Computer Support Forum

Some form of Redirect Malware

Question: Some form of Redirect Malware

I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". Nonetheless, I am being redirected by something and want it gone for obvious security reasons. Mostly hits me on Tumblr.com, but I'm fairly sure that's just because I'm on there often.

I have windows 7 64 bit, and have attempted to use malwarebytes, Microsoft sec. essentials, AVG, and Ad-Aware. None have been successful.
I'll post logs of whatever you want, just tell me.

Thanks for whatever help you guys can provide.

Relevance 100%
Preferred Solution: Some form of Redirect Malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Some form of Redirect Malware

Hello diesmiley and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.____________________________________________________I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". A few thoughts cross my mind for what this could be. Off hand without seeing any logs from you, it could be an issue with an infected host file, or depending on what browser the redirects occur in (if it occurs in one and not the other) it could be a malicious extension.I should have a better idea of what it maybe after I see the results of this log file below.Running OTLWe need to create a FULL OTL ReportPlease download OTL from here:
Main MirrorMirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "SafeList"Push the button.Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be openedExtras.txt <-- Will be minimized

19 more replies
Relevance 66.01%

When using google links,I keep being redirected to other sites. Have tried using McAfee, ad-aware and malwarebytes to resolve the issue but to date this hasn't helped.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 14:00:41 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3063.1559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&#... Read more

Answer:infected with some form of malware that causes google links to redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 49.61%

HI.
I am new to the forum so TIA for your help. Whenever I use any search engine I am redirected to the same IP address. I use Peer Block so it does not connect however if Peer Block is disabled I am directed to various different search pages. I have run Malwarebytes, Spybot, Adaware and Symantec Antivirus. Although the scans have found problems teh redirection issue remains.
Prior to reading all the instructions I had seen threads about Combo fix in other forums and have rum that already . It did remove some files but , again the problem is still persisting . I am attaching the dds and gmer logs. These were run after combofix. I am also attaching combofix log

Answer:Some form of Google Redirect that will not go away!!!

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Open notepad and copy/paste the text in the quote box below into it:
File::
c:\windows\system32\wscui32.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03EBC043-35BD-4710-97ED-F843D4670272}]

Save this as CFScript on your desktop.Referring to the picture above, drag CFScript into ComboFix.exeThen post the resultant log.===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Please post the logs and let me know what problem persists.

4 more replies
Relevance 49.2%

Hi everyone,

As was probably the case with many others out there, I found myself browsing with Google on Firefox, and suddenly the results of the search would send me to random websites (things like Yellowpages.com or various advertisements, etc...). It doesn't seem like a life or death problem, and I wasn't even that annoyed by it, but I realize that whatever's causing it probably can't be good to have just sitting on my computer somewhere.

I attempted to work out what it was myself, but I'm not great with computers. After running my regular Trend Micro searches and not getting anything, I tried downloading the Kapersky program (TDSSKiller), but that search came up with nothing as well. So I was hoping someone else out there was in my boat and might have a few more helpful tips for me to try in order to sort this out!

Thanks guys!

Evan

Answer:I have some form of the Google Redirect Virus

Welcome aboard Can you check if IE is being redirected as well?

12 more replies
Relevance 49.2%

I am getting google redirects and cannot seem to locate the problem despite scanning with a lot of different tools. I have a few specific issues:

1. I cannot enable Windows Firewall - I get an error message when I try to do so.
2. I disabled system restore ages ago.
3. I did use ComboFix a couple weeks ago, to no effect.

Likewise TDSSKiller did nothing for me. RKill finds no bad processes. Malwarebytes will sometimes block outbound connections, but I still get that "googleads" thing sometimes. I'm using Vista.

Thanks for your help!

Answer:Some Form of Google Redirect Infection

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

17 more replies
Relevance 48.38%

Hello Helpers,

I have been having two problems with my browser (Firefox) that I have been unable to fix on my own:

The first is that any link clicked on from a google.com search redirects to some ad-site. Where the redirect goes to depends on the type of search that was initiated related but trying to sell something rather than going to the specific site.

The second problem occurs somewhat randomly. Almost always when I first launch my browser (Firefox), no matter what page I start from, I will soon get another tab opening, usually claiming I won a $1000 Walmart gift card. I don't have to click anything to get the new tab to open, it just does it. It will also do this at other seemingly random times during a browsing session.

I've updated (repeatedly) my Firefox, AVG antivirus, Spybot-S&D, and Malwarebytes' antimalware and performed scans (repeatedly) and nothing gets rid of these two issues.

Your help is greatly appreciated.

Thank you,

Waterrat

Below is the DDS.txt log. The other DDS log is attached along with the GMER log.
DDS (Ver_10-12-12.02) - NTFSx86
Run by Aaron at 19:06:51.45 on Wed 01/05/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1211 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:&... Read more

Answer:Browser redirect (form google) and popup tab

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

16 more replies
Relevance 47.97%

I can not click on links provided by my search engines. It is redirecting me to a broken link. Here is what the screen says:

<form action="http://68.169.70.144/go.php?c=3sCaAhis%2FuUFoPhSDoGjXW3sKYTR4t9k%2F2exrSe0W5Vya5t1AlkoKeQ9NjSFk0SrFDAIq%2FG8sJLnVXk1sb88PeKwoTSh4SKIPGcrXztf62c01woh02HJEdgfOL97uj%2F0jA38jHCHsFPQMGo0kqVFKWH%2BSM3GoFvW7YSVv8TkZTbDsIopK6VlLHcviDYWUAfGNYJG8iz2v4NgKoMBedmF82yXxJquJjcu2GLSJep82IyyXpHr5zFTsMZ%2Fw7%2BwsA2SZ4%2FvuJrNGH%2Bl8r%2BjNRfY2xoT2qr92q3

I have followed all the prep work and will attach necessary files.

dds.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by rosalie chapman at 13:16:20.29 on Tue 01/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.342 [GMT -6:00]
============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesDellMedia ExperienceDMXLauncher.exe
C:Program FilesIntelModem Event MonitorIntelMEM.exe
C:WINDOWSSystem32DLADLACTRLW.EXE
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:PROGRA~1SBCSEL~1SMARTB~1MotiveSB.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesDellSupportDSAgnt.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon File... Read more

Answer:search link redirect <form action="http://68.169.70.144/go.php?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

1 more replies
Relevance 47.56%

Learning as I go so be gentle..

I'm trying to include a simple form in my webpage using FP2003. I have 1 text box on the form. If the customer enters in the correct data in the form I want it to go to a specific webpage when the submit button is hit. If not, pop up an invalide error msg. I have the validation working but I can't seem to get the redirection to another webpage working. I keep getting a couple of 405 verb error. Code and error msgs below. If there is a simplier way to validate a customers text entry and when correct redirect to another webpage let me know or send over some sample code..

Thanks.

=============================================
HTTP 405 - Resource not allowed Internet Information Services

HTTP Error 405 - The HTTP verb used to access this page is not allowed. Internet Information Services (IIS)
===============================================================
Here is the code I'm using to test and learn on...

<html>

<head>
<title>Form Validation Example</title>

<script>
function ValidateCouponForm()
{
var coupon = document.CouponForm.Name;

if (coupon.value == "")
{
window.alert("Invalid Coupon Code. Please try again or hit the new user icon");
coupon.focus();
return false;
}

return true;
}

</script>
</head>

<body>

<form method="post" action="http://usatoday.com"
name="CouponForm" onsubmit="return ValidateCouponForm();&q... Read more

Answer:Validating text box data in a form and when correct redirect to another webpage.

Because your target page isn't set up to process a POST. If you set your form action="GET" this should work OK.
 

2 more replies
Relevance 47.15%

I keep seeing these three folders pop up in the AppData folder:
 
EmieBrowserModeList
EmieSiteList
EmieUserList
 
When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucatio... Read more

Answer:I think I have some form of malware.

Hey, What's with the Addition Log?

19 more replies
Relevance 47.15%

New PC: Built 31/01/2015
New Windows 8.1 Install
No Internet access yet
Believe it has picked up some malware from my external hardrive.
When I run exes I get this error "Windows cannot "C:\Users\Michael\Desktop\rkill.exe" find make sure you typed the name correctly then try again?"
Managed to get rkill to run in safe mode, here are the results.
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 02/01/2015 08:55:03 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 ... Read more

Answer:Seem to have some form of Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

1 more replies
Relevance 47.15%

I am infected with a version of the Google Redirect malware problem:- When I click on one of the results from a search on any major search engine, I am redirected to other websites, usually commercial websites such as monstermarketplace.com. I can reach any website if I copy the address in the address bar; I only get redirected when I click directly on the link in the search results page.- Occasionally, a new tab pops up when I am in iGoogle, Gmail, or a Google search page. The new tab's address is www.google.com/webhp. In two occasions a new tab has opened with a commercial website. I always close the windows and have never searched on the google.com/webhp page.Some history:- I was originally infected with the AV Security Suite virus this weekend while downloading the platform for the online game "Battlefield Heroes" (www.battlefieldheroes.com). I tried going online while this virus was active and clicked on some of the pop-ups and alerts, sometimes saying "Yes" and sometimes "No" when it would ask if I wanted to allow access to the home page website. I believe this may have enabled the current redirect malware.- I removed the AV Security Suite virus (at least partly) by renaming and deleting the folder from which it was acting within my Local Settings folder. The current infection must therefore be a leftover of that initial infection.- I ran SpyBot and Ad-Aware, both of which found and removed cookies. I uninstalled both programs a... Read more

Answer:Infected with Google Redirect / Search Engine Redirect Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

13 more replies
Relevance 46.74%

GMER & Combofix blue screens of deaths (yes i know realized i should not have done this)

TDSS finds nothing.

Computer runs fairly well, but randomly crashes sometimes. Avira finds a trojan daily in the system restore (not sure how to safely remove this)

any help would be great. Thank you.

Answer:Some form of malware/ seems undetectable

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Don't worry about the GMER log.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 46.74%

First of all Im running a dell computer with Windows XP Service Pack 3 installed on it.

Of late, whenever I try to run the computer in normal mode it crashes or freezes up and goes to a blue screen error message which says something along the lines of DRIVER_IRQL_NOT_LESS_OR_EQUAL. Currently I am running my computer in Safe Mode with Networking. I didn't install any new hardware or software prior to this error message, so I have no idea what is causing it. (Could it be malware?)

I also think that my computer is infected with something. I have done multiple scans using windows defender yet it doesn't come up with any viruses. Normally in the past Spybot Search & Destory has been most effective in removing malware, but whenever I right click the Spybot Search & Destroy icon in the system tray and select RUN nothing happens.
I don't know if I have malware that is blocking the program from opening.

In the past, I had malware called AntiSpyCheck installed on the system, which I thought I completely removed with SS&D. This appears not to be the case, as the other day SS&D came up with a Registry change warning, and the path of the program that was altering the registry was C:\\Program Files\ASpyC\.

My system started having problems shortly after the download of a Torrent from TPB. I use the BitTorrent client, and prior to the torrent that I downloaded the system was running perfectly fine.

Here is a Hijack This log:

Logfile of HijackThis v1.99.1... Read more

Answer:I've been infected by some form of malware.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 46.74%

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.Kinda at a loss here as to what might be causing this...hoping you guys could help.Thanks, WillEDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\HijackThis.exec:\program files\driverc:\windows\msa.exec:\windows\msb.exeInfected copy of c:&... Read more

Answer:Pretty sure I have some form of malware...

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 46.33%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 46.33%

Hey Bleeping Computer,

I am running Windows 7 Home Premium, 64bit.
Someone logged into a few of my game accounts last night while I was sleeping which in turn got my accounts locked. The games were World of Warcraft, Guild Wars 2 and Star Wars: The Old Republic. I received emails stating that unauthorized persons logged into all 3 accounts. And each account has a different Email and Password. I am not sure if they logged into any of my other emails or anything since I haven't received any warnings from anyone.

My computer has been running well, but for the past week or so my browsers have been a little slower than usual. I use Mozilla mostly, but I tested IE as well and it was slow too. Also, every 20 minutes or so, my desktop icons refresh, and if I'm on a webpage, it does the same. I'm not sure how to word it exactly, it doesn't actually "Refresh as in F5" but it (blips)or reloads if that makes any sense.
When I woke up and found out my accounts were logged into from elsewhere, I immediately ran an Avast(Free) full scan, followed by a boot scan and the results came up clean. I then ran Spybot S&D, and again, the results came up clean. After that I ran Malwarebytes(Pro) and they came up clean as well. Then I ran all 3 in safe mode but got the same clean results.

I generally keep my computer pretty well maintained since I play a lot of games. Which includes defragging every night before I shut it off, running Avast and Spybot once... Read more

More replies
Relevance 46.33%

Hello,

I have recently tried using a oldlatop that was given to me. The first sign of problems, was the laptop unbootable boot volume. I manage to use the recovery option in a xp installtion disk to fix it. Once i boot into the system, the computer was very very sluggish. Startup would take extremly long time. At first i merely attributed this to the bloatware and crappy processor. Then I installed various antispyware and antiviruses programs. Lo and behold,avast caught about 30 malware objects with a boot scan. Malwarebytes caught an additional 3. Superantispyware caught another 3 infections. Lastly Avira caught 2 infections. At this rate. I know that there are still malware on my laptop, which may be regenerating itself, or be stealthed. Anyway if you want these logs, feel free to ask. Thank so much for reading this and here is my hijack this log at the bottom of this post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:... Read more

Answer:Severe infestation of various form of malware

6 more replies
Relevance 46.33%

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Answer:my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as t... Read more

6 more replies
Relevance 45.92%

When I first fire up my computer, the following message pops up as Windows starts:

Microsoft Networking
The following error occurred while loading protocol number 0.
Error 38: The computer name you specified is already in use on the network. To specify a different name, double-click the Network icon in Control Panel.

I'm sure others have experienced this. I am not on a network, and this has happened for the last couple of days. I am running 98SE (I know...way past time to upgrade.) My Hijack log follows. I appreciate any help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:41 AM, on 1/9/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ajc.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO... Read more

Answer:Error message - Is this some form of malware at work?

hi there,

Did you run this scan from safe mode as there isn't much in the log?

I don't see anything in your log, have you gort an anti virus programme? if not download anti vir from below?
Anti-vir

http://www.free-av.com/
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710

you have spysweeper, update it and runn ascan from that post it's log if it finds anything?
go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
With CWshredder close all browsers and programmes and select the FIX button.
All tools can be downloaded at the link below and found on that page!

. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE personal
http://www.majorgeeks.com/downloads31.html

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destin... Read more

3 more replies
Relevance 45.92%

Hello.

Im new here, I have been looking for information about 2 applications called "Home Cloud" and "Form1".
When I go to my Alt+TAB menu I can see these applications there, but I cant acces them.
Also in my Task Manager I can see both applications.
I dont know why there are running and how work these applications.
It could be something normal but since im a noob in this things I cant tell if they are not a malware or not.

Can anyone explain me what are these applications for and why their are in my PC?
Can I remove it both or they are some kind of essentials for my PC?

I got a capture of my Alt+TAB menu:
Selected one is Home Cloud, the one on the rigth is Form1.

Regards and thanks.
 

Answer:Home Cloud + Form 1, Malware? Virus?

I'm moving this to appropriate forum.
 

1 more replies
Relevance 45.92%

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.... Read more

Answer:Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.92%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Relevance 45.51%

I recently got a new client who needed help with his computer. It was silly of me to think it would be simple. I was up all night working on it.

His initial problem was that windows would hang on "Loading personal preferences" and would only boot in safe mode. It wasn't the page file, or any of the usual things... though I did start to notice that normal Windows functions didn't work properly, from MsPaint to IExplorer. I tried to run Autoruns.exe and Hijackthis and they shutdown as soon as they were opened. IExplorer wouldn't load pages and firefox would pop up and load the pages instead.

I thought I should just repair windows, which I tried to do and accidentally installed a second copy of windows on the same partition... I then deleted the second windows installation (windows.0), but after that windows would boot fine without safe mode. That was only the beginning though. I found the google redirect on there, a bunch of old adware and a mess of a disorganized computer.

The system also booted and gave a tapi.nfo error, I searched for this and got nowhere. So I went to regedit and deleted the line causing it. It doesn't pop up anymore, but that didn't solve anything.

I looked further into the situation and found that many others are having trouble with rootkit malware that shuts down anti-malware software.

I tried loading malwarebytes, etc, and even renaming the files and the extensions. It still all shuts down immediately when its loaded.
... Read more

Answer:Rootkit, Malware, Tapi.nfo, Google Redirect, Can't open anit-malware

have you tried root repeal? it sounds to me like you've read that post.




Rerun Rootrepeal. After the scan completes, go to the files tab and find this file:

C:\WINDOWS\system32\drivers\UACxpqhxbvttn.sys

Then use your mouse to highlight it in the Rootrepeal window.
Next right mouse click on it and select *wipe file* option only.
Then immediately reboot the computer.

Then run a quick-scan with Malwarebytes. Keep rebooting and running quick-scans with Malwarebytes until it shows zero infections. If after 3 scans it is still not clean post the final log.

this isn't my post so I can't take credit for it but apparently it works
good luck either way. the entire post is called AntiSpy Protector 2009 you should check it out before trying this, good luck

38 more replies
Relevance 45.51%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 45.51%

 

by Dan Goodin
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Source

More replies
Relevance 45.51%

Ok, I'm a graphic artist, and use my computer for my work, but other than that, i'm pretty much "out of the loop" on terms, virus names etc...

so a short while ago i switched from firefox, to google chrome. to see what it was like. and while i love the browser, i seem to have acquired some form of virus or malware while using it.

does anybody have any idea firstly, how to get rid of it? because every time Avast says it's been deleted, i'll get a message about 10 minutes later saying "it's back loser" (not those words exactly, but i feel my machine is mocking me...)

and secondly, whether chrome actually has massive security risks? or if it's just coincidence that i've gotten this stuff while using it.

here is the HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:40, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program File... Read more

More replies
Relevance 45.51%

OK I've followed all the steps in the 5-step process. Here's the problem, when I'm typing or even just scrolling in the current window of IE it will de-highlight and become inactive. Sort of like what happens when you get a pop-up but I'm not seeing the pop-ups. Here are my logs. First Active Scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-29 16:51:17
PROTECTIONS: 1
MALWARE: 76
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.1.0.394 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================... Read more

Answer:[SOLVED] Current window keeps de-activating...some form or spy/malware?

Welcome to TSF.

I don't recommend using file sharing programs like Limewire as they can contribute to malware infections.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {1530C3A4-CA76-4F11-B091-C3B77565A91B} - C:\Program Files\ComPlus Applications\fojeru66225.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "... Read more

7 more replies
Relevance 45.51%

I have inadvertently allowed a malware that creates infinite popups and has hijacked my web browser. I am continuously redirected to their website offering to sell me a virus protection program.My son directed me to open in 'safe' mode and contact BleepingComputer. He thinks you can help someone as old as I am!I would appreciate any assistance, I have tried to follow your guide to complete the scans, etc. before posting for help.Thanks,Lynne

Answer:Malware in the form of popups claiming a virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Relevance 44.28%

There is malware on my computer called 'Redirect.Clickshield.' When I search for something using Google.com in IE or FF and then click on a link, I get redirected to a page that is vaguely similar to my search topic but not the URL in the search result I chose.

I am attaching my HiJackThis log file.

HELP!

Answer:I think I have malware called Redirect.Clickshield Malware

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 44.28%

I recently had CheckDisk malware, which I removed by deleting the registry keys and files that a website directed me to do (I have a number of websites in my history from my research and can't remember which one I finally acted on). At the same time, I started to get random Google redirects and audio ads playing from time to time. I deleted those registry keys and files as well, but, a few days later, the redirects have begun, if only intermittently. Obviously I missed something and would like some help figuring out how to clean my computer of this malware.

As instructed, I've attached the attach.txt and ark.txt logs. The DDS.txt log follows below.

Thanks so much!
DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 12:51:11.03 on Tue 11/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.72 [GMT 0:00]

AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Tr... Read more

Answer:Redirect malware after removing checkdisk malware

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

9 more replies
Relevance 44.28%

I've got a redirect problem I can't get rid of. The primary symptom is that when I do searches with any search engine (I originally thought it was just Google but it's happened with others too) and then click one of the results from the search, quite often (but not every time) my page is redirected. I've had instances of new webpages opening while I'm already on a page. General PC performance tanks the longer the computer is on; I have to reboot FREQUENTLY to recover. I've run full scans in both safe mode and normal mode with Webroot, Malwarebytes, and Ad-Aware and all three claim to have found different problems including BehavesLike.Win32, TrojanWin32.Generic!BT, Troj/ExpJs-X, Troj/ExpJS-Z, and Troj/FakeAVJS-F. Whatever product found it claimed to have cleaned it but the problems persist. I'm seeing frequent pop-up warnings from Webroot on Myroitracking.com and on attempted redirects to 67.302.36.16 and 67.201.36.16.Once I got a pop-up with 195.54.170.75 in the title bar which contained: WARNING! On your computer detected the malicious code. Should immediately make sure your system is safe!I'm running Webroot on this PC all the time and I run a full weekly scan. I'm very careful about where I surf and went from fine one day to disaster the next. I've scanned Add/Remove programs and the c: drive but don't see anything obvious. I'd appreciate any ideas on what to do or try to remedy this. I ran the D... Read more

Answer:Malware redirect problems - various malware found

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

11 more replies
Relevance 41.82%

Hi All,

Noob first-time poster I'm afraid!

I'm new to Access 2007 (but have used 2003 & 2000 reasonably extensively).

I'm building an App and have created all the necessary tables, as well as creating the relationships in the Database Tools area (which I know are correct - I'm a SQL Server DBA in my day job)!

Anyway, it's an almost text book example of an employers and employees database; one employer having many employees (employerID is the foreign key on the employee table).

I have created an employer form (using the wizard) which is fine, but then when I add a button to open the employee form (selecting 'Open the form and find specific records', matching employerID on the Employer table with EmployerID on the Employee table) it doesnt work. Instead, I get a popup box asking me for the EmployerID! Even if I manually enter the correct employerID when the popup box appears it actually displays all records, so I'm sure that the problem is more fundamental (and therefore, probably my fault)!

I'm hoping that I've just overlooked something REALLY stupid, but would apprecaite any suggestions!

Cheers,
Ian.
 

Answer:Access 2007 Form Button Wizard - Form does not open with the correct records

I have seen this kind of problem with Access 2007 VBA code which does not work when it dod in 2000-2003.
It can be a Syntax problem which you may be able to get around, if not you can get around the problem bby using a Criteria in the Query that supplies the Employee Form.
Although I would have thought it would be better design wise to have the Employees as a Subform or Tabbed Subform on your Employer Mainform.
I do not have Access 2007, only 2003 so I can't help with the VBA, but you could post the code anyway.

Did you use a Wizard to create the Employee Form, if so check the Record Source SQL it may be preventing your EmployerID from working.
 

1 more replies
Relevance 41.82%

I sent to look at my Sent Items tonight and to my surprise I saw another email apparently sent yesterday that I definitely didn't send.

I was astonished to find this as I have just upgraded to Vista in the last 2 days and have sent minimal emails.

The subject is "Form posted from Microsoft Internet Explorer." & is sent to a Hotmail account. The attachment is a POSTDATA.ATT. When I look at this file in txt format it has info such as one of my email addresses, my website & description - as if I had filled out a web form & pressed Submit.

Now, thinking about it, shouldn't IE let you know that it is about to send data?

One strange thing is that the email is dated yesterday evening in the Sent list, but when I open the email to view it, it will always have the current date & time - seemingly from the Windows clock.

I am thinking that either

1) this is due to a bug in the new IE & yesterday I visited a website which submitted data via email without my knowledge or

2) this email is an old email that I Imported from backed up email (PST format) from a form I ACTUALLY sent that Internet Mail has redated - maybe something went

Sorry for the long post but I'm just wary, hope it makes sense! I was liking Windows Vista so far!
 

Answer:Sent Items: Form posted from Microsoft Internet Explorer. - I didnt submit any form!

I have moved this to vista forum as I believe it is more likely to be a vista live mail issue
 

3 more replies
Relevance 41.82%

Hi all

I have a simple Access (2003) db which has a single form view with a subform. The main form is a record based upon a physical case file the subform only details actions past and future, a sort of event log.

I also have a continuous form which displays all upcoming actions sorted by date on all cases for a particular user so they can see just how busy they are likely to be for a particular period. What I would like to do is have an on click() property for the detail of the continuous form so that it opens the main form filtered by the record in the continuous form that was clicked. User can then update or add new events for that case before closing form and returning to the continuous form

Hope this makes sense
 

Answer:MS access open single form filtered by selected record in continuous form

coasterman, welcome to the Forum.
It makes perfect sense.
If you add a Command Button to the Continuous Form and after selecting the mainform select the "Open the Form and find specific data to display". This will give you the code that you need to add to your On Click or On Double Click property or of course leave the button and use that.
 

2 more replies
Relevance 41.82%

Hi all. I do have another post going but do not want to cram so many questions in one post. (Hope that this is an acceptable practice )Anyway, my Sony desktop crashed the other day. I had a new Hard Drive installed and recovery disks were used. PC is good to go. Trying to tweek it back to the way I am used to having it.QUESTION:I had a form filler program called ROBOFORM on this PC before it crashed. I had MANY years of passwords and stuff saved there.When I brought this PC to the Geek Squad at Best Buy the other day to see if the PC could be repaired, I was told the hard drive went. They were, however, able to make a disk with my ROBOFORM passwords. I can not get the disc to open the list of passwords. It asks me where I want to open the and give me a list of choices. (Paint, notepad, adobe etc.) None of them will run/open the files so I can see them.This was a program that I paid for. How can I make the disc start to fill my forms again when I am at certain sites? (Gee, hope I am making sense)I just realized I never downloaded the ROBOFORM program onto this pc.  Does that have anything to do with the disc not opening??If I go and download ROBOFORM, how does it know who I am. How will it know about the disc full of passwords? How do they recognize each other?HELP PLEASE..........My Passwords are VERY important to me.Thanks!!

Answer:ROBO FORM / Form Filler - Help Needed Opening/Running a Disc

Yes. I know the website but what do I do? Will they know my info or do I need to pay again. I am lost.(Sorry)Dee

6 more replies
Relevance 41.82%

Hello,
thanks for taking a look at this thread, any help will be greatly appreciated by a complete Noob.

I've been given a LOT of help by members of this Forum (especially OBP) with a DB I'm making as a first look at any type of IT product, and I'm very grateful, so thank you all.

Recently, I was advised to take a look at the "Tabbed" style of "MainForm" instead of the "Switchboard" style I originally used. I must say, I really like the tabbed style much more than the switchboard but I've hit one hurdle that I can't seem to overcome.

In the Switchboard style, I was able to set a form to load in either DATA ENTRY = YES or DATA ENTRY = NO mode depending on which sub-switchboard the user selected. For example, I had a ENTER NEW sub-switchboard that all forms would open in DATA ENTRY = YES mode & I had another EDIT EXISTING sub-switchboard that all forms would open in DATA ENTRY = NO mode.

However, with the new tabbed style, I cannot set the form load type for separate tabbs, it will only accept the LAST type as the GLOBAL type. Example, on the ENTER NEW tab, I set the form to load as DATA ENTRY = YES & sets the form to open in DATA ENTRY = YES on both tabs, then I go to the EDIT EXISTING tab & set the same form to DATA ENTRY = NO & it sets the form to open in both tabs in DATA ENTRY = NO mode.

So, my question is:
Can I set the same form to load differently on different tabs on the same MainForm?
If so, w... Read more

Answer:Solved: MS Access - Tabbed MainForm - How to make a form open a form in multiple mode

I would just copy the Subform, so you have version 1 for data entry with the Data Entry set to "Yes" and version 2 set to "No".
The only thing you need to do then is to Requery the Editing form each time you make an entry in the data entry form.
Although I prefer to just have an Edit form with a "New Record" button for the data entry.
 

2 more replies
Relevance 41.82%

My multi item form isn't letting me add new records, only update and delete current ones.

My guess it that this is because the form is based on a multi-table query. That's fine, I can make a new form specifically for adding new records, but I'd like to be able to salvage this form if possible. Is there any way to either force this form to accept new records in the bottom row, or is there any way to get rid of the "add record" bottom row completely so it's not misleading users into thinking they can add records here?

Thanks in advance.
 

Answer:Solved: Access 2007 - multi item form (continuous form) trouble adding records

16 more replies
Relevance 41.82%

Hello

I have a subform which on its own - works beautifully but fails under the mainform. I use a main form to select the record that the end user wants to update. Upon update event on main form, the sub form opens, presenting fields for possible updating. The Sub Form also present 2 buttons - Save & Close or Cancel and Close (Undo). When the main form opens, the code set AllowClose as False. When the sub form is opened as a result of the update on the mainform, the issue is the Close command /code gets canceled. (Error 2501). I have tried: 1. setting AllowClose (true and False) on both forms, 2. only the main form and 3. only the subform. None of these 3 configurations resolves the issue. Also, I tried moving the buttons to the mainform instead of the sub form but that failed as well.

The application has a dozen forms and all of them utilize AllowClose functionality so the end user MUST use the buttons on the forms to force background queries (updates, deletes, perform calculations, recalc control totals etc). This is the first time I have tried to use Allow Close on a subform with buttons.

XP and Access 2007

KEY ELEMENTS OF THE CODE:

Private AllowClose As Boolean

Private Sub Form_Load()
AllowClose = False
End Sub

Private Sub Form_Unload(Cancel As Integer)
Cancel = Not AllowClose
End Sub

Private Sub SaveChangeandCloseForm_Click()
AllowClose = True
DoCmd.Close

Private Sub CancelAddingNewRecord_Click()
If Me.Dirty Then
Me.Undo
End If
If Not Me.NewRecord Then
En... Read more

Answer:Action Canceled - Using AllowClose on Form and Sub Form - Access 2007

Why not just use a listbox to display the records based on the selection on the main form? I don't think you can actually close a sub-form on a main form since it is tied to the main form.
 

2 more replies
Relevance 41.82%

I have a form Third party Invoice.I need to calculate taxes for GST like as it done for Purchase order,sales order.
so please help me how to calculate taxes for my customized form  ????

More replies
Relevance 41.82%

Morning Guys.

I am having a problem with Access 2007. I am not good with code, so would like to resolve this without using code if possible?

I have a form "A" that I have created. I want to be able to select a row on form "A" press a button and it will open a form "B" based on the selected record in form "A".

I have had a look at the button wizard, and it lets you have the option, but when you go through the wizard, it gives you an empty box on the left and a box on the right showing all the fields in the form "A". Nothing to relate to?

Any ideas?

Thanks
AJ
 

More replies
Relevance 41.82%

I have a database which ultimately will have a couple of thousand records. The primary table has 30+ fields. I have lots of queries and connected reports to show various subsets of the data needed from the table. However, there are times when what is needed is all fields for a specific subset. Because the records sought often need to be filtered by several criteria, I've found the "Filter by Form" option to work well. I have a button on the main dashboard marked "Find Record" that automatically opens a search form in the "Filter by Form" mode. This allows me to enter information into as many controls as necessary, and returns exactly the right records after clicking on "Toggle Filters" on the ribbon. The problem is that ultimately I need to make this "Access-free". The goal is to create an application from the database without ribbons. I've created a button to run the filter, and another one to print the results, but when the search form is open in the "Filter by Form" mode, it greys out the buttons. I understand that there is a GotFocus command or something similar. Can anyone help with specifics, both the syntax of the command and where the command needs to be typed? Thanks a bunch...I look forward to your reply.
 

More replies
Relevance 41.82%

Hi All,

I need some help to figure out how to do a project.
i was given a sample tax form from the government that i have to re-create in electronic format. I have to build the form to match their specifications exactly. I've tried to do it in MS Word 2003 using a table, but the when i try to ensure that the tables cells are the same size as that on the paper - the tables keeps either changing the dimensions of the cell or changing the dimensions of other table cells.

the major thing is to ensure that the form i build matched that paper sample exactly - for example i cannot be off by even a millimetre.

In addition to that, my company has extracted the tax data for its 400-500 employees into an Excel Spreadsheet. I have to use the excel spreadsheet to make the "form" i created fillable.

The previos analyst used ms word 2003 and created the form using the drawing menu and text boxes and then mail merged the info in the excel sheet to the word doc.

can someone suggest an easier to do this? i wold be grateful for any help i can get.

Regards,
Ariane
 

Answer:Create Electronic Form to match sample paper form

Ariane,
Welcome to TSG

If I got your meaning correctly, then yes, ther's an easier way.
I'm almost sure that you can create the form in Excel, though setting the exact sizes and positions could be difficult.
I'm absolutely sure that you can create the form in Powerpoint, and with this latter, setting the exact sizes and positions should be much more simple.
Automatically filling the Powerpoint form is also possible.

If you only need to print out the filled forms, or create PDF-s, this Powerpoint-Excel duo might be good for you.
If you need to do further calculations with the filled forms, then I strongly recommend to stick with Excel.

I'm also curious what others can say.
 

2 more replies
Relevance 41.41%

I have this small database I am converting from A97 toA2010. I created a new A2010 db and pulled over objects I needed. Everything is tested out and working fine.
I also added a drop down box to the main switchboard toselect a "user". Its purposeis so the filter through all the records and pull up only the list of drawing #for that specific drafter.
So I have a table called tblSign_In which has UID autonumber, and the employees name. Thiswill be the user names for the drop down of the Main Switchboard.

I have a table called SHEET LIST that list all the data Ineed to display. This will end upholding tens of thousands of records of information about drawing. I added to this table a field called theLogInID field (UID) to link back to the tblSign_IN, and the correct number andcombination.
I also have a query called qrySHEET LIST which selectsall SHEET TABLE and inner joins to thetblSign_IN to pull the Employee Name linking on a LogInID field.

What I was trying to do is filter SHEET LIST form (my outputform) by the user selected on the MAIN SWITCH form in the drop down box Icalled cboSignInEmployeeName.
For example:
Sheet List (tbl) might contain information like: Sheet# 22a6; description Dryer; buildhours:12; drafter #4.

qrySHEET LIST (also my ouptut data) is pulling all theabove, but replace 4 with actual drafter’s name, John Smith.
To filter, I have two methods:
The query is my record source for my form SHEET LIST, so Iadded

WHERE (((tblSIGN_IN.[Employee Name... Read more

Answer:Filtering a form using selection of a combo box on a another form (user ID)

13 more replies
Relevance 41.41%

Can someone please help. I'm I can't seem to figure out how to keep an imported Excel file open to my users once I lock the Word form that I imported to. I need for my users to be able to be able to fill out the form as wellas open that Excel file if they need to. Any help would be greatly apreciated.
 

More replies
Relevance 41.41%

I am a new user to Access 2010. My operation system is Window 7.
I have created a data base with two tables. The first table contains a list of students and their personal information. The second table contains student subjects and has many subject records with a relationship to the student record. The relationship key is the student id.

I have created a form that populates with the student information and contains a subform that populates with that students subjects. All of this works great for existing students. I can edit the student information and and new subject records.

Now here is my problem. I would like to create a form that preceeds my current form. The user would input a student number and click search button. If that student number exists on the student data base then the form that I created should open populated with the student data and their subjects and allow the user to update it. If the student number does not exist, then I would like that same form (or a form with the same layout) to open and the only data populated is the student number that was input on the search form. The user should be able to input all of the student data and course information and hit a save button that would insert the records into the correct database tables.

I have tried many methods to create the intitial search form that would open the correct version of the student form without any progress. Could someone provide me with the macro that would open that correct form, or set t... Read more

Answer:Access query to open Add form or Edit Form

needaccesshelp, welcome to the Forum.
First a couple of points, you do not need to "save" the record, access does so automatically. Also when creating a New record the subform should be automatically populated with the Student Number, this is controlled by the master child links.

The combo you need is a Find combo which can be created using the combo wizard, that combo can have it's Not In List Property set to yes, which can then be used to trigger adding the student that to the table and then to the form (and combo).
 

1 more replies
Relevance 41.41%

Here is what I'm trying to do.

For lists Equipment in drop down box.
Whatever equipment that is select, the equipment type field needs to be updated from a table.

Is there a way to get a value from SQL statement?

SQL = "SELECT [Equipment Type] FROM OrderDetails Where " _
& " Equipment = '" & Me.Equipment & "'"
[Forms]![OrderDetails]![Equipment Type] = SQL
 

Answer:Help with access form (insert table value into form field)

Mhouser, if you are trying to "display" a value related to the Combo selection you can have thta value as an extra column in the combo and refer to it with simple VBA.
You should not populate a Field's actual value with that from the combo as that is duplication.
Can you tell me which one you are trying to do?
 

3 more replies
Relevance 40.59%

I inherited this Excel document and have been asked to modify it so that when a selection is made from a drop down list a Form pops up for them to enter the reason. I put this code into Private Sub Worksheet_Change(ByVal Target As Range)

If Len(Trim(Range("$H$" & Target.Row).Value)) = False Then
Exit Sub
Else
If Len(Trim(Range("$H$" & Target.Row).Value)) <> "" Then
ProcessReasonForm.Show vbModeless
End If
End If

Which worked fine on three machines that I tested it on locally. However in the 2 remote location there it was tested it the Form would pop upwhen ever any changes were made to the spreadsheet. I need the form to only come up when a selection from the dropdown list in column H is made. As no personal data is in it I'll post a copy with this. To view code use "amber". Any ideas would be great as I'm lost as to why it's happening out there but I cant recreate it.

Thanks
WT
 

Answer:Solved: Form call is causing the Form to pop up everywhere!

File is attached. Code to unlock code is amber.
 

2 more replies
Relevance 40.59%

I have my form sending to my e-mail so it prints out my data line by line. Can anyone give me some pointers on how to get this data into a nice form that can easily be read.

E-mail from From Looks like this.

jnum=12345
jtitle=blah
fname=nick
mi=d
lname=johnson
ssn=1234
[email protected]
oname=
address=123321
 

Answer:Form to E-mail back to a Viewable Form

6 more replies
Relevance 40.59%

Hi all.
I have a form word document that looks ok when viewed but when printed there are the words "formdropdown' in areasthat should contain names, addreses, etc.
Running XP Pro.
The form works ok when printed from other pcs.
Having the same prob with other forms.

Please help.

Thanks

Thee

Answer:Word Form Doc Printing Crap Instead Of Form.

?

3 more replies
Relevance 40.59%

Ok guys, I can give a really easy example of this problem I'm having right here on the message board. If I place my cursor in between these two words (this) (that) and then click on a smiley, it SHOULD insert the smiley face in between them. I'll do it now.

See how it put it at the very end of the line? When I'm finished typing this whole thing, I'll try to insert a confused smiley here ( ) .

The same happens for ANY auto-insert stuff, whether it be the hyperlink or the quotes button, anything here. Its annoying . Anyone know how to fix this? No matter where my cursor is, it always inserts the auto-text into the end of the post.
 

Answer:Firefox - Form auto-insert always at the end of form

I imagine it's a quirk of the javascript in VBull. IE has added a lot of nonstandard code that makes editing windows more robust, and I expect that's what VBull is using. If so, there is no workaround.
 

1 more replies
Relevance 40.59%

Unable to convert Word form to Excel form. Tried screenshot of Word form, pasted to Excel sheet and filled-up by text but the text itself always mis-arrange.Kindly help me please...

Answer:Convert Word form to Excel form

Rather my cherry picking and copying a few how to... suggest you follow the results here:http://tinyurl.com/zxfccfrIt's a google list found using:convert excel document to wordas the search term...

2 more replies
Relevance 40.59%

Actually, it makes sense because it's in the middle of the form where the cursor is sitting and the user will first enter their data. But first they need to read the instructions at the top of the form.

Is there a way to set it to load the page scrolled to the top rather than to the middle where the data is to be entered?

Thanks, Peter
 

More replies
Relevance 40.59%

Hi all. I have different table for each type of inventory that we have. I would like to design one master form that would ask what type of inventory that the user would like to enter. Depending upon what the user selects, it will change the fields to the categories in the pertaining table. Is this possible?
 

Answer:using a form field to select display of a form

12 more replies
Relevance 40.18%
Question: redirect malware

my computer had gotten a spyware virsus and i ran malewarebytes 3 times and found a total of 21 spyware/malware. after cleaning it up i decided to check my hotmail, but when i go to click on a email to open it, it just opens a new tab to the same page i was on.

Answer:redirect malware

im using Mozilla firefox for my browser and it dosnt just happen on my email it happens to other random links to it just always happens to my hotmail emails

2 more replies
Relevance 40.18%
Question: redirect/malware

have scanned with superanti/spybot/windows essentials and they see no issues, i deleted all bho's in safemode but still issues

here are my logs:
 

Answer:redirect/malware

10 more replies
Relevance 40.18%
Question: Redirect Malware

Everytime I search in any search engine I get redirected through "inhootegrgan.com" to a blank google.com page. I've ran MalwareBytes, Security Essentials, Hitman Pro, and SuperAntiSpyware. No dice. Any suggestions?

Answer:Redirect Malware

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller

13 more replies
Relevance 40.18%
Question: Redirect malware

First time poster/novice PC user here who is thanking you in advance and can implement detailed instructions well. I tried to research how/what to post from the pinned posts, so I hope this post is accurate. Thanks again. I'm having consistent redirects of any search engine links, tried AVG 9.0, Super AntiSpyware, blah, blah. Some trojans (Vundo.JD, Generic16) were found and removed, but the redirects continue. XP Home, SP3DDS (Ver_09-12-01.01) - NTFSx86 Run by TR at 21:36:24.21 on Tue 12/29/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2558.1715 [GMT -6:00]AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\Program Files\Common Fil... Read more

Answer:Redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

12 more replies
Relevance 40.18%

The DNS server address is automatically changed to 85.255.112.115, wreaking havoc on my updates and redirecting me to a variety of websites. Thank you for your help.

DDS (Version 1.1.0) - NTFSx86
Run by Administrator at 11:42:12.99 on Sun 12/28/2008
Internet Explorer: 6.0.2600.0000
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.254.65 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: System=kdzoz.exe
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [BitTo... Read more

Answer:DNS redirect malware

Hello lcw132,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

2 more replies
Relevance 40.18%
Question: Redirect Malware

I am posting this in the favor for a friend, she owns a Windows XP service pack 3, which suddenly appears to be infected with some sort of malware. The malware sometimes redirects links that she clicks on to another, clearly suspicious, site. She originally noticed this problem whilst doing a websearch with yahoo, where clicking on a link to a legitimate website led instead to another, seemingly innocuous but clearly incorrect website. The problem seemed to get worse, and now frequently occurs.

I'm not sure if this would be too much help, but here is a hijackthis log for your consideration, thanks for your help:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at ?U?? 08:20:44, on 2009/4/29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:... Read more

Answer:Redirect Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

13 more replies
Relevance 40.18%

Hey folks, it appears that I have been infected with the redirect malware.

I initially noticed about 2 months ago that occasionally a google search result would redirect to some other page. Going back and then clicking the result again would take me to the actuall result. Ran a scan in AVG with, of course, no results. Did a quick internet search and found BC.

I have read the Preparation guide and have included the logs from DDS. I am not sure why the DDS log is pasted, while the attach log is attached, just following directions.

Thank you in advance for the help,
Jesse

DDS Log
DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Us at 17:09:50 on 2012-10-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.562 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost... Read more

Answer:Redirect Malware ick!

Please do the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.e... Read more

24 more replies
Relevance 40.18%
Question: Redirect Malware

As described, have been getting redirects from Google search results in Firefox.

Any of the attached hijackthis logfile entries ring any alarm bells? I had my eye on the BHO entries, but not sure really.

Answer:Redirect Malware

Hello konigrot,Nothing at all wrong with the BHOs in that log. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.If you have trouble running it the first time, then rename ComboFix.exe to konigrot.exe and try again.Thanks,tea

8 more replies
Relevance 40.18%
Question: Redirect Malware

Clicking on links in a google search keeps sending me to phoney pages, it will either send me to the actual page, or anything from a failed google search, an error 404, ebay or strange sites like "Search Britania". This can't be good. Heres a Combofix log and a HJT log, I have also run CCleaner.

ComboFix 09-05-18.06 - Luke 19/05/2009 16:05.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.440 [GMT 1:00]
Running from: c:\documents and settings\Luke\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-04-27 12:19 . 2009-04-27 12:24 -------- d-----w c:\documents and settings\Luke\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-19 09:44 . 2005-11-07 21:04 -------- d-----w c:\program files\Steam
2009-05-12 10:07 . 2009-03-29 22:08 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-12 10:07 . 2009-03-29 22:08 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-22 11:34 . 2005-11-05 10:24 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 17:06 . 2009-03-01 10:07 -------- d-----w c:\program files\ScummVM
2009-04-18 09:47 . 2005-11-07 21:15 -------- d-s---w c:\program files\Xfire
2009-04-13 23:05 . 2009-04-13 23:05 -------... Read more

Answer:Redirect Malware

16 more replies
Relevance 40.18%

Hi,
 
I have been having problems with my web browser keep redirect me to a different website that I do not desire. I suspect it has something to do with malware.
 
When I use firefox web browser, for some websites, it will redirect me to a yahoo page like this
When I use Chrome, it will show the "404 page not found" and then redirect me to a different website. This also happens sometimes when I try to access websites such as youtube, facebook, or google.
 
Also, I have been experienced adobe flash crashes. So I highly suspect malware.
 
I have ran Avira anti virus and found no virus. When I ran Malwarebyte anti malware: "PUP.Optional.Conduit.A" consistently showed up no matter how many times I run Malwarebyte although I directed the software to deleted the malware. I attached a couple of logs from Malwarebyte anti malware in this post.
 
I would really appreciate a help from you guys.

Answer:Redirect malware help!

Hello trubin81 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

28 more replies
Relevance 40.18%

Hello,

I am new to this forum, any help would be greatly appreciated! I have been experiencing issues with my browsers, every link i try to access randomly succeeds or is redirected to some spamming sites. Also Sites such as windows update either give 404 or redirects to msn.com; the files i had to download to carry out the TUTORIAL from this forum also resulted in similar issues (i couldnt dwl most of them from this laptop actually since they urls all gave 404 or were redirected)

I started having this issue a couple of days ago, and Norton Internet Security or MBAM both gave me 0 threat issues. Since using these software failed to resolve my problem, i went back to my classic way of dealing with malware which is reverting to a previous safe image of my 'VISTA' partition. But the latter failed also, and now i am clueless how to get rid of this infection. FYI, i think i also spread this malware to my backup computer via a USB drive!!!! This issue is really being a pain for me now cause if it is also spreading via usb devices, i might have to clean up all the external hdd i had connected too

Any help is welcome, hope my description wasnot too lengthy but resourceful!
Btw, i also verified my DNS Server everytime using ipconfig/all, it was always 192.168.0.1. And finally, i use 90% of the time Chrome as browser but also firefox3 and rarely ie7

Attached are the requested logs as mentioned in the FAQ. As you have guessed, the steps from the FAQ, failed to r... Read more

Answer:url/dns redirect malware

following up on my initial post, attached is the 4th log file.

i attached another text file, im not sure if i did something wrong during the MGLog step since i got an app that crashed so windows told me. The info is in the other text file i attached.

Once again, thanks a lot for any help. I would really appreciate if you guys can help me completely wipe this malware from my computers.




Cheers,
 

4 more replies
Relevance 40.18%

HI,

I have read the must read thread and will post the results below; I thought it might be beneficial to list the problems that I am encountering:

1. Search redirects (frequent)
2. Browser crashes (frequent)
3. "Generic Host Process for Win32 Services encountered a problem and needed to close." Which also results in my sound card not being recognised.
4. Blue Screen. This has just started happening within the past 2 days

Win XP SP3
Intel Q

--------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:40, on 08/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Ap... Read more

Answer:Looking for help with redirect Malware

13 more replies
Relevance 40.18%
Question: Redirect malware

My son had redirect malware and attempted to remove it himself with various programs. It did improve operation, but left some problems with IE9. I talked him through doing a repair using Windows Repair by Tweaking.com to try to get everything working. He was still having some issues.

I got his computer and ran through all your steps.
All logs are attached.

Google Crome works normally.

IE9 seems to work ok now if protected mode is OFF. With protected mode ON to the default settings, it will not load, even on Majorgeeks.com.

Never seen this but it takes multiple attempts, double clicking a folder on the desktop to get the folder to open. Right click and open, always opens it.

Thanks
 

Answer:Redirect malware

So just to clarify, only Internet Explorer redirects? Where does it redirect to?
 

3 more replies
Relevance 40.18%

Hello~

I keep getting redirected to other sites when I click on the search results from google (and perhaps other search engines as well). My computer seems to be holding up pretty well so hopefully whatever is bugging my computer doesn't get any more malicious that this.
I guess that's all...sorry! ahh.. well here's the stuff:


DDS (Ver_09-03-16.01) - NTFSx86
Run by shumango at 0:25:44.46 on Fri 04/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.967 [GMT -7:00]

AV: Norton AntiVirus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService... Read more

Answer:redirect malware..?

Hello and welcome to Tech Support Forum.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

I will be back as soon as possible with your first instructions!

6 more replies
Relevance 40.18%
Question: Redirect malware

Basically I have this, seemingly common, redirect malware. My PC's performance seems a bit slower as well. I think McAfee showed me a ZeroAccess GAC_64,32? I can't remember because sometimes McAfee finds it and other times it reports no threats.

I have went through the "READ & RUN ME FIRST" and it seemed to clean it up for about an hour, but I just got into a redirection again a while ago and noticed that my games weren't running smoothly.

Note* when I ran some of the tools it did find things, but I did not delete them as directed by the thread. Also, I ran the cure on TDSSkiller, but I am not sure it worked as it did not recommend a reboot as directed by the thread.

I apologize beforehand for my lack of knowledge, but I am trying to be as specific as possible. I am ready to get rid of this junk. Thank you for any input or help you would have to offer.
 

Answer:Redirect malware

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the files folder tab and locate these 8 detections:


[ZeroAccess][FOLDER] U : C:\Windows\Installer\{5dd60c0b-a87e-4da7-63f5-351ca2149a0b}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$5dd60c0ba87e4da763f5351ca2149a0b\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2740442479-3523019548-2224670041-1001\$5dd60c0ba87e4da763f5351ca2149a0b\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{5dd60c0b-a87e-4da7-63f5-351ca2149a0b}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$5dd60c0ba87e4da763f5351ca2149a0b\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2740442479-3523019548-2224670041-1001\$5dd60c0ba87e4da763f5351ca2149a0b\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini --> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.

Re run Hitman, under the heading "Suspicious files" you should see:

C:\Windows\system32\services.exe

With this entry, let Hitman "Replace"... Read more

11 more replies
Relevance 40.18%

Hello,

Like many others on here I have been having issues with Redirects, especially when using Google. I Ran all the scans as instructed and have attatched the logs.

Not sure if there is still a problem yet or not. Thanks in advance!
 

Answer:Redirect Malware Help

Forgot one. Sorry!
View attachment mblog.txt
 

6 more replies
Relevance 40.18%
Question: Redirect malware

Hello I have a redirect virus that I cannot remove.Any help would be great!I have attatched files suggested on this forum.Thanks

Answer:Redirect malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

8 more replies
Relevance 40.18%

I am having a real problem with some type of malware that is redirecting me, especially when using Google results. I have run malware bytes to no avail and I do not know where to go from here. Fortunately, I found your forum, and I am very appreciative of your willingness to help a newb. Thank you very much for your help. Here is my log:

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by C at 15:02:58.62 on Thu 11/11/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.700 [GMT -5:00]

FW: Bsecure Firewall 5.5 *enabled* {C5A82BF4-7AB9-4F9D-A47F-3579EAF68415}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32... Read more

Answer:Help pls with redirect malware

Hi bcnole, and welcome to Bleeping Computer.Firstly,Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:DAEMON Tools Toolbar --> it's an Adware toolbar bundled with Daemon Tools software... DAEMON Tools Lite program is safe to use, don't remove it...Secondly,Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.Thirdly,Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.Execute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, ensure Cure is selected (it should be by default).Click Continue then click Reboot now.
Once complete, a log will be produced at the root drive which is typi... Read more

10 more replies
Relevance 40.18%
Question: redirect malware

My dad's computer has picked up some malware that causes it to hijack links (maybe only those provided by a Google search?) and redirect the browser to some commercial website. I've run Lavasoft AdAware and done a virus check with Avast, but the problem persists.

I found another post at techguy with this same problem, but I don't think anyone has responded. Can anyone help? I'll only be at my dad's house until Tuesday the 26th, so an answer before then would be awesome.

I've attached my HJT log to this question. He's running XP media center, btw. Thx very much.
 

More replies
Relevance 40.18%
Question: Redirect Malware

I seem to have a redirect virus on my computer. When I use google about 1/3 of the time when I click on a result link I am redirected to an obviously wrong page. I have tried malwarebytes with no luck, my anti-virus Avast! can't locate it either. I've had the problem for a while, at least several months and when I was infected with it I was using McAfee anti-virus but the firewall kept turning itself off so I removed that program and started using Avast. I have run the gmer scan but it keeps crashing my computer. I did manage to save a log about halfway through the scan before it crashed for the third time, so I have included that. Thank you in advance for any help at all!DDS (Ver_10-12-12.02) - NTFSx86 Run by Kristine at 9:49:29.68 on Mon 01/24/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1918.801 [GMT -7:00]AV: avast! Internet Security *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Internet Security *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: avast! Internet Security *Enabled* {FB460EB6-4C6D-E564-6BF5-EEEF2B44B473}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe ... Read more

Answer:Redirect Malware

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

14 more replies
Relevance 40.18%
Question: REDIRECT MALWARE

I have a redirect virus/malware on my tower. Every time I click on an icon on the desktop, it tells me my computer is infected and sends me to a website to enter my credit card number to download an anti-virus. I am desperate to have this fixed but the cost is exhorbitant ... $300. Can anyone help me? Please? ThanksMod Edit:Moved from Vista to Am I Infected~~ boopme

Answer:REDIRECT MALWARE

Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

1 more replies
Relevance 40.18%
Question: redirect malware

Please forgive me if I did this wrong or posted in the wrong place. I tried running the DDS.scr file as suggested but it will not run. I then downloaded the Rsit file which ran the HJT I already had installed. below are the logs it created. My browser is being redirected when I search. I have to use the back button to go back to the original link and click it again to get to the original link. also today my e-mails started loosing their "subject" and "from" lines...but when you preview the e-mail it is a liget e-mail which should read in HTML but is all text and gibberish (to me anyway) if I am in the wrong place please just direct me to the right place and I will be on my way. thanks for your help.JCLogfile of random's system information tool 1.06 (written by random/random)Run by Harland Harriman at 2009-04-23 22:53:00Microsoft Windows XP Home Edition Service Pack 2System drive C: has 10 GB (25%) free of 38 GBTotal RAM: 511 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:53:10 PM, on 4/23/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.E... Read more

Answer:redirect malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

15 more replies
Relevance 40.18%

Background InformationI recently got a new job. The computer at my place of business is public access (hotel business center). I was told when I was hired there were many issues with it, and I was confident that I could work them out. I got the job and within a week I was able to fix everything, or so I thought. The first issue was the printer giving back error messages. Every board I looked at told me that if updating drivers didn't work, then scrap the printer. It turned out to be a bad USB cord! The other issue was the screen had a black bar on the left and some of the dispaly was in imagination land off to the right. That was easy, new drivers directly from the NVIDIA site (NOT the auto driver look-up that came with Windows 7 ... useless). The last issue was "Security Tools." Which leads me to the real issue of this post.My work computer did not have any anti-virus software running when I was hired. I use a combo pack that runs well together (I know "they" say don't have more than one, but this is a good combo). The first thing I did was delete security tools (I have a handy little fix for that, it takes about 2 minutes and no need to go into safe mode or download anything... if anyone is interested). Then I installed Symantec Endpoint (11.0.5002.333) and ran a scan. The first scan found Security Tools in my recycle bin, a trojan (gyovo107_2185[1].exe) and a tracking cookie. Then I installed AdAware only found cookies. Then ... Read more

Answer:Redirect/Pop-up Malware

Hi,
try running the computer in safe mode w/ networking.
download rkill then after that download mbam (make sure you rename both files to like eXplorer.exe and for mbam, cmd.exe,)

mbam + rkill combo should fix the issue, if not you can try to see if there is a unusual process running using procexp and autoruns.
Just to add up if its a root kit issue, use gmer to scan for rootkits, for links for those to download.. You can find them all here in bleepingcomputer.

8 more replies
Relevance 40.18%
Question: redirect malware

I seem to be having some issues. It seems to be a redirect type of malware as when I open firefox a new tab will open with some random web page on it. I have been having the popup in m system tray that says it is finding threats that appears to be from Microsoft though I know its not.

I ran through the read me first section and had no problems running any of the software except rootrepeal seemed to freeze every time i selected my drive under the files tab to scan. It would say starting and nothing happen after 30 mins.

I have attached the logs and would appreciate any sort of help.

Thanks,

Joe
 

Answer:redirect malware

I have another symptom or purely coincidental. When I go to shut off my computer it goes to the Windows logging off screen and will not advance to power off. I dont know if I did something during the read me first or if Its another part of the maleware.
Also, during the cleanup I thought it might have gotten rid of the Microsoft looking virus protection thing but it is now back. In the system tray it is called XP Internet Security.

Thanks in advanced for the help.
 

2 more replies
Relevance 40.18%
Question: Redirect malware

Hi, I am having issues with getting redirected to random search results or surveys. I've used both Malwarebytes and AdAware. Both programs found trojans, and deleted them, but I still get redirected. GMer wouldn't work, so I couldn't get a report.

Sorry, I guess my attachments didn't go through.


DDS (Ver_09-12-01.01) - NTFSx86
Run by kyle at 15:37:27.85 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1982.870 [GMT -10:00]

AV: avast! antivirus 4.8.1290 [VPS 081123-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1290 [VPS 081123-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalS... Read more

Answer:Redirect malware

Hello TG3 Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.




After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.



Try running GMER once again but this time also uncheck the following before trying it:


Registry
Files






Thanks,



thewall

19 more replies
Relevance 40.18%

A bit over a week ago, my computer was infected with what Avast Antivirus identified as a Trojan.  A boot-time scan seemed to remove it, but random Google results are still being redirected to junk sites, and I've begun suffering other symptoms like honest-to-goodness pop-ups.  Avast also warns me that a malicious site at "clikcpixelabn.com" has been blocked every time I search Google at all.I feel kind of silly asking for advice when so many others seem to be having similar problems, but I guess everyone's solution can be different.  So, thank you in advance.

Answer:Redirect/pop-up malware

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.Could you please tell me how much RAM you have and how much free space you... Read more

1 more replies
Relevance 40.18%
Question: Redirect Malware

 

Answer:Redirect Malware

Hi and welcome to the MalwareTips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to nece... Read more

23 more replies
Relevance 40.18%
Question: Redirect Malware

Reposted in Am I infected? What do I do? forum

Answer:Redirect Malware

you should prob post in the Am I infected? What do I do? forums, They are great at helping with malware problems.

3 more replies
Relevance 40.18%

First off - thanks for being here and for the generous use of your time helping people fix these frustrating problems.

My wife's laptop has acquired some flavor of redirect malware. We can use Firefox or IE8 to go to a search engine and get results, but when those links are clicked we're redirected to decoy sites. Also, a windows-esque "Generic Host Process" error pops up every so often - haven't been able to determine when or why and it looks suspicious so neither of us have clicked on either of the buttons (SEND or CANCEL, I believe.)

I followed the process in the Read & Run Me First thread and will attach the logs as requested.

Thank you very much in advance for your help.

(Note: Can only attach 4 logs, will attach the 5th in subsequent post.)
 

Answer:Dug-in Redirect Malware

Additional log file attached.
 

6 more replies
Relevance 40.18%
Question: Redirect malware

Operating system is Windows XP media center edition service pack 3. When using search on either google or yahoo, when entering a result, it will redirect to some advertising. Also occurs with firefox. Upon bootup, the antivirus program losing its real time shields. I use the fix it now button and about 304 minutes later it enables the shields. Also the realtek high definition device is disabled and no sound on real time or windows media players. Also real time will not show video, but windows media play does but in a limited way.

Below is the DDS results:


DDS (Ver_10-10-10.03) - NTFSx86
Run by Owner at 18:00:10.89 on Sat 10/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1903.931 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\SBCSEL~1\SMARTB... Read more

Answer:Redirect malware

Hello and welcome the TSF

Please attach the attach.txt file. Did you also run Gmer as instructed? I will also need to see that log also please.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

19 more replies
Relevance 40.18%

I seem to be hit by some kind of redirect malware. I've tried to fix it by running malwarebytes, MS Security Essentials as well as Superantispyware. My computer seems to run normally other than when using the web. And when I do a Google search I am usually - but not always - misdirected.

I ran Combo fix and do have the log (I realize now that I should not have done this until asked .... I was in sort of a panic and only skimmed the directions, mea culpa).

I'd appreciate any help that can be offered. I'll be glad to either attach the log file I already have from Combo fix, or to run the thing again and attach the new log file. I apologize for failing to read and correctly follow the instructions.

Answer:web redirect malware

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

22 more replies
Relevance 40.18%
Question: Redirect Malware

Hi, When I search for something using Google or another search engine and click a results link, I am redirected to a page different than my results, such as a questionable search page covered in ads, or a site poor related to my search results.

SpybotS&D does not recognize any kind of problem.
I run ESET Smart Security 4 and it's updated.

I would really appreciate some help with this.

Here is my HijackThis Log:
-------------------------
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:18:48 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
... Read more

Answer:Redirect Malware

I run combofix and it looks like everything is back to normal. I spent already 20m minutes of surfing on the internet and no redirect.

1 more replies
Relevance 40.18%

I read from one your other threads about the redirect to google and other sites malware and I have the same problem. The only thing is is that I have a different Windows. I have Windows Vista SP1. I'll give you the log that I received from Hijackthis.

If you need more let me know.

Answer:The Redirect Malware

Hello and welcome to TSF.

You have attached the log from HijackThis. HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 40.18%

Recently, I have been having the redirect problem that seems increasingly common. Occasionally when trying to click on google links, it will redirect somewhere else. Whenever I open a new IE page, I get an AVG Resident Shield Alert (possibly fake?) that says
File: C:\Windows\System32\ESQULvsxwqgjfyfclijqpinixrbdinyoxdout.dll
Infection: Trojan horse Generic 14.DYJ
Result: Infected

It is also rendering me unable to view several tech sites and causes certain programs to crash. Without renaming HijackThis, it would go into a memory dump blue screen, Malwarebytes had to be renamed and GMER only runs in safemode. I have been unable to provide the ARK.txt file, but I have both DDS files available.

-------------------------------------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 10:48:30.73 on 19/07/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2037.1034 [GMT 1:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\Syste... Read more

Answer:Another redirect malware

Welcome to TSF! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
If you don't reply within three days after my last instructions this topic will be closed. If you will not be able to reply within three days please tell me so the topic will not be closed.
Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time. ... Read more

11 more replies
Relevance 40.18%

I am redirected to mutiple links and pop ups when clicking on search results in google and other search engines.

i have XP Home version 5.1.2600 / with AVG free, Verszon Security Suite, Ad-Aware

I have run Adaware, Malwarebytes TDSS Killer and AVG all to no help.

Any Suggestions?

Answer:Redirect Malware on my PC??

Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Also, try resetting your router.

9 more replies
Relevance 40.18%

I'm running Windows 7 64 bit and for the past week when browsing the web i randomly get redirected to various adware sites. I've run scany with Avira and Malwarebytes but find nothing. Here's the HiJackThis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:29:09 PM, on 7/28/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: Safe mode with network supportRunning processes:C:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...55v155r4552s282R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=A...55v155r4552s282R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=5489... Read more

Answer:IE Redirect Malware

Hello jhollier21Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

4 more replies
Relevance 40.18%
Question: Redirect Malware

Hi,

I am being redirected on all search engines I have used to various sites (usually ebay, Bing and unknown serach engines). It making it really hard to search anything on the internet. I have tried various ant-malware,spyware and virus downloads, but nothing has worked. Can you help?

Answer:Redirect Malware

Hello and Welcome to Bleeping Computer,
Please follow the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller. If you have any problems do not hesitate to reply back.

Thanks

15 more replies
Relevance 40.18%
Question: Redirect malware

Hi. I think I have some malware that I can't seem to get rid of. I'm running windows 7.
The problem is, that google is redirecting to spam sites when clicking the links it provides. Also not sure if it is related but IE, will not open alot of links, just gives a blank page.
I'm not sure what to do anymore. I have run anti malware bytes in safe mode, but it didn't fix it.

thanks

Answer:Redirect malware

Hello and welcome.. let;s do tbis and see huw you are.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 12... Read more

9 more replies