Computer Support Forum

infected Fake anti-virus program, program entitled ‘aaa’

Question: infected Fake anti-virus program, program entitled ‘aaa’

I have an infection of a fake anti-virus program that is constantly creating pop-ups. It has placed Trojans (which McAfee/Malwarebytes intermittently cleans). It has blocked access to internet (I am currently able to access internet in safe-mode after running Malwarebytes). There is a program in my installed program list entitled ?aaa? by company ?bbb?, I am not able to uninstall this program.

I would greatly appreciate assistance with this problem as it is rather worrying. I will endeavour to keep my internet access open so I can be here when you are available to help me.
Thank-you to bleepingcomputer for the guidance in posting,
hchicken
DDS log:
DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Owner at 23:36:28.88 on Fri 18/02/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.61.1033.18.3069.1599 [GMT 10.5:30]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/webhp?hl=en
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
mURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101130192027.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\tbBitT.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [BitTorrent DNA] "c:\users\owner\program files\dna\btdna.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus CX5900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibip.exe /fu "c:\windows\temp\E_SE011.tmp" /EF "HKCU"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,[email protected]
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Wrapper] runonce
mRunOnce: [GrpConv] grpconv -o
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://msnau.oberon-media.com/online2/MSN_INTL_AUSTRALIA/chainz_2/mjolauncher.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\x2v642oh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\x2v642oh.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\x2v642oh.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\program files\dna\plugins\npbtdna.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-7-28 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-7-28 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-7-28 164840]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-7-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-7-28 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-7-28 313288]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-28 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-12-21 217088]
S2 gupdate1c9e4af9b2bfae;Google Update Service (gupdate1c9e4af9b2bfae);c:\program files\google\update\GoogleUpdate.exe [2009-6-4 133104]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-7-28 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-7-28 171168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-7-28 55840]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-12-21 36640]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-20 30192]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-7-28 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-7-28 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-7-28 84264]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-12-22 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-12-22 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-12-22 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-12-22 100224]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-18 12:35:24 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-02-18 12:30:29 -------- d-----w- c:\windows\system32\ShellExt
2011-02-18 11:30:40 -------- d-----w- c:\program files\Zone Labs
2011-02-18 11:30:40 -------- d-----w- c:\progra~2\CheckPoint
2011-02-18 11:30:08 -------- d-----w- c:\windows\Internet Logs
2011-02-18 10:14:20 54016 ----a-w- c:\windows\system32\drivers\olcw.sys
2011-02-16 11:55:34 8179200 --sha-r- c:\progra~2\TunesHelper.exe
2011-02-16 11:55:34 335872 --sha-r- c:\users\owner\appdata\roaming\VolPanel.exe
2011-02-16 11:55:34 331776 --sha-r- c:\users\owner\appdata\roaming\Readar_sl.exe
2011-02-15 06:37:19 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2cf61b58-1be9-49b9-9f24-573882702a5f}\mpengine.dll

==================== Find3M ====================

2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-11-29 07:08:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 07:08:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 23:37:12.20 ===============

Relevance 100%
Preferred Solution: infected Fake anti-virus program, program entitled ‘aaa’

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: infected Fake anti-virus program, program entitled ‘aaa’

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan again:Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREWe also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.Please first disable any CD emulation programs using the steps found in this topic:Why we request you disable CD Emulation when receiving Malware Removal AdviceThen create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:How to create a GMER logThanks and again sorry for the delay.

3 more replies
Relevance 85.84%

Hello,

My computer runs a windows 32 bit with xp, and while browsing the internet with firefox every window/tab shut down unexpectedly, and a windows anti virus popped up telling me I was infected with all sorts of viruses and trojans, etc. I could not get on the internet because it was disabled by the "antivirus" and when I tried to check my windows security it was blocked as well. My Avast scanned and found nothing. The program simply asks me to purchase software to remove all the other viruses. I am currently using a friend's computer and cannot use mine to get on the internet.

When I did a quick google search, I found something on this website the iexplore.exe which I downloaded on someone else's computer and installed on the desktop of the infected computer using an external hard drive (slightly worried that hard drive now has infected files on it). But the "antivirus" keeps blocking it, or something, because I cannot run that program at all.

I don't know what to do. Can you all help?

Answer:Infected with fake anti-virus program

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

3 more replies
Relevance 104.14%

When I turned on my computer this morning my computer was being attacked by a serious virus, something called Defence Security or Defence Center was attacking my computer and was posting porn advertisements on my desktop

My real Anti-Virus (Shaw Secure) deleted the virus and I rebooted my computer but now there seems to be some sort of aftermath of this virus not letting me access my computer's programs everything has been changed! When I click a program theres a pop up that says "Please select a program to open with this file"

I would open screen shots but it won't let me open paint.

Answer:Fake Anti-Virus Program!

I can't download any programs to my desktop because then they become corrupt PLEASE SOMEONE HELP ME :(

I might consider reformatting

1 more replies
Relevance 104.14%

My university recently began requiring everyone on the network to run an anti-virus program, which is verified by a cisco application when a user attempts to open a web browser. What's annoying is that I'm living in on-campus housing, so university internet is MY internet at home.

I can't stand anti-virus programs, I've never ran them, and I've been virus free for 10+ years. It really bugs me that my university is forcing software upon us. Is there any way to modify the registry or w/e so that my computer shows that I am running an anti-virus program without actually running one? Thanks hardocp peepz T_T
 

Answer:Can I fake having an anti-virus program?

Just get clamwin. It is so lightweight you won't even notice it.

http://www.clamwin.com/
 

60 more replies
Relevance 104.14%

My computer has recently been affected by a virus that is disguised as an antivirus program called security shield. It's telling me I have 33 virus and I should sign up for security shield to help clean them out. I currently have Kaspersky antivirus. What do o need to do to get rid of this pesky virus?Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

Answer:Fake anti-virus program

Take a look here: Remove Security Shield or SecurityShield (Uninstall Guide)

1 more replies
Relevance 104.14%

Hi, thank you orange blossom for giving me instructions on how to proceed.l The infection is an anti-virus trojan. It comes up with a dialogue saying:"Resident shield alert""multiple threats detected" there will be several infections listed in the dialogue, and when I closed it it would still pop up later. I first ran malware bytes and it found some infections but it still didn't get rid of it. I searched on the net for different removal instructions and followed some of the suggestions such as using msconfig. I then rebooted in safe mode and ranmalware bytes again. I deleted some of the suspicious programs in the windows directory, and did some work in the registry to get rid of any keys that dealt with some of the names I found that were suspicious. malware bytes found some more infections and I thought I was good but when I rebooted in normal mode, the virus still came up. I ran AVG this time and it found multiple infections, but they were in programs I use such as AVG, and some other programs that are on my toolbar, such as my tomtom software and qtask. that is when I made my post.after following the preperation guide I downloaded the 2 programs and here is what happened.1. DDS worked fine and I got the logs2. GMER came up with several problems right away and said there may be a rootkit. when I did a scan, I got about 20-25 listed in the dialogue, but after awhile I came back and I got the blue screen of death. I rebooted my comput... Read more

Answer:fake (AVG?) anti-virus program

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

26 more replies
Relevance 104.14%

Hi,

I got a anti-virus trojan on my computer the other day. it is the one that says:

"Resident shield alert"
"multiple threats detected"

it resembles the AVG dialogue. I spent the last day and a half going through various removal techniques from websites I went to. I thought I got rid of it but it is back up. I want to use combofix but I keep seeing that I should have somebody here guiding me. I am not a novice and I understand processes, the registry and various other ways a virus can infect a computer, but I am not an exert like you guys. If there is maybe another post on this site that you could redirect me to or if somebody is willing to guide me through this I would much appreciate it. all I got to say is thank God for this website because I have been helped out a couple of times already. thanks in advance

Answer:fake anti virus program

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 104.14%

I awoke this morning in horror as I found multiple internet sites open displaying Porn and a fake windows security message that keeps popping up. I constantly catch my brother looking at porn, and he also keeps download p2p file sharing programs such as; limewire or frostwire. I blocked most of the access to limewire, and he downloads frostwire, I have to uninstall those programs once a week.. I can't do a system restore or open any legit Anti Virus Programs. When I try to it says that the application can't be executed, that the .exe file is infected and asks if I want to activate my anti virus protection now. I'm operating from a cheap ~300$ emachine that we've had for a little over one year. Any help is greatly appreciated before this virus gets out of hand.Edit* I have not tried accessing the system restore or any Anti-Virus programs in safe mode yet as I am in a hurry to get to school and I don't have the time at the moment.EDIT: Moved from Vista to more appropriate Am I Infected forum ~ Hamluis.

Answer:Fake Anti-Virus Program

I downloaded RKill and eliminated most of the malware.. Absolutely amazing product Bleeping Computer!
2nd time running RKill after a reboot:
C:\Users\darcie\AppData\Local\asam.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
c:\Users\darcie\Downloads\rkill.com

1 more replies
Relevance 103.32%

I've read some of the threads about fake anti virus infections, but couldn't find any reference to "dqwqpbutssd.exe" which seems to be the cause of my infection. I would appreciate an expert's view on my experiences:
First, this is an "inherited" machine running XP Home so I'm uncertain of it's use/maintenance history.
Got the little green icon in the sys tray and constant pop ups about infections + couldn't remove any programs or run any anti virus/clean up tools.
In safe mode, I could run Malwarebytes, (but the file definitions were 2 years old and couldn't connect to update), couldn't download spybot or any other tools. AVG was up to date but found nothing.
I did notice in processes running an exe file called "dqwqpbutssd.exe". No results from google so I stopped it. When I rebooted in normal mode, the little icon disappeared, no more pop ups/warnings.and normal operation resumed fine.
I then got spybot and ran it and it identified a few problems, including the "dqwqpbutssd.exe" file and some associated "antivirus" references.
All under fraud.sysguard:
the dq exe file
5 registry keys-all with "avsoft" or "avsuite" referenced

Removed all of them.

Knowing these things are not usually that easy to defeat, my question is what else should I do? I'll post an hjt log if it would be helpful.
 

Answer:Fake anti virus program dqwqpbutssd.exe

9 more replies
Relevance 103.32%

My computer (it has Windows 2000...so I couldn't find where I could do a system restore which would be the quick fix) just got this fake virus alert and spyware program on it. My homepage in internet explorer is now set to //www.systemuptodate.net/ I think the file called: C:WINNT/system32/shdoclc.dll/navcancl.htm or something like that is the bad file but I couldn't find it to delete it on HJT.Here's my HJT:Logfile of HijackThis v1.99.1Scan saved at 9:39:40 AM, on 6/3/2006Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\acs.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\Ati2evxx.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\hidserv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\Atiptaxx.exeC:\Program Files\Common Files\AOL\1133407375\ee\AOLSoftware.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINNT\System32\de081d1d.exeC:\Program Files\Internet Explorer&#... Read more

Answer:Fake Anti-spyware/virus Program

Hi debbie703 and Welcome to the Bleeping Computer!Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts.You will be asked to reboot your computer; please do so.Your system may take longer than usual to load; this is normal.Once the desktop loads a text file will open report.txt,please save this report.Let the System reboot Normal once,then Reboot into SAFE MODE(Tap F8 when restarting)http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namAfter restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:http://www.bleepingcomputer.com/tutorials/...62.html#win2000Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yetO2 - BHO: Nothing - {6ab7158... Read more

3 more replies
Relevance 103.32%

A fake anti-virus program keeps trying to install itself onto my computer. I am not very knowledgeable about computers, but I know this has to be a fake. Right now I keep getting the same alert in the middle of my screen that says my firewall has blocked suspicious software. Name: Virus.Win32.Hala.a, but between the three options provided (keep blocking, unblock, and enable protection) only 'enable protection' can be selected. When I click on this, something called 'system protection' pops up and starts installing, and though I will cancel it, it keeps coming back up. It looks alot like the 'anti-spy 2009 software' I saw mentioned when I clicked on the home tab for 'bleepingcomputer', but slightly different.
Here are the reports requested, and any help or information on stopping this would be greatly appreciated. Thank you.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/2/2008 9:19:04 AM
System Uptime: 9/6/2009 12:38:25 PM (2 hours ago)

Motherboard: Gateway | |
Processor: Intel® Celeron® M CPU 420 @ 1.60GHz | uFCPGA2 | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 64.724 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ======... Read more

Answer:Fake anti-virus program keeps trying to install

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 103.32%

Hi,

Yesterday, while I was surfing the internet, I suddenly got a random popup on my computer (not from my browser) that said I was infected with malware. It was definitely a fake anti-virus program. It slowed down my computer and wouldn't let me open task manager or MalwareBytes or any other program for that matter. Each time I tried to run an application of some sort, it would either close it immediately or the program would just not open, and then a small rectangular message would pop up from the fake anti-virus program icon (at the bottom right corner of the screen), saying something along the lines of "I was infected, and that I have to scan right now." When I clicked on the icon, it would open the interface of the fake anti-virus program, which had buttons to "activate it." This clearly was a fake, and I, of course, did not click the activate button. I was able to at least open my start menu, where I was able to go into safe mode. Once in safe mode, I ran a seriously out of date version of MalwareBytes. It found one item - Trojan.Dropper. I quarantined it and then rebooted and logged into normal mode. The fake anti-virus program was still there, still asking to "activate now." Then, as a desperation move, I went into safe mode again and did a system restore to March 15.

After the automatic reboot (that occurs during system restore), I logged in normally and the fake anti-virus program was gone. I then updated MalwareBytes and ran a sc... Read more

Answer:Fake Anti-Virus program popped up

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

14 more replies
Relevance 103.32%

Please review hijack log.
Thank you very much!
 

Answer:Fake Anti-Virus Program on Computer

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

9 more replies
Relevance 102.09%

Good evening,

I have another computer that has been hit by one of the Fake Anti-Virus trojans. I am running Windows XP Home SP3. I was unable to access anything on the computer so I rebooted into safe mode. I was able to perform all your tasks from there. Everything seems to be running a lot better and the virus seems to be gone. However, Can you please take a look at the logs and let me know if I have missed anything? I am sure i did.

Thank you for all your help.

Mitch
 

Answer:Fake Anti-virus program disabling computer

Remaining logs.
 

2 more replies
Relevance 100.86%

Hello,Like another user here, I have just been hit with a brand new version of the X security 2011 fake antivirus program. This new version:1) Kills all versions of Rkill. It will run Rkill.scr but stops it giving a fake completion message. Rkill creates an error in the CMD screen but will not save a log file. The log.txt screen that appears when RKILL 'finishes' shows no processes stopped.2) It kills Fire fox 3.6x and internet explorer dead. No access whatsoever. If you click on the virus program, it will try to launch internet explorer internally but it cannot be launched any other way. (I tried this is safe mode, so it could not connect.)3) Blocks Roguehunter and Spyhunter from launching (along with malware and Rkill) even in safe mode.4) Blocks OTL.exe. Won't launch at all. (Sorry, I can't give you a log.)It does:1) Launch a process called WXT.exe whenever it is trying to validate a program. This process jumps all over the Task manager screen so as to be hard to stop.2) Takes over the SAFE MODE as well as a normal boot. RKILL nor any of the mentioned programs cannot be launched from here either.I am using a p4 32 bit window XP machine. I have an original copy of windows. I will try to provide any other information I can but this one is a bad one and it has greatly limited me in what i can do.I believe it's check the file structure of Rkill in some way so renaming the file will no longer work. Is there yet another version?I know this informati... Read more

Answer:New version of 'xp security 2011' fake anti virus program

April 14thI found this on Microsoft's site.This is another example of the increasing sophistication of this type of malware. FakeRean has also introduced another way of ensuring it is automatically started. It modifies the registry to associate .exe files with its own executable, so the rogue is run whenever any program is launched. Unlike other rogues, such as Win32/FakeScanti, it doesn't just use this technique to block other programs from running, but if the rogue is removed without restoring the registry then .exe files can no longer be run. The EXE file extension needs to be re-associated in order to restore normal functionality. Please see our encyclopedia entry for further detail.This explains why when I removed the Fakerean, none of my programs would work. It killed the registry. Looks like my only solution to restore my programs was the system restore point.This might also explain its safe mode trick. It may have done a redirect to itself. "Seeing" the computer was being launched in safe mode, the program substituted its own.That listing was from March of 2010. It's not a stretch to imagine someone has moded the Fakerean to include the safe mode gag in the ensuing year.I hope this helps some people out there. This was a nasty one because of its registry hacks. It made all of the software you combat this sort of thing with useless.Maybe everyone already knew about this. I don't know. But hopefully this will help some others out there.S... Read more

3 more replies
Relevance 100.86%

Thank you for taking the time to review my problem. Over the past three weeks my laptop has been infected with a virus that redirects me to strange websites when i select almost any of the seach engine options. The websites i get rediected to is usually Tanziga or Yellowbook, and a few others I cant remember. The fake anti virus program acts like windows secutiry and when you attempt to access any file it will tell you something like the win32 file is corrupted.

I have tried dozens of anti virus programs (super spyware, malwarebytes, AVG, unhack me, TDSS killer CC cleaner, McAfee). They all seem to find infected files but the infections return within a couple of days. Clearly i am not getting to the core issue.

Thank you in advance for any help.

Please see below logs and attachments:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Santoro at 17:56:20.94 on Tue 01/25/2011
Internet Explorer: 8.0.6001.18999
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1982.840 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32... Read more

Answer:Search engine redirect/fake anti virus program

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

17 more replies
Relevance 100.86%

Been battling my daughters laptop for a while.
Doing read and run me first when I could get the machine to respond at all.
I think it may be clean now, logs attached.

My linksys wrt54g router got its DNS settings hijacked in the midst of all this.
I had reset it a few months ago and forgot to re-do the security settings.
I am back on opendns for DNS server now. Does the dns hijack add any extra steps? Does just turning the WEP back on and not having the default password anymore protect the router's settings?

thanks!
 

Answer:google-analytics hijacker and fake anti-virus program pop-ups

I forgot to mention... I have some older logs too.
I have always been able to correct the girls mistakes without help
so I didn't follow procedures and stop after the first time through the run me first.
 

7 more replies
Relevance 100.04%

So I opened a news article from a trusted news site yesterday and had a fake anti-virus program pop up and tell me I had many infections. I quickly shut down my computer and ran a few scans in safe mode. Some things were found and cleaned. The fake program stopped but I was experiences weird slowdowns and errors. I also could not get onto any browser besides firefox.

I ran all the scans suggested by you guys and was able to get back on explorer and opera. However, I just was hoping you guys could look at my logs because I am still experiencing some slow down.

Thanks in advance.
 

Answer:Fake Anti-virus program malware from opening news article

Here is the last log.

Thanks again.
 

6 more replies
Relevance 98.81%

My laptop, running Windows Vista, has recently been infected with some sort of fake Antivirus program. When I am on my laptop I am almost constantly bugged by popup windows saying things like "Application cannot be executed. The file werfault.exe is infected. Do you want to activate your antivirus software now?". However, the file it says is infected constanly changes so do not look to much into that. I am assuming if I were to press yes it would either fry my laptop or infect my laptop with a worse virus that only it could fix. I tried downloading Web Root but it always says a certain file could not be located which I have assumed is due to the fake antivirus blocking it from working. I am wondering how to fix this, such as is there a file or program I can download? I saw an old post about something called ComboFix but I would need someone on here to walk me through it, if that would even help me at all. Also, I have access to another computer with which I can download things onto and transfer to my laptop via USB.
 

Answer:Need Help, infected by fake virus protection program

The name of the fake antivirus software is Anitvirus Live.
 

2 more replies
Relevance 97.99%

I have gotten the Fake Anti Virus 2011,
Have followed the directions from (Bleeping Computers) web site using, RKILL, Malware Bytes and Security essentials. When i am finished my icons on the descktop were gone, (Fixed them with "properties, advanced aand unclicking hidden files" but I still have no Icons in the all programs menu in the start menu except those that i have loaded since the fix. (PSI)
any ideas?

Answer:Missing Program Icons in Start menu. All Programs after fake anti virus 2011

What else is currently wrong with the system?

Any indication that your malware problems still exist?

Louis

7 more replies
Relevance 94.71%

I am attempting to remove a very extensive virus/malware on my in-laws computer. I do not know the name of the malware but it's affect is as such: whenever going on to the internet (IE ver. 8.0.6001.18702) no matter what web address I type in I am redirected to another, not always the same, website. I have tried running thier Trend Micro Anti-virus but nothing is found, it is out of date by about a week because the malware will not let me update. I have also tried to run malwarebytes but the program never opens. It also will not let me install any other anti-malware programs.
I have run combofix on my own comupter which had pretty much the same problem and it fixed it. However I did not know I should have done it on my own, thankfully it did not harm anything.
Can you help guide me as to what I should do next?
The OS is Windows XP ME ver. 2002 SP3

More replies
Relevance 91.84%

This morning, my mom told me to look at her computer because there was something wrong with it. After an hour or so of looking at it, this is what learned:
There's an "Anti-virus" program installed on her laptop that makes claims of fake infections and attempts to lure the user into purchasing the full version of this so-called anti-virus program.

She uses AVG Free edition as her actual anti-virus. This new program (further to be called the "infection") wont allow me to open AVG.

The infection also redirects Internet Explorer to a page that says the following:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
...
Things you can do:
Get a copy of 'Win 7 Security 2011' to safguard your PC while surfing the web (RECOMMENDED)
Run a spyware, virus and malware scan
Continue surfing without any security measures (DANGEROUS)Click to expand...

Upon looking into the running processes, I found something I've never seen before. An entry called "ugg.exe" and the description of which is "Gpg4win: The GNU Privacy Guard and Tools for Windows"
When this process is ended, the taskbar popups cease and any "Win 7 Security 2011" windows close. However, an attempt to run IE or AVG restarts this process and puts us back at square one.

Trying to open the file location of the "ugg.exe" file, it brings me to the AppData\Local\ folder, however, there is no such file in that locati... Read more

Answer:"Win 7 Security 2011" Fake anti-virus program

7 more replies
Relevance 89.38%

I am running WinXP and caonracted a virus some days ago. after running malwarebytes and Avast anivirus I had some success getting back online however,all of my program files and some desktop files are missing, while the ones I can see on the desktop are very dim. Computer seems to be functioning ok to date but would like to restore completely. Thanks for your help.I am attaching the required logs below.

Answer:fake anti spyware program

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

10 more replies
Relevance 89.38%

Sady news, i found a fake program called AntiMalware GO from my old computer windows XP, but i was gave to my little sister, so i have tried remove from program Malwarebytes Anti-Malware, but they don't let me open it, it is from fake antimalware, how are they build that fake. Geez. so my old computer is very old, and seem weak, since 6 years, from my my birthday, my dad brought for me. it is completed destroy. i hate fake program.

I have a tried way other, but found this link, still don't work, Remove AntiMalware Go (Uninstall Guide)

Answer:Fake program Anti-malware

  
Quote: Originally Posted by reborn7778


Sady news, i found a fake program called AntiMalware GO from my old computer windows XP, but i was gave to my little sister, so i have tried remove from program Malwarebytes Anti-Malware, but they don't let me open it, it is from fake antimalware, how are they build that fake. Geez. so my old computer is very old, and seem weak, since 6 years, from my my birthday, my dad brought for me. it is completed destroy. i hate fake program.

I have a tried way other, but found this link, still don't work, Remove AntiMalware Go (Uninstall Guide)


Run Malwarebytes in safe mode with networking

6 more replies
Relevance 89.38%

I tried removing it with MBAM, but it only seems to have made things worse. Now the computer can't even boot up at all!It goes through the boot process, windows loading screen pops up, then an error messege comes up... saying Windows had trouble loading and it asks me to pick an option for restart. Only... my keyboard won't work when it comes up... so it stays on the 'restart normally' option and loops endlessly. I tried using a different keyboard... and it was able to access the Bios... so I know it functions... but when it goes back to the error screen it won't function. Something tells me it's the virus putting that screen up... so I believe I need a way to kill it before loading Windows. Fortunately I have this computer (although it was hit with a different virus the other day [friggen google link redirect virus] it still seems to well enough) so I can download and burn to CD any programs needed.Please help!

Answer:Fake anti malware program

Hello, please see if you can follow the steps below.I will move this thread to a more appropriate forum.Please download OTLPE (filesize 120,9 MB)When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps hereYour system should now display a REATOGO-X-PE desktop.Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.Double-click on the OTLPE icon.Ensure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start.Press Run Scan to start the scan.When finished, the file will be saved in drive C:\OTL.txtCopy this file to your USB drive if you do not have internet connection on this systemPlease post the contents of the OTL.txt file in your reply.

26 more replies
Relevance 87.33%

I am running Windows 7 Home Premium 64-bit, on an HP Pavilion LaptopI can't run DDS, HijackThis or anything else requested because of my spyware or viruses, I explain below.I ran a Malwarebytes scan last night and it only found one thing and removed it, but today I received an obviously. fake anti-spyware pop up that tells me my computer is infected. Immediately after receiving this message I was unable to open almost any program, which is why I am sending this from a library computer. Whenever I try to open a program, or when I restart the computer and a program tries to autostart, I recieve the message "Application cannot be executed. The file [file name].exe is infected. Would you like to activate your antivirus software now?" And it gives me the options Yes or No, and I click No. Also, in the bottom right corner of my screen a little box with a red banner popped up. It said, "Infiltration alert Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper, or similar. Details Attack from: 107.12.104.227, Port 38455 Attacked Port: 25711 Threat: Win32-Nuqel.E ... Read more

Answer:Fake Anti-Spyware program won't let almost ANY programs open

Please post the complete results of your MBAM scan for review.To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Exit MBAM when done.Logs are saved to the following locations:-- In XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs-- In Vista: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\LogsIf you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is n... Read more

14 more replies
Relevance 87.33%

My PC has been infected with a virus/malware that pops up an official-looking window for "Win 7 Anti-spyware 2012" program every couple of minutes. I have Trend Micro Titanium anti-virus software, but a full scan of my system turned up no possible treats.

I spoke with one of the IT guys where I work (we had the same virus a few weeks ago and they fixed in 2 minutes) and he suggested I run Combofix, Super Anti-spyware and CCleaner. So I was just creating a topic to post my Combofix log in once I run it.

More replies
Relevance 84.87%

I have a PC that a friend of mine has asked me to clean for him. I have gotten in a little deeper than my knowledge base, so I am looking for some help. The infection is a fake anti virus program "AKM Antivirus 2010" and others I think. I am unable to access the internet, run taskman, run antivirus program, acces the control panel, etc. So I inserted my OTLPE.iso and ran the OTL scan. I will post the scan as soon as requested. My review of the scan did not look good, but what do I know, I am at best a novice.

Your help is much appreciated.
Thanks, Bob

Answer:PC infected w/ fake antivirus program

Hello,Always (always) state the Windows version/edition !!!!I can make 1 or 2 basic suggestions, and then you will have to do some required reports and make a new post in the Malware Removal sub-forum.If needed, you must use a clean pc to do downloads of tools and then burn to DVD/CD or copy to unused-new flash USB drives. Then transfer and Copy onto Desktop of problem pc.Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.If your antivirus program gives a prompt message, respond positive to allow RKILL to run.If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILLDownload to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from >>> here <<< Double-click FixPolicies.exe. Click the "Install" button on the bottom toolbar of the box that will open. The program will create a new Folder called FixPolicies. Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd. A black box wi... Read more

1 more replies
Relevance 84.87%

Here are a couple of logs. First thing off, I ran GMER, and it did not find any modification it said, so log file was blank. I ran DDS, and also HijackThis. Log have been posted below. I had to have gotten rid of some of it with Malwarebytes, and avast antivirus, and I even ran SmitREM. There is still something on the computer though, but it brings up these little green logos down in the taskbar, and says I have a virus. Executables cannot be opened up, as this fake flags them as infected. I had to run everything from safe mode.Also forgot to note that the computer is unusable until this is fixed, as no programs can be open EDIT: Posts merged ~BPBlarrggg, cant edit this post now Anyways, update on the situation. I turned on the computer, and the rogue program does not seem to be showing up, although I'm pretty sure it still there. Also, it appears that I cannot connect to the internet. I don't know if the virus is doing this or what. Thanks!EDIT: Posts merged ~BP

Answer:Infected with Fake Antivirus Program

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

25 more replies
Relevance 84.87%

Hello,

I was recently infected with a fake "anti-virus" program disguised as windows protection. This program disabled my internet, and would constantly pop up with warnings about various other infections on my computer. It would warn that the internet was disabled for my protection. It would also solicit payment for "upgrade" to have the infections and threats removed even when I disabled the internet connection. I've managed to "system restore" to a week prior to the infection with a friend's help, which allowed me to download the programs and run the scans. I also scanned my c drive, with avast and it found some infections which I deleted. Below are are my logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Beatrice at 19:07:08 on 2011-12-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.109 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\AVAST Software... Read more

Answer:Infected with fake antivirus program

Hello and welcome to Geekstogo!We apologize for the delay in responding to your request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:
msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.... Read more

23 more replies
Relevance 84.05%

also the icons for the folling keep showing up on my desktop:nudetube.compornotube.comyouporn.comWindows Security window is always popping me up warning me of spyware, trojans etc"danger" bubbles will pop up from the task bar telling me to click to removeDDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Queen Mega at 14:40:41.20 on Tue 07/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.229 [GMT -4:00]AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Queen Mega\Local Settings\Temporary Internet Files\Content.IE5\UMGMJZ5J\Defogger[1].exeC:\Documents and Settings\Queen Mega\Local Settings\Temporary Internet Files\Content.IE5\UMGMJZ5J\dds[1].scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuInternet Settings,Pr... Read more

Answer:Infected with Fake Windows Security Program

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 83.64%

I just got this weird anti virus called Anti-virus soft. It keeps giving alerts about infected things, opens pop ups to porno websites, and does not allow me to open programs. I cannot open task manager, or use the exehelper.(suggested in the other thread, but doesn't work) Since I have vista, to use programs I have to allow it. It always says,"consent.exe infected cannot execute program" What do I do?

Answer:Fake Anti-virus, everything infected.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr
http://download.bleepingcomputer.com/grinler/rkill.pif


Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.



Download DD... Read more

2 more replies
Relevance 83.64%

Hi,

last night went on my computer only to find a fake anti virus window running and saying it was scanning. The window then showed that it had found several things and was still scanning. Windows said that there was spywar at the bottom right hand corner and when i went to click the balloon it changed to another one which brought me back to the antivirus. It also showed up in my bottom right hand doc as a blue circle. I cannot open taskmgr because it says that it has been disabled or cant run the exe file. I then rebooted only to find the desktop background changed to and blue screen with warning you have been infected all over it. I then tried to scan in safe mode with avg, ad aware and spybot and right before they are done scanning the computer shuts down as if it was unplugged. I do not know what to do at this point. Please help.

More replies
Relevance 83.23%

I keep getting a message to download antivirus software to get rid of win32.brontok and my IE and firefox homepages are also hijacked to a redirect page.

Here is my HJT log - please help me get rid of this. McAfee Viruscan, AdawareAE, and Spybot Search and Destroy have all failed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:58 AM, on 7/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
... Read more

Answer:Laptop infected with popup fake antivirus program

I did a Kaspersky scan and found the culprit:

Trojan-Downloader.Win32.Small.alre

Can someone help me figure out how to remove this?

Thank you.
 

2 more replies
Relevance 83.23%

Hello everyone! I have been trying to fix my father's computer, as he seems to have been infected with something called Total Security. It's basically a fake antivirus program that just takes over the whole computer, frequent popups about non-existent viruses, slowly consuming all the memory/processor power the computer has and grinding it to a halt. I don't know how he got it and neither does he.

I am able to temporarily get rid of the popups by killing 2 processes, 15904214.exe and _ex-08.exe. However, whenever I reboot the computer, they come right back.

Thanks in advance for your time!

Here are the logs.

DDS.txt
DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Owner at 18:48:43.53 on Mon 08/24/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1462 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hp\HP Software ... Read more

Answer:Infected with Total Security (fake antivirus program)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 82.82%

I have a computer with Windows XP Pro SP3 running IE8 when I do google searches and click on the results I am redirected to a different page than what is shown in the result. I've run Malwarebytes and it did not find any viruses or malware, I restored the computer back to a date prior to when the redirects where happening, that did not work. Webroot says it is finding viruses but I can't quarentine or delete the viruses. Webroot listed the location of several viruses and when i checked that location nothing was there, several registry entries and temporary internet files. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. If it needs to be emailed to someone please let me know.Thanks,Pete.DDS (Ver_11-03-05.01) - NTFSx86 Run by Pete at 8:19:12.42 on Tue 04/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2325 [GMT -7:00].AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}.============== Running Processes ===============.C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k nets... Read more

Answer:Infected with Google redirect virus and fake anti-virus software pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 82.82%

Okay so I turned my computer on and I left for awhile as it booted up. I started surfing for a bit and then I was suddenly attacked by this program that is now attached to my icon tray. It says antivirus software and keeps wanting to buy it's software by telling me my pc is infected. It restricts me from using IE and gives me pop ups to porn websites. I'm not quite sure on how to get rid of this thing. I have ESET NOD32 and I am currently running a scan. Can someone help me get rid of this?

More replies
Relevance 82%

I was simply browsing the web, and when I hit a link this Windows Security scanner program popped up with several different pop ups and tried telling me my computer was infected with all these particular files. I didn't subscribe to it or anything I just clicked out of it.

Now, my computer doesn't let me use the internet because every time I try its asks me which program I would like to use to open the program. It happens every time I click on Internet Explorer, Firefox, and Chrome. So this means I cannot download any anti-malware programs off the internet. It also will not allow me to install any programs through an external hard drive etc. It prompts me with the same question about which program I would like to use to open it.

I need help quickly as to how I can get rid of this thing. Like I said before, I cannot access the internet and I can't install anything.

Please help...Thanks!

Answer:Fake Windows Security Program has infected my computer! Please help me remove it!

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.When done, DDS will open two (2) logs: DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

2 more replies
Relevance 82%

I have a client who opened a fake email attachment from UPS, which caused quite some havoc with her PC. Popups claiming that the PC had 12 00 spyware infections and a fake security center would come up with spyware information. Also an ad saying to buy AntiVirus XP 2008 and then after letting the PC idle for a good bit of time a screensaver with a BSOD followed by a Windows is restarting screen.
I have run a number of malware scans including Hitman Pro and the spyware doctor found numerous problems, but could not fix. The spysweeper found Trojan-Progdav and said it fixed, but still has the AntiVir XP 2008 in the Add remove Programs and also still get the screensaver coming up. I have tried to remove the AntiVir Xp 2008 from add remove programs, but doesn't remove. I have followed the 5 steps in the HiJack This Help forum and have run Active Scan followed by DSS and have attached the logs for some ones viewing pleasure. Thanks!

Here is the Main log"

Deckard's System Scanner v20071014.68
Run by bthrasher on 2008-08-04 06:47:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-04 11:47:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 M... Read more

Answer:XP Infected with malware ProgDav and AntiVir XP 2008 fake program

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

You actually attached main.txt instead of extra.txt to your last post. If you still need help and are not receiving help elsewhere, please do the following:

Run dss.exe again, but use these instructions(this assumes dss.exe is on your desktop):
Click Start >> Run then copy/paste the following text into the Run box & click OK
"%userprofile%\desktop\dss.exe" /config
Click Run
Click Check All
Click Uncheck All
Under the Extra Log heading, check all the boxes.
Click Scan!
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\Deckard\System Scanner\extra.txt
Click Upload
------------------------------------------------------

17 more replies
Relevance 82%

i was simply browsing the web, and when I hit a link this Windows Security scanner program popped up with several different pop ups and tried telling me my computer was infected with all these particular files. I didn't subscribe to it or anything I just clicked out of it.

Now, my computer doesn't let me use the internet because every time I try its asks me which program I would like to use to open the program. It happens every time I click on Internet Explorer, Firefox, and Chrome. So this means I cannot download any anti-malware programs off the internet. It also will not allow me to install any programs through an external hard drive etc. It prompts me with the same question about which program I would like to use to open it.

I need help quickly as to how I can get rid of this thing. Like I said before, I cannot access the internet and I can't install anything.

Please help...Thanks!



PS:I already did that DDS thing .2 logs open : .
DDS (Ver_11-03-05.01) - NTFSx86
Run by flipdirt at 14:44:15.96 on Tue 04/05/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.330 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\... Read more

Answer:Fake Windows Security Program has infected my computer! Please help me remove it!

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

4 more replies
Relevance 82%

Please help. I am working on a network and need a corporate anti-virus program and anti-spyware programs? I know McAfee and Symantec offer something, but I know the personal editions I have had a less than nice experience. Any suggestions?

Answer:Need A Corporate Anti-virus Program And Anti-spyware Programs? Any Suggestions

Take a look at this Spysweeperhttp://www.webroot.com/enterprise/products/

4 more replies
Relevance 82%

I was online watching videos, on some some site like megavideo, I beleive it was megavideo and some popups occcured while I was watching .....and then all of a sudden some program automatically ran itself and started popping up 5+ windows, and a fake virus scan program was running on my computer!!

I checked my task manager and it seems a few new malicious programs were running, anyways, now I cant even open task manager, or run regedit, unless im in safe mode. I also get a quick BSOD sometimes when booting in normal mode, but its not 100%.

Seems I cant get the HJT log up at this time, im having a boot issue.......windows wont boot at all in safe mode either.....stops at the file "isapnp.sys" Can anyone help out ?
 

Answer:Fake virus program!

16 more replies
Relevance 81.59%

Hi and new to the forum . I currently have Norton Security, MBAM Pro, CCLeaner Professional, adwcleaner, and I did have Hitman Pro, for a while several years ago when my computer was hacked.
 
I have had Norton for several years, but I am thinking of switching to Emsisoft and use my Windows 7 Firewall. I use MBAM for live monitoring along with the Norton Security..The adwcleare software I use periodically, or if there is an issue the other programs don't handle. For example when out bound traffic was blocked by MBAM, but it was continously happening, the adwcleaner software found and eliminated the culprit. It was very useful also when my computer was hacked.  I also have the active monitoring turned off on CCleaner.
 
Would also adding Binisoft or Tinnywall add more security to the Windows 7 Firewall, or would it be better to just use the Windows Firewall by itself? I don't really want anything too complicated on the Firewall settings, but just maybe make a few teaks, possibly.  One other thing, would it be good to add WinPatrol Pro?
 
Sorry for a lot of questions, and thanks for any responses as I value your opinions.

Answer:Is This a Good Anti-Malware and Anti-Virus Protection Program?

Although Norton (Symantec) is as good as any other well known anti-virus program, it it requires numerous services and running processes that consume a lot of system resources and often results in complaints of high CPU usage. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up and create files/folders/registry entries in various locations. Further, there have been numerous complaints about lack of sufficient support from the vendor.I have read from other users that Norton has made improvements in newer versions of their software so they are not as resource heavy as past versions...while others still say differently. Those issues plus the cost factor are the primary reason many folks look for a free alternative. IMO, Norton (Symantec) is better utilized in an Enterprise system environment protecting many client computers. With that said, there are a lot of folks who prefer using Norton (especially if it came preinstalled) and there is nothing wrong with staying with a product you are satisfied with.Switching to Emsisoft and using Windows 7 Firewall is a wise choice.5 Reasons Why the Windows Firewall is one of the Best FirewallsWindows Firewall: Your System’s Best DefenseEmsisoft Anti-Malware is an effective alternative to consider. Despite it's name, Emsisoft Anti-Malware is an antii-virus program...Emsisoft FAQs: Why is it called "Anti-Malware" and not "Antivirus"?. See my com... Read more

2 more replies
Relevance 81.59%

I have Windows Defender right now, I don't know if it's good or not though. I did a Panda activescan online and it came with 40 different spyware infected files and one virus I think, but when I ran a full scan on Windows defender it found nothing. Basically I want to get rid of defender and find a good anti-virus and anti-spyware program that's free. It can be an online scan but preferrably works from the computer.

Any takers?
 

Answer:Need a good anti-virus & anti-spyware, etc program that's free.

11 more replies
Relevance 81.59%

Hi and new to the forum . I currently have Norton Security, MBAM Pro, CCLeaner Professional, adwcleaner, and I did have Hitman Pro, for a while several years ago when my computer was hacked.
 
I have had Norton for several years, but I am thinking of switching to Emsisoft and use my Windows 7 Firewall. I use MBAM for live monitoring along with the Norton Security..The adwcleare software I use periodically, or if there is an issue the other programs don't handle. For example when out bound traffic was blocked by MBAM, but it was continously happening, the adwcleaner software found and eliminated the culprit. It was very useful also when my computer was hacked.  I also have the active monitoring turned off on CCleaner.
 
Would also adding Binisoft or Tinnywall add more security to the Windows 7 Firewall, or would it be better to just use the Windows Firewall by itself? I don't really want anything too complicated on the Firewall settings, but just maybe make a few teaks, possibly.  One other thing, would it be good to add WinPatrol Pro?
 
Sorry for a lot of questions, and thanks for any responses as I value your opinions.

More replies
Relevance 81.18%

First i got the popups redirects many warnings need help thing i have spyware,malware got my browsers being redirected it first started with google chrome now in firefox browser as well i think, now get popup ads annoying, and telling me to buy security essential to fix the problem,Recently I got C:WINDOWS\System32\Sysvxd.exe it was like redirecting my browers , google chrome no longer opens up am getting constant warning computer keeps shutting down when i tried to do a online virus check with bitdefender, keep getting popups with my popup blocker active, now i have a programs that i dont know how they got there (security essentials 2010,) neeed urget help My Computer is still very infected its hiding inside i tried running mbam.exe but it wold not open now i got three rundll errors, error loading C:\windows\system32\varofeje.dll \hulujige.dll \ aswasebiweyifegiz.dll , i tried running Superantis free edition computer would just reboot not allowing program to continue, cant even save any system files to cd wont work, tried running Mbam.exe would not open or function, tried rkill same thing happened it will not work opened and immediately stopped it from working, and i can not save a system back up of my hard drive non at all even my documents i tried to save but could not copy to cd for some reason even the cd drive is not being allowed to copy to cd, please i need help asap, thanks ... Read more

Answer:My Computer is infected popups redirects, a fake antivirus program 2010

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

53 more replies
Relevance 81.18%

Can anyone tell me where I can get step by step instructions on removing this program. I can not do ANYTHING IN MY COMPUTER, it has taken control of everything. I am running windows 7. THANKS,TONI

Answer:rogue program-fake virus

Hello, imoved this from Win7 to the Am I Infected forum.Does it have name like ..Windows 7 Recovery for example?

5 more replies
Relevance 81.18%

"system security" was installed on my computer. I know the gig they change my background and screen saver until I pay them money. Usually I can just find these and delete them and clear them from the registry but this time my registry is gone. regedit doesn't work from the start command and it's not in my system 32 folder.

Any help?
 

More replies
Relevance 81.18%

Hello, i recently recieved a notebook in which has been infected by AV-protect. I blocked access of website by editing the HOSTS file and began cleaning the appdata/roaming. There is over a hundred files associated with the malware and its climbing. Im in safemode right now and am curious if there is a faster way to clean the ROAMING file. When cleaning rogue anti virus software i typically only have a few file associations. need to get this done i still have to go through registry any software that can seperate legit data from the malware? anti virus and typical programs arent working.
 

Answer:Client Infected by browser hijacker (fake anti virus)

i can disable the rogue antivirus. im in the cleaning process now. dont want a repeat
 

2 more replies
Relevance 81.18%

Problems : Fake System-Defender Security Center Pop-ups + CPU Slowing down.Infected by various fake anti-virus (Antispyware,System-Defender,MalWarrior,AntiVir,etc...).Cleaned, but still got some residues left.Deckard's System Scanner v20071014.68Run by Owner on 2008-05-05 17:00:17Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --45: 2008-05-05 09:00:20 UTC - RP53 - Deckard's System Scanner Restore Point44: 2008-05-01 14:52:13 UTC - RP52 - System Checkpoint43: 2008-04-30 14:43:17 UTC - RP51 - System Checkpoint42: 2008-04-28 02:06:33 UTC - RP50 - System Checkpoint41: 2008-04-26 12:13:21 UTC - RP49 - System Checkpoint-- First Restore Point -- 1: 2008-03-09 16:03:12 UTC - RP9 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-05 17:04:10Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDO... Read more

Answer:Infected By Various Fake Anti-virus. Cleaned, But Still Gt Left Some Residues.

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.You have some problems, I may be able to help you clean them but it is going to take some time and patience. You are also hacked by these Ukrainians:http://whois.domaintools.com/85.255.116.77 I suggest you keep this computer offline except when troubleshooting to deny them access and keep the junk from downloading more.If you wish to proceed, start like this.1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. http://service1.symantec.com/SUPPORT/nav.n...000031316555206"Microsoft recommends that you have only one anti-virus program installed on your computer."http://www.washingtonpost.com/wp-dyn/conte...5120300087.htmlhttp://www.smartcomputing.com/editorial/ar...38s07/38s07.aspAvira\AntiVir PersonalEdition ClassicAlwil Software\Avast4(uninstall one of those)2) Thanks to LonnyBJones and anyone else who helped with this fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixware... Read more

13 more replies
Relevance 81.18%

Hi,

Spyware Guard 2008 infected my computer yesterday and caused havoc to the system. I have hopefully been able to uninstall this using SpyBot and Webroot spyware removers but am still having problems.

When on internet various pop ups appear and the machine is still running slowly.

You will probably see that I have file sharing software which I now plan to stop using due to it causing potential problems. I also downloaded various anti virus programs i.e McAfee and Norton which may of caused the initial problems.

Please can you have a look a the DDS and attached files and look forward to receiving your advice.

Many thanks for your time and assistance.

I have tried to attach the files, but when clicking on Manage Attachments and then the Browse button, nothing happens


DDS (Version 1.1.0) - NTFSx86
Run by Peter Smith at 11:00:41.40 on Wed 12/17/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.527 [GMT 0:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\E... Read more

Answer:Infected with fake malware anti virus programs which cannot be uninstalled

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

2 more replies
Relevance 80.77%

Hello,

I have Vista and I need a free anti-virus / anti-spyware removal tool/program. What is the best free one out there? I used to have Norton but it used too much memory and I didn't want to pay for subscriptions and updates.

Thank you for your time,

Joey

ps: is the stuff that comes with Windows (eg: windows defender) sufficient to deal with viruses?
 

Answer:Free Anti-virus / anti-spyware Program?

8 more replies
Relevance 80.36%

It is awful i didnt even download it. I cant use anything microsoft including paint any old documents from it either. It keeps poping up porn, and every 2 seconds prompts me with an infiltration alert or virus alert. Its called antivir solution. also in my status bar on the bottom right theres a million java updates which takes up most of the screen i cant even see the clock. I ran several scans already including a reboot scan which is the whole system and have yet to find it. Also theres seemingly no location for the soft ware in my computer. that I can find anyways. Im just so lost! Please i would appreciate help.
 

More replies
Relevance 80.36%

Got on computer a few weeks ago in morning and computer was froze up. So I restart it. A virus checker came up and began to scan. When it was finished it said that there were several viruses, trojans, etc. and in order to remove them we had to pay. We selected to not pay and it froze up the computer. So we just unplugged it from the internet.

I ran the scans directed and when running the GMER scan, 4 porn site links appeared on my desktop and now I can no longer get online. Here are the scans and thanks in advance.


DDS (Ver_09-10-26.01) - NTFSx86
Run by PPG at 20:13:37.01 on Mon 11/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.474 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\EloSrvce.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\EloDkMon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WIN... Read more

Answer:Fake virus program messed up computer

Hi,

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

You will need to download this program to another computer and transfer it over to the infected computer via USB

Make sure you rename it before saving it:

Download Combofix from either of the links below. You must rename it to combafix.exe before saving it.
Save it to your desktop. Change the save as file type to "all files"

**Note: In the event you already have Combofix, delete it, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tab
Set to "Always ask me where to Save the files".


Link 1
Link 2

-----------------------------------------------------------Very Important! Temp... Read more

14 more replies
Relevance 80.36%

Hey guys I have a new application on my PC that just showed up and I have no idea what it is. It called itself privacy protection that just popped up on my desktop with no warning whatsoever. I have been using Windows 7 ultimate since he came out and I've never seen this program ever. In fact I had never even heard of it before. It started scanning my computer and found 20 viruses on it. All of my programs closed I could not reopen them and I even restarted my computer. With my computer turned back on the privacy protection application still popped up and I could not access my programs at all. I am getting really worried since I just reformatted my computer about two weeks ago and everything was working perfectly. Is this some sick new virus that is making its way to my computer? I have attached a screenshot below so you guys can take a look at it.



Any help would be appreciated and currently my computer is going to remain off until we figure this out.

Answer:What is privacy protection? Fake virus program?

Hi,

This is RogueWare, designed to fool you into thinking you have malware.

Please scan your system using Microsoft System Sweeper:

http://www.sevenforums.com/tutorials...m-sweeper.html

Post back if you need more help.

Regards,
Golden

9 more replies
Relevance 79.95%

Hi there,I'm having a lot of trouble which I recently obtained on my computer. Whilst visiting a cinema's website in Google Chrome (www.hoyts.com.au) and doing nothing else on my computer, I received a popup from my taskbar saying:"Windows Security Alert: Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."Immediately after, an icon came in my taskbar of a red and yellow sheld with a green stripe running through it, and a fake antivirus program popped up, labelled "Antivirus Action". It started performing a "scan" of my computer. I immediately tried closing everything that came up, turned off my internet and went straight to AVG and Malwarebytes to see if there was anything I could do. Upon trying to open AVG, I received the following error message:Title: Security WarningMessage: "Application cannot be executed. The file avgui.exe is infected. Do you want to activate your antivirus software now?"Options: Yes or NoClicking Yes attempts to open the following URL in Internet Explorer: http://antispyroad.net/shop?abc=cGdpZD03JnI90C4xClicking No closes the pop-up, but then continues another fake scan in the toolbar.The exact same thing happened when trying to open Malwarebytes, as well as Google Chrome, Mozilla Firefox and Internet Explorer.I am now on another computer and have ... Read more

Answer:Infected with fake anti-virus virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

3 more replies
Relevance 79.54%

The first noticeable change to my system from this problem was my desktop is hidden, in its place a blank screen.

Another change, continuous pop-ups warning of scans performed claiming 'Infections found!!!', 'Firewall Alert!!!', 'We have intercepted harmful programs!'.....and advising Security Tools software purchase to remedy.

If I try to start-up in safe-mode my system crashes.

If I try to run any program except Internet Explorer I get the message 'taskmgr.exe is infected with worm.Lsas.blaster.keyloger. This worm is trying to send your credit card details using taskmgr.exe to connect to remote host'.

My operating system is Windows XP.

Any help you can provide is very much appreciated - Dave

Answer:Security Tool Virus - fake antivirus program

Hello. I have moved your topic from the HJT forum to Am I Infected. You need to have post an HJT log to remain there.As you have an info stealer.we have 3 options here. Start a new topic there and include an HJT log. Instructions for that are here. Preparation Guide For Use Before Using HijackThisI you do that let me know here.OR We try to fix it here after you read this advice...One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I c... Read more

2 more replies
Relevance 78.72%

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

Answer:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

3 more replies
Relevance 78.72%

hi all.i've been working on removing numerous malware from my dad's computer this past week. he was having issues w/ the computer not booting, which was caused by a 0kB .sys file. i was able to use windows xp cd, launch recovery, and use the command line to delete the 0kB file.The next issue he had was internet explorer would not start. i resolved this by entering the following in the run window of xp:"regsvr32.exe "c:\program files\internet explorer\ieproxy.dll"next i downloaded malwarebytes, and ran the scan by:1. running in safe mode (unplugging network cable first)2. fix errors, reboot, run malwarebytes in normal mode.3. booted in safe mode, ran malwarebytes, nothing found.4. booted normally, ran malwarebytes, nothing found.i can't remember the version number, but i know i downloaded the lastest malwarebytes update on thursday, june 17, 2010.things looked ok this morning, but all of a sudden (after i left), my dad says he is getting pop-ups w/ false anti-virus warnings. i told him to install hijackthis. he was getting a "the administrator has set security policies that prevent the installation of this program."i had him reboot, unplug the network cable, then run malwarebytes. it got rid of 12 items. quick notes about the computer:dell dimension 3000windows xp home (sp3)vpskeys is a vietnamese language typing program.he was then able to install and run hijackthis.here is the log. please help!!!Logfile of Trend... Read more

Answer:infected: browser hijack/fake anti virus/the admin has a security policy that does not allow this to be installed.

oops, i thought i put in the right forum. my bad. i'm a n00b.

18 more replies
Relevance 77.9%

I just recently disinfected my computer thanks to you guys, and I was wondering what Anti-Virus program you guys would recommend for protecting my computer.

I also have a Windows 7 laptop I just bought and I'm looking to buy protection for it as well. Just wondering what you guys think is the best one.
 

Answer:What Anti-Virus Program should I use?

16 more replies
Relevance 77.9%

Whats the bets anti-virus program.

I used to use norton 2004, but it slowed my computer WAY to much. Now I use Kaspersky anti-virus pro though i don't think its that good.

Answer:Best Anti-virus program

This is like which cola is best? Each program has its advantages. I would stick with Norton or McAfee unless you know another one is good for sure. None of them are perfect, but Norton is recommended by most. If your a gamer, turn off the auto-scanning in Norton before playing your game. That helps a lot. Iuse Norton and the only time it really seems to be slowing me down is when playing a game. You might try to change some of the settings around in Norton. For example, Norton 2004 is scanning everything that gets written to your disk. More secure, but more overhead. I think you can turn it off though. Check your RAM too. Anti-virsu programs can use quite a bit of RAM. That is a somewhat inexpensive tweak to most computers.

2 more replies
Relevance 77.9%
Question: Anti-Virus Program

I am using McAfee Anti-Virus and just got a renewal notice for $69.98 for two years.

My question is should I renew - or is there someother anti-virus program that is better? What about AVG which is free - is that one reliable?

Any other programs that I should check into?

Thank you.

Cheryl
 

Answer:Anti-Virus Program

11 more replies
Relevance 77.9%

Any suggestions on what the best program is to use? My computer can't handle running new versions of norton because of how HUGE the program is... It literally will take 5 minutes just to load up each individual page in any internet browser as norton scans it to make sure it's safe.. A friend turned me on to Security Essentials which seems pretty simple and doesn't hog resources, however due to my recent virus issues I'm starting to re-think it. It did a great job telling me i had an issue but it apparently did nothing to prevent it in the first place. I am not someone who goes on 45434543 websites and I'm pretty computer literate so I'm not out clicking things or downloading items.

Answer:best anti virus program?

Microsoft Security Essentials is a good antivirus as far as I'm concerned.

You could also try Avira or Comodo, which are both free also.

You might want to have a read of this: http://www.bleepingcomputer.com/forums/topic2520.html

4 more replies
Relevance 77.9%

I've used AVG for a few years and been pretty cool. I've had to uninstall and reinstall a few times due to crashes and it takes up some CPU. I want an antivirus that works very well and takes up little CPU power. ANy ideas?

Answer:Which Anti-Virus Program to Use?

A lot of people here at this website have recommended many programs. Many of them are very good. I recently switched all my computers to Microsoft Security Essentials, an all in one spyware/anti virus program, and it works very well. One program, covers spyware AND anti virus, uses little system resources, and pretty much updates itself. Give it a try.

3 more replies
Relevance 77.9%

my expiration date for norton anti virus is coming up. i also have the avg program. is avg adequate enough or do you suggest renewing with norton? than ks
 

Answer:avg anti virus program

AVG is good enough for an awful lot of people.
I recommend it. It has never let me down yet.(but having said that, nor has the dinasaur repellant <G>)
 

3 more replies
Relevance 77.9%
Question: Anti Virus Program

http://www.my-etrust.com/microsoft/...747297B46B7&jsessionid=2a30747741099519036728

go to link and fill in the form and get the free program with full update for 1 year
 

More replies
Relevance 77.9%
Question: Anti virus program

Hello,
I am using Windows 7 on my desktop and laptop.
At the end of each week I run Malwarebytes and Superantispyware.
I can no longer open Windows Defender unless it has an icon with a castle and blue flag?
Microsoft security essentials is running and it says
Real time protection on
Virus and spyware definitions up to date.
Is that enough protection or should I be running another anti virus program?

Answer:Anti virus program

You have enough!
Never have more than one Anti-virus program anyway.

1 more replies
Relevance 77.9%
Question: Anti virus program

Hi all, my paid for Norton 2004 anti virus software will soon be up for renewal. Is there anything better or is there freeware just as good?Thanks in advanceDargo

Answer:Anti virus program

NAV is as good as you can get, you can get free AV programs but wether they are as good will depend on how many fvirus infections you get. Try click here= ....T

8 more replies
Relevance 77.9%

My current (non-freeware) Anti-Virus Program will be expiring soon. I was wondering if it was best to shell out another $29.95 for another year, or are the freeware Anti-Virus programs good enough?

Among the freeware anti-virus programs which is the best, AntiVir, AVG, Avast or Comodo?

Thanks.
 

Answer:Best Anti-Virus Program

Hey there all good if you ask the right person, I think right now AVG is the hot choice, just remember to run one only. The exception is Windows Defender Beta 2 which will run along with other antivirus's, and is free from the MS site, just type Windows Defender in search. AVG & Windows Defender is my combo.
SIDE NOTE:- use CCleaner from MG to remove all of your "Old" antivirus, before installing any new antivirus, will save you alot of possible headaches later
 

10 more replies
Relevance 77.9%
Question: Anti Virus Program

I have just been advised that my renwal fee for the ensuing 2 years will be ?50-00!! I have seen comments about the MicroSoft anti virus/ security programme but am not sure about it, whether to download and use it or pay the ?50-00???

Anyone give me some advice please??

RonBin79 (now 80!)

Answer:Anti Virus Program

Have look at this post, you can weigh the pros & cons of each AV.

What's the Best Anti-virus?

MSE is used by a lot of people in this forum.

3 more replies
Relevance 77.9%
Question: Anti-virus Program

Hello!
i am really having a headache of which anti virus program to use.Panda or Norton?
can anyone give me some advice on which to buy?

Answer:Anti-virus Program

I have been using AVG free for the past 3+ yrs with very good results. I found that both Norton and MacAfee were heavy on resources. I run AVG on 11 computers and have not had a problem.I have never used Panda.Here is a list of the four freeware antivirus we recommend at BC.http://www.bleepingcomputer.com/forums/topic3616.html

8 more replies
Relevance 77.9%

What is the best anti-virus program? I need a lot of options unlike some cheap software. Don't need to worry too much about speed b/c I have 4gb of RAM but want it to run smoothly on my 64bit vista o/s.
 

Answer:Best Anti-Virus Program?

At the moment, the crown (once again) belongs to NOD32... w00t w00t!!!

And it's on sale at Newegg for $10 (ok, so it's $9.99, a penny off, sue me...) Gotta use the coupon code found in this post, however:

http://www.hardforum.com/showpost.php?p=1033438984&postcount=1
 

12 more replies
Relevance 77.9%

Hi,

I recently just bought a laptop, and I am looking for the best anti-virus program out there. I have asked several people but all gave me a different answers. If i am going to spend money on a virus program I want to make sure that I am getting my moneys worth. I was just wondering if someone can give me suggestions, or can even guide me on which one to purchase.
 

Answer:What is the best anti-virus program out there?

15 more replies
Relevance 77.9%

Hi.

I have Windows XP (Srvc Pck 1). I have 64k ram.

I need an anti-virus program but trend micro's p-cillan (which I would prefer to use) says min requirements 128k. Norton has the same minimum.

XP is running fine w/64k ram so far. What can I use as a virus program with only 64 k?

I really wish I could use P-cillan. I wonder if I can d/l and not have it running all the time, just use it for individual files.

Why don't I get more ram? My computer is running fine, and you know the adage "if it ain't broke."

Aida has told me my cpu is not being used efficiently at all and also my AK97 m/b book says that when adding ram, I need to manually tell sys that I did that. Since I don't understand these two things, I'm leary of adding ram.

I also have zone alarm and several spyware programs.

Thanks, ganaan
 

Answer:I have 64k ram and need anti-virus program

8 more replies
Relevance 77.9%

What is the number one free anti-virus program out there? thank you
 

Answer:#1 Anti-Virus program?

The #1 FREE AV is AVG anti-virus. The top anti-virus's you have to pay for though are NOD32 and Kaspersky.
 

3 more replies
Relevance 77.9%

hello.

i would just like to ask what is the best anti-virus software out there. i'd like something that's easy to use since i don't really know much about computer stuff, something that doesn't take up much space and something that's not a memory hog.
suggestions would be cool. thanks

Answer:Best Anti-virus Program?

I'm currently using the freeware version of AVG Anti-Virus. I'm not going to say it's the best, but I like it and it's free.

10 more replies
Relevance 77.9%
Question: Anti-Virus Program

Hey, I am pretty sure that i have the odd spy ware and virus on my computer. What program whould you recomend that I should use to find them and delete them?

Thanks
 

Answer:Anti-Virus Program

Spyware - "Spybot Search and Destroy" I got it free of a german website.

Virus - Norton Anti-Virus Software.
 

5 more replies
Relevance 77.9%

Does anyone happen to know of a good anti-virus program. I'm looking to buy one. What is the best one? There are quite a few.

CoolerMaster
 

Answer:The Best Anti-Virus Program

6 more replies
Relevance 77.9%

What is the best ANTI-VIRUS Program and FIREWALL out there?
 

Answer:Best ANTI-VIRUS Program?

There's no best one out there. Trial each one and see what works best for your system.
 

2 more replies
Relevance 77.9%

One of the most often asked question on Majorgeeks is ?what anti-virus program should I use?? The answer is simpler then you might think.

Story with screenshots and the answer:

http://www.majorgeeks.com/news/story/what_anti_virus_program_should_i_use.html
 

Answer:What anti-virus program should I use?

I'd go with AVG, Very good and does it's job. You don't even know it's there until it catches something.
 

3 more replies
Relevance 77.9%

As soon as i got my custom HP laptop, i unstalled Norton anti-virus, it is a total piece of crap that eats up my ram etc, etc... But, i do need an anti-virus program

To stop the little bubble thing to stop coming out from the taskbar at start up, i selected the option thati would monitor my own systesm secruity.. All i really have as a sure way of defense is Windows Defender. it is worling great so-far, worst thing i've gotten was a Trojan Downloader, quickley removed, and i only got it from a fake website that looked like Adobe Flash-Player Updater's site But, i need something that is free, and wont demolish my computer speed, But can get the job done! Thanks guys. And BTW< as a new member, i have to say i really love these forums!

Answer:No Anti-Virus Program

Originally Posted by DarkDavil


As soon as i got my custom HP laptop, i unstalled Norton anti-virus, it is a total piece of crap that eats up my ram etc, etc... But, i do need an anti-virus program

To stop the little bubble thing to stop coming out from the taskbar at start up, i selected the option thati would monitor my own systesm secruity.. All i really have as a sure way of defense is Windows Defender. it is worling great so-far, worst thing i've gotten was a Trojan Downloader, quickley removed, and i only got it from a fake website that looked like Adobe Flash-Player Updater's site But, i need something that is free, and wont demolish my computer speed, But can get the job done! Thanks guys. And BTW< as a new member, i have to say i really love these forums!



---this antivirus for home use is free Download FREE antivirus software - avast! Home Edition and you can register online for forever use---(the credit goes to a member here named 'Brink' who recommended the antivirus)---

peace

5 more replies
Relevance 77.9%
Question: anti virus program

Hi all,I know this subject has been approached before but i have money to spend and want to know the best antivirus program out there?ThanksMArk

Answer:anti virus program

If its been approached why didn't you search for it?Don't waste money on Antivirus Packages as explained in this thread click hereYou will get them for free. I use Avira no problems whatsoever.

10 more replies
Relevance 77.9%
Question: anti virus program

Hi,Any suggestons on a good anti-virus program?  I had Norton's but deleted it as it took forever for my Toshibal Satellite laptop to start and once started programs to forever to load.Thanks.

Answer:anti virus program

AVG Free.  The free factor is a huge bonus.

4 more replies
Relevance 77.9%

What's the best FREE anti-virus program available? For scanning files and removing viruses?

Is paying for anti-virus software worth it?
 

Answer:Anti-Virus program...

All AVs have their strength and weaknesses...

Is it worth paying for one? Sure, if it has features you cant find elsewhere.

As for free, Ive tried a lot of em.

AVG works. Have had it crash my machine.
Avast works. Have had ti crash my machine.
Antivir works, updates are a problem at times.
Ive had similar problems with paid for antivirus, too.

I lean towards Avast, because its cool factor(skinnable). Its not the most user friendly interface though.

To each their own, of course.
 

13 more replies
Relevance 77.9%

I have been using the AVG free edition for a few years and, as you may know, it will no longer be free after 1/15/07.

I was wondering if anyone had any suggestions for any quality, free anti virus programs.

Thank you --
 

Answer:Looking For Anti Virus Program

They still have a free one.. version 7.5. You just have to hunt for it. I have downloaded and installed it on both of my computers.
Vicks
 

2 more replies
Relevance 77.9%

What is a good allround antivirus softwareTa

Answer:Best anti virus program

i like norton, but various reviews give different makes.

7 more replies
Relevance 77.9%

What is the best anti-virus program for windows 7? Right now I have Avast! and it works pretty good, but I was just looking for programs that a lot of people trust.

Answer:Which anti-virus program?

Hello and welcome,

Avast? no trust? ..Avast is fine, and not to sound rude but you people that come in here asking whats best never read the stickies do you?... go here:

What's the Best Anti-virus?

4 more replies
Relevance 77.9%

Hello everyone.  Use this thread to talk about which anti-virus program you are using, whether you like it or not, and why. I myself use AVG Internet Security. I like it because it has kept my PC protected from any kind of malware for over 2 years.Many of my friends continue to recommend me to keep using AVG as they think it is great.

Answer:Which anti-virus program are you using?

AVG.....
 
http://www.bleepingcomputer.com/forums/t/600809/avg-chrome-extension-exposes-user-datasecurity-week/#entry3898329

47 more replies
Relevance 77.9%

HI, what is the best free anti virus, spyware and malware program that there is for a Windows Vista computer?
 

Answer:Best anti virus program

16 more replies
Relevance 77.9%

:cool

What would you suggest as the best anti-virus program for:

1. Windows XP
2. Windows Vista
3. Windows 7
 

Answer:Best anti-virus program ?

This has been asked so many times it's not funny.

Most people end up recommending either Avast! or Avira.
 

11 more replies
Relevance 77.9%

What is the best anti virus program i can get for free?? i need help.. thank you.
 

Answer:best anti virus program

AVG or Avast for sure if you are looking for a free one.

I use AVG on all my home PCs.

Both should be available on this site.

For a commercial product, Norton seems to do its job, but I have put it on my blacklist for being a resource hog. Try running it on a system with 256MB
 

49 more replies