards, my computer had a few strange behaviors, though all seem to be resolved with help I received from the Am I Infected board. (ie: Firefox and Google Chrome would not launch, Google searches would redirect, Windows Firewall was turned off.) I tried reinstalling Microsoft Security Essentials, but it still detects and cannot remove the trojan.

Thank you in advance for helping me with my computer woes!

Below is the DDS log and attached the Attach log.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Amanda at 15:15:48 on 2012-06-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print E... Read more

Answer:Microsoft Security Essentials detects but cannot remove Trojan:DOS/Alureon.E

Good evening. Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop. You will then need to extract the file(s) from the zipped folder.
To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish
Please close all open programs as this may result in a reboot being necessary.
Double click TDSSKiller.exe to begin. Click Change parameters and check the two boxes under Additional Options. Click Start scan and allow the tool to do just that.
One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate. Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
The log that the tool creates will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt. - i'd like a copy of the contents in your next reply.
Please check that you get the one with the right date and time.

30 more replies
Relevance 82%

hello, thank you for taking your in looking at my post.

the first incident was two days ago, where a pop up asking to install, i accidentally installed it and took over computer with pop ups (telling me that i have other malware, spyware).
i updated my malware-byes, and superantispyware, and Microsoft security essentials; went into safe mode and removed the Trojans.
but yesterday and today another Trojan popped up. I'm thinking i missed something; so here i am, seeking help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:07:19 PM, on 4/15/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows... Read more

Answer:vista: trojan keeps on poping up on my microsoft security essentials after removed

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 81.59%

I just need need help with getting my Microsoft Essentials to run again, as well as my Windows update and firewall. The Platinum virus isn't popping up and doesn't seem to still be on my computer, but it still has a lock on my security systems. Any help would be much much appreciated.
 

Answer:Live Platinum Security - can't open Microsoft Security Essentials

Hi and welcome to the MalwareTips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necess... Read more

1 more replies
Relevance 81.59%

Hello guys (and girls),I don't give up very easy, that's not really my thing.But this here, is really out of my league.I feel like giving up at this point and leave the Digital Western World to go live in a cave.I am trying over a week now to get rid of Microsoft Security Essentials.I even suspect that there are two different Trojans/Programs running (Security Tool & Microsoft Security Essentials.I think I really tried everything. Running Rkill.exe to stop processes. Ran malwarebytes at least 50 times, threw the outcome away, but it will pop up right after restart. Ran Spybot S&D, threw stuff out of the registry. Nothing seems to help What the programs do is that everthing is considered a virus by one of them (MSE/ST), the Pop-up will say: "firefox.exe is a virus", ctrl+alt+delete+ a virus, etc;* Websites as: Trendmicro Housecall and SuperAntiSpyware are being bloked;* Programs like Ad-Aware and TweakXp are impossible to install;I read a lot of post from people that said that after they ran MalwareBytes, everything was nice and clean again... IMPOSSIBLE! It keeps on popping up, no matter what I throw away. I really am out of possibilities right now.I really am thinking about ditching my laptop (even though I am very attached to it).Especially when I read some scary stuff.When I tried to run Combofix.exe (without helper, figured I have nothing to lose) the .exe removed itself from my desktop saying:"maybe you have some sort of Virut-Virus?&... Read more

Answer:Microsoft Security Essentials / Security Tool = Mission Impossible!

have you tried Superfreeantispyware you can get it at download.com.when scan is finished and you press next (eg 57 items found)make sure all boxes are ticked.

20 more replies
Relevance 81.59%

Hi Folks, Sorry for another question so soon after my previous post yesterday...I just got my computer back from the repair shop a few days ago. They removed a virus. They installed Microsoft Security Essentials, and told me that only one antivirus programs should be active on my computer to avoid potential conflicts. However, I just noticed that they left McAfee Security Scan Plus loaded, since it popped up and started scanning a few hours ago.My question is: Is there any reason why they would leave McAfee Security Scan Plus loaded in addition to loading Microsoft Security Essentials, especially when they told me only one AV program should be active? Can those two programs peacefully coexist, or should I delete one of them?Thank you again for your expertise,Best regardsGary

Answer:Can MS Security Essentials and McAfee Security Scan Plus Peacefully Coexist?

You can keep the 2 antivirus but one of the two AVs' real time scan should be turn off or it will cause conflits

14 more replies
Relevance 81.18%

Hello everybody!I'm fairly new to this site and first time posting. Hope someone can help.I had the Fake Microsoft Security Essentials Alert trojan and removed it using the instructions here:http://www.bleepingcomputer.com/virus-remo...ssentials-alertNow the trojan is gone but every time I turn my computer on, it shuts down and restarts on it's own within 5 seconds (after everything has loaded)Right before it does so, a blue screen flashes that says A problem has been encountered or detected (it appears & disappears so fast that it's hard to read the rest).I'm wondering how I can fix this?Any help will be greatly appreciated Thanks!

Answer:Problems after removing Fake Microsoft Security Essentials Alert Trojan

Hello! I am Blind Faith or Elle(it's easier to remember,I think) and I will help you with your malware related problems.As you can see I am still a trainee and that means my work is revised by a coach.Therefore, it will take a bit longer for me to reply.So don't be impatient because I won't leave your case suspended in the air,waiting forever.NOTE: Do not make any type of changes to your system during the cleaning process.The steps you are following are based on strict information from your system.So changes which I did not give instructions for are not recommended. I will need some time to research the files on your system so please click the Options button at the top bar of this topic and Track this Topic, where you should choose email notifications to know when I replied. Remember to check your topic for new replies.Probably, it will take a couple of days until the next reply but after that everything will go faster. Also please let me know if you still need help after you have read this.Now I would like you to answer to 2 questions:1. Where exactly does the Windows loading process stop? By that I mean when does the blue screen appear? Please give me all the information regarding this question.2. Do you have a Windows Installation CD ? (I suppose the Operation System is Windows XP, if not please tell me which one is it)Elle

2 more replies
Relevance 81.18%

My mother's computer had the trojan horse a few months back, so when one of my teachers said her laptop had it, I figured it would be a cinch. Since I don't really know what all she did to the computer, I'm stuck. Whenever I try to use Rkill, the computer bluescreens, and reboots. The same happens with most other programs EXCEPT Malwarebyte's. When I tried to use it, however, it ran. When the scan completed, it came back with 13 results, and I removed them all. However, whenever I try to open a program or application, the same fake pop-up appears and it reboots. Short of reinstalling Vista, any ideas?Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

Answer:"Remove the Fake Microsoft Security Essentials Alert Trojan and AntiSpySafeguard"

Hello could you post that MBAM scan log?The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black scr... Read more

15 more replies
Relevance 81.18%

Is the above enough security or should I be going for an anti-virus program as well?

Answer:Is Microsoft Security Essentials and Windows Firewall enough Security?

MSE is fine.
If you need extra security, Malware Bytes works well with MSE.

9 more replies
Relevance 81.18%

What do you think of Vipre as a replacement for Security Essentials for Vista```What are you using``` Thanks RichardMod Edit...Moved to General Security from Vista ~~boopme

Answer:Vipre advanced security to replace security essentials

VIPRE Anti-virus, previously owned by GFI, is now developed by ThreatTrack Security Inc. but it was originally introduced in May 2010 by Sunbelt Counterspy...one of the early pioneers in anti-malware protection with an outstanding reputation for years. Counterspy was officially discontinued a year later and customers were offered the option to switch to VIPRE Anti-virus previously owned by GFI but now developed by ThreatTrack Security Inc. As with most security vendors, existing web site links were redirected to the new product.I have never personally used VIPRE. I have read it that it's blocking of malicious downloads was only adequate and that it's zero-day malware detection was below average. Generally if you're dealing with zero-day malware it's unlikely most anti-virus testing is going to detect anything since it takes time for new malware to be reported, samples collected, analyzed, and tested by anti-virus researchers before they can add a new threat to database definitions. The researchers at ThreatTrack Security need to show some improvement in these areas.

1 more replies
Relevance 80.77%

Hello again.I seem to have got hit with something as my comp started acting strange while I was working this afternoon. I had some popup that said "rasvsnet.tmp" could not run and I found a file in my sys32 folder called "scecli.dll" which I know is malware. The worst thing is I suspect this attack has made it impossible to run both spybot and Malware adbytes and Has disabled my security program. O am posting a hijack this loge in hopes someone can shed some light on how to fix this error.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:38:05, on 8/20/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\Intel Audio Studio\IntelAudioStudio.exeC:\WINDOWS\zHotkey.exeC:\Program Files\CyberLin... Read more

Answer:trojan disabled my security

Hi Weedly,

Is this a business, work or corporate computer?

38 more replies
Relevance 80.36%

Windows 7 Home Premium x64
Toshiba Satellite laptop

Both IE and Firefox redirect to random sites when clicking on links or typing in a direct web address. Windows Security Center Service is disabled and cannot be enabled.

Ran combofix upon direction from another forum (before finding this one). DDS log is below, followed by combofix log.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Vincenzo at 16:53:09 on 2011-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1545 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice... Read more

Answer:Browser redirects and Windows Security Center disabled

Please close this thread. I've resolved the issues myself.

4 more replies
Relevance 80.36%

Hello,

Malwarebytes indicates that Trojan.dropper.bcminer has infected my machine. And it keeps coming back after removal and reboot.

I am running Windows 7 Home Premium 64-bit on a desktop. I have noticed pop up windows opening and redirects with windows IE9 and firefox.

Also, Microsoft Security Essentials and Windows Update are broken. (Security Essentials isn't monitoring your PC because the program's service stopped. You should restart it now. --> The service specified does not exist as an installed service.) (Ouch!)

Other things Malwarebytes found were:

BetterInstaller.exe (PUP.BundleInstaller.Somoto)
Rootkit.0Access

Both were removed and have not returned.

I was able to run DDS and the output is attached as per the instructions.

I'm a little concerned about following the advice in the other forums as many indicate that the recommendations are specific to the infected machine.

Hopefully someone can suggest a way to remove this. Many Thanks.

=========

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Eman8 at 14:19:42 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.5271 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B... Read more

Answer:Trojan.Dropper.BCMiner infection and Windows Update and Security Essentials Don't Work

please do the following;download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

2 more replies
Relevance 79.54%

I used bleepingcomputer.com for the directions to remove the FAKE microsoft security essentials virus/trojan. I ran RKILL and used (after updating) malwarebytes. It takes almost 3 hours to run a full scan, and I've ran it three times, and it's running now. I got the message and pop up talked about here first... http://www.bleepingcomputer.com/virus-remo...ssentials-alert - and I took care of it following the instructions.Then I started to get the pop up about explorer had crashed and will restart. My windows bar with the time and start menu button dissipated and came back over and over again. Then it just stopped. This is after running rkill, following the instructions, malwarebytes and restarting. I log in from the login screen and everything appears normal for a second, then I get the explorer has stopped working or crashed message and my screen goes completely black. I can pull up task manager to get to chrome browser and my stuff on the pc, but windows explore (not internet explorer, but the one that runs windows) just isn't working.After I ran it, it seemed to work just fine, for one sitting, then this happened. What can I do now? I hard drive wipe is not an option as someone stole my external, and I have almost all of my hd on here saving my music and video until I can by another one.Also, on a side note... there are two users on this pc. The other one is notorious for downloading and being stupid with my machine...HOWEVER this time, it looks like me. As... Read more

More replies
Relevance 79.54%

I don't know where Microsoft Security Essentials went, and I don't remember uninstalling it. However, Microsoft Security Client is still here, and MsMpEng.exe is using up all the CPU. I've tried to end it, but it keeps coming up again. Please help?-computereater:3

Answer:Microsoft Security Essentials gone, Security Client isn't

Try the microsoft fix it herehttp://support.microsoft.com/kb/243...

3 more replies
Relevance 79.54%

Hi! New member here and after trying to reply in specific threads and getting a message that I could not, I decided to just make a new one. So, I have some security questions. I have a Gateway NV78 and i had purchased CA Anti-Virus. I used it for about 9 months but wasn't impressed with the results. Long story short, I erased it and am now running Microsoft Security Essentials and Malwarebytes. Malwarebytes has been great but I'm just wondering if the Microsoft Security Essentials is good enough to be a stand alone Anti-Virus program? Any help/insight would be greatly appreciated.
 

Answer:Security Question about Microsoft Security Essentials

Greetings, FtaTF85.

Posts are not allowed in existing threads in the Malware Forum, for obvious reasons. However, if you are having problems posting in existing threads in any of the other MG forums, that is a problem, and I'm sure one of the moderators will address the issues.

As far as Microsoft Security Essentials, there are many users here who have stated that the suite has greatly improved recently. I'd suggest continuing your own research, and I'm sure others will chime in with their pros and cons.

Good luck, and welcome aboard! :major
 

5 more replies
Relevance 79.54%

The red Windows Security shield icon keeps telling me my antivirus isn't turned on or it's out of date.  My green Microsoft Security Essentials castle icon tells me it is working and is up-to-date.  Am I supposed to have Windows antivirus turned off because I have MS Sec. Ess.?  If they're both turned on aren't they competing with each other and overtaxing my CPU?  If I have the Windows Security do I not need the MS Security Essentials?  Are they doing different things?  The Windows product mentions a Firewall but the Security Essentials doesn't. 

Answer:Microsoft Security Essentials AND Windows Security?

you should only have one av in your pc as they might be in conflict or cause problems , i would keep MSE disable the windows one , but i would delete it altogetheryou will still have the firewall working

9 more replies
Relevance 79.54%

Which is better? I have AVG 9 til 2018, full version, but I'm considering MSE. Which is better? Which do you use?

Answer:AVG 9 Internet Security v Microsoft Security Essentials

If it's working for you, it doesn't matter too much what everyone uses

Personally I use MSE as on access, with MBAM and Hitman Pro for on demand.
AV comparatives has some good info...

8 more replies
Relevance 79.54%

Pasting in additional information from another post with a duplicate log. ~ OBThe PC is running Windows Vista. It had MS Security Essentials on it. The main acct does not allow the AV SW to run any longer, but the pop up window says Vista Security 2011 on it and is mimicking the Security Essential program, except it is asking for payment to run and disinfect. The Second account on the PC I was able to access Security Essentials, but it was sending pop-up continuously to us Vista Security 2011 to disinfect with 26 viruses.End of added information. ~ OBHave run several antivirus programs to find out how to remove this rogue anti virus program from system, without any progress. Any help with this HJT log file? Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:05:48 AM, on 4/21/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.19048)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Users\Mary\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\wpcumi.exeC:\Windows\sttray.exeC:\Windows\System32\rundll32.exeC:\Program Files\Sprint music manager\M... Read more

Answer:Security Essentials now Vista Security 2011

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 79.13%

Redirection when opening internet explorer, haven't used much since recieving virus trying not to lose my files.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Daddy at 21:00:25.14 on Thu 02/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.493 [GMT -5:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\... Read more

Answer:Gen:Trojan.Heur.25/ Microsoft security disabled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.
------------------------------------------------------
Click on the attached ResetTeaTimer.zip file located at the bottom of this post.
Save it to your Desktop.
Double-click ResetTeaTimer.zip
Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer... Read more

5 more replies
Relevance 79.13%

Hi, thanks for helping me. I have a trojan that is causing some major problems. Avast noticed it, and might have deleted at least part of it, but it is still here. I read on symantec's site here: http://www.symantec.com/security_response/...-99&tabid=3 that it deletes a lot of security registry keys. I am not sure if this is the same trojan I have or not, but its probably pretty close. I restarted my computer before doing the HT to see what all is running on boot, and I have these exe's that I believe are viruses: ashDisp, ashMaiSv, ashServ, ashWebsv, aswUpdSv, the last one possibly being avast itself. There could be other virus exes running, but I don't know. I think I can remove it, and would rather try than spend $80 taking it into the shop, but I don't know what registry keys are bad etc. It attacked system32 as well, but I haven't been alerted of any bad dll files yet. I deleted some "ash.." things in "prefetch" which I belive are just descriptions of what has already happened, correct me if I'm wrong. Tell me if there is more information I can give.If you could help me with this problem I would be most appreciative. Thanks. Here is my logfile, thanks again.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:08:22 AM, on 11/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogo... Read more

Answer:Trojan Disabled Virus Protection And Other Security

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

4 more replies
Relevance 78.31%

I'm pretty sure I clicked a fake mega upload download page. All the sudden all types of fake spyware diagnostics start running. I'm also pretty sure the problem has made changes to my computer as well. I say this because on start up or shut down I get all sorts of " xxxx cannot close due to runtime error" or " xxx must close would you like to send an email to microsoft". Up to this point I have ran Rkill, Spybot, MBam and VGA. All will run without being terminated by the virus and all find and will remove several trojans and etc. However the browser is still hijacked and every once in a while I get a Microsoft Development Enviroment Run pop up but it stops and shows another error box saying " an exception of type Microsoft JScrip runtime error object was not handled.============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\Syste... Read more

Answer:Windows Security Shield Alert, windows running half speed and browser hijacked

I forgot to add there is a fake "windows security alerts" icon on my bottom right portion of my tool bar. I haven't touched it but I can tell by looking its a fake.

4 more replies
Relevance 78.31%

Hello, please help and thank you in advance! I have Firefox and Windows 7, was 32-bit but I upped it to 64.
 
A few months ago Microsoft Security Essentials caught a trojan and I had it delete it. I really don't remember the name, but every since then I've felt my computer started acting differently. As time went on it began to use more and more CPU. I began to try to figure it out and tried many things, Checking add-on's and plug ins and scripts. I removed Flashplayer as it had recently had a problem that caused Firefox to disable it.
 
None of my anti-malware ( Microsoft Security Essentials, Spybot, Superantispyware (free versions) and Malwarebytes, pro version.) found anything more than adware.tracking cookies. Remembering a problem I had over a year ago, another trojan that I took care of myself, I then tried the Malwarebytes root kill and Kaspersky root kill but it came up clean. Then I tried Avira and it came up with the Trash.gen trojan. It successfully removed it. I believe I did this in safe mode but not sure about that.
 
The problem is even after that, I felt my computer was still acting weird. The curser would often jump around. My antivirus never found anything. When I tried to update my security software it wouldn't update. I would cllick on a tab to close it and it wouldn't close. So I did more reseach on the trojan and found it it probably changed files so it can do what it wants with my computer. I'm using it in safe mode now. When I use it in ... Read more

More replies
Relevance 78.31%

Too many viruses to fix so I had to reformat HD. Have not put old files/pictures etc back on computer. First thing I put was my AV from Cox MaAFee Suite. Then I downloaded all the MS updates it took about 2 hours and three times I had to restart until I got back to SP3 and all my updates.
Then I put SAS, Advanced System Care 4. I then loaded FF and Chrome. I had uploaded my bookmarks to XMark. I downloaded all my bookmarks. FF was fine, however, Chrome went would not work- for more information
http://forums.majorgeeks.com/showthread.php?t=241893

After doing all the things mentioned in my Chrome post ( getting rid of X Marks, cleaning computer again I SAS finds - Disabled.Security Center Option. I let it quarantine and things seemed OK.
I had a Key from MG for Iobit Malware Fighter, I opened that and started to use it.

Last night it was doing a smart clean when my computer was idle. It found BackDoor Trojan. I cleaned and then restarted the computer. I ran a full scan on Iobit- it said the Backdoor was still there. I ran this three times and shut the computer down each time. Finally after the third time it was gone.

FF started to freeze, or get hung up, I would try to use CC Cleaner and it would say close FF still open but it was not. It was not in my Task Manager.

I could not use RR. I downloaded from the link and it only gave me the option of a rar file. I had to download WinZip Quick Pick 45 day temp user to be able to open the file.

I opened the fi... Read more

Answer:Backdoor Trojan, Disabled.Security Center Option,Can't Run RR

Iobit Malware Fighter logs ( re Backdoor Trojan)

I am not going to try to install Chrome or anything else until I find out if the machine is clean, and why Root Repeal crashed the system.

Thank you!
Grandma Geek! Raven
 

30 more replies
Relevance 77.9%

Hi and thanks in advance for any assistance reply,I'm running Windows 7 Home basic SP 1 64bit os. Just a while ago I open www.mahagenco.in and a zip file containing total_run_mahagenco.exe 612kb and click_me_installer_mahagenco.exe 616kb automatically downloaded When I run it, nothing happened and it suddenly disappeared from my desktop. After assuming it was a virus, I run Windows Security Essentials and began a quick scan. Just in the middle of the scan, Windows security essentials shuted down, and the flag of messages in my task bar appeared, saying that Windows Security Center was turned off. I tried to turn it on, but a message saying "The Windows Security Center service can't be started" appeared. I restarted my computer but everything was the same, no MSE and no Windows Defender.I also open service.msc and restarted security centre but it was disabled after sometime.Also in internet explorer9 and google chrome i was automatically redirected to another sites.Then i run combofix whose log report is as follows - ComboFix 13-01-05.01 - PRANALI t 05-01-13 23:44:24.3.4 - x64Microsoft Windows 7 Home Basic SP1 [GMT 5.5:30]Running from: c:\users\PRANALI\Downloads\Programs\ComboFix.exeAV: Microsoft Security Essentials *Enabled/Outdated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: Microsoft Security Essentials *Enabled/Outdated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132... Read more

Answer:Virus/malware disabled Windows Security Center and microsoft security essential

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

20 more replies
Relevance 76.26%

Referred from here: http://www.bleepingcomputer.com/forums/topic462175.html ~ OBI am running Windows Vista with Microsoft Security Essentials when i first encountered the problem. The virus shutdown MSE and the Microsoft update center, my firewall, etc. I downloaded MBAM, ran the scan, and it caught some files. Disinfected them, rebooted, rescanned, and files appeared again. (while running in safe mode with networking from the point after being infected). I followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-security-shield first because this is where I believe all the problems began (that is after my wife clicking on an embedded link within FB). Upon completing the entire process, I noticed I still had the sirefef trojan, sirefef virus, and rootkit 0 access as I was running MSE and MBAM right before getting the "windows (Vista) encountered a critical error and will restart" loop. I have already downloaded frst.exe and ran it thru the usb drive connected to the infected cpu. I do not know what to do from this point on to get my cpu back to "healthy" and virus free status again ??????Running Vista 32 bit

Answer:Security SHield 2012, sirefef trojan, sirefef virus, and rootkit 0 access TROUBLE!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

58 more replies
Relevance 73.8%

Hi all,

Being a semi-computer geek, had hoped would never need to post on here but never mind!

Yesterday I got a blue screen twice - no error message, just a dump message and reboot. Then I discovered my firewall was disabled, my ad-aware and spybot were not working and my browser has been hijacked. I can go to a website direct, but I click any links within google and it takes me to one of many different websites.

Obviously I must have a virus or trojan, and being unable to complete a scan before the computer blue screens and reboots causes a bit of a problem!

I managed to get a hijack this log (below) if someone can have a look and tell me what needs to come out. Any other advice which can be offered to me would be super!

Thanks,
Tess

Logfile of HijackThis v1.99.1
Scan saved at 07:36:43, on 12/03/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
D:\Program Files - Software\AdAware\Ad-Aware.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\igfxsrvc.exe
G:\Program Files\HijackThis\HijackThis.exe
D:\Program Files - Soft... Read more

Answer:Blue Screen, Browser Hijacking, Virus/Firewall Disabled - Help?!

9 more replies