Computer Support Forum

OpenCloud or worse Trojan Virus

Question: OpenCloud or worse Trojan Virus

I attempted running the tutorial for removing OpenCloud Antivirus. It was unsuccessful and Symantec keeps popping up about quarantined items. I've used this forums in the past and they were extremely helpful. Any help would be great or even a starting point. I've posted some of the error messages that pop up here.

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH316A.tmp

Security risk detected: Trojan.Gen.2
File: C:\Users\ChrisV\AppData\Local\Temp\DWH2D15.tmp
dds log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by ChrisV at 22:44:25 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.6389 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlbtcoms.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: CM_AdvancedCAB - hxxps://www.gs.reyrey.com/common/ClientCheck/CM_AdvancedCAB.CAB
DPF: PrintTemplateViewerCab - hxxps://www.gs.reyrey.com/clientdll/printtemplateviewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{EBD51ABB-CDD9-43FB-B25C-B8C43A88BF38} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ChrisV\AppData\Roaming\Mozilla\Firefox\Profiles\jolij982.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/12/04 16:58:18];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-12-4 146928]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-8-19 2399560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-3-2 366152]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-4-1 1822296]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-30 136824]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2011-10-02 23:27:05 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\AVG2012
2011-10-02 23:26:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-10-02 23:24:18 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-10-02 23:24:18 -------- d-----w- C:\ProgramData\AVG2012
2011-10-02 23:21:31 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-02 23:12:46 -------- d--h--w- C:\ProgramData\Common Files
2011-10-02 23:12:34 -------- d-----w- C:\ProgramData\MFAData
2011-10-02 22:32:39 -------- d-----w- C:\ProgramData\Reynolds
2011-10-02 20:40:15 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\HnF4amH5sJd
2011-10-02 20:40:01 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\TEK8gRZ9h
2011-10-02 20:40:01 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\kXwjUVelItPyAu
2011-10-02 20:33:47 -------- d-----w- C:\Windows\pss
2011-10-02 20:32:25 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\w0ycA1ivDoFpHsJ
2011-10-02 20:32:24 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\eYXwkUVelBz
2011-10-02 20:01:50 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\snGG55aQH6dW7fL
2011-10-02 20:01:50 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\HgggTXXqjYCeIV
2011-10-02 20:01:48 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\HXXwwkUUVelBtP0
2011-10-02 20:01:47 -------- d-----w- C:\Users\ChrisV\AppData\Roaming\WsssWJJ7d
2011-10-02 19:57:35 -------- d-----we C:\Windows\system64
2011-10-01 02:01:10 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8A90C7D-34DD-4736-A56B-A90274BFE782}\mpengine.dll
2011-09-08 02:15:29 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
2011-09-08 02:12:28 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-24 16:17:05 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-11 05:14:36 375376 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-07-11 05:14:08 29776 ----a-w- C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:06 26704 ----a-w- C:\Windows\System32\drivers\AVGIDSEH.sys
2011-07-11 05:14:06 120400 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:44 282704 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-07-11 05:13:42 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 22:45:14.30 ===============

Relevance 100%
Preferred Solution: OpenCloud or worse Trojan Virus

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: OpenCloud or worse Trojan Virus

attach.txt

31 more replies
Relevance 65.6%

Hi,

Last week I got a virus of some sort on my computer and ever since it hasn't been working properly and I keep getting a lot of pop-ups. Within the last few days I've also started getting warnings on my internet screens themselves. Everything is in red and it says Warning: You're computer needs to be scanned, viruses detected. I've been scanning it daily with avg, but it is never completely resolved. It may seem slightly better after the scanning but later it will be even worse than it was prior to the scan.

Please help! I don't know what to do....

Thank you!

Answer:trojan virus keeps getting worse on my computer

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

1 more replies
Relevance 65.19%

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.

I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.

Effect:
1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:
Microsoft Visual C++ Runtime Library
Runtime error
C:\program files\internet explorer\IEXPLORER.EXE
R6025
-pure virtual function call

2.I tried to open Ewido. Error message:
Not enough quota is available to process this command.

3.Tried to open HijackThis but could not access hard-drive.Error message:
Not enough quota is available to process this command.

4.Tried again to open Ewido via shortcut. Error message:
This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)

5.Tried again to open Ewido. Error message:
Application failed to initialize properly (0xc000012d). Click to terminate application.

6.Tried to open Ewido again. Error message:
SecuritySuite.exe -Bad Image
The application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.

7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:
C:\wi... Read more

Answer:Worse than BSOD. Trojan or Virus. Urgent Help!!

Microsoft says this is a memory problem. Upgrade ram or increase your virtual memory, which assumes you have some free hard drive space.
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/w2000Msgs/1495.mspx?mfr=true

If you have not done computer maintenance in some time, you might consider cleaning up unneeded files, startup items and doing a defrag (this would be especially a good idea if your going to increase virtual memory).
http://forums.majorgeeks.com/showthread.php?t=106650
 

1 more replies
Relevance 65.19%

Cause: Trojan or Virus. Unsure. Most likely contracted from an infected webpage/website.I've never experienced anything like this before. There was no BSOD but this is so severe, I had to turn to the power off and am too scared to switch on computer.Effect:1. web browser (IE, version ?) couldn't function, except load homepage (which I have always set to Google). Error message:Microsoft Visual C++ Runtime LibraryRuntime errorC:\program files\internet explorer\IEXPLORER.EXER6025-pure virtual function call2.I tried to open Ewido. Error message:Not enough quota is available to process this command.3.Tried to open HijackThis but could not access hard-drive.Error message:Not enough quota is available to process this command.4.Tried again to open Ewido via shortcut. Error message:This no longer exists. It might have been renamed, moved or deleted. Would you like to remove from list? (I pressed No)5.Tried again to open Ewido. Error message:Application failed to initialize properly (0xc000012d). Click to terminate application.6.Tried to open Ewido again. Error message:SecuritySuite.exe -Bad ImageThe application or DLL C:\windows\system32\PSAPI.DLL is not a valid Windows image. Please check this against your installation diskette.7.Opened Spybot, forced to download updates before scanning. Then couldn't find anything after scanning for only few seconds (unusual- scans always take over 5mins). Error message:C:\windows\system32\S... Read more

Answer:Worse Than Bsod. Trojan Or Virus. Urgent Help!

Some questions :- Which operation system you have Windows?XP?2000?- Is it upto date?- Go to START RUN and type dxdiag please tell which version of Direct X you have- Under Control Panel Software please tell us which version of Java you have- Do you have a legimite windows?- A work around to see what is causing the problem is to download Firefox here and install. In normal mode, run an online antivirus check from at least two and preferably three of the following sitesBitDefenderComputer Associates Online Virus ScanPanda's ActiveScanTrend Micro HousecallWindows Live Safety Center Free Online ScanThis scanner from Trend does not require an Active X to run. 1. Detects and removes malware ( viruses, worms, trojans, etc. ) 2. Detects and removes grayware and spyware 3. Restores damage caused by malware to your system. 4. Notifies about vulnerabilities in installed programs and connected network services. 5. Multi-platform support for: Windows, Linux, Solaris. 6. Easy-to-use with the Microsoft Internet Explorer and Mozilla Firefox.Please try to run test nr.6 in Firefox and post the results to rule out any virus

1 more replies
Relevance 60.27%

To whom it may concern,

I have dealt with many virus' in the past, but this OpenCloud Security Virus seems to be particularly pesky. I tried running rkill at first; rkill yielded no results, but it was obvious that there was still a virus. I would try running MBAM, but 10 seconds in, the virus would shut it down. In addition to OpenCloud Security, there are other conspicuous programs installed, such as Reimage Repair, and Driver Detective. Attached are the dds files requested. I tried running gmer, but 10 seconds in, the gmer scan was stopped and the program was shut down. I tried running the gmer again, but I got the following error code: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Nonetheless, here are the DDS logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by May at 20:14:21 on 2011-10-04
Microsoft Windows XP Home Edition 5.1.2600.2.936.86.1033.18.894.576 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WIN... Read more

Answer:OpenCloud Security Virus

that1120,First, let's take care of this file:C:\WINDOWS\709773043:213496277.exeIt throws a wrench in the works, and programs will not run successfully...Please download DummyCreator.zipUnzip the folder:Right-click and select: Extract all?Follow the prompts to extractOpen the new folder that appears on the Desktop:Double-click DummyCreator/DummyMaker to run the tool.Now, copy/paste the following into the blank area:C:\WINDOWS\709773043Press the Create button. Save the content of the Result.txt to your Desktop, and post it in your reply. It is a very short report.Next, restart the computer!Please do not run any malware removal programs while we are in the process of making malwere repairs. Doing so may just make matters worse, and that, you do not want!Thanks!

16 more replies
Relevance 60.27%

hello,
i have the open cloud security virus on my windows xp service pk 3 acer cmptr
i ran combofix , did not work, the virus came up right after it finished
i ran rkill, did not work
it wont let me run malware bytes even though i have the paid version
i ran the free version while in safe mode but it wont complete the run it just disappears
i cant get into my super anti spyware paid version while im in safe mode
i cant get online
please instruct me on how to fix:(
thank you,
marthalina

Answer:opencloud virus nothing has worked so far

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

2 more replies
Relevance 60.27%

I have OpenCloud Security crap popping up on my comp. I do not have internet access on my comp either so I am posting this on my work computer. I have Windows XP. I found a post on here stating what scans to run so I ran them. Here are the results I got.MiniToolBox by Farbar Ran by Matthew (administrator) on 29-09-2011 at 18:12:39Windows Vista ™ Home Premium Service Pack 2 (X86)***************************************************************************========================= IE Proxy Settings: ============================== Proxy is not enabled.No Proxy Server is set.========================= Hosts content: =================================127.0.0.1 localhost========================= IP Configuration: ================================# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset globalpopd# End of IPv4 configurationWindows IP Configuration Host Name . . . . . . . . . . . . : Matthew-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : BelkinEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Realtek RTL8168C/8111C Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) Physical Address. . . . . . . . . : 00-1F-C6-6F-74-A5 DHCP Enabled. . . . . . . . . . . : Yes Autocon... Read more

Answer:OpenCloud "virus" on my computer.

I had this virus yesterday, tried everything and nothing worked till I went on youtube and saw this video. it works, I got rid of it completely.

5 more replies
Relevance 60.27%

Hope I'm in the right place. My computer at home has the OpenCloud Security virus. It has since stopped all the pop up boxes and messages. I can now only boot the computer in Safe Mode, it will not allow the computer any further. I printed the uninstall guide from this website yesterday from work to try it out. When I'm in Safe Mode with Networking most times my icons do not come up and I get a Windows error message. With determination I kept trying and the icons eventually came up. As instructed, I changed the Proxy server settings and can not get the Internet Explorer to come up, it's like I don't have an internet connection at all. But I know it's working. I've gone back and attempted this step several times. I can't download anything and I'm stuck. Can you help me?

Answer:OpenCloud Security virus

Start here: http://www.bleepingcomputer.com/virus-removal/remove-opencloud-antivirus, or here: http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security depending on which one you have.

7 more replies
Relevance 60.27%

http://www.bleepingcomputer.com/forums/topic419746.html/page__pid__2414376#entry2414376
http://www.bleepingcomputer.com/forums/topic419746.html/page__view__getnewpost

Hello,

I hope I inserted the link from the Am I Infected? forum correctly. I have the OpenCloud Security virus on my personal computer at home. I have no way of accessing anything including backing up anything. At this point I have no idea what to do. And was sent to you by Broni. I hope you can help. Once I leave work the only access to internet is via my Blackberry. I don't know how to create screen shots or send logs. I am willing to try anything to get this fixed.

Whatever info you need I will do my best.

Thanks,
squeaks70

Answer:OpenCloud Security virus

Well I managed to get the Rkill to run but all of my icons have disappeared. I still have the notepads up. But with no icons I cannot get to the next step. Should I leave the computer on? I really need some help.

7 more replies
Relevance 60.27%

Hi, I've gone through the Opencloud Security Virus removal guide. once i download the malwarebytes program and begin the scan the program shuts down and won't let me open it back up. i get an error message saying "windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. The same thing happened when I tried to run the GMER scan. From searching I found someone saying to try and rename the file "Winlogon.exe" but it wouldnt let me do that either. At this point i have no idea what to do

thank you
Jeremy

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Jason Klein at 15:36:34 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2036.1594 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\1246570272:3755520693.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s... Read more

Answer:OpenCloud Security Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420746 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 59.45%

PC showing the OpenCloud Security virus. I followed the instructions already posted but it will not in any way shape or form allow me to run Malwarebytes or SuperAntiSpyware. It downloads them and starts the scan but then it just disappears off the screen and that is it...nothing! I have the DDS and Attach logs but when I ran GMER it disappeared same as the Malwarebytes.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by kderigne at 17:35:23 on 2011-09-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1647 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\3452142272:1065172018.exe
C:\Program Files\Sunbelt Software\SBEAgent\SBPIMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freez... Read more

Answer:Infected with OpenCloud Security Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421170 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 52.07%

Hi, everyone....
A couple of weeks ago, someone overseas used my credit card number to buy themselves a free train ticket. Since I don't do much (and usually through PayPal anyway) Internet purchasing, there is only one other direct way they could have gotten it - by hijacking my Internet connection. (I could be wrong about this, but it's what I think anyway....)

I use AVG, but after this, I also installed Avast, which I allowed to do a full system scan. It found 4 Trojans on this system, all in the System Restore areas. Naturally, I deleted them.

Prior to this, I was having problems with MSI programs not loading right. After I scanned and got rid of a couple of viruses and those Trojans, this problem seems to have gone away. (In the midst of this, I also upgraded the system to SP3, which could have corrected the MSI problem anyway - no idea.)

What the system is doing now is breaking as I type, which implies that something may be making screen-shots in the background, and transmitting whatever to whoever is watching. This bugs me - what would be helpful is a raw logger that tracks everything transmitted or received via the Net, but I haven't seen such a tool for Microsoft. In Linux, sure, but....

System: 2.0 GHz HP Pavilion 533w, 512 MB RAM, Two 60 GB HDDs, USB 2.0 500 GB HDD, XP Home w/SP3, AVG, (Ad-Aware, Avast)

Here's my HijackThis log file:

---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:56 PM, on 9/23/2008
Platform: Windows X... Read more

More replies
Relevance 52.07%

Hello everyone,

This is probably the very 1st time i have ever needed assistance this badly with malware removal...My spyware doctor picks up that i have a trojan called Trojan.Spambot, the file that it is in is called Rpcrt3.Dll, it is found in all of my Sv_chost prossesses as well, i have done safe mode, tried disabling everything that is Sv_chost related and i still cant delete this file...To my understanding what the trojan does is take up bandwidth and send spam e-mails....so the is not really a way for me to live with it, as i have tried, i would greatly appreciate any useful feedback...Thank you

Answer:Worse Trojan I Have Had

Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install HJT in the proper location.) If HijackThis will not run, try renaming it. Open the HijackThis Folder, right-click on the HijackThis.exe file and rename it Scanner.exe. Double-click on Scanner.exe (which is still HijackThis) and then run your scan. If needed, change the .exe to something else such as .bat, .com, .pif, or .scr. Example: Scanner.bat or Scanner.comWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day. Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An... Read more

6 more replies
Relevance 52.07%
Question: Trojan and worse?

I discovered I had a problem when I couldn't keep "Show hidden files and folders" active in Folder Options. I re-download Avast AV and ran a scan and found some bad stuff. For the past 24 hours I've been reading info on the Web and trying to fix things on my own, but I need help, please. Thanks very much in advance!
Here's my DDS log and my attach.txt is attached.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Kiko at 4:08:53.71 on Wed 02/11/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.339 [GMT -6:00]

AV: avast! antivirus 4.8.1335 [VPS 090210-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAn... Read more

Answer:Trojan and worse?

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.
When the Recovery Console has been installed, you will see the prompt below. Choose YES.
When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download GMER.zip to your desktop from any of the links below:LINK1, LINK2Right click on GMER.zip and select "Extract All".Close all other open p... Read more

14 more replies
Relevance 51.66%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:52:50 PM, on 11/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Azureus\Azureus.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll (file mi... Read more

Answer:Worse Trojan I Have Had, TROJAN.SPAMBOT

Ok......this is taking FOREVER

13 more replies
Relevance 51.25%

heres my HJT log thanks in advance!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:52:36 PM, on 29/11/2007Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16546)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Trend Micro\Internet Security 2007\pccguide.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Windows\ehome\ehmsas.exeC:\WINDOWS\System... Read more

Answer:Trojan Horse.. Or Worse!

Hello icesplinter and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log.Please also post the problems you are having.Thanks,Johannes

1 more replies
Relevance 51.25%

Spybot, Adaware and various other antivirus prog's get to a certain point and then just freeze.First thing i noticed was that my browser changed recently, then everythings slowed down. Here's the log.C:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\Program Files\Netropa\OSD.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Tyrone Carr\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhomeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchR1 - HKLM&... Read more

Answer:Maybe Trojan Infection Or Worse

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your Malware Problems.Make sure that you post the entire log, including the header information at the very top.If you have resolved this issue please let us know.

2 more replies
Relevance 51.25%

I'm trying to rid my work computer of a multitude of problems - a Dell GX620 running XP(SP2) with 1G ram. I get multiple popups, have trouble running acrobat, and it shuts down often. I've run various virus checkers, but most recently Ad-Aware and Spybot. Both had difficulty downloading updates. Ad-Aware found several cookies and win32.trojandownloader.zlob which kept returning after removing it and rescanning. Spybot stopped scanning 1/3 way through and got error during check! messages on coolwwwsearch and webdialer - neither of which I could "fix".

On startup, I get the following error messages:
*awtsq.exe - cannot access specific device
*could not run awtsq.exe c\windows\sys32\awtsq.exe
*error loading e\win\sys32\mlchivpu.dll
*during scan of files at system startup errors in sys reg found
p-07-0100 irql:1fSYSVER0xff00024
NT_Kernel error 1256
KMODE_EXEPTION_NOT_HANDLED

Here is the hjt file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:31 AM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\P... Read more

Answer:Suspected trojan just getting worse

After perusing some other threats, I've turned off all anti-virus (most of it was expired anyway), turned off the firewall, quit all programs, and logged off the internet, THEN run HJT and here's the log from that: (and actually, it's not my computer, it's a customers who I only have access to in mornings so I'll probably only have a few minutes longer on it today).
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:27 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\tmw7\tmmail7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.metacrawler.com/
R1 - HKLM\Software\Microsoft\... Read more

1 more replies
Relevance 50.84%

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

Answer:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

12 more replies
Relevance 50.84%

A few days ago I started getting a bunch of alerts from WinPatrol about new auto startup programs being detected with weird names (hajigira, etc.). Then I started get tons of popups... so many they would eventually crash my browser. I tried to disable the programs and remove them via WinPatrol, but they kept coming back. I think I got infected by having inadequate protection from an Anti-virus program that came with my ISP (which revealed nothing upon scanning) for the last month. So I uninstalled it and then purchased and re-installed the antivirus software I used for the past 3 years (Norton). Norton scan found 1 problem and removed it but I kept getting the WinPatrol notifications and popups. Then I tried SpyHunter which found adware and 2 trojans, but said it could not remove the trojans. I then bought SUPERanti-spyware, which found 130 problems (wow) and removed those. But now I am STILL getting WinPatrol alerts, browser popups (though fewer than before), and now errors when I startup and open programs because it appears some important files were removed or corrupted during the last removal. The system also seems very slow at times... I can barely get anything done. So, I hope you can help. Thank you in advance.

Here's my Hijack This file:
>>>>>>>>>>>>>>>>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:40 PM, on 2/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7... Read more

More replies
Relevance 50.43%

Dear friends, The other day I stupidly clicked on this link which purported to show a video of the LHC startup (how much of a nerd does THAT make me?):Link removedI was prompted for a Flash update which I stupidly assented to all the while thinking, "something's not quite right."Soon after I noticed that google search result links in Firefox were being redirected to various commercial sites. I switched to Chrome which didn't have a problem at first but soon developed the same problem If I requested that the link open in a new tab there was initially no redirect, but now it opens multiple empty tabs as well as the link and sometimes crashes Chrome.I was running AVG internet security (the pay version) at the time of the initial infection. Adaware, Malwarebytes etc. failed to find anything. I now have Kaspersky internet security installed and it has found nothing on the scan.My Hijack This log is below and also attached. Any help will be greatly appreciated.NickLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:48:31 PM, on 11/27/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32 ... Read more

Answer:Redirect Trojan---geting progressively worse

Have since been working on this a lot, following various advice. In case something's changed I've attached a new combofix log and SD report. Thanks for any help. The redirects continue to happen on almost all google links.

Nick

15 more replies
Relevance 50.43%

As per the help from boopme, I'm moving this thread to this area for help.The original thread and story of how I got to this point is here:http://www.bleepingcomputer.com/forums/t/322967/cant-get-rid-of-nasty-trojan-horse-backdoorircbotlwm/Briefly, AVG free v.9 can find the Trojan Horse (but cannot remove it) at -- "C:\WINDOWS\system32\svchost.exe (1424):\memory_00400000";"Trojan horse BackDoor.Ircbot.LWM";"Object is inaccessible."& at "C:\WINDOWS\system32\svchost.exe (1424)";"Trojan horse BackDoor.Ircbot.LWM";""& although the number in parentheses changes with each running of the AVG.No other virus software I've tried -- including Norton, Malware, Spybot -- even note its presence.Since then, Norton also found & removed wdh2.exeAlso, the first time I open a browser (Firefox 2 or IE 7) and surf for anything, my browser gets hijacked to some random(?) site.Intrusion attempts after that, like the ones I described in the thread above, continue, but appear to be blocked by Norton.GMER and DDS logs below; the "attach" file from DDS is attachedThanks in advance for any help anyone can give me-- chicagoexpatMy computer/ops info:Dell Dimension 3000 ? Desktop/Tower modelProcessor Intel? Celeron? CPU 2.40GHz Processor Speed 2.34 GHz Memory (RAM) 2048 MB Operating System Microsoft Windows XP Home Edition Operating System Version 5.1.2600Service Pack 3I was originally running AVG anti-virus, I'm now running Norton Security SuiteVersion: 4.2.0.12 & AVG is uninstalled.Under... Read more

Answer:Trojan horse BackDoor.Ircbot.LWM or worse/more

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

2 more replies
Relevance 50.43%

I've got a very strange problem that occured after I did a trojan removal. Surprising enough my computer worked fairly well while the trojan was busy doing whatever it pleased. I ran my weekly scan with malwarebytes and naturally it found the trojan, asked to remove and reboot. I allowed it to...reboot occurs. I'm feeling hunky dorie..and then I log in. For some reason some programs open just fine like before. Others only open after a solid 6 minutes. And others take even longer. I have not a clue what happened. I did a clean boot with all of the non microsoft services turned off to no avail. What in the heck happened?! any ideas?

Answer:Computer is working even worse after trojan removal?!

Welcome, I am moving this from Win7 to the Am I Infected forum.Please post that MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Also run these..Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

1 more replies
Relevance 50.43%

this is getting worse and more intense. i cant load any drivers and when i go to check them it shows that they are functioning properly and up to date. and almost 1/2 my info in the system reads '0' in size. Whats that all about? and I cant get anything to recognize my mcafee, or a win32 document.
but now i have been wondering what could have happened to these few items....

(Task Manager)
escription
A problem caused this program to stop interacting with Windows.

Problem signature
Problem Event Name: AppHangB1
Application Name: taskmgr.exe
Application Version: 6.0.6001.18000
Application Timestamp: 47918e94
Hang Signature: 81c8
Hang Type: 0
OS Version: 6.0.6001.2.1.0.768.2
Locale ID: 1033
Additional Hang Signature 1: 53f72d3f4124441cca0680ecd89a6848
Additional Hang Signature 2: db5a
Additional Hang Signature 3: 73b8e1bcf743f8e60d79d67d469cdb63
Additional Hang Signature 4: 81c8
Additional Hang Signature 5: 53f72d3f4124441cca0680ecd89a6848
Additional Hang Signature 6: db5a
Additional Hang Signature 7: 73b8e1bcf743f8e60d79d67d469cdb63

Extra information about the problem
Bucket ID: 342139870

(Genuine Windows Error)
"An unauthorized change was made to your license."
To keep your system stable, you must go online and validate that your software is genuine:
- Validate Online
- Close

Windows 6.0.6001 Service Pack 1

4/14/2009 4:19:13 PM
mbam-log-2009-04-14 (16-19-13).txt

Scan type: Quick Scan
Objects scanned: 69262
Time ... Read more

Answer:I am experiencing trojan difficulties, or possibly worse!

I also forgot to mention (not sure how i could forget) but I also wanted to make sure i mentioned that i had another Trojan about a week and a half ago that i thought mcafee deleted but apparently it didn't, and i also started experiencing media difficulties first.


Quote:




"Well first thin was, i couldn't get office live update to install. and then next problem(1 day ltr) I was trying to get some songs off my friends iPod ant it wouldn't let me. so i went to see if there was any up dates, and there was so i made sure they were compatible and i installed them. and then it still wouldn't work so i just went to the int. and downloaded some. while doing so i installed a flash player and Codec Pack - All In 1; cause my wynamp and windows media player wouldn't play some of them. and so forth. now i have two net frameworks 3.5 and programs hang, stop, and shut down unexpectedly.. But just so you know my sons dad was on the comp off and on for 3 days, and only god knows what he downloaded he thinks he knows his stuff. And although this isn't all I hope this will help you understand.
I am worried about a Trojan downloader or virus (last week I had one get blocked by mcafee)
I also haven't been able to locate drivers or completely uninstall things or open half of my files. Oh and i have limited administrative access and i am the main user. To anyone that reads this i am hoping you might be able to help me, any and all suggestions are welcome."

... Read more

1 more replies
Relevance 49.61%

PLEASE Help Me!
I contracted the trojan.vundo virus and have tried to use pocudures in this forum and others to remove. I have not been successful. I have tried VundoFix, VirtumundoBeGone, Adware, Spybot, and Spysweeper. I have gone into Safe Mode before running and installing these. Spybot said that it clean the virus, but I am still getting the Symatec AntiVirus Notification window that I still have the Trojan.Vundo virus. Symantec recognizes it, but cannot quarrantine or clean it. The virus file location is C:\WINDOWS\system32\vtsqp.dll. I have been using Symantec for several years with no problems, but now it does not automatically load.

On top of all that, by running AdAware and Spybot, I have rendered other desktop icons unusable.

Please help me! I thought I could fix this, but obviously not. I appreciate some expert help. I can follow instructions - I promise. Thanks in advance.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:32:45 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\C... Read more

Answer:Cant remove Trojan.Vundo, now I've made it worse, HJT log incuded

bump
Update - My desktop is back in business. I deleted the downloaded VundoFix, VirtumundoBeGone and spysweeper. I removed and reinstalled symantec. it found a few things and cleaned two of them. Still running slow and still getting picked up by symantec. 2 could not be cleaned or quarrantined.
- trojan.vundo
- w32.trats!inf

Happy to post new HJT log. I appreciate a response! Thank you in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:10 PM, on 1/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Sony\Giga Pocket\shwserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Sony\VAIO Media... Read more

1 more replies
Relevance 49.2%

What brought me here is a problem reinstalling my adobe CS1 - I had problems with acrobat and had to uninstall the entire suite.  I was unable to reinstall...it got just so far and then just 'hung'.  I spoke the the Dell cust. svc person who insisted I had to reinstall windows (which is a last resort).  I thought I may have an intruder on my computer so I followed all the directions or what to do BEFORE I post my question...all the downloads, scans and logs.  I am currenly running windows xp professional on a dell laptop.  I am posting my logs and hope someone can HELP ME!! [recovering space - attachment deleted by admin]

Answer:do I have a virus ...or worse?

Open Hijackthis and select Do a system scan only.Place a check mark next to the following entries: (if there)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)Important: Close all windows except for Hijackthis and then click Fix checked.Exit Hijackthis.I don't see anything malicious, have you tried to do any repairs to windows?Here are a few methods to try.Do you have an XP CD?If so, place it in your CD ROM drive and follow the instructions below:Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)Let this run undisturbed until the window with the blue  progress bar goes awaySFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.If you want to see what was replaced, right-click My Computer and click on Manage. In the new window that appears, expand the Event Viewer (by clicking on the + symbol next to it) and then click on System.----------1. Download IEFix.zip and run it.2. Click the Apply button.3. You'll be prompted for the Operating System CD or the Service Pack Files location.4. Once finished Restart Windows. If you�... Read more

1 more replies
Relevance 49.2%
Question: Worse Virus EVER!

I am running Vista on my HP Pavilion e9150t and got a bad virus. I logged onto my computer and all my picture files are there and I can access them, however, when I go to save them onto thumb drive etc. everything is shut down. My internet is wiped out, as well as my Dvd drive. It will not let me open or send anything to my thumb drive, external hard drive or bluetooth. I can still use my camera cards though.

My Avast has been shut down and so has my security center. It wiped out Spybot and hackthis, Malebytes still scans (unsuccessfully). It will not let me boot in Safe Mode of any find. Firewall is shut down too.

This is one of the several error messages I get. "the dependency service or group failed to start"

I back-up my files once a month, but have about 100 pictures that have not been backed up and I have to try to save them. Please help!
UPDATE: Malware bytes completed a scan and this time found 2. They are Malware.Generic (file) and Disabled.Cryptsvc (Registry Data)
 

Answer:Worse Virus EVER!

You'd be best posting this under the Security & HJT section mate. Use "Report" at the bottom of your message and somebody will move it for you.
 

2 more replies
Relevance 49.2%

I have a friends computer that won't allow the internet browser to function properly and won't play youtube videos. I noticed the following in the task manager: (refer to screenshot060, screenchot090). In which the things that look a little fishy like csrss.exe I try to close them and it comes back as access denied. When I restart the computer it says "Unable to set hook?" with an Nvidia header.  Any help will be much appreciated!![recovering disk space, attachment deleted by admin]

Answer:Virus or something worse?

Sorry I ran out of room on the OP. Also sorry for the size I would use an image host but the virus(s) won't allow it.[recovering disk space, attachment deleted by admin]

14 more replies
Relevance 49.2%

Please help!!!! My computer has been encountering various issues, the most severe has been the uninstalling of all installed printers. The issue first occured when we were not able to print using our photo printer, shortly after the photo editor application would be force closed everytime the "Print" button was clicked. Now all printers have been uninstalled without our doing. McAfee occassionally finds PrcViewer but cannot fully delete it.

Last scan came up with three detections (the two cookies were automatically deleted):
Cookie-Advertising
Cookie-Insightexpres
PrcViewer
HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:42 PM, on 3/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGR... Read more

More replies
Relevance 49.2%

Hi there! While I've been lurking here in the shadows learning from all of you, a nasty virus has decended upon my computer. It's the dreaded FBI virus, even though the pictures do not look exactly like the ones posted on this site, it's a moneygram, pay up or this will stay on your computer forever virus.

So I did some research here on what to do, but it's getting worse. Here are the steps I've taken:

Using Windows 7, Premium Home edition
Boot in safe mode with networking.
Downloaded Rkill and ran it.
Downloaded emsisoft antimal and ran it.
It quarantined 7 threats - 6 high risk, 1 medium risk.
I selected for it to quarantine, but it gave me a message that there was an error and it could not quarantine 3 of the files.
I tried to delete the items out of the recycle bin and it gave me the message that my recycle bin was corrupt.
I was trying to figure out what to do next when the white FBI screen took over in safe mode.
I rebooted in safe mode again, and every time, the FBI screen appears.
I'm also getting the message that emsisoft has encountered an error and it cannot load.

Please help. I'm at my wits end.

Answer:FBI Virus - getting worse!

Can you boot into safemode with networking?

Do not run any other tools when you are being assisted.

11 more replies
Relevance 49.2%

Hello and thanks for your time and help in advance... My wife was on Facebook on my school laptop and got hit with a Trojan complex. I am farely computer savy and ran the laptop in safe mode and ran Malwarebytes, it found and removed 8 things, I have the original log and will post it. When I restated in normal mode, I reinstalled symantec endpoint protection and the active scan quarantined a trojan. Also, as requested, I will attach the dds.txt and attach.zip logs from dds.scr. I also have a hijackthis log that I will attach if you need that as well. Once I had run Malwarebytes in safe mode, I also installed and ran Spybot S&D, unhide.exe(all my shortcuts from the desktop were made hidden, and all shortcuts within folders on the start menu are still gone, unlike the destop shortcuts after running unhide.exe...it also fixed right clicking on the desktop and choosing "next destop background". Also, right clicking on my computer and clicking "Manage" says the file is not found! I am not sure what else is screwed up but was hoping the logs and a fine computer savy buddy can help... . I will give as much info below and hope that it will be all you need, if not pleae ask:

Initial Virus attack descripton: multiple popup message boxes opened and said something like "Warning! Hard disk failure, fix now..." I immediately shutdown the computer and rebooted to safe mode and ran the above programs. I believe that the Symantec Endpoint protection... Read more

Answer:Trojan erased my start menu shortcuts and possibly worse

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427787 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 48.79%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While this is not the cause of t... Read more

Answer:svchost virus, or something even worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 48.79%

Something is eroding my system. Trojan.W32.Generic!BT continues to pop up in Vipre scans. It redirects me on the internet, and does not allow other security software to run. Please help. I can post a HiJackThis log.

Answer:I have a virus that keeps getting worse Troj

please send me the full detail about what the virus doesThanksThe Wiz

3 more replies
Relevance 48.79%

Elsewhere a while ago I posted in this forum that I was getting odd logs in Norton with messages of it blocking constant attacks, but I thought that was all there was to it. Wondered what it meant. The computer froze but I didn't seem to have any other problems at the time.

Since I had not heard I;ve done a little more digging, and it's worse than I thought. I can't boot into safe mode -- I get a blue screen of death. And I can't use system restore, it's been disabled and if I try to restart the service it gets stopped almost immediately. So there's likely a virus in there.

I ran malwarebytes and superantispyware (something I'd do in this situation anyway), which found a couple of issues that I deleted but the computer still has the same issues -- and I'm waiting for it to freeze.. so either the virus is still there, or it's done enough damage that I won't get my safe mode back. And none of the programs -- norton, malwarebytes or superantivirus find anything wrong any more.

I did not want to run combofix until someone from the bleeping side responded...but I'm beginning to think maybe I should try it since otherwise my option is to backup and then wipe the drive and reinstall windows? Please let me know....if that makes sense? I kind of need to get this computer back....

Incidentally, thanks to all of you on the bleeping team. What godsends you are. I know you've got a lot on your plates..so understand your... Read more

Answer:It's gotten worse. I have a virus but I can't find it....

It would help if you could post the logs from those scans:If you do not have those logs then perform the following:Download the following:Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to sc... Read more

7 more replies
Relevance 48.79%

I have started this topic before, but was not able to finish. Now the rediredct is getting wors all the time to the point my casual computer use is very difficult.

My kids *(grand kids) playing games are probably the cause.

I get redirected when doing searches and get a virus scan occasionally that tries to say I have problems - which i do.

I have ran the defogger and created the gmer scan. My computer locks when doing the gmer scan so I will give the dds.txt . and then run gmer. I don't see how to atach the Attach.txt file so if you need I have it on my desk top.

Thanks Philby
DDS (Ver_10-03-17.01) - NTFSx86
Run by Tad Ackerman at 11:55:43.28 on Sun 08/08/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1084 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.... Read more

More replies
Relevance 48.79%

can someone please tell me how to get rid of the norton antivirus subscription notification? I had a trial version and that damn renewal notification pops up all the time. Thanks
 

Answer:Solved: Worse than a virus

You will have to remove the trial version from Add/remove programs in control panel.
You will still need an antivirus program of some sort.
 

1 more replies
Relevance 48.79%

Hello,I have a pretty crazy problem and I have no idea how to resolve it.I was reading financial articles online today, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.To make matters worse - My Trend Micro is spazing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.Thank goodness Trend Micro blocked every single attempt so far!!Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.Please help!Note: I'm running Windows 7 on an HP G-62 model.

Answer:Possible Google Virus or Much Worse

It seems to be a rootkit..Try runnning malwarebytes free version and hitman pro.

2 more replies
Relevance 48.79%

We have two laptops in the house, both of which use the same router. One of them has come down with a redirect virus, but unfortunately I haven't been able to find either the name of the particular program that it has nor a removal program guaranteed to remove it. Not for free, anyway, but at this point I'd probably even pay for it.

What I've Done:
Scanned with AntiMalwarebytes. -Can't detect virus.
Restored System to Date- System doesn't store a late enough date to remove virus.
Run another Antivirus Program that removed it, only to have it reappear a few days later.

Symptoms:
Redirects to unwanted sites from links.
Disabled all practical use of Firefox, had to download Chrome.
Attempts to alter system files from program files location. (This caused tons of popups and forced me into safemode.)
Occasionally, as in nearly once a day, the internet won't work for either laptop even though the router has full bar reception. It stands only like, ten feet away from where we use the laptops, so it usually isn't a reception issue. The resulting error detection says something about the DNS and server location of the website. This has led me to suspect the virus is in the router.

We can still use the internet on the infected laptop, for now. I'm worried it might spread from the router to my laptop, though I'm not sure that's possible. Both computers have DNS lookup problems on a fairly regular basis that last for a few minutes and then stop. ... Read more

Answer:Redirect Virus-I Really Need Help Before It Gets Any Worse!

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

9 more replies
Relevance 48.79%

I downloaded a Demo called spamfighter. It seemed to work ok but it just puts the files in a special folder. I let the time run out and tried to delete it.
I used add remove because it didn't have an Un Installer. To my amazement it connected to the webb and asked me why I didn't want it. I tried to tell them I didn't need it and could find no place to click to erase it. I left the site. Itied several times to remive it, and always ended up on the webb.
I persisted in erasing all the files associated with it and could not erase a file called Proxy.dll, It always comes up access denied so I renamed it Fart.sssss!
How ever since then I can not get email or any webb pages when connected to the webb. What can i do? I'm running XP Home edition!!
 

Answer:WARNING I got something worse then a Virus.!!

Sounds like a nasty bit of software if it does that to your pc.
First I would run anti virus then spyware like spybot and ad-aware, these are good spyware killers not like what you downloaded.

Before you do anything make a restore point so at least you can get back.

Then go to START>RUN>type MSCONFIG then go to the startup tab and uncheck it if it is there.

Then I would look for any registry entries do this>

start>run> type regedit>go to the edit tab>select find> then type in the name of that file, delete all found files>.

WARNING**** make a backup of any file you delete from the registry, just in case you damage the registry.

Reboot and see what happens, If you still have the prob you may need to repair your registry and windows xp.

to repair registry go here

To repair xp go here or do this>
How to go about Repairing Windows XP
1. Put your Windows XP Install CD into your CD-ROM drive.
2. Reboot your computer.
3. Let your system boot off of the CD.
4. Let the Setup go through the first part of the Installation procedure.
5. When you come to the screen in which it says "Welcome to Setup." press Enter to Setup Windows XP.
6. Press F8 to agree to the End User License.
7. Let the Setup search your system for previous versions of Windows.
8. When the Setup is finished searching your system, select your Windows XP Installation and press the R key on your keyboard to start the Repair Procedure.

This is the part that might m... Read more

1 more replies
Relevance 48.79%

well... don't think anyone needs backstory so here it is...Something changed my background to a red active desktop picture that says your privacy is in danger download privacy protection software now. Online porn icons keep appearing and task manager, registry editing, and My Computer are disabled. Here is the hijack this log... Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:55: VIRUS ALERT!, on 7/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Progr... Read more

Answer:Started With Vav Virus Now Its Worse

Hello Kyle and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

4 more replies
Relevance 47.97%

The virus is on an old desktop that is running MSXP Version 2002 Service Pack 3. I have tried to check for updates but the MS Site says it can't get my information. I have deleted all users on the pc and their files - except for me and mine. I tried to download updates for Norton, (after running rkill)which appeared successful, but after the install while updating my definition files, the pc froze. After a reboot, here is what I see.
First I get a popup with "Application failed to initialize 0x80070006. The handle is invalid"
Next popup I get is "Old Virus Definition File"
Third popup is "The ordinal 1109 could not be located in dynamic link library WSOC32.dll"
Then a large WINDOWS RECOVERY screen comes up and tells me it is Analyzing my pc and ends with telling me there were 5 errors detected, all of which are critical errors and to click to "fix". (I'm assuming this is still the virus).

What is my best path forward to attempt to get rid of this?

Thanks,

Dinx

Answer:Windows Defender Virus - or worse?

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

2 more replies
Relevance 47.97%

Okay, been gone from here a long time, and wonder now how I ever got along without this site, it is the best out there!
I am about to purchase a new computer in the near future. I am not computer savvy at all, mostly use it for surfing and emails, etc. Anyway, have had this one for a few years now, and I am getting spyware one it that I cannot get rid of, about blank for one! Okay, when I do get a new computer, what protection software should I buy and install on it? What is the best out there in other words? Any body have some ideas...or what you use that works? Thanks a lot!
Gary
 

Answer:Spyware is worse then Virus problems?

My personal opinion, Windows XP Home Edition or Professional Edition with Windows XP Service Pack 2 is a start for security. For software I would suggest Norton AntiVirus 2005 for the antivirus. For spyware I would highly suggest SpySweeper, this program has worked wonders for me as in protecting me from spyware infections. If you have WinXP, SP2, NAV, SpySweeper you should stay clean from malware and worms. However you can still be infected if you visit unsafe sites. Hope this helps. Browse Safely!

Also please see this thread How to Protect yourself from malware!
 

6 more replies
Relevance 47.97%

After visiting what should of been a normal website (I believe it may even of been the XNA creators club website) I got a pop up from AVG saying it had found a trojan and dealt with it. Silly me I thought that was the end of it. The next day I'm getting what looks like the google redirect virus. AVG, adaware and spybot all find nothing wrong with my system so I start hunting online for a fix. I found this website and started working through this topic before I posted here. I ran defogger with no issues and turned off any emulators, and then went on to download DDS. Mid way through DDS was running, my PC decided to throw up a BSOD and restart, so there are no logs from DDS. I then went onto GMER. Half way through the first run the program went non responsive and I had to restart it. Mid way through the second run, it threw up another BSOD. I have a partial log from GMER (attached), though I don't know if it will be of any use.To me this sounds worse than just the google redirect virus, however I have yet to see any other issues with my PC except the original trojan. Think I may have to reformat, but figure I would come here first for a last ditch try at fixing my PC! Am running Vista.

Answer:Google redirect virus (Maybe worse?)

Hello Steve772Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================

1 more replies
Relevance 47.97%

Hello and thanks for any and all help! I was trying to find a good program to make it easier to take notes on a pdf file and in the process downloaded a virus. I changed a bunch of my browser settings (eg changed the default search and home page) to fantastigames metacrawler. I ran scans and only found something using malware bites. It deleted two files but the problem persisted. Using some online guides, I found some more files with the fantastigames name in it and deleted them. But the problem persists and my computer is slowing down. Also, if I try to do a system recovery to restore to a previous point, it says the restore can't be completed. There are two possibilities: the virus is still hiding on my computer or I deleted something I shouldn't have. I know I should leave it to the professionals, I've now learned that lesson, so I don't need chastising. But I am desperately in need of help and appreciate any help and time taken. Let me know what to post, etc etc. Thanks!

Answer:Infected with a virus, may have made it worse

Have you only tried getting rid of the virus with Malwarebytes? I would suggest downloading another one just so you can always do a secondary scan to be sure of things. I would recommend the free version of AVG. Trying running AVG and see if it finds anything.If the problem persists. Restart your computer and hit F8 to enter the boot options menu. From there, choose Safe Mode. When you're in safe mode, try running the anti virus programs again.Another solution, maybe one you should try before the previous one, is to open up task manager. In the process tab, do you notice any processes that is consuming a lot of Memory? If so, do you recognize the program at all? If there is a process in there with the same name of that virus you had, right click it, and select open file location. Once there, delete it. Only do this if you are sure that it is the virus. I've looked at task manager enough times to recognize what should be there and what shouldn't. So if you are not sure, please ask because if you delete the wrong thing, you might mess up your computer worse.

3 more replies
Relevance 47.97%

Please don't tell me I have to reformat my whole computer...

Ok, so basically I think I was infected with a really bad form of that go.google.com redirecting virus (mine used web-analytics.google.com) that also made my explorer.exe constantly crash and reboot itself (it actually seemed like it was being closed while functional, as no error message ever popped up, and I could access my desktop/folders for like 5 seconds or so between each crash/reboot). When I manually closed explorer.exe in Task Manager, it stopped rebooting.
Since I couldn't access any anti-virus downloads (redirected to ad sites by the virus), I went with the only solution I could find that didn't require accessing a 3rd party program, which was to disable some "TDSSserv.sys" in Device Manager. Once I did, and restarted, my internet stopped working. I then tried to access Safe Mode (with and without Networking) to no avail. It freezes somewhere around the login screen (sometimes it freeze before I click which user to log in, sometimes it freezes as far as after I say "yes" to continue in safe mode and not attempt system restore, but it ALWAYS freezes. I tried at least 20 times).
To sum it up, my explorer.exe closes/reboots every 10 seconds, my internet doesn't work (can't even access router through Firefox), and I can't start in Safe Mode. Oh, and logging in normally only works like once every ten tries (freezes like when I attempt to start in Safe Mode... Read more

Answer:Go.google.com redirecting virus--except worse

Welcome to Major Geeks!


Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

Scroll down to ?Non-plug and Play Drivers? and click the plus icon to open those drivers.
Then search for TDSSserv.sys
Let me know if you find this or not.
If you do find it, right click on it, and select Disable. Do not try to uninstall it!!!! It will just reinstall and make removal more difficult.
Also if this is found and you disable it, then just immediately reboot.
After doing the above, please immediately follow the instructions in the below link and attach the requested logs when you finish these instructions.


READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and i... Read more

1 more replies
Relevance 47.97%

Hi all,

I'm currently running windows 7 Professional N 64bit. I've recently been experiencing my google links being redirected to strange websites, including bts.scour and other ad websites. I feel like i've seen quite a lot of posts concerning the same issue, but it has been 2 days and the redirects are getting much more frequent. I have run hitman pro, AVG pro and Spyhunter 4 countless times but they all come up clean. I really have no idea where to go from here, any help would be greatly appreciated,

Answer:Google Redirect Virus getting worse

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

23 more replies
Relevance 47.97%

Since a few days ago I've been harassed by a redirect virus that redirected Google results and other websites to odd places. The primary site was Infomash, but there were other websites I was redirected to.

I used a .exe file called Rkill in conjunction with Malwarebytes Anti-Malware and turned internet off to try to get rid of the virus. After 5 futile attempts I decided to follow the steps in NEW INSTRUCTIONS Removal Help thread.

Running DDS.SCR was as expected. I saved the two log files onto my desktop. When attempting to scan with GMER.exe, three disastrous things happened:
1. First attempt resulted in computer going to the Blue Screen mode out of a sudden. The computer then restarted itself.
2. The second try resulted in an odd computer freezing where the monitor showed only zig-zags. I took a picture from my phone if the visual is needed. I had to press the restart button on the CPU.
3. The third and fourth tries ended in the program simply freezing and turning off. The third try's crash happened pretty quickly after the GMER scan began; the fourth try's crash happened a long while after GMER had been scanning.

I cannot get GMER to run properly, so I am assuming that the virus is much more malicious than I thought it was. Here are the logs from DDS.SCR, but I could not finish the GMER scan.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Administrator at 21:57:51 on 2012-07-20
Microsoft? Windows Vista? Home Premium ... Read more

Answer:Redirect Virus is Worse than I Had Thought

Hello kkj1116,

You are infected with ZAccess also known as Sirefef and several other names depending on the AV company. I'll want to gather a bit more information before we begin.

Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

19 more replies
Relevance 47.97%

A routine update from Symantec Security Response wreaked havoc on a California company's clientele this week when it inadvertently tagged a program produced by Solid Oak Software as a virus and cut off the Internet access of Solid Oak customers...This is the third time in less than a year that Symantec's Norton products have caused severe damage to computers running CYBERsitter software offerings...pcmag.com

More replies
Relevance 47.97%

Greetings, This week, I suddenly started to get the Security Warning virus, so I did a system restore to the previous day to get that settled. But later that day, I started getting weird search results every time I searched from my toolbar, but not from the Google page directly. Then I started getting strange results intermittently from each search attempt. I'm hoping I can get some help with the Google redirect thing, which I can't find a name for. It seems to be pretty ominous. I followed directions. One glitch with that was GMER kept giving me blue screen crashes, so I ran it in Safe Mode. Thanks for any help available. P.S. I loaded a number of servers on my computer but they aren't running and haven't been since school ended in June. DDS (Ver_10-03-17.01) - NTFSx86 Run by Sandra at 18:23:38.07 on Fri 08/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.354 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exeC:\WINDOWS\system32\spoolsv.exe... Read more

Answer:Search redirect virus getting worse

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-enable these drivers until otherwise instructed.Download DDS:Please download DDS by sUBs from one of the links below a... Read more

17 more replies
Relevance 47.97%

I'm very, very scared and I need some help. I have had a LOT of trouble with my computer over the last few months. I've run everything from Avast Virus removal to other stuff and every time I've managed to make the computer run. However, this time the problem isn't with the computer crashing or running so slowly it's impossible to use. This one is some sort of encryption virus that is encrypting things on my computer. I have about 100 links to a page that shows me this long message about going to a site, entering my "personal code" that is provided and paying money to have my files decrypted. I've read online that this is just another scam to get money (no kidding) and will not help to decrypt the files. I need to get rid of this FAST before it infects any of my other files. Can someone please, please help me? I have run Avast again and it found 10 infected files, yet the virus is still present. Please help me.

Answer:I have a serious infection that's getting worse? Encrytpion Virus

Greetings NINTR and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problem... Read more

3 more replies
Relevance 47.97%

So over the past few days I have been doing extensive research on the inner workings of my computer in an attempt to fix a really nasty virus that is effecting, or perhaps simply using the windows process svchost.

I thought I had everything under control until today when I changed from Norton internet security to my Iolo System Mechanic anti virus. I decided to swap so I can use a special firewall that gives me very user friendly control over everything that goes in or out of my pc. That's when it happened.

When I clicked block all traffic to stop the misc connections that svchost was trying to make, I ended up getting around 20-50 error messages, a pop up fake virus scanner that ive never seen before, and everything on my computer was "gone". Odds are it was just a fake overlay or it turned everything to read only and invisible, but I decided to say F-it and did another format. Now I will provide the data that I have so that hopefully someone can aid me in fighting this thing.

After my format, the very first thing I installed was my mobo driver to connect to the internet. the MOMENT I had internet access again the svchost issue came back. that is it starts to eat up huge chunks of memory as well as cpu usage.

With the windows process explorer I can clearly see what the drain is from.
Under the tcp/ip connection tab, there are tons and tons of random IP's trying to connect to the internet, and as some are closed new ones open up. While ... Read more

Answer:[SOLVED] svchost virus or something worse

Hi

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.

Please download TDSSKiller.zip and extract TDSSKiller.exe to your desktop.

Execute TDSSKiller.exe by doubleclicking on it. Press Start Scan.
If Malicious objects are found, ensure Cure is selected (it should be by default)

Click Continue then click Reboot now

Once complete, a log will be produced at the ... Read more

10 more replies
Relevance 47.97%

I posted a while back for some help on this, but now the issue is getting worse. With any browser I use, and any search engine I use, I get redirected to another site. If I am quick enough I can use the back button to navigate back to the intended site. It is starting to get to the point where searches are REALLY slow and redirect constantly. I've tried running Malware Bytes, SUPER anti spyware, and ad-aware. Everything says ok. Cleared all my temp folders/files and tried adjusting my startup cfg through msconfig. About the only other thing I notice is that every time I start my computer, there is a screen that pops up and closes so quick I cannot even tell what it is. All I can tell is that the box is a blank white.

My System:
Windows 7 64bit
intel i3-550
6gb of ram
Its an Oe Dell inspiron 580 with a cheap aftermarket gpu card.

I use the computer mostly for gaming, but I also read e-mails, browse the net, and use it for media purposes.

As per the first sticky post in this sub-forum, here is my HiJack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:01:20 PM, on 2/26/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Games\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Progr... Read more

Answer:Search Redirect Virus - getting worse.

16 more replies
Relevance 47.97%

Hello,

I recently had some sort of virus/malware attack my laptop which meant I was unable to access the internet. Its not a problem with the wireless as far as i'm aware as other people have been able to connect. The windows connection diagnostics said there was a winsock catalog error but sometimes it gives me different messages.

I attempted to try and fix it, firstly by running norton goback and then attempting to use DrWeb but think I've made it alot worse (did that before reading the first 'DO NOT FIX YOURSELF' page on the forum - schoolboy error).
A few virusy type things that have come up in the scan are 'trojan.swizzor' and 'adware.xbarre' and 'tool.killproc.3' - Think they are quarantined but not entirerly sure. i have the scan results saved if you require them at a later date.
i'm writing this from another pc as the laptop cannot connect to the internet.

Here are the reports of the scans as requested:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Tim Abraham at 0:23:39.92 on 27/07/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.583 [GMT 1:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtSe... Read more

Answer:Virus problem... made worse

Bump, please.

6 more replies
Relevance 47.97%

MyPublisher sunk its claws into your system and won't let go? You've come to the right thread.

There were two separate threads on this already, both are wrong / not solved. (might want to link to this one, or remove the other threads, @TechSupportGuy)

-

MyPublisher really screwed things up with a no-uninstaller program (who does that?)
If you're not a software company, it's best to avoid making software.

To all of you who must suffer the idiocy of MyPublisher - here's my solution so far:

UNINSTALLING MYPUBLISHER

1. Remove program files @ "\Program Files (x86)" (The entire "MyPublisher" folder)
2. Remove Roaming app data (click the start icon, type %appdata% & hit Enter), here you must also remove the entire "MyPublisher" folder
3. Remove icon from desktop (right click > delete)
4. Remove icon from start menu (right click > delete)
5. Clean up registry (click the start icon, type in regedit & hit Enter) here you must use Find (F3) to search for MyPublisher. I've found 6 (!) MyPublisher folders in my registry, and 4 "new shortcut" keys. Delete all of this crap.
As a final thought, I might sound upset in the above message. I am.
I care about my PC, and don't appreciate it being crapped on by impotent programmers & clueless companies.
 

More replies
Relevance 47.97%

Hello,

I'm used this forum as a resource before, and now I have a pretty crazy problem and I have no idea how to resolve it.

I was reading financial articles online, when suddenly the entire computer shutdown unexpectedly. Upon start-up, the screen showed a warning that recommended a system restore, so I went ahead and did it.

Once I re-started, I noticed that I couldn't access anything through the search engine, Google. Once I realized that every other site worked fine, I did some research and discovered that it was likely the result of a virus.

However, I tried searching for "TDSSserve.sys" which is normally associated with this problem, and found nothing.

To make matters worse - My Trend Micro is spazzing out like crazy. In the last 7 hours, I've received over 80,000 "web threats" from some ( http://) x-web.in /(followed by several random alpha, numbers)...I had to turn off my router to stop these threats from racking up.

Thank goodness Trend Micro blocked every single attempt so far!!

Any idea what's attacking my computer? I can't access Google and this x-web.in thing keeps attempting to penetrate.

Please help!

Note: I'm running Windows 7 on an HP G-62 model.

Answer:Google Virus And Possibly Worse

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and
Quote:




Having problems with spyware and pop-ups? First Steps




a link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 47.97%

I first noticed that I had a redirect virus on the computer and tried to fix it myself with anti-virus/spyware programs. After several weeks and no progress, my entire system crashed and I could not log int Windows. I do not have the disks, but I was able to reinstall Windws from the company I purched the computer by using F3. I wiped the computer clean, or so I thought. I decided to use Avast antivirus instead of AVG (what I was using before) and every couple of minutes there is a new threat detected from malicious URL's. The addresses on the websites appear to be colleges, insurance, and credit card companies, but Avast shows them globalroot / systemroot / svchost. I also had to stop using google completely because Avast was blocking everything. I am now using Avant browser which helps a ittle, but I'm still being attacked left and right.

Here is the DDS File:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by colortyme at 11:16:52 on 2012-02-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.915 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF4... Read more

Answer:Started as redirect virus, now worse

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Download TDSSKiller.exe to your desktop
http://support.kaspersky.com/downloa...tdsskiller.exe
Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, select Skip by changing the default Cure selection at the upper right
Once complete, a log will be produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.7.17.0_date_time_log.txt
Attach that log, please.

Please download aswMBR.exe and save it to your desktop.
http://public.avast.com/~gmerek/aswMBR.exe

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Allow it to download the definitions from the internet.

Click Scan

* Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
* You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

19 more replies
Relevance 47.97%

Please review the FRST text files. Unfortunately the Trojan Adclicker seems to be back.
 

Answer:DLL.exe adclicker virus has come back worse than before

Download ESET Poweliks Cleaner
http://download.eset.com/special/ESETPoweliksCleaner.exe

When the download is complete, navigate to your Desktop, double-click ESETPoweliksCleaner.exe.
Read the terms of the End-user license agreement and click Agree if you agree to them.

The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.

If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed.
Press any key to exit the tool.

After removing an infection we highly recommend that you restart your computer. The infection should now be removed and you should be able to access the web content that was being blocked.


===========================


Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable. ​Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Right-click on icon and select Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File).
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desk... Read more

5 more replies
Relevance 47.97%

It think I have some sort of virus on my computer but i cant find it! I have tried using like 3 or 4 things but nothing, whenever im on the internet sometimes pop up will come up and i exit them out and it also redirects the links i click on google, one time i didn't exit it out fast enough and i got like 20 more viruses. And I think its starting to do other stuff, just now I got a error report about norton and i looked, it says Auto-protect is malfunctioning. I really really really could use some help!
also sometimes i hear noises like when something fails, its that noise thats not very happy

Answer:Can't Find virus (I think its starting to gt worse)

So i'm trying the "waiting and hoping it will go away" approach, so far its not working :(

9 more replies
Relevance 47.97%

Symantec Screwup Is 'Worse Than Any Virus'

A recent update from Symantec Security Response incorrectly tagged a company?s program as a virus and cut off the Internet access of its customers. Needless to say the company and its customers weren?t happy.

Symantec on Monday released a virus definition update that incorrectly identified Solid Oak's CyberSitter filtering program as a virus. Depending on the version of Symantec's Norton Antivirus product that Solid Oak customers were running, CyberSitter files were either deleted or banned from use by Norton, according to Solid Oak.

Answer:Symantec Screwup Is 'Worse Than Any Virus'

Speaking of symantic screwups. We have LC5 which is a password hashing program MADE BY SYMANTEC. 2 weekends ago, norton antivirus flagged it and deleted it. Symantec is retarded sometimes.

1 more replies
Relevance 47.97%

My icons are disappearing
The computer is running slow
Viruses have completely taken over my computer
I am going through financial difficulties right now and would REALLY appreciate help.
I understand computers therefore I can take direction fairly well..
Just please tell me what I need to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:43 AM, on 5/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDO... Read more

Answer:It's Getting Worse & Worse. PLEASE. I cannot afford to bring it anywhere:( LOG INSIDE

7 more replies
Relevance 47.97%

Hi all,

I started the day on a high note, before turning on the computer that is, thinking I was going to get some things done. This was not to be: So we start at:

FAIR:
After XP loaded it said that it had recovered from a serious error Product ID _251... so I did some digging around and got some info from microsoft's web pages complete with registry fixes (deleting bad entries, etc.)

I did a quick scan with malwarebytes and it found some stuff that I deleted and when I did a restart it didn't come up correctly.

Went into safe mode and it came up.
(made a HUGE mistake here. Did not copy files I wanted to save when I had the opportunity)
Closed out of safe mode and let it start normally.
Would not boot normally.
Tried to boot in to safe mode and now its recycling back to POST, we have gone to...
BAD:
Hmmm. So I thought how about putting the XP disk in and then do an install leaving file system intact.
When I got to the point of doing the install I chickened out because it said that it might delete the My Documents folder (had some things in there I didn't want to lose) I've done this procedure before and perhaps I should have taken the second opportunity to recover gracefully but I did not.

I hit F3 to cancel out of the install to try and boot from my other HD that has XP (but with some driver issues that I had yet fixed.)

I went into the CMOS to change boot order and notice that the hard drive (the one that I was trying to boot into is not showing ... Read more

Answer:HD/Filesystem prob:Went from fair to bad; then to worse, much worse

Test the HDD with the drive manufacturers disk tools (preferably using a different PC). Run the short and long tests. If either test fails or has errors, the drive is faulty.

4 more replies
Relevance 47.56%

Hi,

I have read the post about Antivirus xp 2008, I have this thing on my other computer and i have tried doing what the mod suggested, i am not having any luck because when i run malwarebytes (installed from a cd because i cant access the site) it crashes after about 25 mins when it is scanning firefox folders. I have tried scanning in normal mode and safe mode.
The computer is doing all sorts of weird things ie

The Web browser will only load google and a few other pages and when i try to go to an antivirus web site it just says cant connect
It also redirects to stupid selling sites

google also says analytic checks at the bottom left hand side when searching

The computer sometimes crashes at log in

Every so often the bubble comes up on the task bar saying i have 1164 viruses

Also every now and then i get the blue stop screen which means a restart
Could you please help me, i have pulled most of my hair out, i would just format and reinstall but i need to try and recover my files.

Cheers
Acestu

Answer:Worse Case Of Anti Virus 2008

Please print out and follow the generic instructions for using "SmitfraudFix". -- If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!-- If using Windows Vista be sure to Run As AdministratorMake sure you scroll down to Clean and perform the steps where you reboot in "Safe Mode" and run option #2.The tool will go through a series of cleanup processes and automatically start the Disk Cleanup program to remove Temporary files. Wait for it to complete and Disk Cleanup to finish.-- If the tool fails to launch from the Desktop, please move smitfraudFix.exe to the root of the system drive (usually C:\), and run it from there.If you're using Windows 2000/XP, please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to re-enable you anti-virus and and other security programs before conn... Read more

11 more replies
Relevance 47.56%

Hi all I have a huge problem and I am about to go nuts.

I have tried everything I can think of from these forums and others but I cant seem to get this virus off my computer.

I believe the Virus name was "Security Protector" or something of that nature. I have removed these fake security viruses over 5 times now. I am no wiz at computers or anything but thanks to certain malware removal tools it worked.

This time around I cant kill the damn thing. Ok now onto everything I have tried to do:

-booted in safe mode tried to remove it via Rkill and Malwarebytes but this time it did not run malwarebytes. it said it was unable to access and also later threw a code 707 2
-booted again in safemode then decided to do a system restore to a previous date and try to clean the computer that way...didnt work same bleep.
-booted in safe mode tried to run all the options in Rkill dns, scan etc. didnt remove it.
-booted again and tried to reinstall malwarebytes but redirecting started and wouldn't let me access anything via google yahoo etc.
-used my laptop and got inherit.exe was told to open and put malwarebytes folder inside it...no luck inherit wont even open up.
-booted again this time firefox won't even open up!!! ARRRRRGGHHH

Please help me with what ever you can. Rkill still works so I can copy the log from that if it helps thank you all!

-TY

Answer:Malware redirect virus getting massively worse!! HELP!

Hello.You have an advanced rootkit infection. This type of thing goes beyond the scope of this forum and will require assistance from our Malware Removal Team.It appears that the issues on your system will require a more in-depth examination than can be performed in this forum. Please read the information in this guide, and follow all the steps beginning with step 6. After you have followed the steps in that guide, I would like you to start a new thread HERE and include a link to this thread.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. The MRT is very busy, so it could be several days (3-5 days is the average wait right now) before you receive a reply. But rest assured, help is on the way!~Blade

2 more replies
Relevance 47.56%

Specs,

CPU: Intel core duo T8100 @2.10 Ghz and 2.10ghz

Graphics: Ati mobility radeon hd 3870

Ram: 2 Gb

Running Windows Vista 64 (although some of my program files say 32?)

So suddenly on june 5th my computer started acting more sluggishly and couldnt perform near as well as it did before. I checked the updates and windows defender and mcafee were the only programs recently updated, I defragged the hard drive, searched for malware and spyware, updated all drivers and none of it fixed my problem. My rig was easily able to play 1080p before and now the video lags terribly, and the games the used to run super smoothly (in range of 30+ fps) now run at and average of 12 fps or lower. On clean boot the problem persists and i cant really tell if the problem is there in safe mode because the only time i can really tell my computer is slowing down is when it is streaming video or playing games.

The weird thing is ive been messing with my video drivers to see if i can fix it, and after using driver sweeper my graphics card didnt function (my windows experience index went from a 5.9 to 1, i couldnt use windows aero) but 1080p ran smoothly as ever. Once i reinstalled the drivers my index score went back up to 5.9 but it cant play 1080p. Because of that fiddling around i cant install catalyst control center anymore (it seems to install ok but when i open it there is an error message "could not load file or assembly CLI.implementation or one of its dependancies the s... Read more

Answer:Computer performing much worse than it used to, not virus or malware

In addition to a full antivirus scan, did you make a full scan with malwarebytes?
If so make a memory test
http://www.geekstogo.com/forum/topic...ing-memtest86/

2 more replies
Relevance 47.56%

So a couple weeks ago, I started getting redirected to ad sites whenever I clicked on a google search result. I was able to get around it by clicking my address bar after choosing the result and hitting enter. However, it's gone and messed with my system. Windows Firewall has been broken (impossible to turn on anymore), my internet won't work anymore, and my ArchiCAD program won't start up. None of my antiviral programs could find anything, even ones that I put on from a flashdrive that were meant to work on an already infected system. Since I researched this some, I ran the DDS, and here are my results.http://uploading.com/files/633b1267...http://uploading.com/files/cd643a24...

Answer:Google redirect virus turned worse

J_K,Thanks for the reports.Let's see if we can make more progress...Please run rhe following OTL ScriptDouble-click OTL.exe to start the program.Copy/Paste ALL the following text into the Custom Scan/Fixes textbox::otl
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
DRV:[b]64bit:[/b] - [2010/05/15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
:files
C:\windows\SysWow64\vswmi.dll
C:\windows\SysWow64\vsxml.dll
C:\windows\SysNative\drivers\vsdatant.sys
C:\windows\SysWow64\vspubapi.dll
C:\windows\SysWow64\vsdata.dll
C:\windows\SysWow64\ZoneLabs
C:\Program Files (x86)\Zone Labs
C:\windows\SysWow64\vsutil.dll
C:\windows\SysWow64\vsinit.dll
C:\windows\Internet Logs
C:\ProgramData\CheckPointClick the Run Fix button at the top.Click: OKOTL may ask to reboot the machine. Please do so if asked. If not asked, reboot anyway.A report should appear in Notepad.Please Copy/Paste the new OTL report and upload it. Then, provide the link in your next reply.Now, run the following once again:Click Start > Run, type: notepad and press Enter.Once Notepad is open, copy/paste ALL the text below into Notepad:@echo off
echo.Please wait...
ping localhost >log.txt 2>&1
ping 192.168.1.82 >>log.txt 2>&1
dir /a/b/s c:\qoobox >>log.txt
notepad log.txtClick: File > Save As...Save to th... Read more

55 more replies
Relevance 47.56%

my husband had a window to mini clip games opened and we believe our daughter clicked on one of their websites by accident while we were in the other room and some how got a virus on his laptop and now the virus has shut him out where he can only operate in safe mode...and he also gets errors when he can get in but we cant get into the laptop the regular way there is just a black screen but he can get in safe mode but we cant install the virus programs like avg once he's in we were lucky to get the tgs exe it was rejecting it at first to even recognize that that we can use the scan disk but somehow he got through to open it up and get the info for you
we are sending you this message from my account i'm his wife and we put tsg sysinfo on a sd card and got this on his laptop in safe mode:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 225436 MB, Free - 94422 MB; D: Total - 12836 MB, Free - 2145 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: Norton 360, Disabled

how can we begin to get these viruses out when we can not access the computer the regular way? please help you have always been successful before i believe you can help again.
 

More replies
Relevance 47.56%

Like other users, I have had the symptom of redirected searches for a while. Now my computer will be OK for a few hours, then desktop links will disappear and it becomes too groggy to use - I need to restart. Sound is also very garbly. It's very ill. Ran dds logs but gmer gets stuck. Here's what I have - thanks for any help you can provide.

Answer:Google Redirect Virus is Worse Than It Sounds

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 47.56%

Hi.
First of all, my I am running a Windows XP OS. My computer was weird in that it had the virus where any search inquiry would be redirected to some bogus websites. I tried finding a program that would help fix this, but I think I inadvertently downloaded a malignant antiviral program (i think it was pc tools, because popups would keep occuring, and sometimes it was from them). Avast starting bringup warning signs of a trojan, but as soon as I tried to delete it, another warning would come up.
this was the warning..
C:\Documents and Settings\Daniel\Local Settings\Temporary Internet Files\Content.IE5\Q0B87V23\flist[1].js [L] JS:FakeAV-G [Trj] (0)
File will be deleted during the next system start...

i ran combofix, but that was before i came to this forum and read that we really shouldn't have. for now my computer seems to be running without any popups, but I wanted to make sure my computer was completely purged. if there is any other information that you guys need, don't hesitate to ask.

Thanks.

Answer:google redirect virus turned into something worse

The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Clic... Read more

4 more replies
Relevance 47.15%

Opened a window to mini clip games and believe mydaughter clicked on one of their websites by accident while we were in the other room and some how got a virus on the laptop and now the virus has shut me out where i can only operate in safe mode...and it also gets errors like adobeARM.exe is unable to start correctly 0xc0000006 ...when i can get in but we cant get into the laptop the regular way there is just a black screen but i can only get in safe mode but i cant install the virus programs like avg once i'm in i'm lucky to get the tgs exe it was rejecting it at first to even recognize that that i can use the scan disk but somehow i got through to open it up and get the info for you
i'm sending you theinfo put tsg sysinfo on a sd card and got this on the laptop in safe mode:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3002 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1309 Mb
Hard Drives: C: Total - 225436 MB, Free - 94422 MB; D: Total - 12836 MB, Free - 2145 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: Norton 360, Disabled

how can we begin to get these viruses out when we can not access the computer the regular way? please help you have always been successful before i believe you can help again.
 

More replies
Relevance 47.15%

I downloaded a torrent, then shutdown my computer. Next time I started it up, it went really slow and every time I move the mouse, the desktop icons disappear and a window pops up saying "Explorer has encountered a problem and needs to close" also something saying "run DLL as an APP has run into a problem and needs to close"

I deleted the afore mentioned download, but the problem persists and gets worse each day. Did the 5 steps, ran different cleaners, virus scans, etc. and nothing new. I tried to system restore, but it kept saying no changes made.

Here is my main.txt and extra.txt:

Deckard's System Scanner v20071014.68
Run by Tony on 2008-02-15 18:10:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-02-15 23:10:51 UTC - RP61 - Deckard's System Scanner Restore Point
60: 2008-02-15 07:26:13 UTC - RP60 - Software Distribution Service 3.0
59: 2008-02-15 0625 UTC - RP59 - ComboFix created restore point
58: 2008-02-15 05:41:59 UTC - RP58 - Removed Ad-Aware 2007
57: 2008-02-15 05:24:38 UTC - RP57 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-01-14 00:39:41 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memo... Read more

Answer:Worse each day! downloaded memory eating virus from torrent

Forgot to add:

Incident Status Location

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tony\Cookies\[email protected][2].txt
Spyware:... Read more

19 more replies
Relevance 47.15%

Hello all,

In a nutshell, my computer is running hella slow and I cannot access one of my hard drives. I just recently ran a virus scan with AVG 7.5 and am using Comodo Firewall and even though it says everything is fine, its not.

Where it started
- About two months ago, I opened the music folder on my hard drive (Z:) and noticed my files from D-Z were nowhere to be found. The weird part was when I opened iTunes, I was able to play all of those files no problem and when I right click on a song and picked 'Get Info', the 'Where' path referenced the Z drive and music folder like it was there no problems. Later that month, I go to My Computer to see if the files are there. For one, it took my computer about 5 minutes to bring up all of the icons. When it finally displayed all of my drives, I noticed Z drive didn't show any remaining space. I try to open the Z drive and Windows gives me an error message saying the disc is not formatted; would I like to format now? I closed the box and immediately ran scans with AVG, Comodo, and Kapersky online scan. They cleared a lot of malware yet when I click My Computer it still is very slow to display all of my drives and of course, I can't access the Z drive.

Just before posting this, I just went through and checked all of my running programs and found these:

ctfmon.exe
llsass.exe
services.exe
spoolsv.exe
wdfmgr.exe
winlogon.exe
wuauclt.exe

I don't know what more to do. I don't want to start over an... Read more

Answer:Post Anti-virus/malware Removal - Worse Than Before!

Those are all normal as written . Is this an XP machine?

13 more replies
Relevance 47.15%

So the virus seems to have gotten worse. Now all my desktop icons dont work and task manager doesnt work either it simply says i twas disabled by the administrator. I cant even get to the desktop properties it sayd runddl32.exe not found.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:04:26 PM, on 5/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.e... Read more

Answer:Virus Got Worse! Desktop Doesnt Work. Hjt Inside

Hi,

Please let me know in your next reply if your Norton is still up to date - because I can't believe it's up to date with this HUGE malware amount you are dealing with.
If your Norton was up to date, it would have blocked most of it.

2 more replies
Relevance 46.33%

Initially it was Edge not working properly, now it mostly crashes. Even the new "amazing" feature of tab previews doesn't work properly. Imagine, I moved back to Chrome after so many years of being a happy IE user. Cortana was a bit iffy with "Hey Cortana". Now she doesn't listen to what I say at all, even when I press the button. The notification center has its own mood. Often decides to hide until I restart for absolutely no reason at all. Same goes for the sound volume and other flyouts on the desktop.
In short, there is massive degradation of various major features with every new build. And since I post all the issues I find using the feedback app, I know it is not just me experiencing these things. This is disastrous.
So, is it just me or you experience similar issues yourself?

Answer:Is it just me or does Windows 10 get worse and worse with every new build?

It's just you.

10 more replies
Relevance 46.33%

Hi everyone,
My bottom fan on my PC was being very loud, so I opened up my case and unplugged the power supply, and flicked off the power switch on the back. I unscrewed the bottom fan and dusted it a little bit, and then I put it back together how it was before.

The part that I unscrewed also contained my hard drive, and now that it is reseated I cannot boot.


At first I got an error when booting:
Loading operating system . . .
disk boot failure, insert system disk and press enter.

THEN, I tried making sure everything was connected well and tight, and now I am not getting anything displayed on my screen.

Apologies for the lack of knowledge and thanks for the help.

Jeremy
 

Answer:Boot problem, getting worse and worse

It is possible that when you removed the fan and hard drive, you plugged the hard drives SATA cable into a different SATA port on the motherboard. Get into the bios, and make sure that the hard drive is being detected properly
 

1 more replies
Relevance 46.33%

i've had verizondsl for about half a year or so now, and from last month to present, the connection has been horrible.. sometimes it would just hang for up to a minute at a time, with the modem activity light blinking slowly (loss of connectivity).. before it started, speeds were decent, and although slow compared to the optimum cable i was used to, it was sufficient. now it's just pure garbage. if it weren't for the fact that we're getting free cable, i would immediately switch to roadrunner

i figure asking you guys is probly much more helpful than those scripted outsourced fools at tech support. i tried all that "reset your modem" "unplug the ethernet cord" "make sure you're computer is on" crap already and would like some REAL answers..

PS- at my old house, we used to have verizon as well, and after a while it just stopped all of a sudden and when we called to see what happened, they said since there was construction in the area, they must have switched our phone line over to one with a further CO, and we were now too far to service. verizon is teh gay.
 

Answer:verizondsl getting worse and worse speeds

Well try plugging the modem into the demark jack if you have one (by where the phone line comes into your house). See if this still happensl. If it doesn't maybe something happened to your internal phone lines. (this probalby won't be the issue I'm betting).

Beyond doing that phone your ISP and get them to file a support ticket or whatever they call it there. When I was having trouble with my DSL connection a couple years ago I phoned up, they sent a guy from the telephone company to test the line and they replaced a device at the CO and the connection has been perfect ever since.




The [H]orde needs You!
 

15 more replies
Relevance 46.33%

I was curious if anyone out there knows anything about this...

I have a self-built computer, three years old now...and day by day it's getting worse and worse!

AMD Athalon XP @ 1.1 GHz
512MB PC2700 DDR-SDRAM
Windows XP Pro.
Radeon 9500 Pro. 128MB DDR

The problems started about six months ago--every time I'd turn on the computer, it'd scan the hard drive for errors, claiming an improper shutdown. Then, two months ago, it started going to a black screen saying a windows file is corrupt, use the XP CD to restore the file--but simply restarting the computer at that point would get it going (only came up on a fresh start).

Then in the recent times, the screen is completely black. I turn on the computer, and no signal is sent (I'm guessing) to the monitor, so it's just flashing the power light...but after waiting approximently 10seconds, and restarting ('reset button'), it would go to the other problems--file corrupt screen, then the error scan...and this latest time, it took 4 resets for the screen to catch a signal...

All wires are plugged in good, and everything seems to be functioning properly, except for, of course, this problem I have...and I really have no idea where to start on fixing this. I planned on keeping this computer for another year or so--and hope this can be fixed! Anyways, any ideas/suggestions, please let me know!

Thanks,
-X

Answer:My Computer - Getting Worse & Worse! Is there hope?

take the graphics card out and insert it back in firmly making sure it is sat properly in its slot. check the manufacturers websites for your motherboard and graphics card and see what the bios updates do, and see if they have any FAQ's to check if anyone else has been having similiar problems to you in terms of people who have the same motherboard or graphics card??

Email the manufacturer(s) for your motherboard company and graphics company.

2 more replies
Relevance 46.33%

I bought a Think Pad in April last year which does not start anymore, no lights,nothing.I wanted to send it back to Lenovo for guarantee.Ther ist only ONE problem, there is no sticker on the laptop which shows me the serial numer. Obviously there supposed to be on, but it is missing!!!I do have the invoice which shows the purchase date, but no serial either.I already quit wasted some time to with this bull**bleep**, I hopefully do not need a layer for that.Here you see the last response of the "support" manager -Dear Michael Mueller,Unfortunately I have to inform you that you have no guarantee for this machine.Repair of machines that do not have a sticker can only be carried out by a Lenovo service partner.Lenovo Service Partner:https://pcsupport.lenovo.com/de/de/serviceproviderIf you have any further questions about this service case, please send us an e-mail to [email protected] or call us on the free phone number DE 0800 - 500 4618 / AT 0810-100-654 / CH 0800-55-54-54. Lenovo regularly conducts customer surveys on service quality.If you are selected, please take a few minutes to answer the questions.We thank you in advance.  Yours sincerely, Davor KrpanLenovo Technical Support IBM Hrvatska d.o.o. za proizvodnju i trgovinuMiramarska 23, 10 000 Zagreb, HrvatskaUpisan kod Trgova?kog suda u Zagrebu pod br. 080011422Temeljni kapital: 788,000.00 kuna - upla?en u cijelostiDirektor: ?eljka Ti?i??iro ra?un kod: RAIFFEISENBANK AUSTRIA d.d. Zagreb,... Read more

Answer:guarantee handling - bad worse than worse

I just forgot to mentioned, that the purchase was done through the Leonovo online shop itself -  VERSANDBESTÄTIGUNG Ihre Bestellung wurde versendetSehr geehrte(r) Michael Müller,vielen Dank für Ihre Bestellung im Lenovo Online-Shop, der von Digital River unterstützt wird.Die folgenden Produkte wurden versendet.Bestelldatum14. April 2017Bestellnummer23856585462Tracking-nummer1ZAF68846704024055Folgende Artikel wurden versendet: BestellmengeProdukt-SKUProduktnameVersandmengeVersandmenge gesamtBetrag120J1CTO1WWThinkPad 13 2G11800,52EURWenn Sie per Kreditkarte bezahlt haben, wurde Ihre Karte nun belastet.

1 more replies
Relevance 46.33%
Question: opencloud

I have followed the instructions to remove the virus. However, when I get to the step where I need to run malwarebytes, the process begins and terminates very quickly. What do I need to do?

Answer:opencloud

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

7 more replies
Relevance 45.92%

H'okay. So, like many people I've seen on the internet, I got hit with OpenCloud rogue anti virus.

With my background in computer repair (2.5+ years at a PC retailer), I instantly thought it wasn't going to be much of a problem. Well, I was wrong.

I have ran Malwarebytes, ComboFix, Unhackme, Spybot S&D, ESET, and some other programs in hopes of fixing the problem.

It seems that ESET has successfully removed the trojans and backdoors, but when I join a CounterStrike: Source game, I notice I am receiving WAYYYYY too many packets (1500-2500/sec) and lagging uncontrollably to where I cannot even move or even switch weapons.

I also notice Malwarebytes blocking ping.exe a lot when using any web broswers, and saying hl2.exe (Half-life 2 engine) is being blocked as well.

Here is my DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by BOSSWICK at 12:18:29 on 2011-10-06
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2151 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System3... Read more

Answer:OpenCloud AV Remnants?

Looks like some trojans came back through some remnants not found earlier.

ESET log post-scan:
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\67b6efca-1c0e89f4 a variant of Java/Agent.DR trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\73f6bd96-2d2c32aa a variant of Java/Agent.DR trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-127b90d9 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3f3b2756 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3f88e27c a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-4fef5b2f a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-5ade0ea6 a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-7e7cbcbc a variant of Java/Agent.DT trojan clea... Read more

11 more replies
Relevance 45.92%

Hello everybody. I'm Jeff, and my PC is infected (Hi, Jeff!)

I got hit about a week ago with Opencloud AV Malware. My own fault, since I let my real AV software fall out of date.

Brought the machine into Safe Mode, used Malware Bytes and did some other cleaning. It seemed to have worked, but...

Any time I bring the machine up with Networking enabled, it sort of hangs on the TCP parts. There's an odd process I can't recall ever seeing. It is called 107677792:262802873.exe and seems only to appear when I am running with networking.

Ran HijackThis and everything looked the way it was supposed to look with the exception of one tcpip DNS entry, which I deleted.

Now, if I try to run Malware or Norton, it just hangs or dies in the middle. When IE starts, it also gives me garbage. Maybe there's something else running here.

I am out of ideas and about ready to re-install the O/S (Win XP) from scratch. Any suggestions? Friends suggested de-installing the TCP/Ip components but I suspect that this will leave the infected files on the hard drive enabling them to be re-executed later on.

j

Answer:Opencloud AV Malware - not going away.

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

1 more replies
Relevance 45.92%

Today, I was on my spare computer chugging away when the scheduled antivirus came on. I closed it intending to run it later. Big mistake, once I closed it the OpenCloud AV comes up. I try to get my scanner back up and the program is unaccessable. My webpages were redirecting etc. I tried to use the Manual for OpenCloud posted on the site but I had none of the files/keys/connections that were listed as being with it. I was able to run TDSS and Malwarebytes after running in SafeMode. They found 3 and 1 files, respectively. I couldn't get Malwarebytes to run any other way. I tried to get gamer to run while online but something kept shutting it down (like everything else). I'm trying to run it in safe mode but its going many times slower than when I was running it before.

I'm now remembering a few times before when my computer might have been redirecting in September but I thought I was just hitting the touchpad on some random link. I was also getting an error when I started my computer about a file missing. I looked it up online and found nothing so I thought it might've been for some program I might've deleted. After I ran TDSS and Malwarebytes, I restarted in regular mode and didn't get the error.

I'm also unable to install anything, it says something about the administrator has blocked it but I'm logged in as the administator. I tried running the command prompt as administrator and got an error. (C:\WINDOWS\system32\cmd.exe -... Read more

Answer:OpenCloud AV and Redirect

Hello Bullsweet, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open Sp... Read more

16 more replies
Relevance 45.92%
Question: opencloud removal

http://www.bleepingcomputer.com/forums/topic421315.html
ran rkill it said
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 09/30/2011 at 20:12:00.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\WINDOWS\system32\imapi.exe
Rkill completed on 09/30/2011 at 20:12:01.
ran super anitspyware it said removed, reboot, i couldnt grab the log, when restarted virus came back up
ran malwarebytes pro
says removed but virus reappears when done
wont let me complete the running of dds.csr

Answer:opencloud removal

i'm still messing with it and was able to get the dds.scr to run, here is the text and attach
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by apchn at 23:00:08 on 2011-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1128 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\344f0ed2-c0af-475a-936d-19a20574a337.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ ... Read more

20 more replies
Relevance 45.92%
Question: Opencloud Troubles

All right, so I saw a topic similar to mine, but I decided to make my own because my logs will doubtlessly be different, and none of the solutions suggested in that thread were of any help to me.

I got the Opencloud virus a couple of days ago when I let someone borrow my laptop, and first noticed it when the window popped up claiming that my computer was infected (obviously a scam). I went straight to MBAM to scan and remove, and of course Opencloud blocked it from opening. I then Googled the issue, and tried using the online guide here to troubleshoot. It seemed to work, but then Opencloud promptly returned upon a normal reboot. Here's a quick rundown of what happens now (bear with me, I'm a rookie with computer lingo but can navigate pretty well).

1. Rkill downloads and functions, but does not find anything.

2. MBAM will run for about 20 seconds after a new installation (which I've done countless times), but then disappears. I then cannot open it again, and it claims that "Windows cannot access the specified path...", etc. A new install is always required; rebooting doesn't help the situation.

3. Now, Opencloud does not give any messages at all, but it's still definitely on the computer, because occasionally it pops up in my programs or on my desktop.

4. I'm now worried that Opencloud has allowed other spyware to gain access to my computer, because now I am having the hidden file issue, where my Quicklaunch icons, desktop ico... Read more

Answer:Opencloud Troubles

Hi loreleedarling, to Bleeping Computer.My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.  Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer Log ErrorsList Installed ProgramsList Users, Partitions and Memory sizeClick Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode] Let's try rebooting into Safe Mode.This can be done tapping the F8 key as soon as you start your computerYou will be brought to a menu with severa... Read more

1 more replies
Relevance 45.92%

I, too, have gotten the OpenCloud AV today. I downloaded Spyware Doctor and PCDoctor but neither one worked.

I went and tried your Remove OpenCloud (Uninstall Guide) here: http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security, but I couldn't even open Internet Options. The Internet Options window would flash quickly and disappear. The same thing happens when I click open my Task Manager, the window just flashes quickly and disappears. It won't stay open. One time it did, I tried to end OpenCloud and it wouldn't allow me. It said that if I tried to end this task, I would lose saved data so I was afraid to challenge it.

I also tried your instructions from this page: http://www.bleepingcomputer.com/forums/topic420826.html, but after I downloaded MiniToolBox, I couldn't run it so I couldn't check mark the following checkboxes:

Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

The window where I'm supposed to check the above would also just open quickly and close again. The window doesn't stay open for me to do anything.

Please help or direct me to a removal guide that will work. Thank you.

Answer:gotten the OpenCloud AV today

Hello do a file search for this file and let me know/win2119b744.exe Are you running XP??Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it a... Read more

19 more replies
Relevance 45.92%
Question: Opencloud security

I have somehow been infected with this Open cloud security scareware or whatever it is. I tried your fix of rkill and got to the point of trying to download malware but it still prevents me from accessing any type of antivirus software. It redirects me to random websites. Is there some other fix for this?

Answer:Opencloud security

Hello and welcome>>Please follow our Removal Guide here Remove OpenCloud Security (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 45.92%
Question: OpenCloud and BSOD

My husband's computer was infected a few weeks ago with the OpenCloud Security virus. I previously ran Malwarebytes several weeks ago and it did remove the OpenCloud pops ups but most of my husband's files were hidden. I was able to back-up all of his personal files successfully. Many removal programs have been shut down while they are running. However the computer now only runs following startup for 2-3 minutes before I get the BSOD. In safe mode, I have followed the full removal instructions (TDSSKiller, Rkill and Malwarebytes) without success. TDSSKiller came out clean, RKill reported nothing terminated and Malwarebytes found nothing as well. The computer is also not connecting to our wireless network (stuck in the "Identifying" stage) so I am using my own computer and transferring everything via USB. I have run DDS and here are the logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Patrick at 11:40:53 on 2011-11-13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2039.1450 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windo... Read more

Answer:OpenCloud and BSOD

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427699 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

63 more replies
Relevance 45.1%

Ok I have been searching for a solution and have found some, but I can't actually do them as my computer will not let me. So I brought it here for more personal help. Basically this is the situation. My computer runs off of Vista and today it got OpenCloud AV. I have tried to remove it but it doesnt seem to work. Every Anti-virus and malware scan i have used wont run, it will scan a few seconds and then terminate, or wont open at all. I also cannot run DDS like you would like as it wont fully run. The software I have tried are:
-Malwarebytes
-Emsisoft HijackFree
-Superantispyware
-SDfix

I have also tried to manually fix my computer using instructions given but I dont have the reg. entries listed and I wont touch anything in there without being 100% sure it is the problem. I am really at my wits end and being driven insane.

Just so you know. All of these attempts were made in Safe Mode with Networking with Proxy off. As well as using RKill before them.

I realize that it will be awhile before you can get back to me on this, but please do as soon as possible. I would like to get DDS working at least so That I can give you more information.

Thank you for your time

Answer:OpenCloud AV Removal Issues

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421708 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 45.1%

Hello,

So I got the OpenCloud Security virus and followed the BleepingComputer's Uninstall guide up to the Secunia step. Now that I have Malware Bytes I seem to be getting a lot of Website blocked alerts. So I turned off the website blocking to see if it was legit concerns or not. Almost immediately, a new tab is opened in Firefox for some bullbleep. So i close it and turn the website blocking back on. Whenever I do turn it off I will get redirected in google searches or have random tabs open for spamming me.

I have ran a Malware Bytes full system scan and an AVG scan. Removed all found infections. I am attaching my HijackThis log. Any help would be appreciated. This thing is persistant, and I have no idea how I got it, although I suspect it came from a Magic the Gathering website as it started shortly after visiting that site, which was my first time visiting it (www.magicdraftsim.com).

Answer:OpenCloud and Random websites

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

11 more replies
Relevance 45.1%

I picked up a brand new version of the Open Cloud AV trojan yesterday. It installed a root kit and used all new registry entries with an unstoppable .exe. Though it disabled Malwarebyte the program could still block it accessing the internet and, after I deleted the file for it in windows (it was a stream of numbers with a colon in the middle) it was unable to re-download itself and I then used combofix which rooted it out (literally) and then broke it badly enough that I was able to re-install MS Security Essentials. The display was reduced to 4 bit for and Malwarebyte's scan killed four things and then the MSSE found four more trojans mostly in Java, one in Flash. I've also run Trend Micro's housecall with nothing else found. So here's what's going on since:

For a bit after start-up everything is pretty normal though if you move a window there's a weird, scrolling effect, like the monitor is super slow. After a while typing (both on the internet with Firefox and in Word or Wordpad) appears at around a character per half second, and all commands are retarded sequentially.

Secondly, the CPU is maxing out most of the time (probably explaining the above problem) and when I try to see what's going on with Taskmgr Taskmgr is using all remaining CPU while Firefox or any other programs are running.

Thirdly, MS Malicious Software Remover has not been able to install (though appears to have after the last reboot) since the infection. My HiJack... Read more

Answer:Post OpenCloud AV problems

16 more replies
Relevance 45.1%

My brother's computer got infected by the fake anti-malware program Opencloud. He runs Windows XP home edition (32-bit). I've tried following the guide for removal of this particular problem that you have on this site (Found here), as well as others and none of them have been successful. At this point, I can no longer boot into safe mode, and any 'scanning' programs I try to run (Malwarebytes' Anti-Malware, and the GMER utility are among them), crash and then are immediately read/write protected by whatever is infecting the computer. Renaming the .exe before running it for the first time does not change the outcome of this. After some tinkering, I did manage to get Spybot Search & Destroy to run a full scan, but it didn't detect anything other than common advertisement spies. I also managed to prevent the annoyingly constant spam messages that Opencloud gives by moving the file linked by Opencloud's desktop shortcut to my desktop and out of the system32 folder (The file name is lCCCellIBTzNyA1). I ran TDSSkiller and came up some positive infections, but it was unable to remove them. They are as follows:Hidden File
Service: 50b0596e
Suspicious object, Medium Risk.

Rootkit.Win32.ZAccess.e
Service: AmdK8
Malware Object, High Risk
Service type: Kernel Driver (0x1)
Service Start: System (0x1)
File: C:\Windows\System32\Drivers\Amdk8.sys
MDS: 56b3c2c3c7904d3a5f4cd03a196a11bc
I've tried installing AVG antivirus on his ... Read more

Answer:Opencloud 'antivirus' infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\1851371600
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

16 more replies
Relevance 45.1%

This very thing is happening to me. (yes I've tried like 15 times also). Only the computer is a eee pc and does not have a disk drive....

Answer:OpenCloud removal issue

How can I resolve this issue w/o a disk drive or on a eee pc netbook?

4 more replies