Computer Support Forum

Some form of malware/ seems undetectable

Question: Some form of malware/ seems undetectable

GMER & Combofix blue screens of deaths (yes i know realized i should not have done this)

TDSS finds nothing.

Computer runs fairly well, but randomly crashes sometimes. Avira finds a trojan daily in the system restore (not sure how to safely remove this)

any help would be great. Thank you.

Relevance 100%
Preferred Solution: Some form of malware/ seems undetectable

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Some form of malware/ seems undetectable

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue. Don't worry about the GMER log.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 59.04%

Here is the problem I am having.

I client has a PC with IE 6 on it. When he tries to log onto AOL, Bank of America, ING Direct, and any other number of financial sites, he gets to a page saying something to the effect of that company making changes, and they need his Credit Card #, ATM Pin, etc. Basically all that information that most places will tell you they will never ask you for online or via email.

Problem is, most of them are using https and the URLs are all correct. It is not being redirected to a different url. I have confirmed that the URL that shows in IE is correct.
Tried upgrading to IE7, still got same problem. Tried system restore back to before the problem existed, this did not fix it. Ran every major Antivirus, antispyware, antimalware, rootkit finder, BHO finder, etc that I could find, none of them found anything.

Other systems on this LAN work OK. If I browse to the same sites in Mozilla firefox on this same PC, that works OK. I tried a few other browsers, they all worked. Just IE has the problem.

I installed a peice of software called Proxomitron, its a software proxy. I set up Internet Explorer to use this Proxy software, and with that running, I can access these sites in IE.

So, my conclusion is that there is something on the system hijacking the HTTP requests from IE. Problem is, I dont know enough about how IE works to really troubleshoot that any further. Anyone have any suggestions?

I did try to delete all the folders that have to ... Read more

Answer:Need help with undetectable IE malware

here is a hijackthis log if it helps...
--------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:19 AM, on 8/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
C:\DOCUME~1\User\LOCALS~1\Temp\winvnc4.exe
C:\temp\KORepCln.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\interwise\participant\pull.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Kaseya\Agent\KasAVSrv.exe
C:\temp\KRlyCLis.exe
C:\Program Files\Inter... Read more

2 more replies
Relevance 59.04%

Similar to another posting about Malware trying to connect to malicious websites. Started getting messages from avast about "Malicious URL blocked" roughly 3-4 days ago. Found that it usually happens when I start the IE (version 8) and usually once an hour.The opening of a IE new window causes the cpu to get completely get bogged down for about 20 seconds and thereafter the behavious seems normal. I usually get a message from avast saying that as well as the following objectsObject: media9s.com/cgi/ffv.php?vvv=671673=...Object: nopagency.com/cgi/rb.php?bbq=671673=...all related to the process:C:\Program Files\Internet Explorer\iexplorer.exeIt seems that something is happening in the background when IE starts and it is probably a malware. Initially when I ran spybot, malwarebytes and avast, I got a couple of hits and they were removed/quarantined. Now these softwares come up empty but the problem persists so I am not sure if the original hits were associated with this problem or not. Internet explorer runs fine on the safe mode so that might be a big clue.I searched online for these websites and it seems that there were bunch of reporting from around the same time I started getting this problem (First week of June, 2010) but I could not find any specific solutions. I would appreciate any help with this problem. Thank you!

Answer:Undetectable Malware. Need help!

For some reason, I can edit my post. But I just wanted to add that I have downloaded google chrome and the avast message regarding connection to malicious URLs has not happened at least for now. Seems like the malware is connected to IE usage.

Would still like to get the possible infection removed. Thanks for anyone reading this

3 more replies
Relevance 59.04%

Hi folks,

would appreciate some advise as it seems that my system is slowly grinding to death and I need some answers quick! (please)

I noticed a few months ago a blue screen when I loaded up Windows and thought nothing of it but shortly afterwards weird things began to happen. Couldnt get access to the Registry for example. Theres also a file in My Computer that sits above the C: drive level called 0ac5b13d80b which will not let me delete it, ever, even in safe mode. Also I cant access Command prompt even in safe mode.

I downloaded and ran CCleaner to see if I could access the registry that way and it helped as I can get into Regedit now but the other problems arent fixed.

Now my pc is starting to sound like its constantly running a marathon - its getting slower and the processes are starting to pile up.

I have run every virus scanner under the sun and they show nothing but that cant be right can it? I recently downloaded NETSCAN Pro and it shows 10 established connections and 68 opened ports?!

i would really appreciate getting this beast off my system as soon as possible. Is it possible that it has created its own disc partition where it is lurking out of the scan line of virus scanners?

I really dont know what Im on about.

Help please
 

Answer:Undetectable Malware?

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

3 more replies
Relevance 59.04%

Lately, I've been noticing some suspicious behavior by my computer. There's been choppy video playback and generally "sticky" performance. What I mean by "sticky" is that I'll tell the 'puter to do something, like open a new tab, and it will lag for a split second before executing the command. Also, when I load a page with lots of images it will sometimes load the images a second or two after the text. I know that this is not a problem with my internet speed, because it's happening with offline processes, too. 
 
Now, I've run slimcleaner and vit registry fix, so I know it's not just registry errors or a fragged disk. I also have bitdefender and malwarebytes and have run them and they found nothing. But here's the thing: I was unfortunately taken in by a phishing attempt a little while ago and I think they may have gotten my computers password or one close to it. I'm worried that someone had the password, they could have installed malware that disabled my security programs but left them looking as if they were still functioning. (For various reasons I won't get into here, I stupidly didn't change the password right away.) 
 
Anyway, I suspect that this is probably all just a figment of my OCD imagination and there's probably no malware on my computer. As computers get older, they naturally do this sort of thing. But I would appreciate it if someone could put my mind at ease about this. I sure as hell don't want to wind up like Matthew Bandy. 

Answer:Undetectable malware?

Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareWith some infections, you may see two messages boxes.'Could not load protection driver'. Click 'OK'.'Could ... Read more

38 more replies
Relevance 59.04%

Here's a little background to help with the problem...
My computer started doing weird things, mainly taking internet explorer to a blank page instead of loading a video in internet explorer like it normally did. I transferred files to a second computer (mainly doc's) via a flash drive. The problem seemed to begin on the 2nd computer after this. The 1st computer got worse to the point where I couldn't double click and open my C: drive. Both computers would periodically pop up a message that said Norton Antivirus autoprotect was turned off. Although, this would happen when my computer started running slow so I wondered if my computer was just running out of memory. This brought up another symptom. My computers would periodically for about 30 minutes run extremely slow for no apparent reason, and it seemed to occur at approximately the same time (in the evening). I formatted the flash drive and at least one of hte computers (I forget if I formatted both). Oh yeah, and both computer had updated virus scanners.

Now, I have a built a new computer. I installed Windows7 (i get it from school). I have updated it, and I installed Norton Antivirus and updated it as well. It has been running well. I put files from the 2nd computer mentioned before(that didn't seem to be having many, if any probelms) on to my formatted flash drive. I transferred them over and now on this computer I am getting the same symptoms-won't launch some video links and it got really slow... Read more

Answer:undetectable malware?

anyone have an opinion on what could be going on?
 

1 more replies
Relevance 59.04%

Hello
I have an unusual problem with possibly a really annoying malware type infection.

Symptoms I know of:
Changes startup page in mozilla firefox to hxxp://mmwwx.com.ar
Blocks the functionality of various antivirus sotwares:
BitDefender Total Security (trial) - Gets "Access denied" while trying to open any of the files in the program's directory.
Kaspersky Antivirus - blocks access to trail activation and updates
I've found a suspicious file in
c:\documents and settings\psycho\Local Settings\temp\6.tmp\lala.bat - trying to see what's inside with a notepad was giving me an Access Denied error. (In safe mode I was able to see that it had few strings which was force injecting the mmwwx.com.ar site to internet explorer and mozilla firefox. And also a reference to PREFS.JS located profiles folder in firefox. I was able to dellete this file manually after cutting and pasting it to the desktop)

I was unable to uninstall bitdefender software before making scan with your diagnostics tools.

None of the antiviruses I've tried showed any results or risks. I've tried superantispyware, dr.web cureit, ad-aware, malwarebytes...
I have cleaned the system with ccleaner and ATF Cleaner, and cleaned the registry file too. Checked the registry items to search for suspicious files, After running out of ideas I just had to post this problem somewhere. The notebook doesn't has access to a dvd so the system reinstallation process could be painfull and because of that I c... Read more

Answer:Undetectable malware

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log... Read more

7 more replies
Relevance 58.22%

Hello all, thanks in advance for the help.

I've got some form of malware (I'm not educated enough to know what it actually is) on my laptop that's redirecting my browser, slowing my connection, and seems to have disabled Catalyst Control Center for the ATI graphics card (though that might be unrelated, it started at the same time). Also, I was getting system messages saying files in C:/Windows/system32 were missing, even though I wasn't actually doing anything with the computer at the time. I scanned (in Admin) with Norton360, Spybot, Adware, and Windows Defender, all came back clean, but there is obviously something they're not finding. I DO have the boot cd.

DDS (Ver_09-11-29.01) - NTFSx86
Run by Kev at 9:53:04.36 on Mon 11/30/2009
Internet Explorer: 8.0.6001.18828
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2941.1828 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\... Read more

Answer:Obvious yet somehow undetectable malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

2 more replies
Relevance 58.22%

I have ran scans with the programs stated above and almost all of them came off clean. AdwCleaner detected 3 registries and fixed them. I didn't experience symptoms for some time and now its back it's back.
 

More replies
Relevance 58.22%

Fresh Windows 7 Ultimate x64 install with only Steam and Google Chrome and ATI Catalyst drivers installed. When I try to install Avast and reboot I get a black screen with mouse cursor just at the part where I would enter my windows password to login. I had to boot into safe mode to disable avast from start up services. Same happens with my install of ESET Smart Security 5, but the black screen with movable mouse cursor shows up after I enter my windows login password. I am currently logged in with smart security 5 installed but ccan't open it.
Here is the DDS and HJTlogs. I can't run GMER because all checkboxes above 'Services' are greyed out.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:54 PM, on 8/14/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Blitzhex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blitzhex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blitzhex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blitzhex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Blitzhex\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:�... Read more

Answer:Infected with undetectable malware

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

2 more replies
Relevance 57.81%

I've been getting pop-ups randomly, some rapidly in certain intervals of time... I've been desperately trying to find a solution. Ad-aware just picks up the usual tracking cookies, and Spy-bot yields no results. I've attached a HijackThis log.

Logfile of HijackThis v1.98.2
Scan saved at 1:39:06 AM, on 9/18/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\WHATPU~1\WHATPU~1.EXE
C:\Progra... Read more

Answer:Undetectable Malware/Spyware/Adware?

11 more replies
Relevance 57.81%

I have this malware from some download I accidently did. It was a exe file and accedently clicked it. nothing happend so I just deleted it and kept doing what I was doing. While useing google maps street view, the screen was scrambled and there was lots of horizonal lines that were like mirrors, and I also had three cursors but the other two were just reflections and the middle one is the real cursor. I cant read or see anything with all the messyness unless I move my middle mouse in a area to clear some reflection, but it soon comes back. Also I cannot log on with normal mode, only safty mode. Whenever I log on with normal mode a blue screen apears, and it starts dumping files. When its done it just freezes. I cant read the blue screen either with all the messyness. I soon looked in my programs and features, and found a Nvidia PhysX software just recently downloaded in there. I learned I needeId a Nvidia card to use it, so I just uninstalled it. At first it kept saying that windows installer was not correctly installed so I couldent uninstall it, but somehow the other programs would let me uninstall it. But soon I was able to uninstall Nvidia as well. After uninstalling Nvidia, my screen was still a mess and my laptop still crashes. I used Norton, Malwarebytes, Housecall and alot of other programs to scan virus's but they all said 0 threats found. However sometimes every few hours everything would go back to normal for about 30 minutes and the screen is fine, and I coul... Read more

More replies
Relevance 57.81%

Trying to help my wife's co-worker with his laptop problem. I have no idea what he downloaded only that Internet Explorer will attempt to start to come up, hang for about 3-4 mins then close on it's own. This will happen even in safe mode. I have attempted to run several commercial trial programs such as ESet, Malware Bytes while it finds and tries to clean stuff the problem still remains. I have attempted to install the newest version of Internet Explorer while it looks like it installed the issue still remains. I tried to use your startup guide looking at the programs running within autoruns and match to your database but nothing seems amiss. The computer is a toshiba laptop running Windows 7. Also, another strange issue is I am unable to connect to the virus definitions database within Eset though trying to register says cannot find the server. But Windows Update is able to connect and attempt an update when the computer is connected to my wifi. 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by mark christian at 16:23:58 on 2014-11-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4061 [GMT -7:00]
.
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
AV: ESET Smart Security 8.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831... Read more

Answer:Infected with undetectable/uncleanable malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

8 more replies
Relevance 57.81%

Have you guys noticed a ton of "unsolved" cases popping up with users.
Here is a good example.
http://www.bleepingcomputer.com/forums/t/581337/malware-spyware-and-hackersequals-months-and-months-of-going-insane-help
 
I have the same problem. The reason no tools, scans, rescue disks, rewriting the MBR, flashing the BIOS, flashing firmware, etc. will never detect or fix the problem. Even a wipe of something like Jetico BC Total Wipeout/hdparm, clearing all or almost all places where flash memory can hide will get rid of it. Even a new hard drive won't get rid of it. Anyone have some SPID tools and know assembly language, lol ?
 
The reason it never goes away because they are on a virtual machine.
 
If you look at a lot of these farbar reports etc. I just glanced over a few here...there is a lot of files that don't belong. Many of the files are old experimental files from MS or Intel/AMD.
As the posterabove mentions...it absolutely brute forces in via bluetooth and infects everything around it. It even got my camera.

I can tell pretty quickly when someone has it.
 
Does anyone have any experience with succesfully getting rid of a hypervisor/firmware/bootkit/BIOS type of exploit?
There is some research papers on the subject...but no one really lays out how to actually get rid of it. Especially if the VM the user is on restricts things like "blue chicken" or other VM detection tools from being run.
 
This is a new account. I have had paid help, people on... Read more

Answer:VMM/Hypervisor Malware All Around - undetectable / unremovable so far.

Yes, I was just joking

1 more replies
Relevance 57.81%

I've been fighting this problem for a few weeks now, off and on.  Occasionally I'll be infected with Antivirus Pro 2010, Antivirus Pro 2009, and most recently Antispyware Pro.  After running the usual "remedies" such as SAS, Malwarebytes Pro, Trojan Remover, and Spybot it'll somewhat go back to normal...only with a random popup here and there.  Everytime a popup hits, AVG will tell me that there is a threat, so it's almost like something is there but not being detected.Now, whenever I run Malwarebytes Pro absolutely NOTHING comes up as a threat/error; which is uncommon.  Some smaller stuff will come up with the other tests, but nothing that seems to fix the problem.  Any help would greatly be appreciated.- Mike

Answer:Undetectable malware/virus/Antispyware Pro?

I'm not sure what version of MBAM you're using. Could you please uninstall the version you have and download this newest one. Run a full scan and post the log. Please download Malwarebytes Anti-Malware from here.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)Please save the log to a location you will remember.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

2 more replies
Relevance 56.58%

So I can't find any evidence of a threat, but I have multiple computers on my network that have all been hit with the same problem. First a little backstory: I have a desktop system (dual boot) that about 90% of the time I use Ubuntu Linux. I rarely use Windows 7 on this computer. I also have a Windows 8.1 tablet computer and my wife has a Windows 8.1 laptop. I first noticed that the network performance (Ookla) on my tablet was dropping to 3Mbps download when it should be closer to 20Mbps, and my Linux desktop was getting normal download speeds. I also noticed that all of my tablet's restore points disappeared, a clear sign that there was some kind of virus, and although I didn't install any suspicious software, I was probably behind my on Adobe Flash updates, and I realized there was an exploit caught in July which could have been the entry point of the malware, either on my wife's computer and/or my tablet. Anyway, I did a complete system refresh (factory new) on my Windows tablet, and it's performance is back to normal. I later discovered that the sluggish performance and stolen network bandwidth was also occuring on my desktop (when booted into Windows only) and also my wife was complaining about problems with her laptop, and I know that she didn't keep things like Flash player up-to-date and was basically relying on the built-in protections provided by Windows Defender.
 
So, focusing on my desktop, I've tried the following (updated and run AVG scan - no threats fou... Read more

Answer:Unknown/undetectable malware slowing computer/network

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/595318 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 56.58%

http://www.eweek.com/article2/0,1895,1983037,00.asp
A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.

Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.
 

Answer:'Blue Pill' Prototype Creates 100% Undetectable Malware

Oh that's just great!!
 

1 more replies
Relevance 56.58%

Hi, 
 
So I happened to be browsing incognito the other day and got caught off guard by a popup dialog box (because I'd forgotten to enable AdBlock...) The dialog box in question was forcing me to install some kind of Chrome extension (it had an automated voice repeatedly instructing "to close the page, click "Add") I thought I'd escaped it when I clicked on an initial "Add" box and was able to close the page before another one came up, which I declined, but... 
 
Now, in Chrome (where I'm browsing normally again and AdBlock is enabled) I'm getting popup ads in new tabs that are somehow overriding AdBlock and certain words are capitalised and contain spam hyperlinks. I've tried running a full scan with both Norton and MalwareBytes, having all threats removed and restarting the system but it's still there. Now, before you suggesst I simply go into the extensions tab and remove it, every time I try to do so Chrome automatically closes the tab, so it seems they've got some kind of failsafe implemented into this malware. I don't know what to do short of uninstalling and reinstalling Chrome. 
Suggestions? I've tried doing a Google search and can't find anyone else who's experienced this particular problem before. 
 

Answer:Seemingly undetectable malware in Chrome overriding AdBlock

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 56.58%

'Blue Pill' Prototype Creates 100% Undetectable MalwareBy Ryan NaraineJune 28, 2006 A security researcher with expertise in rootkits has built a working prototype of new technology that is capable of creating malware that remains "100 percent undetectable," even on Windows Vista x64 systems.Joanna Rutkowska, a stealth malware researcher at Singapore-based IT security firm COSEINC, says the new Blue Pill concept uses AMD's SVM/Pacifica virtualization technology to create an ultra-thin hypervisor that takes complete control of the underlying operating system.http://www.eweek.com/article2/0,1895,1983037,00.asp

Answer:Blue Pill' Prototype Creates 100% Undetectable Malware

Very very scary stuff, just how long will it be before the WORLD governments finally pull there fingers out and realise how big computer crime is. Computer crime should have the same sentence as bank roberry, at the end of the day, its a quick way to mug somebody, or even company and until the government gets serious,sadly this will continue even further.
We are all victims in our own homes

6 more replies
Relevance 50.84%

Hello. My Laptop has Windows XP SP3. I have both Windows Defender and Spy Sweeper for anti spyware and Norton Anti Virus. The problems started a few days ago when a weekly scan of the antivirus reported the following. 1/14/2010 20:06 23ecd795-1c985b76 ?????? Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\ Still contains 3 infected items Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/TrewsdF.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\23ecd795-1c985b76 Infected Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/LoaderX.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21\23ecd795-1c985b76 Infected Quarantine Clean virus from file Quarantine infected file Scheduled scan The file was quarantined successfully. 1/14/2010 20:06 myf/y/AppletX.class Downloader File; Compressed file Quarantined admin C:\Documents and Settings\admin\Application Data\Sun\Java\Deployment\cache\6.0\21&... Read more

Answer:Web Browsers Intermittently Hijacked. Malware undetectable by Incumbent Anti Spyware and Anti Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.??No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

11 more replies
Relevance 47.15%

I keep seeing these three folders pop up in the AppData folder:
 
EmieBrowserModeList
EmieSiteList
EmieUserList
 
When I delete them they reappear when I reboot.  I ran Malwarebytes and McAfee and they both came back clean. I did some research and it recommended I post in a malware removal forum. Is this something you can help me with?
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Kyle (administrator) on KYLE-ACER on 24-01-2015 02:12:30
Running from C:\Users\Kyle\Desktop
Loaded Profiles: Kyle (Available profiles: Kyle & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Qualcomm Atheros Commnucatio... Read more

Answer:I think I have some form of malware.

Hey, What's with the Addition Log?

19 more replies
Relevance 47.15%

New PC: Built 31/01/2015
New Windows 8.1 Install
No Internet access yet
Believe it has picked up some malware from my external hardrive.
When I run exes I get this error "Windows cannot "C:\Users\Michael\Desktop\rkill.exe" find make sure you typed the name correctly then try again?"
Managed to get rkill to run in safe mode, here are the results.
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 02/01/2015 08:55:03 AM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic
 
 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic
 
 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic
 ... Read more

Answer:Seem to have some form of Malware

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

1 more replies
Relevance 46.74%

I appear to have the typical redirect virus, although this one appears to be very subtle. I can use google search with no problems, and I am redirected only occasionally to websites such as "askthecrew.net" and some search engine called "sour". Nonetheless, I am being redirected by something and want it gone for obvious security reasons. Mostly hits me on Tumblr.com, but I'm fairly sure that's just because I'm on there often.

I have windows 7 64 bit, and have attempted to use malwarebytes, Microsoft sec. essentials, AVG, and Ad-Aware. None have been successful.
I'll post logs of whatever you want, just tell me.

Thanks for whatever help you guys can provide.

Answer:Some form of Redirect Malware

Hello diesmiley and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Admin... Read more

19 more replies
Relevance 46.74%

First of all Im running a dell computer with Windows XP Service Pack 3 installed on it.

Of late, whenever I try to run the computer in normal mode it crashes or freezes up and goes to a blue screen error message which says something along the lines of DRIVER_IRQL_NOT_LESS_OR_EQUAL. Currently I am running my computer in Safe Mode with Networking. I didn't install any new hardware or software prior to this error message, so I have no idea what is causing it. (Could it be malware?)

I also think that my computer is infected with something. I have done multiple scans using windows defender yet it doesn't come up with any viruses. Normally in the past Spybot Search & Destory has been most effective in removing malware, but whenever I right click the Spybot Search & Destroy icon in the system tray and select RUN nothing happens.
I don't know if I have malware that is blocking the program from opening.

In the past, I had malware called AntiSpyCheck installed on the system, which I thought I completely removed with SS&D. This appears not to be the case, as the other day SS&D came up with a Registry change warning, and the path of the program that was altering the registry was C:\\Program Files\ASpyC\.

My system started having problems shortly after the download of a Torrent from TPB. I use the BitTorrent client, and prior to the torrent that I downloaded the system was running perfectly fine.

Here is a Hijack This log:

Logfile of HijackThis v1.99.1... Read more

Answer:I've been infected by some form of malware.

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please start a new thread in our Virus/Trojan/Spyware forum along with the required logs

1 more replies
Relevance 46.74%

Hey guys, hate to ask for help on my first post, but kinda in a bind here. My computer is running fine from what I can tell, but I was going to do a hijackthis log but it would only load, start the scan, and then crash and seemingly uninstall. I figured this might have been a configuration issue with my computer, so i tried using malwarebytes, runscanner, and rsit. All with the same result. AVG, ccleaner, avira, and avast work fine though, but don't come up with anything.Kinda at a loss here as to what might be causing this...hoping you guys could help.Thanks, WillEDIT: I was able to get a combofix log done thanks to some help on another forum..here's that if it helps.ComboFix 09-09-22.02 - Administrator 09/22/2009 20:22.1.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2736 [GMT -4:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! antivirus 4.8.1351 [VPS 090922-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\HijackThis.exec:\program files\driverc:\windows\msa.exec:\windows\msb.exeInfected copy of c:&... Read more

Answer:Pretty sure I have some form of malware...

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Please create a new topic in the Am I Infected forum.http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.If needed, we will direct you to our HJT Preparation Guide.This topic is now closed. The BC Staff

1 more replies
Relevance 46.33%

Hey Bleeping Computer,

I am running Windows 7 Home Premium, 64bit.
Someone logged into a few of my game accounts last night while I was sleeping which in turn got my accounts locked. The games were World of Warcraft, Guild Wars 2 and Star Wars: The Old Republic. I received emails stating that unauthorized persons logged into all 3 accounts. And each account has a different Email and Password. I am not sure if they logged into any of my other emails or anything since I haven't received any warnings from anyone.

My computer has been running well, but for the past week or so my browsers have been a little slower than usual. I use Mozilla mostly, but I tested IE as well and it was slow too. Also, every 20 minutes or so, my desktop icons refresh, and if I'm on a webpage, it does the same. I'm not sure how to word it exactly, it doesn't actually "Refresh as in F5" but it (blips)or reloads if that makes any sense.
When I woke up and found out my accounts were logged into from elsewhere, I immediately ran an Avast(Free) full scan, followed by a boot scan and the results came up clean. I then ran Spybot S&D, and again, the results came up clean. After that I ran Malwarebytes(Pro) and they came up clean as well. Then I ran all 3 in safe mode but got the same clean results.

I generally keep my computer pretty well maintained since I play a lot of games. Which includes defragging every night before I shut it off, running Avast and Spybot once... Read more

More replies
Relevance 46.33%

hi my avast and mbam have been picking up a trojan.clicker.fms aswell as win32:malwaregen on avast 
i've located the hidden folder where it is coming from as well any ideas?
i also have logs from the 2 programs for scans.
 
http://i.gyazo.com/41d74805b9a9ec6cb7040ce8ff690cfe.png link to what it shows

Answer:my pc is infected with some form of malware but i'm not sure how to remove

Hello anthm8 and Welcome.
 
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
 
If you are concerned about it, please follow these directions..........
 
First -Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
List content of Hosts
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy and Paste the result. (result.txt)
 
 
Next -
Download Screen317 Security Check  and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please post the contents of that document. Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
 
Next :
Download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.
 * Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button (only once)
AdwCleaner will begin...be patient as t... Read more

6 more replies
Relevance 46.33%

Hello,

I have recently tried using a oldlatop that was given to me. The first sign of problems, was the laptop unbootable boot volume. I manage to use the recovery option in a xp installtion disk to fix it. Once i boot into the system, the computer was very very sluggish. Startup would take extremly long time. At first i merely attributed this to the bloatware and crappy processor. Then I installed various antispyware and antiviruses programs. Lo and behold,avast caught about 30 malware objects with a boot scan. Malwarebytes caught an additional 3. Superantispyware caught another 3 infections. Lastly Avira caught 2 infections. At this rate. I know that there are still malware on my laptop, which may be regenerating itself, or be stealthed. Anyway if you want these logs, feel free to ask. Thank so much for reading this and here is my hijack this log at the bottom of this post.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:07 PM, on 6/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:... Read more

Answer:Severe infestation of various form of malware

6 more replies
Relevance 46.33%

If you know about security in website and computer then tell me how to secure Website from Malware Attack. And what is the role of Google Webmaster in security purpose?
 

More replies
Relevance 45.92%

Our system seemed to act strangely beginning in early March. We use ZoneAlarm firewall and it seemed to auotmatically lock on occasion upon log-in, requiring a manual "un-lock" before the internet could be used. I was suspicious there was something trying to get in or out that ZoneAlarm was "catching" and locking the firewall.

To try to detect the problem, I downloaded the latest version of "MalwareBytes" and ran a scan. It found a few issues and I chose to quarantine a few of them, but not all as some looked legitimate to me.

Upon re-booting the next time, everything went bad. A pop-up came up with the windows installer and then it said it was trying to install HPPhotosmartEssential. The system became very sluggish and the hard drive was constantly being accessed. After numerous "Cancels" to the install, it finally stopped trying to install. However, the hard drive continued to be accessed non-stop and the system was very slow. I became very concerned something was going on in the background so I shut the system down.

I tried to re-boot in safe mode and it would not boot, it either hung or gave a disk error suggesting c:\windows\system32\wbem was corrupt or unreadable and chkdsk should be run. I immediately felt I needed to do a system restore back a couple of weeks to clear off the issues. Upon trying to run the restore I received a message that the application failed to start because framedyn.dll was not found and that re-... Read more

More replies
Relevance 45.92%

When I first fire up my computer, the following message pops up as Windows starts:

Microsoft Networking
The following error occurred while loading protocol number 0.
Error 38: The computer name you specified is already in use on the network. To specify a different name, double-click the Network icon in Control Panel.

I'm sure others have experienced this. I am not on a network, and this has happened for the last couple of days. I am running 98SE (I know...way past time to upgrade.) My Hijack log follows. I appreciate any help. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 7:18:41 AM, on 1/9/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\MY DOCUMENTS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ajc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.ajc.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ajc.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO... Read more

Answer:Error message - Is this some form of malware at work?

hi there,

Did you run this scan from safe mode as there isn't much in the log?

I don't see anything in your log, have you gort an anti virus programme? if not download anti vir from below?
Anti-vir

http://www.free-av.com/
you don't appear to have a firewall, even if you have a router you still need
a software frewall, downlaod the one from the link below!

Filseclab Personal Firewall Professional Edition

http://www.filseclab.com/eng/download/downloads.htm

http://www.wilderssecurity.com/showthread.php?t=92710

you have spysweeper, update it and runn ascan from that post it's log if it finds anything?
go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk
entries". Click next to start the scan. Delete everything adaware finds.

reboot and now run spybot

Spybot: Search and destroy.

Delete what spybot finds marked in red. After updating spybot hit the
immunize button.

reboot again
With CWshredder close all browsers and programmes and select the FIX button.
All tools can be downloaded at the link below and found on that page!

. Trend micro CWShredder
. SpyBot search and destroy
. AdAware SE personal
http://www.majorgeeks.com/downloads31.html

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destin... Read more

3 more replies
Relevance 45.92%

Help still needed very badly,After finally eliminating AV Security Suite I still have problems with the computer Freezing, Hanging when opening normal programs, Extreme Scrolling problems, Removing programs, Getting online and a lot of other headaches that didn't exist before. I have enclosed both DDS Logs and the GMER or ark.txt as it was instructed. I couldn't get my WinZip program to rezip the file for posting, it froze. I hope they are the correct log files. I also really hope they will allow someone to help me get my computer working again. Thanks to all again. Sincerely,TQUADDDS (Ver_09-02-01.01) - NTFSx86 Run by TOM at 16:13:50.85 on Sat 02/21/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.218 [GMT -6:00]AV: CA Anti-Virus *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Seagate\Schedule2\schedul2.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exeC:\WINDOWS\system32\nvsvc32.... Read more

Answer:Malware Removal Request Form Per Instructed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 45.92%

Hello.

Im new here, I have been looking for information about 2 applications called "Home Cloud" and "Form1".
When I go to my Alt+TAB menu I can see these applications there, but I cant acces them.
Also in my Task Manager I can see both applications.
I dont know why there are running and how work these applications.
It could be something normal but since im a noob in this things I cant tell if they are not a malware or not.

Can anyone explain me what are these applications for and why their are in my PC?
Can I remove it both or they are some kind of essentials for my PC?

I got a capture of my Alt+TAB menu:
Selected one is Home Cloud, the one on the rigth is Form1.

Regards and thanks.
 

Answer:Home Cloud + Form 1, Malware? Virus?

I'm moving this to appropriate forum.
 

1 more replies
Relevance 45.51%

 

by Dan Goodin
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Source

More replies
Relevance 45.51%

OK I've followed all the steps in the 5-step process. Here's the problem, when I'm typing or even just scrolling in the current window of IE it will de-highlight and become inactive. Sort of like what happens when you get a pop-up but I'm not seeing the pop-ups. Here are my logs. First Active Scan:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-29 16:51:17
PROTECTIONS: 1
MALWARE: 76
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec AntiVirus Corporate Edition 10.1.0.394 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================... Read more

Answer:[SOLVED] Current window keeps de-activating...some form or spy/malware?

Welcome to TSF.

I don't recommend using file sharing programs like Limewire as they can contribute to malware infections.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune.org/ccount/click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {1530C3A4-CA76-4F11-B091-C3B77565A91B} - C:\Program Files\ComPlus Applications\fojeru66225.dll
O2 - BHO: BeSideit IE Helper - {83C35173-E029-42f1-9692-0341EE379A0D} - C:\Program Files\QdrDrive\QdrDrive16.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "... Read more

7 more replies
Relevance 45.51%

When using google links,I keep being redirected to other sites. Have tried using McAfee, ad-aware and malwarebytes to resolve the issue but to date this hasn't helped.

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Owner at 14:00:41 on 2011-06-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3063.1559 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&#... Read more

Answer:infected with some form of malware that causes google links to redirect

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

12 more replies
Relevance 45.51%

Ok, I'm a graphic artist, and use my computer for my work, but other than that, i'm pretty much "out of the loop" on terms, virus names etc...

so a short while ago i switched from firefox, to google chrome. to see what it was like. and while i love the browser, i seem to have acquired some form of virus or malware while using it.

does anybody have any idea firstly, how to get rid of it? because every time Avast says it's been deleted, i'll get a message about 10 minutes later saying "it's back loser" (not those words exactly, but i feel my machine is mocking me...)

and secondly, whether chrome actually has massive security risks? or if it's just coincidence that i've gotten this stuff while using it.

here is the HJT log:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:53:40, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program File... Read more

More replies
Relevance 45.51%

I have inadvertently allowed a malware that creates infinite popups and has hijacked my web browser. I am continuously redirected to their website offering to sell me a virus protection program.My son directed me to open in 'safe' mode and contact BleepingComputer. He thinks you can help someone as old as I am!I would appreciate any assistance, I have tried to follow your guide to complete the scans, etc. before posting for help.Thanks,Lynne

Answer:Malware in the form of popups claiming a virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

6 more replies
Relevance 41.82%

I sent to look at my Sent Items tonight and to my surprise I saw another email apparently sent yesterday that I definitely didn't send.

I was astonished to find this as I have just upgraded to Vista in the last 2 days and have sent minimal emails.

The subject is "Form posted from Microsoft Internet Explorer." & is sent to a Hotmail account. The attachment is a POSTDATA.ATT. When I look at this file in txt format it has info such as one of my email addresses, my website & description - as if I had filled out a web form & pressed Submit.

Now, thinking about it, shouldn't IE let you know that it is about to send data?

One strange thing is that the email is dated yesterday evening in the Sent list, but when I open the email to view it, it will always have the current date & time - seemingly from the Windows clock.

I am thinking that either

1) this is due to a bug in the new IE & yesterday I visited a website which submitted data via email without my knowledge or

2) this email is an old email that I Imported from backed up email (PST format) from a form I ACTUALLY sent that Internet Mail has redated - maybe something went

Sorry for the long post but I'm just wary, hope it makes sense! I was liking Windows Vista so far!
 

Answer:Sent Items: Form posted from Microsoft Internet Explorer. - I didnt submit any form!

I have moved this to vista forum as I believe it is more likely to be a vista live mail issue
 

3 more replies
Relevance 41.82%

Hi All,

Noob first-time poster I'm afraid!

I'm new to Access 2007 (but have used 2003 & 2000 reasonably extensively).

I'm building an App and have created all the necessary tables, as well as creating the relationships in the Database Tools area (which I know are correct - I'm a SQL Server DBA in my day job)!

Anyway, it's an almost text book example of an employers and employees database; one employer having many employees (employerID is the foreign key on the employee table).

I have created an employer form (using the wizard) which is fine, but then when I add a button to open the employee form (selecting 'Open the form and find specific records', matching employerID on the Employer table with EmployerID on the Employee table) it doesnt work. Instead, I get a popup box asking me for the EmployerID! Even if I manually enter the correct employerID when the popup box appears it actually displays all records, so I'm sure that the problem is more fundamental (and therefore, probably my fault)!

I'm hoping that I've just overlooked something REALLY stupid, but would apprecaite any suggestions!

Cheers,
Ian.
 

Answer:Access 2007 Form Button Wizard - Form does not open with the correct records

I have seen this kind of problem with Access 2007 VBA code which does not work when it dod in 2000-2003.
It can be a Syntax problem which you may be able to get around, if not you can get around the problem bby using a Criteria in the Query that supplies the Employee Form.
Although I would have thought it would be better design wise to have the Employees as a Subform or Tabbed Subform on your Employer Mainform.
I do not have Access 2007, only 2003 so I can't help with the VBA, but you could post the code anyway.

Did you use a Wizard to create the Employee Form, if so check the Record Source SQL it may be preventing your EmployerID from working.
 

1 more replies
Relevance 41.82%

Hi all

I have a simple Access (2003) db which has a single form view with a subform. The main form is a record based upon a physical case file the subform only details actions past and future, a sort of event log.

I also have a continuous form which displays all upcoming actions sorted by date on all cases for a particular user so they can see just how busy they are likely to be for a particular period. What I would like to do is have an on click() property for the detail of the continuous form so that it opens the main form filtered by the record in the continuous form that was clicked. User can then update or add new events for that case before closing form and returning to the continuous form

Hope this makes sense
 

Answer:MS access open single form filtered by selected record in continuous form

coasterman, welcome to the Forum.
It makes perfect sense.
If you add a Command Button to the Continuous Form and after selecting the mainform select the "Open the Form and find specific data to display". This will give you the code that you need to add to your On Click or On Double Click property or of course leave the button and use that.
 

2 more replies
Relevance 41.82%

Hi all. I do have another post going but do not want to cram so many questions in one post. (Hope that this is an acceptable practice )Anyway, my Sony desktop crashed the other day. I had a new Hard Drive installed and recovery disks were used. PC is good to go. Trying to tweek it back to the way I am used to having it.QUESTION:I had a form filler program called ROBOFORM on this PC before it crashed. I had MANY years of passwords and stuff saved there.When I brought this PC to the Geek Squad at Best Buy the other day to see if the PC could be repaired, I was told the hard drive went. They were, however, able to make a disk with my ROBOFORM passwords. I can not get the disc to open the list of passwords. It asks me where I want to open the and give me a list of choices. (Paint, notepad, adobe etc.) None of them will run/open the files so I can see them.This was a program that I paid for. How can I make the disc start to fill my forms again when I am at certain sites? (Gee, hope I am making sense)I just realized I never downloaded the ROBOFORM program onto this pc.  Does that have anything to do with the disc not opening??If I go and download ROBOFORM, how does it know who I am. How will it know about the disc full of passwords? How do they recognize each other?HELP PLEASE..........My Passwords are VERY important to me.Thanks!!

Answer:ROBO FORM / Form Filler - Help Needed Opening/Running a Disc

Yes. I know the website but what do I do? Will they know my info or do I need to pay again. I am lost.(Sorry)Dee

6 more replies
Relevance 41.82%

Hello,
thanks for taking a look at this thread, any help will be greatly appreciated by a complete Noob.

I've been given a LOT of help by members of this Forum (especially OBP) with a DB I'm making as a first look at any type of IT product, and I'm very grateful, so thank you all.

Recently, I was advised to take a look at the "Tabbed" style of "MainForm" instead of the "Switchboard" style I originally used. I must say, I really like the tabbed style much more than the switchboard but I've hit one hurdle that I can't seem to overcome.

In the Switchboard style, I was able to set a form to load in either DATA ENTRY = YES or DATA ENTRY = NO mode depending on which sub-switchboard the user selected. For example, I had a ENTER NEW sub-switchboard that all forms would open in DATA ENTRY = YES mode & I had another EDIT EXISTING sub-switchboard that all forms would open in DATA ENTRY = NO mode.

However, with the new tabbed style, I cannot set the form load type for separate tabbs, it will only accept the LAST type as the GLOBAL type. Example, on the ENTER NEW tab, I set the form to load as DATA ENTRY = YES & sets the form to open in DATA ENTRY = YES on both tabs, then I go to the EDIT EXISTING tab & set the same form to DATA ENTRY = NO & it sets the form to open in both tabs in DATA ENTRY = NO mode.

So, my question is:
Can I set the same form to load differently on different tabs on the same MainForm?
If so, w... Read more

Answer:Solved: MS Access - Tabbed MainForm - How to make a form open a form in multiple mode

I would just copy the Subform, so you have version 1 for data entry with the Data Entry set to "Yes" and version 2 set to "No".
The only thing you need to do then is to Requery the Editing form each time you make an entry in the data entry form.
Although I prefer to just have an Edit form with a "New Record" button for the data entry.
 

2 more replies
Relevance 41.82%

My multi item form isn't letting me add new records, only update and delete current ones.

My guess it that this is because the form is based on a multi-table query. That's fine, I can make a new form specifically for adding new records, but I'd like to be able to salvage this form if possible. Is there any way to either force this form to accept new records in the bottom row, or is there any way to get rid of the "add record" bottom row completely so it's not misleading users into thinking they can add records here?

Thanks in advance.
 

Answer:Solved: Access 2007 - multi item form (continuous form) trouble adding records

16 more replies
Relevance 41.82%

Morning Guys.

I am having a problem with Access 2007. I am not good with code, so would like to resolve this without using code if possible?

I have a form "A" that I have created. I want to be able to select a row on form "A" press a button and it will open a form "B" based on the selected record in form "A".

I have had a look at the button wizard, and it lets you have the option, but when you go through the wizard, it gives you an empty box on the left and a box on the right showing all the fields in the form "A". Nothing to relate to?

Any ideas?

Thanks
AJ
 

More replies
Relevance 41.82%

I have a database which ultimately will have a couple of thousand records. The primary table has 30+ fields. I have lots of queries and connected reports to show various subsets of the data needed from the table. However, there are times when what is needed is all fields for a specific subset. Because the records sought often need to be filtered by several criteria, I've found the "Filter by Form" option to work well. I have a button on the main dashboard marked "Find Record" that automatically opens a search form in the "Filter by Form" mode. This allows me to enter information into as many controls as necessary, and returns exactly the right records after clicking on "Toggle Filters" on the ribbon. The problem is that ultimately I need to make this "Access-free". The goal is to create an application from the database without ribbons. I've created a button to run the filter, and another one to print the results, but when the search form is open in the "Filter by Form" mode, it greys out the buttons. I understand that there is a GotFocus command or something similar. Can anyone help with specifics, both the syntax of the command and where the command needs to be typed? Thanks a bunch...I look forward to your reply.
 

More replies
Relevance 41.82%

I have a form Third party Invoice.I need to calculate taxes for GST like as it done for Purchase order,sales order.
so please help me how to calculate taxes for my customized form  ????

More replies
Relevance 41.82%

Hi All,

I need some help to figure out how to do a project.
i was given a sample tax form from the government that i have to re-create in electronic format. I have to build the form to match their specifications exactly. I've tried to do it in MS Word 2003 using a table, but the when i try to ensure that the tables cells are the same size as that on the paper - the tables keeps either changing the dimensions of the cell or changing the dimensions of other table cells.

the major thing is to ensure that the form i build matched that paper sample exactly - for example i cannot be off by even a millimetre.

In addition to that, my company has extracted the tax data for its 400-500 employees into an Excel Spreadsheet. I have to use the excel spreadsheet to make the "form" i created fillable.

The previos analyst used ms word 2003 and created the form using the drawing menu and text boxes and then mail merged the info in the excel sheet to the word doc.

can someone suggest an easier to do this? i wold be grateful for any help i can get.

Regards,
Ariane
 

Answer:Create Electronic Form to match sample paper form

Ariane,
Welcome to TSG

If I got your meaning correctly, then yes, ther's an easier way.
I'm almost sure that you can create the form in Excel, though setting the exact sizes and positions could be difficult.
I'm absolutely sure that you can create the form in Powerpoint, and with this latter, setting the exact sizes and positions should be much more simple.
Automatically filling the Powerpoint form is also possible.

If you only need to print out the filled forms, or create PDF-s, this Powerpoint-Excel duo might be good for you.
If you need to do further calculations with the filled forms, then I strongly recommend to stick with Excel.

I'm also curious what others can say.
 

2 more replies
Relevance 41.82%

Hello

I have a subform which on its own - works beautifully but fails under the mainform. I use a main form to select the record that the end user wants to update. Upon update event on main form, the sub form opens, presenting fields for possible updating. The Sub Form also present 2 buttons - Save & Close or Cancel and Close (Undo). When the main form opens, the code set AllowClose as False. When the sub form is opened as a result of the update on the mainform, the issue is the Close command /code gets canceled. (Error 2501). I have tried: 1. setting AllowClose (true and False) on both forms, 2. only the main form and 3. only the subform. None of these 3 configurations resolves the issue. Also, I tried moving the buttons to the mainform instead of the sub form but that failed as well.

The application has a dozen forms and all of them utilize AllowClose functionality so the end user MUST use the buttons on the forms to force background queries (updates, deletes, perform calculations, recalc control totals etc). This is the first time I have tried to use Allow Close on a subform with buttons.

XP and Access 2007

KEY ELEMENTS OF THE CODE:

Private AllowClose As Boolean

Private Sub Form_Load()
AllowClose = False
End Sub

Private Sub Form_Unload(Cancel As Integer)
Cancel = Not AllowClose
End Sub

Private Sub SaveChangeandCloseForm_Click()
AllowClose = True
DoCmd.Close

Private Sub CancelAddingNewRecord_Click()
If Me.Dirty Then
Me.Undo
End If
If Not Me.NewRecord Then
En... Read more

Answer:Action Canceled - Using AllowClose on Form and Sub Form - Access 2007

Why not just use a listbox to display the records based on the selection on the main form? I don't think you can actually close a sub-form on a main form since it is tied to the main form.
 

2 more replies
Relevance 41.41%

I am a new user to Access 2010. My operation system is Window 7.
I have created a data base with two tables. The first table contains a list of students and their personal information. The second table contains student subjects and has many subject records with a relationship to the student record. The relationship key is the student id.

I have created a form that populates with the student information and contains a subform that populates with that students subjects. All of this works great for existing students. I can edit the student information and and new subject records.

Now here is my problem. I would like to create a form that preceeds my current form. The user would input a student number and click search button. If that student number exists on the student data base then the form that I created should open populated with the student data and their subjects and allow the user to update it. If the student number does not exist, then I would like that same form (or a form with the same layout) to open and the only data populated is the student number that was input on the search form. The user should be able to input all of the student data and course information and hit a save button that would insert the records into the correct database tables.

I have tried many methods to create the intitial search form that would open the correct version of the student form without any progress. Could someone provide me with the macro that would open that correct form, or set t... Read more

Answer:Access query to open Add form or Edit Form

needaccesshelp, welcome to the Forum.
First a couple of points, you do not need to "save" the record, access does so automatically. Also when creating a New record the subform should be automatically populated with the Student Number, this is controlled by the master child links.

The combo you need is a Find combo which can be created using the combo wizard, that combo can have it's Not In List Property set to yes, which can then be used to trigger adding the student that to the table and then to the form (and combo).
 

1 more replies
Relevance 41.41%

Here is what I'm trying to do.

For lists Equipment in drop down box.
Whatever equipment that is select, the equipment type field needs to be updated from a table.

Is there a way to get a value from SQL statement?

SQL = "SELECT [Equipment Type] FROM OrderDetails Where " _
& " Equipment = '" & Me.Equipment & "'"
[Forms]![OrderDetails]![Equipment Type] = SQL
 

Answer:Help with access form (insert table value into form field)

Mhouser, if you are trying to "display" a value related to the Combo selection you can have thta value as an extra column in the combo and refer to it with simple VBA.
You should not populate a Field's actual value with that from the combo as that is duplication.
Can you tell me which one you are trying to do?
 

3 more replies
Relevance 41.41%

I have this small database I am converting from A97 toA2010. I created a new A2010 db and pulled over objects I needed. Everything is tested out and working fine.
I also added a drop down box to the main switchboard toselect a "user". Its purposeis so the filter through all the records and pull up only the list of drawing #for that specific drafter.
So I have a table called tblSign_In which has UID autonumber, and the employees name. Thiswill be the user names for the drop down of the Main Switchboard.

I have a table called SHEET LIST that list all the data Ineed to display. This will end upholding tens of thousands of records of information about drawing. I added to this table a field called theLogInID field (UID) to link back to the tblSign_IN, and the correct number andcombination.
I also have a query called qrySHEET LIST which selectsall SHEET TABLE and inner joins to thetblSign_IN to pull the Employee Name linking on a LogInID field.

What I was trying to do is filter SHEET LIST form (my outputform) by the user selected on the MAIN SWITCH form in the drop down box Icalled cboSignInEmployeeName.
For example:
Sheet List (tbl) might contain information like: Sheet# 22a6; description Dryer; buildhours:12; drafter #4.

qrySHEET LIST (also my ouptut data) is pulling all theabove, but replace 4 with actual drafter’s name, John Smith.
To filter, I have two methods:
The query is my record source for my form SHEET LIST, so Iadded

WHERE (((tblSIGN_IN.[Employee Name... Read more

Answer:Filtering a form using selection of a combo box on a another form (user ID)

13 more replies
Relevance 41.41%

Can someone please help. I'm I can't seem to figure out how to keep an imported Excel file open to my users once I lock the Word form that I imported to. I need for my users to be able to be able to fill out the form as wellas open that Excel file if they need to. Any help would be greatly apreciated.
 

More replies
Relevance 41%
Question: Undetectable HD

I've got a Seagate 1.7 gig that i'm attempting to reformat. When I plug it in, it sounds like its spinning, but when i try to reformat, it reads cheching drive allocation. Also when I plug it in as a slave in attempt to see if anything is on the drive, the drive is undetected.
It doesn't show in the bios either. As of right now, i'm making the assumption that the drive is bad, just asking for a second opinion.
 

Answer:Undetectable HD

Try running fdisk before format and delete any partitions that are on it, then set an active partition, then try to format, Pay attention to jumper for master or slave.
 

3 more replies
Relevance 41%

I own a Toshiba MZHU010AOM01 laptop. The MATSHITA UJDA750 DVD/CDRw drive has suddenly stopped detecting any disc that I insert.

I tried Uninstalling and Reinstalling the driver but that did not help. I am running Windows XP with SP2 on my comp.

What do I do?
 

Answer:Cd Rom Undetectable

There are 2 posibilities here:
1. The drive is dead in which case you'll need to replace it
2. If upon inserting a disk into the drive, the drive is spinning for couple of secs then it's possible that the problem come from the optical " reader" ( the led that read the cd ) and might wanna use some sort of cd rom cleaner ( Best Buy, CircuitCity have those for about $ 10 ) or possible that is some sort of missaligment. Try "stuffing" the cd and see
HTH
 

2 more replies
Relevance 41%
Question: Undetectable rat??

i recently had my computer hijacked through remote access technology (RAT). i had on my computer at the time norton 360 and it did not pick it up or prevent it from being downloaded. after i knew it was on my computer (RAT), i installed 'nod 32' and ran it. it also did not detect it.

question: is there any software available that detects RAT, as well as keyloggers?

2nd question: i'm not sure how it got installed on my computer in the first place. i was sent emails by this person and i guess i opened one of the emails, but didn't click on any links in the email. i'm guessing that just by opening the email that the RAT was able to be installed. would you agree? or is it possible if someone has your ip that they could install RAT without sending you an email or me having to do anything, that they could do it 100% on their own end (which doesn't seem possible, but i don't know much about it). trying to figure out how to keep my computer safe! COULD THEY DO IT 100% ON THEIR OWN IF THEY KNEW MY IP ADDRESS AND I DIDN'T OPEN ANY EMAILS FROM THEM, etc....???

thanks!
T
 

More replies
Relevance 40.59%

Hi all. I have different table for each type of inventory that we have. I would like to design one master form that would ask what type of inventory that the user would like to enter. Depending upon what the user selects, it will change the fields to the categories in the pertaining table. Is this possible?
 

Answer:using a form field to select display of a form

12 more replies
Relevance 40.59%

Actually, it makes sense because it's in the middle of the form where the cursor is sitting and the user will first enter their data. But first they need to read the instructions at the top of the form.

Is there a way to set it to load the page scrolled to the top rather than to the middle where the data is to be entered?

Thanks, Peter
 

More replies
Relevance 40.59%

Ok guys, I can give a really easy example of this problem I'm having right here on the message board. If I place my cursor in between these two words (this) (that) and then click on a smiley, it SHOULD insert the smiley face in between them. I'll do it now.

See how it put it at the very end of the line? When I'm finished typing this whole thing, I'll try to insert a confused smiley here ( ) .

The same happens for ANY auto-insert stuff, whether it be the hyperlink or the quotes button, anything here. Its annoying . Anyone know how to fix this? No matter where my cursor is, it always inserts the auto-text into the end of the post.
 

Answer:Firefox - Form auto-insert always at the end of form

I imagine it's a quirk of the javascript in VBull. IE has added a lot of nonstandard code that makes editing windows more robust, and I expect that's what VBull is using. If so, there is no workaround.
 

1 more replies
Relevance 40.59%

Hi all.
I have a form word document that looks ok when viewed but when printed there are the words "formdropdown' in areasthat should contain names, addreses, etc.
Running XP Pro.
The form works ok when printed from other pcs.
Having the same prob with other forms.

Please help.

Thanks

Thee

Answer:Word Form Doc Printing Crap Instead Of Form.

?

3 more replies
Relevance 40.59%

Unable to convert Word form to Excel form. Tried screenshot of Word form, pasted to Excel sheet and filled-up by text but the text itself always mis-arrange.Kindly help me please...

Answer:Convert Word form to Excel form

Rather my cherry picking and copying a few how to... suggest you follow the results here:http://tinyurl.com/zxfccfrIt's a google list found using:convert excel document to wordas the search term...

2 more replies
Relevance 40.59%

I have my form sending to my e-mail so it prints out my data line by line. Can anyone give me some pointers on how to get this data into a nice form that can easily be read.

E-mail from From Looks like this.

jnum=12345
jtitle=blah
fname=nick
mi=d
lname=johnson
ssn=1234
[email protected]
oname=
address=123321
 

Answer:Form to E-mail back to a Viewable Form

6 more replies
Relevance 40.59%

I inherited this Excel document and have been asked to modify it so that when a selection is made from a drop down list a Form pops up for them to enter the reason. I put this code into Private Sub Worksheet_Change(ByVal Target As Range)

If Len(Trim(Range("$H$" & Target.Row).Value)) = False Then
Exit Sub
Else
If Len(Trim(Range("$H$" & Target.Row).Value)) <> "" Then
ProcessReasonForm.Show vbModeless
End If
End If

Which worked fine on three machines that I tested it on locally. However in the 2 remote location there it was tested it the Form would pop upwhen ever any changes were made to the spreadsheet. I need the form to only come up when a selection from the dropdown list in column H is made. As no personal data is in it I'll post a copy with this. To view code use "amber". Any ideas would be great as I'm lost as to why it's happening out there but I cant recreate it.

Thanks
WT
 

Answer:Solved: Form call is causing the Form to pop up everywhere!

File is attached. Code to unlock code is amber.
 

2 more replies
Relevance 40.18%

Hello, and thank you for taking the time to read and acknowledge my topic. I've been having some weird issues lately, and even though I'm 99.9% sure I'm infected with a virus, no Anti-Virus/Anti-Malware software has given me any evidence. It all started after I noticed that my system font had randomly changed. I had changed my monitor resolution from its native 1024x768 resolution to 800x600, and started to play Minecraft, but in the game was only when I noticed the font on Window titles, the clock, etc. had changed. I even changed back to my native resolution and still found the wierd font there. I made a system restore and the font went back to normal. I also was in the middle of modding one of my games, when i noticed one of the files had been deleted. Microsoft Outlook would randomly open. I don't know whether or not this is relevant to my supposed virus problem, but anything weird I took into consideration. MalwareBytes would randomly block completely different outgoing IP Addresses when Firefox wasn't open. However, now the major problem I've been getting is major performance drops. Start-ups take longer. Programs take longer to open. Games have constant stuttering issues and take 3x the amount of time to start-up. I received a notification from Yahoo! Mail stating that my account was logged in by an IP Address located in Slovakia. I have tried multiple programs/Anti-Virus Softwares to try to detect or remove this "virus", but none ... Read more

Answer:Please Help!! Undetectable Virus??

Hello, sorry for the delay but I see Combofix. We assume you ran it and that needs to be handled elsewhere.Having run ComboFix we need to see that and a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you posted earlier.Let me know if that went well.NOte only one of theses can be active. Avast! Internet Security 2012 (Trial)ESET NOD32 Anti-Virus (Trial)

3 more replies
Relevance 40.18%
Question: Wifi undetectable

I went in default ip browser and my access point configurations have been changed. My wifi network is undetected and other devices cannot connect via wifi. How do i go back in Belkin Router and reverse this?

Please help?
 

Answer:Wifi undetectable

Hi janitap, and welcome to TSG

If you do not have WiFi access to the Belkin router you will most likely need a wired Ethernet connection from a computer to a LAN port on the router in order to be able to log into the router and changes its settings.

If you are unsure how to do this, please give us the model number as well as any hardware and firmware version numbers of the router. The information should be on a label on the bottom of the router.
 

2 more replies
Relevance 40.18%

Hi I think im infected with a trojan. I have some extrange connections by (Sistem process - Port 80) in TCPView sending bytes to remote adresses.
I also detected some strange behaviors. where self-closing internet explorer windows and changes in my favourites...

Windows Vista 32 SP2
Antivirus: Avira Antivir Premium with WebGuard and MailGuard
Firewall: ZoneAlarm free v9.2 (v10 dont work on my sistem. error instalation)
Resident Antispyware: Spybot Search and destroy

Also i use:
Malwarebytes Protection enabled
SuperAntiSpyware Free
Hotspotshield / Expatshield because im from Argentina and i cant visit some sites without that program.

I run all these security applications in safemode and no detect nothing. But the antivir show more than 1000 warnings (no detections) because i use the "complete report" function for the scanner.
Also 2 days ago I run ComboFix in safe mode (UAC disabled/AV disabled/Teatimer disabled/Show hidden objects enabled) and the program deleted some files but the extrange connections still there.

Plz help me

Answer:Trojan undetectable. HELP!

Since you ran Combofix, Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.Most importantly please be patient till you get a reply to your topic.Also:No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise with new malware infections or other security tools conflicting with ComboFix, experts are aware of them and can advise users what should or should not be done while providing assistance. Those attempting to use ComboFix on their o... Read more

2 more replies
Relevance 40.18%

MY P.C DOSENT SEEM TO FUNCTION CORRECTLY. WHEN I TYPE HELP INTO THE RUN BOX IT JUST FLASHES AND DISSAPEERS FROM THE SCREEN. ITS ALSO SLOW ON START UP IVE FIXED MY REGISTRY AND NORTON SAYS EVERYTHING IS FINE. IM AT THE END OF MY TETHER WITH THIS. ANY HELP WILL BE GREATLY APPRICIATED.

Answer:HELP... THINK I HAVE AN UNDETECTABLE VIRUS

and I don't think I have a virus.Why are you typing help in the run box? why not click on help and support? (assuming you are using XP)

9 more replies
Relevance 40.18%
Question: Undetectable virus

Followed procedures published here to help others with no luck.  All the tools report no problem in Safe Mode (AFAIK) but back in normal mode ctl-alt-esc doesn't work and windows explorer and browsers won't start.
 
Can anyone help?
 
Thanks.

More replies
Relevance 40.18%
Question: Undetectable Virus

Hello!

I hope this is the space to post saved scan logs! I was redirected to Major Geeks (and particularily the Hijack This program) from Doug at allexperts.com to help me ail my laptop woes!

I went through the READ & RUN ME FIRST guide before running HJT and have attached the scan logs for BitDefender, PandaActiveScan and GetRunKey in this thread. I'll attach the logs for ShowNew and HJT in a thread below.

I ran CounterSpy, but couldn't exactly find the save log prompt, so I opted to delete the spyware files instead (I hope this isn't going to put points against me!). The questioning files were from Messenger Live Plus. I removed the program earlier after reading your site!

Anyway, I hope you can give me some advice of what to do with my poor, diseased laptop! It's less than a year old

Thanks in advance,
Marina
 

Answer:Undetectable Virus

The scan logs for ShowNew and HJT.
 

4 more replies
Relevance 40.18%

Somebody said that the were told by TD Bank technical support, their account was compromised, and who ever tried to get in knew the login and passwork but not the security questions. TD Bank support also said that the only way to get rid of the worm was to wipe the HD and reinstall the OS. That no anti-virus/malware program would be able to detect it and therefore clean the PC. The support person is some sort of top security officer in the North American HQ. The person with the 'infected' PC has run anti malware and anti virus s/w but nothing was found. Is it true that there are worms/viruses that can't be detected at all, even with the best anti s/w? I think TD is just covering there butt with a standard response. Thx in advance.

Answer:are there undetectable worms?

Unless this person examined the PC he doesn't know what type of malware is on the PC, he's just guessing. As for undetectable worms, I don't know if they exist but there are security companies and hackers who continuously work on creating harder to detect rootkits. Check out the link below.

http://arstechnica.com/tech-policy/news/2011/02/black-ops-how-hbgary-wrote-backdoors-and-rootkits-for-the-government.ars/2

3 more replies
Relevance 40.18%

What I know about my computer:
INSPIRON E1505 Notebook, I6400
Genuine Intel CPU, T2300 @ 1.66GHz,
980 MHz, 0.99 GB of RAM
Windows XP, Version 5.1, Version 2002
Hard Drive Capacity 68.44GB
Hard Drive Free Space 48.30GB


From what I can recall, the problems started a couple months ago after I had downloaded Sonic Stage. The first couple songs were fine and then a couple weeks later when I downloaded another, the song played terribly. It sounded like a radio station that wasn't coming in very well or a CD that skips. After that I began noticing my computer running extremely slow, especially during start-up and also all audio was now sounding terrible. I also had this blue screen come up on my computer that said a lot of things I didn't understand but I do remember it saying something about checking my drivers and any recently downloaded programs and something refering to a physical memory dump. This actually happened a couple times. There were no "reboot" options or anything on this screen and I couldn't use ctrl,alt,delete to reboot either. I had to force the power off and then start back up.

Note: I have not had any trouble with my internet.

After that happened, I downloaded Norton Anti-virus and ran a full scan.... nothing. Then I uninstalled Sonic Stage, a yahoo game and some other little something that I had believed to have been installed around the time the problems began and up to this point. I ran a disk defrag and ... Read more

Answer:Undetectable Spyware??

Hi tracylynnsikes!
Welcome to Major Geeks!

You may have had trouible attaching the logs if you tried t attach MGTools.exe. It's the wrong one. Right next to it directly under C:\ (or wherever your operating system is) there should be a file called MGlogs.zip. That is the one we want you to attach. Please try again. You have a lot of toolbars which may need removing and your computer may be infected with more than cookies, but we need the zipped set of logs to be able to give you more information. Look for this and attach it:

C:\MGTools.zip

abri
 

1 more replies
Relevance 40.18%

Hello, and thank you for taking the time to read and acknowledge my topic. I've been having some weird issues lately, and even though I'm 99.9% sure I'm infected with a virus, no Anti-Virus/Anti-Malware software has given me any evidence. It all started after I noticed that my system font had randomly changed. I had changed my monitor resolution from its native 1024x768 resolution to 800x600, and started to play Minecraft, but in the game was only when I noticed the font on Window titles, the clock, etc. had changed. I even changed back to my native resolution and still found the wierd font there. I made a system restore and the font went back to normal. I also was in the middle of modding one of my games, when i noticed one of the files had been deleted. Microsoft Outlook would randomly open. I don't know whether or not this is relevant to my supposed virus problem, but anything weird I took into consideration. MalwareBytes would randomly block completely different outgoing IP Addresses when Firefox wasn't open. One of which was 85.17.184.22. However, now the major problem I've been getting is major performance drops. Start-ups take longer. Programs take longer to open. Games have constant stuttering issues and take 3x the amount of time to start-up. I'll notice that my cursor lags behind. I received a notification from Yahoo! Mail stating that my account was logged in by an IP Address located in Slovakia. I have tried multiple programs/Anti-V... Read more

Answer:Please Help! Undetectable Virus??

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465720 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

38 more replies
Relevance 40.18%

Hi, i got a creative blaster audigy SE soundcard. when i fit it into a PCI slot, screwed it in place, restarted my computer, it did not detect any new hardware installed. i even tried using the cd that was provided to detect and soundcard but nothing seemed to work. i've even gone to add new hardware in the control panel but still no luck... any advice? thanks.
 

Answer:Undetectable soundcard

make sure the card is seated in the slot, or try a different pci slot. If that doesn't work I would guess the card is bad. If you had another computer you could try it there
 

3 more replies
Relevance 40.18%

hi there i really need help with hjt i've scanned with it but dont know which files to delete please help . .my computer has been lagging for the past week dont know wahts wrong with i've run norton,msspyware,registry cleaner,and all have detected nothing but i know some things wrong so hjt is my last chance thanks . .
 

Answer:undetectable problem need help bad . . .

Per Chaslang: Please follow forum guidelines and read the stickies.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus RemovalMake sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
 

1 more replies
Relevance 40.18%

Hi all, Not sure whether I should post this here or over in Vodafone's forums, so have done both! Here's the problem; I have a user who use's Vodafone's 3G service to work remotely. He has an Lenovo T60 with an embedded 3G sim card (located behind the battery pack). Anyway upto last week the 3G card was working fine and then just stopped without warning. Now I can't seem to re-initialise the card. I'vew tried installing new drivers (for the record it's a Sierra Wireless MC8755 card) and the latest version of Vodafone mobile connect - yet I all I get in terms of an error message is that the card isn't switched on. Which isn't very helpful. I've googled the problem and to be honest a lot of the answers weren't relevant to my problem, so really don't know where else to go with this. The only time I've encountered a problem like this I managed to resolve by taking the sim card out of the sim port and using a card bus int he PCMCIA port, but I don't have a spare card bus this time. As always any help or advice provided will be greatly appreicated. Cheers!Message Edited by London_exile on 09-10-2008 01:23 AM

More replies
Relevance 40.18%

Each time I would connect a USB device it would pop up with options to do something with it.
So I figured I would turn it off because I didn't want the menus to constantly keep popping up every time I connect a USB device, but now it's not detecting the devices period.
I didn't think it would not detect the USB devices at all; the menu that pops up to prompt you to either, burn CD, open folder etc. that menu.
Does anybody know how I can re-enable the ability to use the USB devices when connected without the popup, but also without deeming them unusable either?

Answer:USB devices undetectable

Once you get the pop up, you tell it what to do, then it doesn`t keep asking you everytime.

In the case of a usb stick, for example, it would just open it up.

Windows is supposed to do that, disabling it is just foolish.

Just reverse whatever it is you did to stop the pop up.

Should be this option here.

4 more replies
Relevance 40.18%

I have altogether 3 partitions in a 160Gb SATA HD, one of them is for windows and software; another one is for some backup data and documents; while the last one is remain unformatted.

The situation is that my computer was "hanged" just when I have started up and opening the internet explorer. I Hard-Reset it and the next moment, I was told that there was a "Bad File Record Signature" on my "E Drive", my data drive. I can't reach it with Partition Magic or in DOS. It was formatted in NTFS.

I just want to know if there are any means for me to retrieve the data inside this missing partition, cause I haven't got any backup. Please Help... I am so desperate as it is the 2nd time within the past 3 months that I lost all my data, and I paid a lot of effort in re-organizing it. Please......

devilian from Hong Kong.
 

Answer:One of my 3 Partitions become undetectable

Can anyone help?
 

2 more replies
Relevance 40.18%

I KNOW I have some spyware on my computer, because I'm getting pop-ups when I'm on a site I know doesn't have any. However, neither Ad-Aware nor SS&D can detect it even with the latest updates. Maybe it's somwhere in the Hijack log:

Logfile of HijackThis v1.97.5
Scan saved at 5:45:30 PM, on 11/21/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\SK9910DM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\WScript.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?id=2
R1 - HKCU\S... Read more

Answer:Undetectable Spyware....Please Help!

fix this with hijackthis
O4 - Global Startup: Search.vbs

then find & delete the Search.vbs file itself

unless it's a script you have installed yourself & know about and are running it for a purpose
 

2 more replies
Relevance 40.18%

Anyone wanna take a crack at it?

<Link Removed>

mY shit got infected. meanwhile i'm open to suggestions.

right click - save as. DO NOT LEFT CLICK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Help would be appreciated but not required.
 

Answer:undetectable trojan

It would be best if you submitted this file to antivirus vendors.
 

4 more replies
Relevance 40.18%

It seems as though this system is infected with one or more viruses. At start up, it takes five minutes from logging in to view the desktop. Clicking icons on desktop have a 30 second wait before it's responsive. When executing control, alt, delete, the task manager tab performance showcases a fluctuation that grows from 26-100% dramatically. Programs lag and browsers are unresponsive most times. The highjackthis files are below. Any help would be appreciated since AVG Free and TrojanHunter cannot detect any viruses.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Erica at 17:18:22.69 on Sun 03/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.707 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Norton AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~... Read more

Answer:100% CPU - Undetectable Virus

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may tak... Read more

2 more replies
Relevance 40.18%

Good day!

I'm having trouble with a bunch of popups that won't stop appearing when I connect to the internet. They are Internet Explorer popups and 2 of them appear whenever I load Firefox after connecting to the 'net.

Adware and Spybot can't detect them even after the recent updates and being under safe mode. Even running Panda Anti-Rootkit won't kill them.

The log starts below. Thanks for reading.


Logfile of HijackThis v1.99.1
Scan saved at 3:23:29 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG Free\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG Free\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG Free\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
D:\Utility Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Unqiue Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Impact Softwa... Read more

Answer:Undetectable Popups

BUMP pls.

14 more replies
Relevance 40.18%

I'm having the biggest problem, and it all started last night. I hope someone knows what this is and can help. I saw a previous post and this is exactly what all of the messages said. They appear from a balloon that pops open from a constantly blinking yellow triangle with a black exclamation point in my notification area, next to my volume controls and clock. The messages that appear are as follows:

---------------------
Security Alert: [email protected]

Type: Virus/Network Worm
Damage Level: High
Description: Virus that infects executable files.
Recommendation: Delete/quarantine immediately
Protection: Click this ballon to download certified Antivirus software
---------------------
System performance monitor: Warning

Summary:
System performance slowed down by: 47%
Internet connection speed decreased by: 39%
Probable reason:
Spyware applications / Adware popup windows
Click this balloon to download spyware scan tool to remove spyware/adware applications.
---------------------
Security Alert: Spyware found

Your computer is infected with last versions of PSW.x-Vir trojan. PSW trojan steals your privat information such as:
passwords, IP-adresses, credit card information, registration details, documents, etc.
Click this baloon to remove PSW.x-Vir spyware.
---------------------
System Alert: [email protected]

Type: Spyware/Trojan
Vulnerable: Windows95/98/ME/NT/2003/Windows XP
Description: Spyware program that sends confidential information to a remote attacker... Read more

Answer:HELP - undetectable virus ?

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

3 more replies
Relevance 40.18%
Question: Undetectable virus

Hey there guys, I was wondering if I could get a hand with this little problem I've been having with a PC running Windows XP SP3.

It appears to be infected with a virus, but I can't get anything to detect it.

I've tried running Malware Bytes, Trend Micro's Housecall, McAfee, and the Windows Malicious Software Removal Tool, as well as the Microsoft Security Essentials scanner. Malware Bytes detected and removed a few things, but since then, nothing more has been detected but I know it's still infected... IE is redirecting links any time I try to do any google searches or visit certain web pages.

Here is a Hijack This log, I'm not quite sure what to make of it or what I need to remove/fix; any help you guys could offer would be greatly appreciated:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:37 PM, on 4/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\V... Read more

Answer:Undetectable virus

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool. It is not detailed enough for today's infections.

That said, it has shown some issues.

First...

Download HostsXpert.Unzip HostsXpert to it's own folder.
Run HostsXpert.exe
Click "Make Writable?" in the upper left corner.
Click "Restore MS Hosts file" and then click OK.
Close HostsXpert.
Note: If a custom Hosts file was in place, you'll have to edit those entries back in.

Next....

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

11 more replies
Relevance 40.18%

My system is infected and it couldn't be detected by scanning with Avast, AVG, Microsoft malicious software removal, Ad aware.I can't open Internet Explorer, cant download updates from microsoft, when searching in google it redirects me to some crappy sites.I've seen instructions in another postand here is log file created with Hijackthis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:33:02 AM, on 28/06/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\drivers\KodakCCS.exec:\Program Files\Common Files\Protexis\License Service\PsiService_2.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Analog Devices\Cor... Read more

Answer:infection undetectable

I've just found some great instructions from JabuckI should have read this section firstcheers

5 more replies
Relevance 40.18%

Hey, I contracted a virus onto my computer. One of the first things I went through was having an annoying little search bar called "SearchBAR" at the bottom of my screen, along with some pop-ups (I have a pop-up blocker, but for some reason the virus allowed them to go past it). Now, I used the latest most updated versions of SpyBot and Ad-aware, which took care of most of problem. Only, I'm still getting these pop-ups every once in a while. And they're not pop-ups coming from the site I'm at, either; they're being sent to me by some small, hidden adware. The only thing is, I can't find it, and neither can SpyBot or Adaware. Here are the processes my computer is currently running, if you see anything that rings a bell, let me know(additionally, my internet seems to be running slower since the virus):

taskmgr.exe
IEXPLORE.EXE
SysAI.exe
wuauclt.exe
mnm2mdxx.exe
tgcmd.exe
ezSP_Px.ede
HKServ.exe
atiptaxx.exe
Apoint.exe
carpserv.exe
explorer.exe
aim.exe
IEHost.EXE
AsgUbohB.exe
AutoUpdate.exe
khost.exe
ati2evxx.exe
spoolsv.exe
svchost.exe
ApntEx.exe
Isass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
PersTray.exe
HKWnd.exe
Reminder.exe
 

Answer:undetectable virus?

Hi RegularGuy

Welcome to TSG!

Please do this. Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.

*Note: When you download Hijack This Do Not download it to a temp folder or to the desktop. Create a permanent folder somewhere like in My Documents and name it Hijack This and put it in that folder.
 

3 more replies
Relevance 40.18%
Question: Undetectable Virus

Okay, where to begin? My system is infected with a seemingly invincible trojan/rootkit/virus. My symptoms include:

My browser is hijacked to that whenever I use any searches the links are hijacked and I'm sent to different pages.

iexplore.exe is consistently running and taking up huge amounts of memory despite Internet Explorer not running.

Initially started with a bad link that gave me the "your computer is infected buy our shady product to fix it" along with a million popups that are typical of an infection.

Now, this is where I think it gets tricky. I'm not a computer novice or anything and I have run the following to attempt to clean my system: Malawarebytes, Norton 360 6 beta antivirus, Norton Power Eraser, AVG rootkit, AVG antivirus, and Spyware Doctor. I've tried them all in normal, safe mode, and safe mode with networking and NONE OF THEM ARE DETECTING THE MAIN PROBLEM and only detecting stuff thats coming from this infection. I've also gone into my host/driver settings to make sure no additional sites have been added and made sure that whatever it is isn't messing with my proxy settings.

I'm at a real loss as to what else I can do. Why isn't this thing detectable? It's clearly there.

Also, the only way I can get the redirecting to stop is to go maximum security and disable all activeX controls but then nothing works. It also started causing Microsoft Silverlight to crash in all of my browers when trying to view NetF... Read more

Answer:Undetectable Virus

can you post the logs from your scans?

4 more replies
Relevance 39.77%

I have a combo USB/Firewire H/Disk enclosure. Using the USB interface, the My Computer is able to detect the Mass Storage. However, when I use Firewire, no Mass Storage detected.

The Device Manager show the NEC OHCI IEEE 1934 Controller working. What is wrong?
 

Answer:Harddisk enclosure undetectable

Why do you even want to use the firewire port? Standard firewire is slower then USB 2.0. Unless of course you still have USB 1.1.

At any rate it most likely is some sort of driver issue. Did the HD enclosure come with a CD? If so some drivers you need to make the firewire connection work are most likely on the CD.
 

2 more replies
Relevance 39.77%

Thanks to anyone who decides to help. I was surfing the web one day, and out of nowhere, google links start taking me to random search engines, and I could not use google for anything. Then, a little later, any links started to route to random search engines, and some pages did not appear at all, with a Page Load Error.

So, I decided to investigate. After some searching of the symptons (with what limited mobility I had), I decided to run malwarebytes, as it turned out, from what the good people on blogs described as a DNSchanger trojan. Sure enough, malwarebytes reported 2 or 3 of them, so I quarentined and removed them, hoping to move on.

Normally, after a succesful spy/mal-ware removal there's a feeling of happiness, but not for me. I load up firefox after rebooting and get a Page Load Error on google. I refresh, check other websites, use the browser search bar. Same thing happens each time. I load up IE, and again, Page Load Error, on every website imaginable. What happened? I thought I got rid of DNSchanger. So, I run malwarebytes again, and to my surprise, nothing is detected. I thought for sure maybe it popped up again, but no dice.

Did it remove a needed component for internet connecting? Did it permenantly mess up my DNS? Well, here I am, on a laptop switching files over with a flash drive to post the logs. Please help, as I need my computer for web browsing, as I have a project to do in school. In the meanwhile I can use the laptop, but sparsely. Reformatting... Read more

Answer:DNSchanger - undetectable or serious DNS problem?

Bumping this thread, really need internet on my computer.
 

1 more replies
Relevance 39.77%

I have a Dell XPS Studio with a 500gb hard drive that I created a system image for. I used windows Backup and Restore to create the image. I renamed the image "DesktopImageStable" so that I know what is what since I have more than one pc. The image is stored in a usb external hdd.

I recently partitioned my external and I created a bootable partition using XBoot. This partition has some utilities like Hiren and Active Boot Disc. I also loaded on there the Windows Repair Disc .iso so that I can easily image my computers in case I needed to. As I was testing my new bootable partition, I was able to boot into the repair disc and go through the steps. Only problem is once I got to the page where you're suppose to see the system image(s) nothing was there. No matter how many times I hit refresh no images were available. I tried clicking on "Install Device Driver" and I was actually able to browse my connected external hard drive (which I booted from) as well as the second partition of the same drive where I have the image stored. I could see the image just fine as well as browse through all its content; yet it wouldn't load as an image to image from.

Just to be sure there wasn't something wrong with my drive, I tried it on my windows 8 laptop and same thing...undetected image when clearly they are right there on the drive. I even tried loading an image from the control panel "Backup and Restore" without actually booting into anything... Read more

Answer:Undetectable System Images

You can't change the name of your System Image made by Windows 7. Now if you were using something like Acronis True Image you could add words before the backup was made. I do this with Acronis and use no spaces. (not sure about the spaces part) If you change the name on most files they quit working. All though I'm no expert on that.
 

1 more replies
Relevance 39.77%

For a while now I've been battling a recurring virus that when active knocks out my internet connection.  No web browsing, no email, no remote access - but LAN access is unaffected.  I've run several scanners - ESET, MBAM, Emsisoft - and nothing is found.  The only thing that fixes it is Combofix - but after a week or two, the problem returns. Sometimes there's an .exe in quarantine and other times a tcpip.reg in quarantine. I've run TDSS Killer and MBR Check and no rootkits are found.  I'm hoping you can identify the type of infection and possible sources of reinfection.  Attached is a combofix log of the most recent removal.  Thanks in advance for your assistance.ComboFix 14-09-09.01 - rpugach 09/09/2014 18:30:09.7.4 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8136.5612 [GMT -7:00]Running from: \\PCU-SERVER\TechTools\CF\ComboFix.exeAV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}AV: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}SP: ESET Endpoint Antivirus 5.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\Installer\{849C5961-C4EB-471F-A360-F9D78BFBD1DA}\pnaico.exe.20FBB... Read more

Answer:Undetectable recurring virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/547574 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

26 more replies
Relevance 39.77%

Hey guys. I need help. Have been running NOD32 (legal copy) and it expired. Found new OEM version for 1/2 renewal charge so I ordered. Anyway, a/v was still working but not updating files after it expired. I figured I would run Malware, as it had been a while. When I would click on it, it would not run. I deleted and re-d/l and installed, but still same thing. NOD32 has shown absolutely nothing toward a virus or worm since all this started.

To make a longer story short, tried to install new NOD32, but it will not update. Files from dvd were dated from March of 08. Malware still will not run or update. I have tried doing Windows Update and it goes to a google search page. It is like anything that I try to run from an a/v or malware or security standpoint, will not work. Even when I try to go to eset's website, it says page can't be found. Tried to log into paypal account and it was saying my account was limited. It had a page that opened wanting to verify info. I quickly noticed it was only http and not https so I didn't do it. Tried eset's site with son's laptop and it loaded right up. Went to my paypal account on his laptop and it went straight thru and was https.

I have tried all this in safe mode and still same thing. Tried to d/l free a/v programs but they won't run either. Any other ideas short of reinstalling? I am at a loss of what to try next. Thanks.
 

Answer:Need Help with Undetectable Virus/Worm

Go to device manager, under View select show hidden devices, under non plug and play drivers look for something called tdsserv and disable it. Now try running Malwarebytes (you can also rename mbam.exe to somethng else)
 

2 more replies