Computer Support Forum

Regrowing "XP Antispyware 2012” and “Security Sphere 2012”

Question: Regrowing "XP Antispyware 2012” and “Security Sphere 2012”

This request was originally posted as http://www.bleepingcomputer.com/forums/topic432929.htmlOriginal situation:About two weeks ago, one of the computers I deal with was sick with one of the fake Antivirus scamware infections. I fixed it, I thought, using the manual removal instructions from this site: FixNCR.reg, rkill.exe, MalWareBytes. It worked fine until this morning, when it displayed “XP Antispyware 2012” and “Security Sphere 2012”These were removed manually, using the instructions on this site...After this, the computer running normally without malware symptoms. But, because the malware regrew last time (or was reinfected despite running AV), I would appreciate it if someone could take a look at it with me.One thing I have noticed is that the HOSTS file is locked or blocked against editing. SPYBOT SEARCH & DESTROY usually keeps many sites blocked in HOSTS, but all of these are missing and SPYBOT reports that it is unable to re-IMMUNIZE. Also, HOSTS cannot be manually edited.These new logs were requested by the Advisor, Broni:DEFOGGERDDSMALWAREBYTESGMER=======================DEFOGGER LOG (Reboot NOT requested)defogger_disable by jpshortstuff (23.02.10.1)Log created at 10:19 on 22/12/2011 (Staff)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...-=E.O.F=-=======================DDS LOG.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by Staff at 10:39:36 on 2011-12-22Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1448 [GMT -5:00].AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exeC:\Program Files\RealVNC\VNC4\WinVNC4.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Intel\Intel Application Accelerator\iaanotif.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Pitney Bowes\PC Meter Connect\mailstationAssistant.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\Seiko\slpcap.exeC:\Program Files\Microsoft Office\Office\1033\msoffice.exeC:\Program Files\RealVNC\VNC4\vncclipboard.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXE.============== Pseudo HJT Report ===============.uStart Page = hxxp://att.my.yahoo.com/uDefault_Page_URL = hxxp://www.dell4me.com/mywaybizuSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comuURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: H - No FilemURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: EpicPlay Games: {56e4076b-a42b-4745-ba35-34da8ac4c2f2} - c:\program files\epicplay\epicPlayGames.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllBHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dllTB: {BA52B914-B692-46c4-B683-905236F6F655} - No FileTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exemRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exemRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /rmRun: [dla] c:\windows\system32\dla\tfswctrl.exemRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /EnterprisemRun: [pdfFactory Pro Dispatcher v3] "c:\windows\system32\spool\drivers\w32x86\3\fppdis3a.exe" /source=HKLMmRun: [PC Meter Connect] c:\program files\pitney bowes\pc meter connect\mailstationAssistant.exe minimizemRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe AutorunmRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exedRun: [jB28300DmOgD28300] c:\documents and settings\all users\application data\jb28300dmogd28300\jB28300DmOgD28300.exedRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_ActiveX.exe -update activexStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\karen'~1.lnk - c:\program files\karen's power tools\once-a-day ii\PTOAD.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartc~1.lnk - c:\windows\seiko\slpcap.exeIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllLSP: mswsock.dllTrusted Zone: wow-coupons.com\wwwTCP: Interfaces\{5845778E-3C09-4A46-B100-6558F833FCD1} : NameServer = 192.168.1.254SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 66.197.194.231 www.google-analytics.com.Hosts: 66.197.194.231 ad-emea.doubleclick.net.Hosts: 66.197.194.231 www.statcounter.com.Hosts: 69.72.252.254 www.google-analytics.com.Hosts: 69.72.252.254 ad-emea.doubleclick.net..Note: multiple HOSTS entries found. Please refer to Attach.txt.============= SERVICES / DRIVERS ===============.R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-20 366152]R2 PD91Agent;PD91Agent;c:\program files\raxco\perfectdisk2008\PD91Agent.exe [2008-9-9 693512]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-20 22216]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]S3 DM150Drv;DM150Drv;c:\windows\system32\drivers\DM150Drv.sys [2011-4-1 20600]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-14 50704]S3 PD91Engine;PD91Engine;c:\program files\raxco\perfectdisk2008\PD91Engine.exe [2008-9-9 906504]S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-12-22 14:03:36 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b09f405d-904d-466f-a189-afbf66379b2a}\offreg.dll2011-12-21 14:52:11 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b09f405d-904d-466f-a189-afbf66379b2a}\mpengine.dll2011-12-20 16:06:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys2011-12-20 16:06:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-12-16 18:18:05 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2011-12-15 20:53:36 -------- d-----w- c:\documents and settings\staff\local settings\application data\Temp2011-12-15 17:39:48 -------- d-----w- c:\documents and settings\staff\local settings\application data\Solid State Networks2011-12-15 17:37:29 -------- d-----w- c:\windows\system32\Adobe2011-12-15 17:18:21 222080 ------w- c:\windows\system32\MpSigStub.exe2011-12-15 17:09:33 -------- d-----w- c:\program files\Microsoft Security Client2011-12-14 14:30:44 187776 ----a-w- c:\windows\system32\drivers\acpi.sys2011-12-14 14:30:44 187776 ----a-w- c:\windows\system32\dllcache\acpi.sys2011-12-14 14:29:42 50704 ----a-w- c:\windows\system32\drivers\npf.sys2011-12-14 14:29:42 281104 ----a-w- c:\windows\system32\wpcap.dll2011-12-14 14:29:42 100880 ----a-w- c:\windows\system32\Packet.dll2011-12-07 15:59:38 -------- d-sh--w- c:\documents and settings\staff\IECompatCache2011-12-02 16:31:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl.==================== Find3M ====================.2011-12-14 16:12:25 64512 ----a-w- c:\windows\system32\drivers\serial.sys2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll.============= FINISH: 10:40:10.56 ======================================MALWAREBYTES ANTI-MALWARE LOGMalwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8403Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870212/20/2011 11:38:42 AMmbam-log-2011-12-20 (11-38-41).txtScan type: Quick scanObjects scanned: 209526Time elapsed: 27 minute(s), 32 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)=======================GMER LOGNOTE: GMER took almost 6 hours to run, but eventually did finishGMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2011-12-21 18:22:07Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST380013 rev.8.12Running: 1705y8xn.exe; Driver: C:\DOCUME~1\Staff\LOCALS~1\Temp\kfldrpoc.sys---- Kernel code sections - GMER 1.0.15 ----init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9189F80]---- User code sections - GMER 1.0.15 ----.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E572F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E53C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E52F9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E5364 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E51CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E522C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E542A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation).text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3224] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E528E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)---- User IAT/EAT - GMER 1.0.15 ----IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)---- Files - GMER 1.0.15 ----File C:\WINDOWS\$NtUninstallKB46437$\3787317931 0 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390 0 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\@ 2048 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\bckfg.tmp 850 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\cfg.ini 208 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\Desktop.ini 4608 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\keywords 0 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\kwrd.dll 223744 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\L 0 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\L\odetmngk 64512 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\lsflt7.ver 5176 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U 0 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 2048 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 224768 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 1024 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 1024 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 12800 bytesFile C:\WINDOWS\$NtUninstallKB46437$\3953352390\U\[email protected] 98304 bytes---- EOF - GMER 1.0.15 ----Thanks for any help!

Relevance 100%
Preferred Solution: Regrowing "XP Antispyware 2012” and “Security Sphere 2012”

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Regrowing "XP Antispyware 2012” and “Security Sphere 2012”

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433942 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

19 more replies
Relevance 91.64%

Hiya! I recently contracted serious compu-flu-like syptoms!! While watching a live streaming sports event (Flyers hockey is addicting!), I seem to have been inadvertantly infected with an insidious virus! Amidst the glory of sports viewing, suddenly my browser auto-closed and a dreaded "Fake" Security (XP Security 2012) virus began it's nasty habit of lying to me. Having run across similar infections in the past, I attempted to isolate it's processes via Task Manager & then hit it with a regularly updated Malwarebytes scan. At the conclusion of the scan, Malwarebytes required rebooting the machine. Alas, though this seemed successful, I quickly realized that this version was more robust than the prior offenders I had managed to effectively deal with. On top of not removing the infection, I now additionally had Security Sphere 2012 chiming in with it's fake warnings along with the original culprit! Gettting more agressive, I atacked the issue from Safe Mode, rerunning the Malwarebytes scan & double checking some of the more obvious registry locations for issues. This initially seemed to do the trick! I rebooted normally and things looked ok....IE came up with no problem....but then I noticed my free version of AVG was not running? As I investigated this issue, I quickly realized that all of my .exe files (excepting Firefox & IE) were no longer functioning, apparently due to unknwown file extension issues. As I attem... Read more

Answer:Ping.exe/XP Security 2012/Security Sphere 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433699 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

6 more replies
Relevance 87.29%

I caught Security Sphere 2012. I tried using this site's walkthrough, but could not get TDSSKiller to run (I get an error that says "[t]he application failed to initialize properly (0xc0000005). Click on OK to terminate the application"). I was able to follow some walkthrough on youtube to remove the annoying fake anti-virus, but I still get browser redirects and my computer runs slow as soon as I open a browser. I tried running another program from Symantec, which had me remove my restore points, but it did not work either. Instead my computer went into a reboot loop and would only go into regular safemode or Windows if I agreed to try to restore my past session. I run Windows XP.

I can't attach the ark.txt file from Gmer. When I tried to run Gmer, I got an error that says "Load Driver ("C:\DOCUME~1\MICHAE~1\LOCALS~1\Temp\fgtdypow.sys" 0xC00000 10E: Cannot create a stable subkey under a volatile parent key." I have copied the ark.txt below after the dds log. I was still able to run Gmer, but it would not let me check boxes of where to search and only let me search "Services," "Registry," "Files," "C:\," and "ADS."

I suspect I may have caused more harm by my half-measure meddling.

The dds log is below.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Michael Gomez at 23:07:17 on 2011-10-23... Read more

Answer:Security Sphere 2012

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

48 more replies
Relevance 87.29%

Hello all,I hope this is the right section for my query.Yesterday I got hit by "Security Sphere 2012" and found the Remove Security Sphere 2012 (Uninstall Guide) page on BleepingComputer.com. I proceeded through it like so:TDSSKiller– No threats foundRKill– It terminated "KbdStub.exe" (Hewlett-Packard) and "Sf.bin" (Alwil Software)Malwarebytes' Anti-Malware– Found "Trojan.FakeAlert" (named "~!#E90.tmp" in the Temp folder)I then went through all the other steps except for points 23 to 26 (I looked at the Hosts file and it only had "localhost" and a list of "adobe.com" references) and point 27.---------After that, everything seemed to be fine, however I've just noticed that System Restore doesn't work how I'd expect it to...Thing is, I haven't got a clue if it is a result of Security Sphere (or something more innocuous like ZoneAlarm?) because today was actually the first time I've used System Restore since I got my new system several months ago.This is what happens:I go to the Start menu and select System Restore.
I choose that I want to continue with this action.
It is nowhere on my screen, however when I go to Task Manger, "rstrui.exe" is running as a process.
Minutes later, it finally appears. (seems like an unusually long wait)
I then choose the point I'd like to restore to.
The sytem restore initialises and seemingly does all the normal stuff... Read more

More replies
Relevance 87.29%

I tried using the self help guide, followed each step, I removed 5 trojans, but none related to Security Sphere. I think the problem is when I run Rkill, instead of killing the SS process, it comes up with an error like "Installation Failed" just a small white box, three of these pop up, then Rkill says that there was nothing to kill. I tried downloading the ones under a different name, and I also tried running it while the error boxes were still up, like the guide suggests. I don't know what else to do. Help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Zach at 12:53:21 on 2011-12-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4079.2749 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -... Read more

Answer:Security Sphere 2012

Hi ZTD09 and welcome at Bleeping Computer! Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Check the box that says Scan All Users.Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

3 more replies
Relevance 86.42%

Hi,
My friend's XP PC got infected tonight with this nasty malware.

So I followed the instructions on your site at this page:
http://www.bleepingcomputer.com/virus-removal/remove-security-sphere-2012

The main issue is that I cannot get the internet to connect on that PC to update the Malwarebytes tool, receiving the message:
PROGRAM_ERROR_UPDATING (11004, 0, No address found)

I used RKILL and TDSSKiller.

The first scan by Malwarebytes detected one file - but nothing on rerunning.

I also used the Microsoft instructions http://support.microsoft.com/kb/2540100 which detected one rogue entry, and I also removed that.

Would appreciate any advice on how to proceed and what logs to collect.

Many thanks for your help.

Answer:Security Sphere 2012 infection on XP.

Update:
Followed all the instructions and added a new database file via USB, cleared out 2 more trojan files. Rebooted and reset the Hosts file (via USB again).

No obvious infection showing up, but still unable to connect that PC to the internet by wireless or cable.

Any advice on diagnostics to fix that greatly appreciated. Thanks.

31 more replies
Relevance 86.42%

My computer is infected. I have attempted to download the TDSSKiller listed in the topic "Remove Security Sphere 2012". I cannot get it to open after downloading. PLEASE HELP

Answer:I need help removing Security Sphere 2012

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

6 more replies
Relevance 86.42%

Remove Security Sphere 2012 (Uninstall Guide)​

What is Security Sphere 2012 ?

Security Sphere 2012 is a fake system security software that is considered a rogue program.
Rogues are malicious programs that cyber criminals use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information.
As this program is a scam do not be scared into purchasing the program when you see its alerts. You are strongly advised to follow our removal instructions below.

Am I infected with Security Sphere 2012 ?

This is how the main screen of Security Sphere 2012 looks:

Other images for Security Sphere 2012 :


Security Sphere 2012 Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

STEP 1 : Start your computer in Safe Mode with Networking
Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
Do one of the following:
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
If your computer has more than one operating system, use the arro... Read more

More replies
Relevance 85.55%

Hello, I have Security Shield 2012 v 2.30 infecting my computer. It doesn't let me run task manager to kill processes, won't let me run rkill or and renamed versions or tdsskiller anything much beyond internet explorer. It even blocked the rkill renamed as iexplore.com.

This has been ongoing for about about 2 weeks. Thanks in advance for any help.

Answer:Security Sphere 2012 Version 2.30 Infection

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 85.55%

Hi,
At some point yesterday, my computer was attacked by a pretty malicious virus that blocks my ability to run any programs, browse the internet, or even pull up the Windows Task Manager. My desktop background is changed to a dark blue background several minutes after I first boot up Windows. I then get bombarded with warnings such as:
"Security Sphere 2012 Warning - Intercepting programs that may compromise your privacy."
"Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss."
"Warning! Application cannot be executed. The file AppleMobileDeviceService.exe is infected. Please activate your antivirus software."
"Warning: Your computer is infected. Detected spyware infection! Click this message to install the last update of security software..."
"Warning! 38 infections found!!!" <-- popup

During those initial minutes before the desktop color changes and the warnings appear, there is no overt sign of infection. But I am unable to open anything. Attempts to open Windows Task Manager cause the the task manager to appear for a brief second and then disappear.

Once the virus attack becomes evident, I get a popup of some bogus security sphere 2012 system scan with many malicious sounding viruses listed in the scan results along with the warnings mentioned above. I've tried booting in Safe mode with Networking and running Spybot... Read more

Answer:Requesting help to remove Security Sphere 2012

Hi cwz84, You may have to perform some or all of the following in Safe Mode With Networking:Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully sc... Read more

13 more replies
Relevance 84.39%

Windows Vista 64 Home Premium
service pack 2

It's been ages since I got infected like this :S
Ok, I'll start from when it all began.

1-The infection process started at the moment I pressed "Allow" taskmgr.exe after having multile pop-ups
making it impossible to close because closing one was opening another and just closing the browser did
the same thing. So I pressed CTRL ALT DELETE to end the process, now I'm unsure due to the stress I had
if my memory is good, but it closed without a problem. Then I re-open Firefox and it kept my windows so
I had to do the same again though this time ctrl alt delete took longer to appear and so my computer
was asking me If I wanted to launch taskmgr.exe ( unindentified source ) but I felt like it was me
trigering it right ? So I clicked yes and there you go, Sphere security 2012 launched and started
making false virus scans and saying anything I tried to launch was infected. I managed to suppress it
following theses steps "Alertane Security Sphere 2012 removal instructions:" (Note the mistype *Alternate*)
from
http://deletemalware.blogspot.com/2011/09/how-to-remove-security-sphere-2012.html

In their 4th step they ask you to "download exe_fix.reg and run it. Click "Yes" to safe the changes."
I did that but the program told me "not all could be written since some are in use"

I skipped it thinking it was normal and I went with step 5, download malwarebytes and run it.

Probl... Read more

Answer:Chain reaction "Sphere security 2012" then "privacy.exe"

Ok so after a couple of months there aren't any answers and I am here to ask for help again.
It is still about thoses virus attacks my computer got harmed from and about some after effects.

After all that happened, it seems that my windows firewall cannot be run since I had installed security essentials.
That program anti viruse security essentials programs blocked me from streaming videos to my ps3 or rather making my
pc invisible to my ps3 and vice versa even if in my network and sharing settings, media sharing and discovery are on.
So Without any answers to why Microsoft Security Essentials couldnt let my ps3 and pc communicate, I decided to uninstall
it in hope that I could stream again. Failure is the result since my streaming still doesn't work and that I can't even open
windows firewall. I searched the web to know what it could be it seems to be related to the driver mpsdrv.sys, or so I read.

Now I really do feel there are still some leftovers of thoses viruses and again I come here in hope that someone would gently
assist me into clearing this all up. I heard Combofix was really good a fixing stuff but they strongly recommend you to ask for
assistance.

Thank you.

20 more replies
Relevance 84.39%

Hi,

I have used these forums in the past to great success. I don't remember my old username from years ago so I appear to be a new user.

A computer of mine has the Security Sphere 2012 infection and my attempt to use the guide is a failure. I have downloaded both the TDSSKiller and RKill but when I go to run them I'm prompted with a screen asking what program to run them through. This is the case with anything I attempt to open on the computer. I am unsure what to do at this point. Can you help?

Thanks
filmcynic

Answer:Failed Attempt to Remove Security Sphere 2012

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

8 more replies
Relevance 84.39%

I want to infect my VM with Security Sphere 2012, but is my host OS safe from getting infected by this fake antivirus? I heard it comes with a rootkit, so I am a bit worried.

Do I have to do anything before starting this activity?
 

Answer:I am want to infect my VM with Security Sphere 2012, Is my host OS safe?

I would think if your host machine has comodo firewall if anything did manage to get through comodo would pick up the change before it could do anything
 

2 more replies
Relevance 84.39%

Remove Security Sphere 2012 (Uninstall Guide)​

What is Security Sphere 2012 ?

Security Sphere 2012 is a fake system security software that is considered a rogue program.
Rogues are malicious programs that cyber criminals use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information.
As this program is a scam do not be scared into purchasing the program when you see its alerts. You are strongly advised to follow our removal instructions below.

Am I infected with Security Sphere 2012 ?

This is how the main screen of Security Sphere 2012 looks:

Other images for Security Sphere 2012 :


Security Sphere 2012 Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

STEP 1 : Start your computer in Safe Mode with Networking
Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
Do one of the following:
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
If your computer has more than one operating system, use the arro... Read more

More replies
Relevance 83.52%

Hi all, I have had an infection of "Security Sphere 2012" yesterday and managed to follow through the guide on here (this one). After completing the removal I restarted the computer and it just crashes a few seconds after the windows xp screen comes up (the one with the loading bar across the screen). To make matters worse the keyboard stops working after the POST finishes. I can select boot device and get into BIOS setup, but cannot choose safe mode or last good config etc. I have tried booting from winXP CD to get into recovery console but the keyboard has already stopped when the "press any key to boot from cd rom..." appears.I do have a second copy of windows installed from which I can access the main drive. Using this copy I have managed to run CHKDSK on the main drive but no problems were found. I am stuck for what I can do next??? any thoughts on what I may have messed up? I can publish the MBAM and RKill logs if it will help?Thanks in advanceG

Answer:Computer no longer boots after removal of "security sphere 2012"

If your booting from the CD and your keyboard stops working it sounds to me like a hardware fault, not a Windows fault. Unplug your hard drive and see if it makes a difference.

You say you dual boot and the keyboard works fine on the other operating system?

4 more replies
Relevance 105.78%

I am running Windows 7 on my Dell laptop and generally use Firefox for internet surfing. I am running Macafee Antivirus. I am not a real powerhouse when it comes to the details of the computer.

A couple of weeks ago, I suddenly had popup windows everywhere from Win 7 Antispyware 2012. I am generally pretty safe internet user and suspect that I may have gotten infected by inadvertently clicking on a banner ad. Once I identified it as a virus/malware I used my old computer to get instructions from Bleepingcomputer to get rid of it. This included the following steps:

-Download and run fixncr.reg
-Download and run Malwarebytes Antimaleware and perform full scan
-I did not run the suggested iexplorer as my antivirus program kept blocking it.
Reboot and run a Macafee scan

Everything seemed to go OK and all of the popup windows and warnings disappeared....for about a week. Then they came back. I ran the Malwarebytes program again and thought I successfully nuked the problem.

This morning I got the popup screens indicating that I had the Security Protection Virus. This really locked up my computer and I removed it by

-Rebooting in Safemode with Networking
-Downloading and running tdsskiller
-Running Malwarebyte Antimaleware.

Everything seems to be gone again. My question is about the reoccurance. Is there something else that I should be doing to make sure that this is not just sleeping somewhere on my computer?? The other thing that I noticed is that several of the ... Read more

Answer:Win 7 Antispyware 2012 and Security Protection

Hi rockcore, and welcome.You should clean temp files with Temp File Cleaner:Double click on TFC.exe to run the programClick on Start button to begin cleaning processTFC will close all running programs, and if ask you to restart computer allow itthen scan your pc with ESET Online Scanner following this steps:Disable your Antivirus and other security softwareClick here to open ESET Online ScannerClick the buttonOnly if you don' t use Internet Explorer:Click on to download the ESET Smart Installer and Save it to your desktopDouble click on the esetsmartinstaller_enu icon on your desktopCheck Click Accept any security warnings from your browserUnder scan settings, check and Uncheck Remove found threatsClick Advanced settings and select:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.When the scan completes, click Click , and save the file to your desktop using a unique name, such as ESETScanClick Click and next download Security Check, save it to your Desktop and:Double-click SecurityCheck.exeFollow the onscreen instructions inside of the black boxA Notepad document should open automatically called checkup.txt; save it to you desktopNow you should to re enable the protections that you have previously disabled and include the contents of the reports in your reply.Everything seems to be gone again. My qu... Read more

1 more replies
Relevance 102.09%

Hello-
a couple months ago my laptop got a virus. It cleared out all my documents, favorites, and folders. Also it removed my recyle bin. I couldnt find it anywhere. If i searched in the start menu for certain documents I was able to locate them. I ended up creating a new "Admin" account and deleting that account we originally had set up in hopes it would go away but it transfered over. I was unable to access internet page it kept re-directing. Tons of "Trojan" warning pop ups and tons of Security Sphere 2012 pop up. Please help i want to make sure everything is remove from my laptop. I will be pasting the DDS.txt below as well as attached the scan i did in step 8:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154
Run by Mejia Family at 21:18:16 on 2011-12-16
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1915.841 [GMT -8:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe... Read more

Answer:Infected with Sphere 2012- trojan- and worm

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432933 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 95.53%

ok guys i would like to thank everyone in advance for the help, i really appreciate it.I had the win7 internet security and home security 2012 fake virus scan virus's and i removed it with malwarebytes. however after i have scanned my computer many times and it always seems to find something new everytime, i have had trojans, virus and i dont know what else. heres some of the stuff i've had according to my logsmalwarebytes rogue.fakeHDD x3trojan.agent x2PUM.hijack.startmenu x2 (this has also f'd up my start menu, its blank now)heuristics.reserved.word.exploittrojan.fakeav x6trojan.exeshell.gen x2trojan.fakealert x2rootkit.0access x3then microsoft security essentials picked upplease can anyone help me get my computer clean? also i need help restoring my start menu.

Answer:win 7 internet security 2012 and home security 2012

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

1 more replies
Relevance 93.48%

4. What are the changes in this release?

19.6.2 contains changes that help with forward compatibility with certain product services. This patch also contains fixes from the previous patch. Some of those changes included:

- Updated Monthly Report Card behavior
- Updated the Norton Toolbar look and feel
- MS Word 2003/2007 ?Open dialog box? error will no longer appear (Discussed Here)
- Corrected an issue where Popup Notifications could not be disabled
- Added ?Secure Resume? feature ? Identity Safe Locked when computer goes in to sleep mode.
- Out-of-the-box support for Google Chrome and Mozilla Firefox versions released between 19.2 and 19.5.
- Improved Cloud-based detections.
- Enhanced Norton Management integration.
- Quick Scan should do a better job of detecting the idle state of a system before running.
- Corrected several Browser/Toolbar crashes when using IE, Chrome and Firefox. (Filling forms or Credit cards on some sites was crashing and is now corrected in addition to other reported crashes.)
- Corrected an issue with Settings UI launch to increase performance
- Corrected a Reputation Scan failure
- Updated Firefox support to include version 8
- NCO carries a new feature called Secure ResumeClick to expand...

Read More

Dated on March 22, 2012
 

More replies
Relevance 93.48%

4. What are the changes in this release?

19.7 contains changes that help with forward compatibility with certain product services. This patch also contains fixes from the previous patch. Some of those changes included:

- Corrected the Google Chrome-specific issue where Norton Toolbar does not load when Google Instant is ON (link)
- Corrected the issue where customer is logged out of IDS despite setting a log out time of 15 mins (link)
- Better handling of login sites where username / password span multiple inputs
- Corrected an issue where the Password field was getting saved with "Password" string instead of customer input
- Corrected the issue where All logins listed in toolbar didn?t get refreshed unless the open browser session was restarted
- Corrected the issue where it was unable to change Identity Safe password
- Long passwords are accepted in recent Online Vault UI (link)
- Corrected the issue where customers remain logged into Norton Account even though they had unchecked Remember Password option from Create New Norton Account UI
- Corrected the issue where customers were not prompted to fill the card details using the saved data in IDsafe in My Account page (link)
- Corrected the issue where customer?s login got filled in the Edit Phone Numbers page in capitalone.com
- Corrected the issue where Last Submitted Login got autofilled when trying to overwrite the filled login (link)
- Corrected the issue where Update Password infobar does ... Read more

More replies
Relevance 93.48%

MINOR PRODUCT UPDATE: 19.1.1.3 for Norton Internet Security 2012 and Norton AntiVirus 2012 is Now Available
...
To receive the update, simply run LiveUpdate and download the update. A reboot will be required once the update is applied.

To verify you have the update, launch the Main User Interface, click on Support, and select About. The version number of the new release is 19.1.1.3
...
4. What are the changes in this release?

19.1.1.3 contains only minor changes. These changes are focused around our Online Platform and Norton Confidential/Norton Toolbar and include:
- Corrected an issue where Product Name/Version was not properly passed through when navigating online help.
- Correct an issue with "Failed to login to your Norton Account" may display erroneously.
- Improved Norton Toolbar/NCO Functionality with Google Chrome.
- Fixed Sync issues with Norton Management and the Norton Product.
- Corrected an issue where Identity Safe may force you to change your password after an elapsed period of time.
...Click to expand...
 

Answer:Product Update: 19.1.1.3 for Norton Internet Security 2012 and Norton AntiVirus 2012

Thanks for the notice, maybe the update also was included about other issue posted by users in their forum.
 

4 more replies
Relevance 88.97%

It pops up randomly and says it is an unregistered version. won't let me use Malwarebytes at all and so i tried spybot. it ran once and found over 10 things that i told it to fix. now Spybot will not work as well. I have never used it before but i tried hijack this and it was the only way I was able to even get out and on to the web. followed the links to here. I have Avast up but it find nothing at all. What should I do? Will not let me use any shortcuts on my desktop. tells me no program associated with it. I used the run area to go into this.

Answer:xp antispyware 2012

Hello, I moved this to the Am I Infected forum.There are some tools in gere that should help you solve this,Please follow our Removal Guide here (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 88.97%

Hi -- My first malware infection in several years. Got some great help from you guys last time, so I hope you can help again. I've been following instructions for manual removal of "XP Antispyware 2012". I can get rid of their main application and get my executables to work again, but it's still redirecting my internet use, making things incredibly slow, reinstalling itself, etc. As instructed in your guide, I ran "FixNCR.reg" and "iExplore.exe" and then did a full scan with MalwareBytes. The scan only found 4 things, and after removing them, I'm left with the above issues. Thanks very much for any help! -- MartyBelow (and attached) is my DDS log. I've been trying to create the GMER log, but my computer's so low-performance right now that by the time GMER finishes running, nothing will respond, including the SAVE button. I'll keep trying, and if I can manage to get a log, I'll post it. Thanks -- Marty.DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 7.0.5730.13Run by k151 at 13:48:33 on 2011-07-27Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1625 [GMT -7:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Creative\ShareDLL\C... Read more

Answer:XP Antispyware 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411599 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

35 more replies
Relevance 88.97%

Hi there,

Accidently clicked on a site that downloaded a fake virus scanner that calls itself XP Antispyware 2012. It won't let me surf the internet and it says that even pages like google will harm my pc.

I've run rkill so that i could use MBAM which confirmed the presence of Malware but failed to remove it entirely.

Thanks for your help

Answer:XP Antispyware 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435322 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

16 more replies
Relevance 88.97%

I know little about computers. I have windows 7 and run microsoft essentials. My laptop has been infected with Win 7 Antispyware 2012. I have looked over the internet including youtube on how to get rid of it. I can still get on the internet but it takes about 30 clicks of the icon to do so. Once on the fake pop ups begin. Is there an easy to follow set of instructions one can use to get rid of the win 7 2012?
 

Answer:2012 Win 7 Antispyware

Winterpass88 said:


I know little about computers. I have windows 7 and run microsoft essentials. My laptop has been infected with Win 7 Antispyware 2012. I have looked over the internet including youtube on how to get rid of it. I can still get on the internet but it takes about 30 clicks of the icon to do so. Once on the fake pop ups begin. Is there an easy to follow set of instructions one can use to get rid of the win 7 2012?Click to expand...

Hello Winterpass! Thanks for posting!

I'm going to move this thread to the Malware section, where one of the helpers could assist with this.
 

1 more replies
Relevance 88.97%

Have been infected with the antispyware 2012 cannot print, scan, internet is limited. Any help is appreciated.

Thanks

I just fixed the redirect virus issue.

http://www.bleepingcomputer.com/forums/topic426339.html/

Answer:XP 2012 antispyware :<

Hi ckivy,

Sorry to hear you got reinfected. Please follow these instructions and post the DDS and GMER scans.

http://www.bleepingcomputer.com/forums/topic34773.html

Thanks!

14 more replies
Relevance 88.97%

My computer was recently infected with Win 7 Antispyware 2012. I have used the bleeping computer guide (located here http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 ) to remove the virus and everything worked like clockwork until step 13. The problem is, unlike the instructions, Malwarebytes did not find any infections. Is this normal?

A friend told me to do a system restore just in case and I attempted to do so in both normal and safe mode. I received, however, a message that said "no restore points have been created on your computer's system drive". I haven't manually created any system restore points before, although I thought the system automatically did this for you. Does this mean the virus has disabled the restore points?

I'm loathed to think that the virus is still somewhere on my computer. Is someone able to tell me why Malwarebytes didn't find anything? And what I need to do to make sure the virus isn't still lurking somewhere on my computer?

Thanks in advance.

Answer:Win 7 antispyware 2012

Hi distressed damsel, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions posted here are intended for the person who began this topic. Please DO NOT use these instructions on your own computer. Start a new topic in the appropriate forum. No, it's not normal for Malwarebytes to not find any infections. It should be able to find and remove this infection. You may have a new version of Win 7 Antispyware 2012 that is not yet detected by Malwarebytes.I'm not sure whether the virus has disabled restore points or not. Occasionally, viruses like to infect restore points so that if you try to restore your computer to them, you're automatically reinfected. Download Security Check by screen317 from here.Save it to your ... Read more

1 more replies
Relevance 88.97%

I found my computer infected with this virus this morning. It constantly opens up windows saying things like "Win Anti Spyware 2012 Alert: Security Hole Detected! A program i trying to exploit Windows security holes! Passwords and sensitive data may be stolen! etc...". It also opens up the "Win 8 Antispyware 2012 - Unregistered Version" screen which shows fake antispyware software. Here is the DDS Log:

Answer:Win 7 Antispyware 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433884 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 88.97%

The other day i was infected with XP Antispyware 2012 derivative. I followed the steps in the guide to remove this problem with Malwarebytes and everything seemed to be removed but my Windows Security Alerts has been acting weird. I then went through the process again, found and removed more items but it keeps showing that automatic updates are not turned on. Even when i go into the system menu and turn them on it still shows off. I just want to make sure that XP Antispyware 2012 is fully removed and there is nothing lingering on my computer.

DDS log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by Christian at 13:58:17 on 2011-12-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.87 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C: ... Read more

Answer:XP Antispyware 2012

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

13 more replies
Relevance 88.97%

Hello, this is my first time on this forum.

I ran through the first parts of the following thread to try to fix my PC:

http://forums.majorgeeks.com/showthread.php?t=35407

Got to step 2 on:

http://forums.majorgeeks.com/showthread.php?t=139313

Then after running "SUPERAntiSpyware - running & getting a log" My PC rebooted.

I went to start step 3, running Maleware, but it errors out not being able to determine what program to use to launch the executable. Then I tried other programs and nothing executable will launch now. I am kind of stuck here.

Any thoughts or ideas appreciated.

Thanks

Mike
 

Answer:XP Antispyware 2012

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif
Once you've gotten one of them to run then try to immediately run the following.


Download and save the below to your PC (save it anywhere you can find it. The Desktop is fine). Then double click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running. (See: HOW TO: Attach Items To Your Post )


Now download and Run exeHelper

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
A log file named log.txt will be created in the directory where you ran exeHelper.com
Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting fil... Read more

16 more replies
Relevance 88.97%

So one of my siblings has done it again. She did well fixing it on her own, but as she surfs the web downloading everything she see's it is very hard to for her to fix all the problems.

I am a little stumped on this one. She has what appears to be win 7 antispyware 2012. The window just keeps popping up and stopping the opening everything I click on. I just can't get a single program to run. I have been through the MalWare removal guide several times over the years, but this one has stumped me. I even tried it in safe mode with both networking and no networking.

Any advice? Keep in mind the reason there is no logs is that I can't get any logs as nothing will open.
 

Answer:win 7 antispyware 2012

Try the below:

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop on the PC with the infection.


Open up this newly created folder and then open the "files" folder (...\windows repair v1.5.7\files)
From here, locate the fix_exe_hijack.inf file and then Right-mouse click it one time, then choose "Install".
Once you have done this, you should now be able to open applications again.
Let me know if that helped, can you now get through the read and run me first?

 

9 more replies
Relevance 88.97%

Received Win7 Anti-spyware 2012 on my computer and have tried to remove it by the Removal Guide on Bleeping Computer. It seems to have not been fully taken care of since I well get random pop ups and redirects when visiting sites, till eventually it comes back. It also disables Windows Defender and Firewall with a error message "0x80070424" so I can not enable either. There is another spyware when I use Mbram called PUP.BitMiner but it deselected and I couldn't find anything else about it on the internet.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Steven at 12:21:57 on 2011-12-14
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.7935.6366 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\syst... Read more

Answer:Win 7 Antispyware 2012

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies
Relevance 88.97%

So I was soing a little internet surfing, and I started getting pop ups that said 'XP Antispyware 2012'

I've seen things like this, and I thought I had it under control. I ran SuperAntiWareSpyware and Malware Bytes (?) and it worked. But then my google searches were getting hijacked, and so I tried to do a system restore. Now none of my programs work, and I can't connect to the internet. I really think I made things worse!!!

Answer:XP antispyware 2012

Welcome aboard Now none of my programs workMore details please.

18 more replies
Relevance 88.97%

Three times in three weeks after completing steps for removal (no suspicious surfing activity).

I suspect it is hidden in the registry somewhere, though not in any of the entries I looked in. I did delete the random character files in the suspect spots that had been created this morning in temp, programs (when the infection occurred). However, nothing had changed prior to this morning. Have cleaned the system by stopping the registry redirect of MBAM executable and cleaned the system with MBAM. Quick scan found and deleted 2 items, full scan run afterward found and deleted four items. New full scan shows clean (as it did before). Here are MBAM log and HijackThis log. Thank you for any help.

---------------------------------------------------------

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Aaron Obermiller :: AUTOCADCOMP [administrator]

1/3/2012 10:24:37 AM
mbam-log-2012-01-03 (10-24-37).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284401
Time elapsed: 28 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)
... Read more

Answer:XP Antispyware 2012

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR to your desktop.Double click the aswMBR.exe icon to run itWhen asked if you want to download Avast's virus definitions please select Yes.Click the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

2 more replies
Relevance 88.97%

My computer has been infected by Win 7 Antispyware 2012 It will not allow me to access any websites or security software installed on my computer. I have tried accessing "HiJack This", "Windows Defender", "CA Security Suite", "Spybot" and other non-security type software i.e. Quicken without success. I cannot access System Information. All I keep getting is Win 7 window telling that ".exe" is infected with a virus. I am having to submit this thread with my iPad.

Operating System - Windows 7 Home Premium
Dell XPS420 Computer

How do I remove Win 7 Antispyware 2012?
 

Answer:win 7 Antispyware 2012

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

3 more replies
Relevance 88.97%

My father's laptop will not connect to the internet anymore since his computer became infected. I have ran Malwarebytes Antivirus and tdskiller. The programs found some trojans and deleted it. I entered a registration code that I had found on another site (don't know if I should have entered it) that stopped the popups, but there is still a notification stating that Win7 Antispyware is my default software.

I would appreciate it so much if somebody could help me with this.

Answer:Win 7 Antispyware 2012.. please help

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

3 more replies
Relevance 88.97%

I have been wrestling with this virus for 3 days on my laptop. It is a work laptop and after the chastising I took over the LAST virus I picked up, I don't want to take it to IT. I have super security on it from work, along with Malwarebytes, and SUPERantispyware. I have also run spybot, and a host of other anti spyware, malware, registry fixes and none have removed this. I can't, at the moment, even access installed programs, programs from a flashdrive or the internet. The only safe mode I can access is with networking because the other options won't accept my password. I have been through the READ ME First, and gone through all the steps only have LESS function. If anyway can reccommend what I can do now, I would appreciate it. I really can't afford to take it to a repair clinic or buy an expensive program. Thanks!
 

Answer:xp antispyware 2012 HELP

If anyway can reccommend what I can do now, I would appreciate it. I really can't afford to take it to a repair clinic or buy an expensive program. Thanks!Click to expand...

How about attaching your logs for my reviewal?
 

9 more replies
Relevance 88.97%

I got hit with this virus last night. I've been able to remove the registry keys listed on the net that I found but I cannot find these files/processes:

Processes

%AllUsersProfile%\random.exe
%AppData%\Local\.exe
%AppData%\Local\random.exe
%AppData%\Roaming\Microsoft\Windows\Templates\random.exe
%Temp%\random.exe

Other Files

%UserProfile%Local SettingsApplication DataopRSK

I've tried doing a search for files/folders with random.exe and I don't see anything in the taskmgr processes. I was able to upload and run a malwarebyte's antimalware, it picked up 13 infections and the computer seems to be running a bit better. I'm not getting the nasty pop-ups and I can get on the internet now but when my iexplorer was loading in the top where it usually says 'www.yahoo.com' it did say something about 2012 XP antispyware alert so I'm assuming it's still running in the background somewhere?!?! Any help would be great!
 

Answer:XP Antispyware 2012

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 88.97%

Hello

I used your spyware removal guide instructions but I'm still having problems. I got the virus from an ad on a wiki gaming site. I didnt notice it right away I never clicked on the program or anything though. I booted into safe mode and tried to run some scans but the spyware program ran in safe mode too. I followed your instructions from there on out. Ive done several repeat scans along with a couple other programs but its not picking up the last bit of it.

Current problems still:
Windows Automatic updates are being blocked and cannot turn it back on
Cannot turn on windows firewall
Cannot update Microsoft essentials - says its being blocked
Cannot run pandasoft active scan online (a site ive used for many years to help pick up extra leftover traces)

Any help you could provide me with would be greatly appreciated, I'm at a loss from here on my own lol. Thank you

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Sarah Alden at 12:19:15 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1031 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32&... Read more

Answer:XP Antispyware 2012

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

23 more replies
Relevance 88.97%

This is the second time I've gotten this virus. Again, I followed the instructions here to try and remove it (Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011 (Uninstall Guide)). It seemed to work since the virus stopped popping up but my computer felt very slow and laggy, sometimes it would freeze up, sometimes i couldn't click on the task bar, and the security center window kept popping up saying my automatic updates was off and I couldn't turn it on from there. When I checked manually through control panel->system->automatic updates, it said it was on. I decided to run dds and gmer. The dds scan worked but a few hours into the gmer scan, the virus popped up again, a program called Grooveshark also popped up, and an Internet Explorer icon titled Streaming Music - MediaPass was on my desktop.

heres the dds scan
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by User1 at 0:25:31 on 2011-07-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.577 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.... Read more

Answer:XP Antispyware 2012

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

19 more replies
Relevance 87.74%

(Note: This issue was posted elsewhere but I was informed that I should post it here to receive help!)I am utterly lost and require guidance and assistance from anyone who is willing to help me. I am very inexperienced with computers in terms of (successfully) dealing with problems like malware and viruses.I did my best to follow the guide Here but I had issues getting past "Step 5"Whenever I attempted this an alert from Avast! popped up warning me that the file was potentially harmful and asking me how would I like to proceed. I was given three options: 1. Sandbox (recommended), 2. Open anyway, 3. Close.When I asked it to open in sandbox or to open anyway the window would close only to pop back up again in a second or two.I then signed in under safe mode and followed the instructions from the "Remove Win 7 Antispyware 2012..." guide. Right now my computer shows no real signs of the Win 7 Antispyware virus but I am suspicious that I didn't completely get rid of it and all of its components. Is there an effective check that I can do in addition to a full MBAM scan? My MBAM scans are currently coming up without any infected files. I am currently running an Avast! scan to see if it will pick up anything that MBAM missed out on.The quarantined files in MBAM: Hijack.Exefile, PUM.Hijack.Exefiles, Heuristics.Reserved.Word.ExploitAny guidance, suggestions, or instructions about how to check my system or ensure that I have removed Win 7 Antispyware ... Read more

Answer:Win 7 Antispyware 2012 virus

Hello and welcome. Did you run this? Please run it again anyway.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe ModeRun RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal.... Read more

24 more replies
Relevance 87.74%

This is my first post i realy need some help
First let me thanks the guys at Bleepingcomputer for making a good article for removal of the trash:
http://www.bleepingcomputer.com/virus-removal/remove-vista-antispyware-2012

I was infected by Vista7 Antispyware 2012
And got a popup of this Fake program telling me after a scan i had so many viruses
It then Locked down my .exe file extension so i could not run any .exe files

Now i was worried this was like Virut Virus i had some years ago which made all my .exe file useless having to format PC
I rebooted pc in both safe and normal mode but could now not get kaspersky antivirus to run
could not run malwarebytes or hijackthis
All Exe files seem to be Locked somehow

after a while i was able to find out some programs that run in background:

bmy.exe (microsoft adress book import tool)
unsecapp.exe
WMDCBASE.exe
mrwmceasox.exe

most of this programs was found in:
c:/users/usuario/appdata/local/temp/

On my Windows 7 64 bits

Fortunaly i came across the Bleepingcomputer article and proceeded to Fix the .exe file
downloading the program on another pc and using a pendrive to transfer the fix to the infected pc

After run this amazing program .Exe file are working
I could get Kaspersky up and running and it quickly detected mrwmceasox.exe saying it was a HEUR:trojan.win32.generic
Now i am following the instruction on this site
What i done so far and right now Are scanning my pc with Kaspersky Internet security 2011
and Malwarebyt... Read more

Answer:Vista7 antispyware 2012 is it gone now?

DownloadFSS Checkmark Internet Services Windows Firewall System Restore Security Center Windows UpdateClick on "Scan".Please copy and paste the log to your reply.DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereGood luck

1 more replies
Relevance 87.74%

I don't know how but I was infected with XP Anti Spyware 2012 rogue software from what i think may have been an unsafe video streaming site. Well I deleted the main file of the software (gix.exe) from Application Data and I thought that had gotten rid of the virus, but afterwards the system slowly started getting slower and slower. Well earlier today I discovered another part of the virus (YontooIEClient.dll) in the Program Files folder. I also found Win32/OpenCandy....Both were trojans. But even deleting that didn't cure the problem right away. Then I updated Spybot S&D and scanned with that and I found 87 entries infected, with at least 5-6 Trojans (Virtumonde.atr, Bredolab.fb, Win32.Adload.r, Fraud.Sysguard, Win32.TDSS.rtk and found two jobs, avwcbqig.job and ncszelwk.job running in the Tasks folder and 2 files in the sys32 folder; UACrkqwnsmsowbtdbo.log, tmp.log).
And I deleted all of the entries. For a while, the system seemed fine and then gradually, but quickly it became slow AGAIN and soon I was not able to log in properly as it froze at the desktop. I'm just wondering how to get rid of any replicating viruses for GOOD without having the pc serviced. I'm scanning with ESET at the moment and it's picking up more things (like OpenCandy trojan). What should I do? I do not have the funds at the moment. Thanks; your help is very much appreciated.

Answer:Infected with XP AntiSpyware 2012

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

7 more replies
Relevance 87.74%

Hi, I'm new and was referred to your site by a friend. I hope you can help me My computer was infected by the Win 7 Antispyware 2012. I read a few of the posts of others who have had the same problem and used one of the codes to make it think I had purchased the product. I have downloaded HijackThis and DDS. I appreciate your help. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:39:33 AM, on 12/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Users\Owner\AppData\Local\bes.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Owner\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.... Read more

Answer:Win 7 Antispyware 2012 Problem

Any ideas?
 

1 more replies
Relevance 87.74%

Last night an XP Antispyware 2012 Alert popped up on the screen. I thought it looked suspicious so I just stopped everything. A quick Microsoft Securities Essentials scan showed none of the problems that XP Antispyware claimed existed.

Upon researching XP Antispyware on another computer I realize it is bogus. My question is, since I haven't choosen "yes or no", or responded to it in any manner is my computer already infected? What should I do next? Any chance I can just shut my computer down and it will go away or do I need to take my computer to the store to get it cleaned.

Thanks for your help.

Monroe
 

Answer:Xp Antispyware 2012 ON Hold

Welcome to the Malware Removal Forum.

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user acco... Read more

9 more replies
Relevance 87.74%

The patient is my wife's Acer AOAS150 netbook, running Windows XP with Service Pack 3. I began the removal process before asking her for all the symptoms she could remember. She mentioned a few redirection incidents, and that the system had been sluggish for a few weeks, taking too much time loading applications. She had run a full scan with McAfee Internet Security, which reported no threats.

She first became alarmed three or four days after the McAfee scan, while visting the site of a local TV station. She had just clicked the link for streaming video when XP Antispyware 2012 presented its spoof of the Security Center window. We could only shut down by holding the power button.

I booted into Safe Mode and launched McAfee Internet Security. Real-time scanning was turned off. Clicking the On button would turn it back on, but after a couple of seconds it would turn off again. I ran a full scan in McAfee, which reported that it quarantined and removed 39 threats. When I closed McAfee the previous problems remained, and now the touchpad and the keyboard were disabled. Double-clicking icons in Control Panel produced only a box reporting a problem with a .dll file, but those items could be accessed, for example, by Start > Run > appwiz.cpl. Attempting to run any .exe file produced a dialog asking which program to use to open it.

Then I ran the "Read and Run Me First" procedure and hit these two snags:

"Empty ALL Quarantine type folders for a... Read more

Answer:Zero Access; XP Antispyware 2012

more logs: ZeroAcess; XP Antispyware 2012

Here are the remaining logs. Could be wrong but I thought sure there was more than 2 bytes to rrlog.txt when I saved it.
 

11 more replies
Relevance 87.74%

I keep getting a pop-up for threats to my computer and I need to purchase Windows XP ANtispyware 2012. I don't want this and I need to know how to get rid of it. I know it is a fake and maybe a virus. I can still get on the internet but I have to go through a long process to get there because my start menu and all my shortcuts are gone on my screen. Please help.

Answer:Windows XP Antispyware 2012

Post in our Am I Infected forum

1 more replies
Relevance 87.74%

Boy, the XP Antispyware 2012 infections seem to have gone through the roof! My daughter's laptop was hit and two office computers, all in about 2 weeks!I followed the manual removal instructions here, including removal of a rootkit with TDSSKiller, and this computer (Work #2) now seems to be back in service, but I am worried about the regrowing.In these threads, it seems that the starting point is always running Security Check, MiniToolBox, mbam and GMER, so I have done this and am posting these logs:==========================Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec AntiVirus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Spybot - Search & Destroy Java™ 6 Update 22 Out of date Java installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe ``````````End of Log```````````` ==========================MiniToolBox by Farbar Ran by Staff (administrator) on 28-12-2011 at 11:26:24Microsoft Windows XP Professional Service Pack 3 (X86)Boot Mode: Normal***************************************************************************========================= IE Proxy Settings: ============================== Proxy is not enabled.No Pro... Read more

Answer:Yet another XP Antispyware 2012 infection

Same computer as here: http://www.bleepingcomputer.com/forums/topic433942.html/page__p__2520136__fromsearch__1#entry2520136 and here: http://www.bleepingcomputer.com/forums/topic434753.html/page__p__2525923__fromsearch__1#entry2525923 and here: http://www.bleepingcomputer.com/forums/topic432929.html/page__p__2512713__fromsearch__1#entry2512713 ?

9 more replies
Relevance 87.74%

It has control of my computer. Please help

Answer:infected with xp antispyware 2012 please help

See this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

1 more replies
Relevance 87.74%

I am infected with the win 7 antispyware 2012 virus. I am using the automatic removal procedures but I cannot download the FixNCR.reg file. Is there a problem with the link? Thanks Woody

Answer:win 7 antispyware 2012 virus

I know the site was down for a little while today. I have a copy of it on my flash drive and if you send me a PM I'd be happy to email it to you.

1 more replies
Relevance 87.74%

I got hit with the Vista Antispyware 2012 virus. I made the mistake of running SpyHunter and now I'm having all kinds of issues. I have deleted SpyHunter, but my Avast antivirus keeps finding a Trojan Horse. When I run a scan on my computer it finds more and more viruses and if I do a shut down and restart, it wants to restore back to just after I downloaded SpyHunter which causes my Avast antivirus not to run. Can you help?
 

More replies
Relevance 87.74%

Hi:

I thought I'd post this for others. A friend called with the dreaded "Windows 7 Antispyware 2012" malware that had totally taken over his Windows 7 system. He said he was unable to access anywhere on the Internet from his browser without those annoying pop-ups coming up.

I've got LogMeIn installed on his computer (he's had other problems before...). I figured -- aha! I'll just put MalwareBytes on my ftp site, then go there from Windows Explorer. But, aha!, this &*^*&%@%^$ malware totally takes over the keyboard. You can't run an exe or type anything in anywhere (run, search, nothing worked) without the popups stopping you.

So I next had him reboot to Safe Mode with Networking. Unfortunately, I couldn't use LogMeIn. The good news is he was able to access his browser and the Internet when it booted up. So I had him go to TeamViewer and install it for a quick connect. About halfway through the process, the malware was back -- but it seemed to take about a minute or so to establish itself in Safe Mode. It didn't allow access to TeamViewer after the install (which was successful, even though the malware said it stopped installation). So we tried one more boot to Safe Mode then immediately started TeamViewer. I was able to get access to his computer before the malware started up. Then did a file transfer from my machine to his of malwaebytes. I then right clicked on the program and Run As Administrator and it succe... Read more

Answer:Remote Fix of Win 7 Antispyware 2012

Same here,my work is cleaning malwares via remote support.You should know that we are not authorized to use tools like rkill.In those cases Run as administrator helps a lot

2 more replies
Relevance 87.74%

I apparently have/had a virus or trojan on my dell laptop computer, operating system vista. i was using mozilla firefox yesterday when the website i was on froze, then mozilla shut down spontaneously. Windows began opening saying my system wasnt protected with a heading of vista antispyware 2012, and also windows security center windows and pop ups from the system tray. From this point on, everytime i tried to open any browser or run any program i got these same warnings. i ran mcafee and it found 2 cookies and deleted them, but this didnt change anything. After about 7 hours of rebooting in various modes and closing unnecessary programs, mcafee apparently ran another (regularly scheduled scan) and said it found a trojan and i should reboot so it could be deleted. i did this and i am no longer seeing any security warnings, but then whenever i tried to run any programs or open any browsers, a window opened that said "windows needs to know what program created this." i have an option to choose a program or to find it online. if i click the online option, i get the same warning for the browser that opens to go online and the cycle continued. I couldn't run malware or spybot or any other programs.Then my son figured out the programs will open in command prompt and he ran a system restore for 2 days prior and things are opening. my concern is that the virus will come back or that there is remnants of it left. should i be concerned about this. is there any w... Read more

Answer:vista antispyware 2012

Hello, I want you to run FixNCR.reg, RKill and MBAm.Please follow our Removal Guide here Vista Antispyware 2012 .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

16 more replies
Relevance 87.74%

Hello, while attempting to download a torrent I got the trojan that tries to trick you with Win 7 Antispyware 2012. When it first popped up, i "think" i allowed for "it" to change my firewall settings. I got suspicious when it started blinking red with all these files, Adobe Updater would NOT stop trying to update, and Microsoft Security Essentials turned shut down and would not run again. I immediately rebooted, reinstalled MSE and did a quick scan. MSE found three trojans and removed them. But, there are also issue with Windows firewall. It says that I am not using the recommended settings and when i click the option to use the recommended settings i get an error says "windows can't change some of your settings Error Code 0x80070424" What does this mean? I am thinking that "Win 7 Antispyware 2012" deleted files associated with my security system since when i had tried to run MSE before reinstalling it, my computer said the file was not at the location.
Can this be fixed?
Also, is Win 7 Antispyware 2012 still on my\ computer somewhere?.
As for now, I am scanning my computer with MSE and installing Prevx 3.0.
All help and advice would be greatly appreciated.
Susical11

Answer:Win 7 Antispyware 2012 detection

Hi Susical11, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the upd... Read more

4 more replies
Relevance 87.74%

Today my husband got a warning from Win7 Antispyware 2012 that his Laptop is infected. Tried to run Malwarebytes and it won't run because of the Win7 Antispyware thing.

Any help would be appreciated. And please use easy words/instructions for me to understand. Thanks

Answer:Win 7 Antispyware 2012 infected

Right click on the malwarebytesSelect- Run as administratorYou should be able to run itGood luck

5 more replies
Relevance 87.74%

My computer got infected with the Win 7 AntiSpyware Virus. I immediately ran Kaspersky and Malwarebytes, and it seems to have fixed the problem. However now when I try to open anything on my computer the "Open With" window comes up and it says "choose the program you want to use to open the file: File: iexplorer.exe"...it says this for every executable file I have on my computer firefox.exe, chess.exe, etc. I am afraid I deleted something important from my computer at the conclusion of the antivirus scans. HELP!

Answer:Help with recovery after Win 7 Antispyware 2012

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please download  SREng  Extract it to Desktop and double click SREngLdr.EXE to run it  Select System Repai... Read more

1 more replies
Relevance 87.74%

I am utterly lost and require guidance and assistance from anyone who is willing to help me.I did my best to follow the guide Here but could not get past "Step 5"Whenever I attempted this an alert from Avast popped up warning me that the file was potentially harmful and how would I like to proceed. I was given three options: 1. Sandbox (recommended), 2. Open anyway, 3. Close.When I asked it to open in sandbox or to open anyway the window would close only to pop back up again in a second or two. Is this because I was not running in safe mode? I fear that I need a very patient step-by-step process to get me through this.[EDIT:] I ran my computer in safe mode and activated "rkill". I then ran Malwarebytes' Anti-Malware and it came up with 1 infected file. I fired up the computer in normal mode and didn't see any of the telltale signs of Win 2012 Antispyware Virus but was very suspicious it was still there because my computer was running slowly. I could go onto Mozilla Firefox without the warning page coming up and all of that jazz. Out of curiosity I tried to run "rkill" again and found that I had the same Avast window pop-up and warn me about proceeding. I decided to try and run my computer and safe mode and run another MBAM scan and see what it comes up with. After the results of this scan, unless I am completely sure that it is fixed I will stop everything that I am doing, just in case I am making problems worse. I will patiently await so... Read more

Answer:Win 2012 Antispyware Virus Help

Reinstall you system.

4 more replies
Relevance 87.74%

I have these popups that are coming from a place called Vista Antispyware 2012. I fell for one other spam spyware and dont want to succomb to this one.... Is there a way to get this off my computer before it shuts me down?

Answer:Vista Antispyware 2012

Hello and welcome. Please follow our Removal Guide here Remove XP Antspyware .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 87.74%

I got the Win 7 Antispyware 2012 rogue on my computer and followed the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

It seemed everything was working ok. However, when I ran Rkill I wasn't sure if anything happened. It says (step 5) "When it has finished, the black window will automatically close and you can continue with the next step." But, there was never any black window that opened/appeared.

I thought the program worked, however, because I was now able to open the internet and download Malwarebytes. I was also able to run Malwarebytes. The whole time it was running, I kept getting pop-ups from Win 7 Antispyware.

So Malwarebytes finished scanning and showed all the malware. I clicked "Remove Selected". It appeared to remove them, but no notepad document opened. I closed the program and went to run it again, but it wouldn't start. And now none of my programs will start. I click the icons and either nothing happens or a box opens that asks me to choose the program I want to use to open the file. When I try to open Microsoft Office programs a box says "Application not found".

My documents will still open (.doc, .jpg, videos, etc.) BUT, I have to click on my computer and access them there. None of the icons/folders/shortcuts on the desktop do anything when I click them. They don't even light up.

HELP!

Answer:Followed remove win 7 antispyware 2012

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 87.74%

A few days ago, seemingly out of nowhere, XP Antispyware 2012 popped up on my computer. Last year I had a similar rogue show up on my computer, so I knew to come here and follow the Bleeping Computer removal guide which I did, and things seem to be back to normal. I remember last year though that after removing the rogue, it came back multiple times, from a few days later to weeks or even a month later. It was such a pain. The rogue was only truly gone when I posted here and received help, which was really great.As of now I don't see any signs of a rogue, but I want to make sure my computer is completely clear of any infection.I really appreciate any help. Thank you..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Run by HP_Administrator at 15:31:18 on 2011-07-13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.315 [GMT -4:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC... Read more

Answer:infected with XP Antispyware 2012

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

15 more replies
Relevance 87.74%

My computer has been attacked by the Trojan-BNK.Win32.Keylogger.gen, and I have no clue how to fix it. It is even coming up in safe mode when I open any programs. Please help!!!

Answer:Vista Antispyware 2012

Hi,After performing these scans, enter the results in your next post and also update me on the status of the PC.Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the d... Read more

1 more replies
Relevance 87.74%

I am following the http://www.bleepingcomputer.com/forums/topic34773.html
but the pop-up is prevent me run the GMER.exe

I did run the dds.scr and attach the two text files as requested!

Regards
Ian

PS I cannot restart the firewall!!
++
I finally managed to run the scan GMER.EXE and it seems to have removed the virus.

I have attached the log text. Do I still have more to do to ensure it does not return?

Answer:Keep seeing pop up for xp antispyware 2012 Firewall

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Relevance 87.74%

Not sure if this is the right forum or not.

OK, background. I got hit by a nasty rogue called Windows 7 Antispyware 2012. I removed it following this guide http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012
It seems to be completely gone. No traces of it remain but it did cause problems in Windows.

I can't turn the Windows Firewall back on. I have tried all the possible fixes I could find online. Lots of people apparently have the same problem and the fixes given out by MS support does not work. The only thing the seems to work is a restore or full reinstall. I have given up trying to find more fixes and have decided to go the restore root.

Now system restore fails, even in safe mode.

I have scanned my machine with Avast, House Calls, Malwarebytes, and Spybot. No threats are detected any more. The problems seem to be that even though I am logged on to the computer as an Admin I still don't seem to have full access to certain things. I get access denied errors when trying some of the firewall fixes.

I'm not sure if this is something still on my machine or not. I would like to either fix the firewall problem or fix the restore problem. Please help! If you can't, could you direct me where to get help?

Thanks





... Read more

Answer:Windows 7 Antispyware 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430378 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

61 more replies
Relevance 87.74%

My computer has managed to be under attack by a virus. XP antispyware 2012 disguises itself as an antispyware when I have researched online to see that it is the perpetrator. I have followed instructions to download FixNCR.reg and http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller. However, once I reached to the TDSSSKiller it was unable to cure the single detected virus and reboot. The site referred me to this forum to get further instructions on cure my computer. Please help.

Answer:XP antispyware 2012 attack

Hello,please post that TDSS log. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1 <<<== Use this one first.Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots... Read more

1 more replies
Relevance 87.74%

I believe that most of the malware was removed however, the computer is a little glitchy now. Freezing up briefly here and there. Can you look at the logs and tell me if there's more to remove.
 

Answer:Vista Antispyware 2012

Now let's use ComboFix to remove a bunch of malware files.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

ClearJavaCache::
KILLALL::

File::
C:\Users\Andy\AppData\Local\583245u2n608s086t778j7xav0k2
C:\Users\Andy\AppData\Local\a1re52r1dd3qkl
C:\Users\Andy\AppData\Local\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
C:\Users\Andy\AppData\Local\uuktij7y6pgn6kdt3uyw2d010m6p
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Templates\583245u2n608s086t778j7xav0k2
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Templates\a1re52r1dd3qkl
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Templates\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Templates\uuktij7y6pgn6kdt3uyw2d010m6p
C:\ProgramData\583245u2n608s086t778j7xav0k2
C:\ProgramData\a1re52r1dd3qkl
C:\ProgramData\sev68fq41yk1qbmnnfrx803860r6kgy265y01qxpow6
C:\ProgramData\uuktij7y6pgn6kdt3uyw2d010m6p
C:\Users\Andy\AppData\Lo... Read more

7 more replies
Relevance 87.74%

Hi,
My computer has apparently gotten the XP Antispyware 2012 virus. There are constant pop-ups that tell me that my computer is infected or that my privacy is being intruded. I always x out of these pop-ups but they keep coming back. In addition, there seems to be a fake Windows security center that is telling me my firewall and antivirus programs are disabled.

Everytime I open the internet, it tells me that it is dangerous to go on. I am also not able to open my email, or even microsoft word. Whenever I try to open anything, include microsoft word, for example, a warning comes up and the program never opens.

I have run a full scan on Microsoft Security Center and it told me there was unwanted malware on my machine but it only detected adware that was called something like "win/hotbar."

I tried downloading malwarebytes but it didnt run, nor did the DDS or GMER programs work.

This has never happened to me before so I was hoping you could give me some help in removing this malware.

Thank you so much for your time.

Answer:Rogue XP Antispyware 2012

Bump, please.

19 more replies
Relevance 87.74%

Hello. About 2 hours ago, I was infected with the Windows 7 Antispyware 2012 virus. Now, I have been infected before by a similar virus, so I was quick to react to the situation. I google'd a quick removal guide and found one on this website. I downloaded the required files, which were FixNCR.reg and RKill.exe and continued the removal process. After RKill.exe ended its search for any malicious software that were currently running(not really sure how to explain this), the guide informed me to install MalwareBytes, which I already had installed before, and run a full scan. I did. Nothing was found. I was very perplexed by this. The guide informed me that MalwareBytes should have certainly found the virus and removed it from my system. I ran a quick scan as well as a full scan. Still nothing. So, I decided to download and install SuperAntispyware Free edition. However, it also found nothing besides some cookies. Like I had said before, I had been infected by a similar virus in the past and used Malwarebytes to successfully remove the virus. My question is, is the virus gone? Is it still wandering in the vast memories of my system? If so, please assist me in the removal of this horrendous virus. It is currently bedtime for me, as it is quite late, so please forgive me if I do not reply until tomorrow morning. Once again, thank you for your time and effort.

Answer:Windows 7 Antispyware 2012

Malwarebytes did not detect vista rogue(which hides in appdata/local,it finds the other copies) till yesterday but today i could see it removing rogue which is located in APPDATA/local folder.It is to be noted that it finds the rogue only when mbam runs in safemode
Run a scan in safemode first
Go here

C:/users/Appdata/local

check for xyz.eze file

Delete it if you find one,you may need to run EXE fix after deleting the rogue

3 more replies
Relevance 87.74%

Hello

I am running Windows XP and recently got infected with XP Antispyware 2012. After searching on the internet on a seperate machine i found a fix to disable it (a registry file to replace the parts that it changes and then use rkill to disable it's process), which seemed to do the trick.

I was then able to scan with Malwarebytes (which i couldn't do before as it was being blocked) and it removed a number of items.

The program now seems to have been removed and i have had no more signs of infection (a second scan with Malwarebytes after a reboot came up clean), however i have now noticed that Windows Security Centre refuses to acknowledge that Automatic Updatess are enabled and when i ask it to enable them it gives me an error message.

I also cannot update MSE since this has happened and i was wondering if this means that the infection is still there in some way?

Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:46, on 27/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\... Read more

Answer:Infected with XP Antispyware 2012

15 more replies
Relevance 87.74%

Hello all! I am having problems with fixing my computer after I have done some fixes trying to get XP Antispyware 2012 off my computer It was running rampant. I was told to go to My Computer, Folder Options, View and show hidden files and folders. Then I went in trying to get the virus processes to stop. I stopped a few of the random 3 letter processes that I was told to stop. Now the virus is no longer popping up. But, I cannot open any .exe files. I am trying to run the malwarebytes in order to be sure that I have wiped my computer clean of the virus. It asks me what program I want to open the file with and I have no idea what to use. Usually it should just open up. I am afraid some process got stopped that wasn't supposed to be. Any ideas on what I should do?
Thank you!!!!!!!!

Answer:XP Antispyware 2012/.exe problems

Welcome aboard Download and run exeHelper. Please download exeHelper from Raktor to your desktop. Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).Let me know if it helped with .exe files.Then....Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content o... Read more

1 more replies
Relevance 86.92%

About a week ago, computer became infected with XP Antispyware 2012.

I'm computer-savy enough to know the basics, but I'm not a computer expert by any means. Been "fighting" this virus for a few hours every night, with only limited success. I'm not sure how to turn on the windows firewall though...or even if it would be helpful.

With the "kill" download from BleepingComputer, I was able to run Malwarebyes (several times), and Spybot. That seems to have stopped the constant pop-ups from the Antispyware virus. However, I'm still experiencing redirects (maybe 30% of the time), and Comcast keeps sending me emails, indicating my computer is spamming emails out.

I ran the TDSS Killer download from Bleeping. It says I have the following problems, and can not "cure" them:
FASTTX2K
MXLW2K
NETBT
PFC
PXHELP20
DEVICE\HARDDISK0\DRO

I've run malwarebytes in normal mode, and in safe mode.

I ran the DDS download, and created the text file. I'm running the GMER download now... it's been running for nearly four hours.

Here is the info from the text file.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 17:16:45 on 2011-12-24
.
============== Running Processes ===============
.
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Suppo... Read more

Answer:XP Antispyware 2012, Redirect, spambot

Which operating system is installed?

23 more replies
Relevance 86.92%

<h1 style="text-align: center;">Remove Win 7 Antispyware 2012 (Uninstall Guide)</h1>
<h2>What is Win 7 Antispyware 2012 ?</h2>
Win 7 Antispyware 2012 is a malicious software that will display virus alerts, also known as ?scareware?, claiming malware has been detected on your computer.
The security alerts are professional looking pop-ups and when you click on them, you?re advised to buy this malicious software in order to remove the detected threats.
In reality, none of the issues are real, and are only used to scare you into buying this malicious software and stealing your personal financial information.To make matters worse, this malicious software actually installs malicious code that puts you at risk of attack from additional threats.
<h2>As Win 7 Antispyware 2012 is a malicious software which can severely damage your computer, compromise your credit card security and lead to identity theft,you are strongly advised to follow our Win 7 Antispyware 2012 removal instructions below.</h2>
<h2>Am I infected with Win 7 Antispyware 2012 ?</h2>
This is how the main screen of Win 7 Antispyware 2012 looks:

<img src="http://malwaretips.com/blogs/wp-content/uploads/2011/12/win7antispyware2012_img1.png" alt="[Image: Win 7 Antispyware 2012]" border="0" />
<h2>Win 7 Antispyware 2012 Removal Instructions</h2>
(If you experience any problems completing these instructions, please... Read more

More replies
Relevance 86.92%

Hello everybody
After a lot of research on dealing with the problem that i included in the title i found a solution and its gone i believe,

here i will explain the whole story with as much detail as possible
was watching a video on you tube and a very brief message poped up about a program that stoped working (didnt catch which one) then the usual antispyware crap your pc infected ect. clicking on any program lounched it instead the usual
i think i got it from a mod for diablo 2 but not sure i am not blaiming them. so i looked around and found a lot of websites and forums describing the same way of dealing with it
here is a link: (half way down the page)
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

did that all right and malwerebytes found 11 or so bugs here is a scren i think that this one was deselected by default but i ticked it to remove (red tick)(untitled.jpg)

ok it was gone i ran the above program in safe mode and normal mode a couple of times nothing else was found.
then i noticed PING.EXE in my task manager using 99 % of my cpu locked around and found that TDSSkiler would help alot of websites recomendet it. (and also Combofix but it sems a litle dangerous to me)
LInk: http://www.youtube.com/watch?v=RnZyqlb3vaY

i ran the TDSSkiller and it found nothing. then i suspended this proces PING.EXE and it was gone eversince also tried TDSSkiler in safe mode couple of times

then i noticed that i cant turn my firewall back on there is that... Read more

Answer:windows 7 antispyware 2012 complications?

it has been about 2 days i am not rushing just read in the instructions to post a reply to make it visible again
 

1 more replies
Relevance 86.92%

If I can't get online, I can't fix this at home, right? I tried downloading the FixNCR.reg on another computer and transferring it but the next steps seem to require a connection. The ZoneAlarm guy said try Best Buy.

Answer:vista antispyware 2012--can't get online

Welcome aboard next steps seem to require a connectionWhich step would that be?You can download all tools on working computer and transfer them to "sick" computer.

1 more replies
Relevance 86.92%

Hello,

My friend's computer got infected with (what I think is) a fake Antispyware program that tells us she has over 40 viruses. It won't let her open explorer. What can I do?

Any help would be great, thanks.

More replies
Relevance 86.92%

Hello, I was re-directed here by jntkwx aka Jason. He has help me over at this topic in the following link but believes I need the help of this forum:http://www.bleepingcomputer.com/forums/topic432016.html/page__p__2506215#entry2506215This started about a week ago and I thought I removed it but it kept returning with vengeance. Now, I did exactly what the guide said to do through this guide here but now for some reason, Malwarebytes didn't find the infection so I had to get it done through safe mode. Now the computer is taking up such a long time to load. After inserting my password to the computer, the screen will stay black for five or so minutes before allowing me on. Usually, it'll allow me back on to doing what I have to do but now it just takes forever to do it. I was hoping to use Avast to try and nab this virus but now Avast won't even work for me. Right now I'm doing all this through safe mode.Please help and go a bit easy on me. I'm a bit new to the whole copy/paste of logs and stuff. Thank you in advance.I couldn't follow the GMER step to the guide. For some reason, it will not allow me to check or uncheck all that should be checked or unchecked. The only checked boxes are "services, registry, & files". Everything else is grayed out and won't allow me to post it. Here are the logs:.DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORKInternet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22Run by Val at 16:51:49 on 2011-12-15Mi... Read more

Answer:Win 2012 Antispyware Virus Keeps Returning

Hi Junny,

It's Jason again!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

24 more replies
Relevance 86.92%

I followed the instructions on this site to remove Win 7 Antispyware 2012. It removed most of the infection and nothing additional is appearing when I use Malware Bytes, McAfee Stinger, and Spybot. I am still having problems starting my Windows Firewall, though. When I go to McAfee's Security Center it says that computer is not protected because my firewall is not on. When I click the button to turn it on, it turns on, but then goes off a few seconds later. I found a few registry keys that may be causing this, but I am reluctant to change them. I guess I could backup my registry then make the change, but that still makes me nervous. Any suggestions?

Answer:Firewall won't start thanks to Win 7 Antispyware 2012

can you post the logs from Malwarebytes?

1 more replies
Relevance 86.92%

Hi, I just reformatted an older Vista laptop (HP G60) and before I could load any protection programs it acquired the Vista AntiSpyware 2012 malware. I was able to remove it (I thought) with a quick scan using Malwarebytes, but the computer keeps turning off and shutting down now, even in Safe Mode.

Is it possible for such malware to damage the HD or other components? I've never seen this before, and have had many bugs in the past. In regular startup mode, the computer also show a Fatal Error.

Would reformatting the HD fix this problem?

Thank You,
Educated Guess

Answer:Questions Re: Vista Antispyware 2012

Is it possible for such malware to damage the HD or other components?No.What was the reason for reinstalling Windows?

5 more replies
Relevance 86.92%

First off, I want to thank everyone for the help and suggestions I'll hopefully get. It is very much appreciated.

The problem started last night while browsing the internet using Firefox. I got the dreaded windows security/antispyware 2012 attack. With all of it's multiple pop-ups. I've dealt with this problem twice before by using Malwarebytes or Microsoft Security Essentials. I usually start my computer in safe mode with networking, do a sweep, restart, and it's all good. Not this time. The virus isn't seeming to go away. After multiple sweeps with both programs, I can't seem to kill. Worst part is, It seemed to have disabled my internet connection! I'm stuck on "identifying". When I restart Windows normally, the virus comes back, once I close out all of the pop-up windows, I ran a network diagnostic and it said there was a problem with the DHCP. The worst part is, it's not letting me do a system restore either! It's very very stressful.

Here my specs

1.) I use MalwareBytes and Microsoft Security Essentials. I currently cannot access my firewall.

2.) I'm using a router to send signal to a laptop in the same apartment.

3.) I currently have MalwareBytes installed.

4.) The last time I was able to update was 10 days ago. No internet access at the moment.

5.) I've run multiple scans and get the same four things. I delete them and they seem to come back.

I'm using Windows Vista.

.
DDS (Ver_2011-08-26.01) -... Read more

Answer:Infected with Vista antispyware 2012

I'm so sorry to break the rules and bump my thread after only 24 hours. But after tonight, I won't have this laptop anymore and will likely just buy a new computer If anyone could offer me help, I'd really, greatly appreciate it.
Thanks,
Joseph.

5 more replies
Relevance 86.92%

Hello,

First time poster, long time reader- I am hoping someone out there might be able to help me. I am fixing my friends laptop and he had Win 7 AntiSpyware 2012, I have had much experience with Malware, Spyware, Adware and Scareware and the like but I had never run into something this difficult to remove.

The laptop is a Toshiba L455D-S5976 with Windows 7 Home Premium 64-bit.

I read the tutorial on here that instructs you how to take it off of the computer but it was to no avail- downloading Spyware Doctor wasnt possible because the machine's internet connection is shot (due to Win 7 Antispyware 2012). I had Malwarebytes previously installed from an earlier fix, I update the definitions and scanned the PC, it came back with a few results but removing the found items had no effect. Same situation for SuperAntiSpyware and AdAware.

Long story short I had to yank the malware out through the registry and now nothing can install, the PC is saying that there is no hardware (no ethernet controller, wifi, audio or anything). Windows Aero is disabled and isnt available to be selected- as if the graphics card doesnt support it. I am kind of at the end of my rope on this thing, I was thinking about getting a copy of the registry from somewhere to import, I am pretty sure that would fix my problem entirely (since I am now free of Win 7 Antispyware 2012). Any thing I can do? I would greatly appreciate any help.

Answer:Win 7 Antispyware 2012 Registry is Destroyed!

I had to yank the malware out through the registryCertainly not a good idea.Is the computer bootable at all?

4 more replies
Relevance 86.92%

First off, I want to thank everyone for the help and suggestions I'll hopefully get. It is very much appreciated.

The problem started last night while browsing the internet using Firefox. I got the dreaded windows security/antispyware 2012 attack. With all of it's multiple pop-ups. I've dealt with this problem twice before by using Malwarebytes or Microsoft Security Essentials. I usually start my computer in safe mode with networking, do a sweep, restart, and it's all good. Not this time. The virus isn't seeming to go away. After multiple sweeps with both programs, I can't seem to kill. Worst part is, It seemed to have disabled my internet connection! I'm stuck on "identifying". When I restart Windows normally, the virus comes back, once I close out all of the pop-up windows, I ran a network diagnostic and it said there was a problem with the DHCP. The worst part is, it's not letting me do a system restore either! It's very very stressful.

Here my specs

1.) I use MalwareBytes and Microsoft Security Essentials. I currently cannot access my firewall.

2.) I'm using a router to send signal to a laptop in the same apartment.

3.) I currently have MalwareBytes installed.

4.) The last time I was able to update was 10 days ago. No internet access at the moment.

5.) I've run multiple scans and get the same four things. I delete them and they seem to come back.

I'm using Windows Vista.

Please help!
Joseph

Answer:Antispyware 2012 and DHCP problem

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

4 more replies
Relevance 86.92%

So I've had this problem before but I think it was an older version like 2010 or something. I had two malware removal programs already: Combofix and malwarebytes. They took the malware out no problem and it was all good. But now this one popped up. I ran malawarebytes once with a quick scan. And it seemingly removed it, but I said why not? Lets run combofix just in case malwarebytes missed something. And by the way, Im a novice to say the least when it comes to comes to computers. Well when I ran it, it restarted my computer just like last time. But when it came back on my keyboard and mouse pad on my laptop wasnt working so O couldnt sign into my laptop. However I had an usb mouse nearby so I plugged that in and signed into guest. Thats when everything went crazy. A window popped up titled C:\ComboFix\pev.3XE. And it said something like Access is denied. And Im rapidly getting hundreds and hundreds of these with blue and black window popups with that same title that all say nothing. There is another window that pops up titled HotkeySewrvice and it says can't find touchpad device. And another window titled AUSUHWIO.DLL and it says Can't open WinNT Service Control Manager. Does anybody know whats going on?

Answer:XP Antispyware 2012 messed up my laptop!

My computer is unusable but I do have an iPhone thank god that I can use for internet.

2 more replies
Relevance 86.92%

I was asked to post my info in this forum by boopme in this thread: http://www.bleepingcomputer.com/forums/topic431807.html/page__view__findpost__p__2509457

I had run through the processes (as outlined in the linked thread) to try and eliminate some continuing issues assocaiated with the XP Antispyware infection I believed I had eliminated a couple of weeks ago.

I am still having issues, such as with ping.exe, and trojan infections that AVG keeps picking up, such as "Trojan Horse BackDoor.Generic14.BZSZ" and "Trojan horse FakeAV.WMQ." I am also having problems with the automatic Microsoft Update as I stated in the other thread and below:

"I do not know if this is of consequence, but XP has the standard "warning shield" telling me I have the automatic updates disabled. When I try to enable it through that dialog box, XP says that it cannot at that time and I should go through the control panel. When I go in there, I have the fully automatic selection, to check/download/install updates in the wee hours of the morning."

I am hoping that any help I get in this venue will at least make a dent in my problems.

My DDS.txt is as follows, and I have attached the Attach.txt and Ark.txt files as requested.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2005 9:13:30 PM
... Read more

Answer:XP Antispyware 2012 latent infections

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

16 more replies
Relevance 86.92%

Hi, I'm new here so please bear with me if I don't get all the info you need in my first go.

I am running Windows 7 64-bit and got infected with Win 7 Antispyware 2012 malware. I tried removing by running a boot scan with Avast, which didn't work. I then found this forum and followed the steps to remove the virus, which did NOT result in finding a rootkit, and was successful.

Then I discovered that I have no internet connection. I do connect to my wireless network and I do get an IP address assigned, but cannot access the outside world, including using the Ping command.

I think I may have deleted some important files, possibly .dll's, during my Avast boot scan.

I ran some diagnostics (FSS, MiniToolBox, GMER, and SecurityCheck) based on some advice I read on this forum, and am attaching the logs. I also did a final run of Malware Bytes Anti-Malware after having removed the infection.

Please help!

Answer:No Internet After Remove Win 7 Antispyware 2012

Farbar Service Scanner Log:
--------------------------------------------------

Farbar Service Scanner
Ran by Chris (administrator) on 16-01-2012 at 21:31:59
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.
Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
Firewall Disabled Policy:
==================
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The ... Read more

44 more replies
Relevance 86.92%

Remove XP Antispyware 2012 (Uninstall Guide)​

What is XP Antispyware 2012 ?

XP Antispyware 2012 is a fake system security software that is considered a rogue program.
Rogues are malicious programs that cyber criminals use to trick users by displaying false threats and problems that it claims to have detected. In reality, none of the issues are real and are only used to convince the user into buying their software and stealing their personal financial information.
As this program is a scam do not be scared into purchasing the program when you see its alerts. You are strongly advised to follow our removal instructions below.

Am I infected with XP Antispyware 2012 ?

This is how the main screen of XP Antispyware 2012 looks:

XP Antispyware 2012 Removal Instructions
(If you experience any problems completing these instructions, please start a new thread here)

STEP 1 : Start your computer in Safe Mode with Networking
Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
Do one of the following:
If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
If your computer has more than one operating system, use the arrow keys to highlight the operating system you wan... Read more

More replies
Relevance 86.92%

This started about two days ago and I thought I removed it but it kept returning with vengeance. Now, I did exactly what the guide said to do through this guide here but now for some reason, Malwarebytes didn't find the infection so I had to get it done through safe mode. Now the computer is taking up such a long time to load. After inserting my password to the computer, the screen will stay black for five or so minutes before allowing me on. Usually, it'll allow me back on to doing what I have to do but now it just takes forever to do it. I was hoping to use Avast to try and nab this virus but now Avast won't even work for me. Right now I'm doing all this through safe mode.Please help and go a bit easy on me. I'm a bit new to the whole copy/paste of logs and stuff. Thank you in advance.Edit: And now the virus has completed halted Google Chrome.

Answer:Win 2012 Antispyware Virus Keeps Returning

It has been two days since my last post. My computer officially will not work outside of safe mode. I will keep trying to get it to work but my hopes are not high. If I don't receive help by Monday I will be reformatting my laptop.

I really don't want to do this so if anyone can help me before then it'll be greatly appreciated it. I run a Windows 7 obviously and followed the guide to a "T" to no avail of permanently removing the virus.

Thank you for your time in advance.

13 more replies
Relevance 86.92%

Hello,

A few days ago I was infected with Win 7 Antispyware 2012, and found the BleepingComputer.com guide to removing it. I followed all the removal steps and it seemed like the removal had been successful. Yesterday, however, a new set of symptoms appeared--new tabs and/or browser windows would intermittently appear on Firefox, directed to various commercial/spam sites. I ran another MalwareBytes scan which revealed one infected object; I had MalwareBytes remove the infection and restarted my computer when prompted. After the restart, however, all the previous Win 7 Antispyware 2012 symptoms reappeared--inability to open executables except in administrator mode, only intermittent ability to access the internet without a blocking message thrown up, and constant popups notifying me of infections and urging me to purchase the Win 7 Antispyware solution. Further attempts to remove the infection with MalwareBytes have either not identified any infected objects or have resulted in resumption of symptoms after the restart.

Thanks for any help available!

DDS logs:

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by KC at 23:02:45 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.812 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windo... Read more

Answer:Win 7 Antispyware 2012 resists removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430346 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 86.92%

Back again looking for some helpful advice on how to get this old computer running virus free. Got hit with this Vista Antispyware that I manged to get rid of for the time being, but it did drop the Google Redirect bug. Hoping you guys can help finish the job.

Running GMER on this computer caused it to completely crash. Not willing to run the risk again without further approval.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:52:27 AM, on 12/4/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firef... Read more

More replies
Relevance 86.92%

On Sunday, 12/25/2011 I got the xp antispyware 2012 virus on my PC running Windows XP Prof.

I did the following things and was able to resolve some of the issues, but have a strange problem with the screensaver, which I'm sure comes from the virus:
At first, when I ran a scan, and it went to the screensaver, and I wiggled the mouse, it would then show only my original user and log into it automatically and try to open some file or execute a file and come up with the "which program do yo want to use to open this file?". I didn't check, to see, which file it tried to run. When I logged out of that user, all users were there again.
Now it is worse, when I ran GMER and the screensaver came on, then upon me wiggling the mouse, the computer rebooted and briefly showed a blue screen, then took a long time to boot up again. I started the scan over, after changing the time on the screensaver, and making sure, it won't go into screensaver again. I have not found any info anywhere on these weird things with the screensaver.

So here are the steps I took to get ridd of the virus:
I tried booting in safe mode, but couldn't.
-I was able to login to my other administrator account and did a restore to the previous day from there. Then I found your instructions and followed them:
--I ran FixNCR.reg.
--I ran rkill.
--I scanned with Malwarebytes. It found 2 trojans, one was in a system restore folder. I had it remove them.

I installed AVG and updated it, removed ... Read more

Answer:xp Antispyware 2012 & screensaver seems to have virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435074 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

29 more replies
Relevance 86.92%

Quick summary: Infection appeared and I was able to talk the user (a family member) through installing avira (and uninstalling ms security essentials), seemingly removing the infection. A few weeks later it returned, I was able to delete the program (in person) that was running the virus windows, but this caused windows to be unable to launch .exe files. I then restored from the lenovo partition and things seemed okay. Currently running avira and mbam. Last night the user's email was hacked so now I'm a bit paranoid and would like someone to look over a hjt log from the machine.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:41:14 PM, on 12/30/2011Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Program Files\LENOVO\HOTKEY\tposdsvc.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\Zoom\TpScrex.exeC:\Program Files\Lenovo\Communications Utility\TPKNRRES.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.exeC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\Windows\SysWOW64\rundll32.exeC:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exeC:\Program Files (x86)\Common Files\... Read more

Answer:Post Infection: Win 7 AntiSpyware 2012

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/435378 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 86.1%

On 12/28/11 I got hit by the XP Antispyware 2012 virus. I was using Norton/Symmatec virus protection and it did not detect the virus. I downloaded RKILL and Malwarebytes to eliminate the virus. The first Malwarebytes scan found the following:

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.28.03

12/28/2011 1:19:25 PM
mbam-log-2011-12-28 (13-19-25).txt
Registry Data Items Detected: 6
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\sfj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\sfj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Owner\Local Settings\Application Data\... Read more

Answer:XP Antispyware 2012, Goggle Redirect and Ping

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 31. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the runn... Read more

26 more replies
Relevance 86.1%

Description: Started out with fake Win 7 Antispyware 2012. Led to other infections, some cuaght by symatec and some not.
Combination of rkill, malewarebytes, MS Secuity Essentials over and over, through many hours, finally stabalized the system.
Uninstalled symantec and now using MS Security essentials. Had to fight though blocking of control panel and explorer.

Next Tried ESET and found sirefef rootkit and advware (think that was the name).
Have gone through a number of steps in an attempt to clean. Combination of gmer, ESET and combofix seemed to "mostly" work. All tools (that I can interpret) are coming up clean including TDSSKiller and the system is not bogged down. Most issues seem to be gone but I am still suspicious for a few reasons.
1. Windows firewall cannot be enabled. "Windows firewall can't change some of your settings. Error code 0x80070424". So, either I trashed the services and registry or something is still interfering.
2. Not as confident on this but beleive the browser may still be interfered with. Occaisonal flashing (possible it's just really fast now and a graphics thing). It also took me to a random site. The random site was a yellow pages/restaurant type site. Have only seen that happen one time so there is some chance it's pilot error. With that said, when I re-traced my steps, I didn't see anyway the random site could have been invoked.

At this point would like to know if there are still traces of... Read more

Answer:fake Win 7 Antispyware 2012 and sirefef rootkit

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432896 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

3 more replies