Computer Support Forum

Virus - Security Warning / Windows Security Alert

Question: Virus - Security Warning / Windows Security Alert

Need help removing the Security Warning / Windows Security Alert / Antivirus software alert.Made it to Step 7 (DDS.scr) downloaded dds.scr but when I start it the command window comes up briefly and then disappears.Trying to generate the DDS.txt and DDS.log but with no success.

Relevance 100%
Preferred Solution: Virus - Security Warning / Windows Security Alert

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Virus - Security Warning / Windows Security Alert

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 103.32%

Hi, I have a small circular tray icon, that reads: Security Warning: Your Computer May be Inected with harmful or unwanted files.Any help with removing this would be very very much appreciated have tried and tried.Thanks in advance:Oh I understand I may need to post a hijackthis log or something so I downloaded the program and here it is:Thanks againJames.Logfile of HijackThis v1.99.1Scan saved at 19:33:14, on 19/11/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\... Read more

Answer:Security Warning: (fake Virus Alert) + Lop.aq

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

8 more replies
Relevance 102.09%

I have somehow been infected with this crap, it sits in the system tray as an icon red circle with exclamation mark, and when clicked on opens a window with a warning message

Hovering a cursor over it only yields two choices, Open or Ignore. If you open it, Security Warning window pops up, with Spyware Detection Alert as the header. There is then some phoney "Your system might be infected" wording, then 2 buttons to choose from, Full Scan or Learn More.

If the internet connection is left on, and the MSIE browser open, it eventually starts throwing unwanted advertising windows.

This started out as a mistakenly installed WinAntiVirus malware, which persisted through DOZENS of attempt at removal.

I pinched the problem description from some googled results as its exactly what has happened to me. I have tried Adaware scans, Vundo, installed and fully scanned using the latest McCafee antivirus software, and it seems to have fixed some issues associated with browser hijacking but this crap is still here and I can't get rid of it. Any help would be highly appreciated.

Hijackthis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:56 PM, on 10/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WIND... Read more

Answer:security alert - spyware detection warning virus please help!

Damn this WinAntiVirusPro2007!
 

3 more replies
Relevance 96.76%

Hi ,

This seems like a pretty complex problem, I've tried spybot adaware avg super anti spyware with no avail- Every 5-10 minutes I get a pop up with

windows security alert warning potential spyware......... click yes to remove spyware ( obviously i click no)

Can anyone help PLEASE

Answer:Need Help With Windows Security Alert Warning Potential Spyware

Try running the Smitfraud fix.How to remove the Smitfraud / Generic Zlob / Quicknavigate / Virtual Maid

6 more replies
Relevance 95.53%

This pops up very frequently. With the message, "Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorized access to your files! Click YES to download spyware remover."

I've also noticed that I can't get into my control panel and add/remove programs with out getting the message "This operation has been cancelled due to restrictions in effect on this computer. Please contact your administrator."

In looking around I have done some research and it seems to be a popular issue. Please let me know what can be done to kick this Trojan Virus.

Here is my Hijack This log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:45:32 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe... Read more

Answer:Windows Security Alert. Warning! Potential Spyware Operation!

Does anyone have any suggestions? Don't know if this is something I can do myself or need to have it professionally done.

Please advise.

2 more replies
Relevance 95.53%

I have scanned with spybot, adaware, super anti-spyware, mcafee stinger, and all the others recomended by this forum and still have the same problem. I get the message "Windos Security Alert - Warning Potential Spyware Operation - Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Clik YES to download spyware remover ... and of couse I click no to cancel. It ties to reset my homepage to google.com and disables the control panel and the task manger. Here is the hijack this log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:20:01 PM, on 11/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exec:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

Answer:Windows Security Alert - Warning Potential Spyware Activity

Hello dannic and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Please follow the steps below exactly in the order they are written:Step #1We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.To disable Real-Time Protection:Go to "Tools" | "General Settings" Scroll down to "Real-time protection options" Uncheck "Turn on real-time protection (recommended)"Remember to reactivate this feature when we have finished all our work.Step #21. Download combofix from one of these links:Link1Link22. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next reply and new HijackThis log.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Regards,

10 more replies
Relevance 95.53%

Hi..Something has happenned to my system. I donot see the control panel on my start menu. Has removed me as the computer Administrator, and there is a message box that returns every 5 minutes which says: Windows Secuity Alert, Warning! Potential Spyware Operation!, Your computer is making Unauthorized copies of your system and internet files. Run full scan now to prevent any unauthorised access to your files! Click YES to download spyware remover.... At the bottom of the pop-up there is a Yes and a No button, and if you push yes you are taken to some web site that offers to sell you a spyware removal program that will make every thing ok.I can't also access my my computer propeties. I tried to reach my Control Panel buy right clicking my desktop, then clicking on properties. None of it worked. When I clicked on properties I was told : "The operation has been canclled due to restrictions in place on this computer. Please contact your system administrator".I have already AVAST Anivirus/spyware removal v4.7 installed in my system. It had showed some troan infections.. but nothing has worked out. Also installed SmitfraudFix.exe and executed in safe mode.. and then consecutively excuting the "SUPERAntiSpyware" spyware removal tool. But still no use. Please find the log created by the Trend Micro HijackThis v2.0.2. Please HELP!!My Initial Investigation: I ran MSCONFIG and got the programs/applications which are in the STARTUP. I found that th... Read more

Answer:Windows Security Alert - Warning! Potential Spyware Activity..

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

2 more replies
Relevance 95.53%

I'm getting a constant popup, the message is the following:

"Windows Security Alert Warning! Potential Spyware Operation! Your computer is making unauthorized copies of your system and internet files. Run full scan now to prevent any unautorrized access to your files! Click YES to download spyware remover..."

this message pops up every 5 minutes. My control panel is hidden, can't access it, tried to navigate through windows explorer, which i did and clicked on it and got the following message:

"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."

don't understand, since its a home computer and I am the administrator.

I already tried scanning the computer with AVGAnti-virus and Spyhunter, removed all virus, trojans and whatnot, and still getting this problem.

What do i do? would appreciate any help!!!

Thanks....
 

More replies
Relevance 93.48%

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Fi... Read more

Answer:Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

29 more replies
Relevance 91.02%

Security Toolbar 7.1 at the top of IE installed itself as well as System Warning Messages (yellow triangle) saying "System performance monitor:Warning" and continuous IE windows popping up advertising / warning about spyware as well as Internet Explorer Warnings with OK or Cancel options. Have tried multiple virus scanning software / spyware scanning software to no avail. Have also tried Smitfraudfix.exe to no avail. Also haven't identified any new programs in add/remove programs to remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:34 PM, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS&#... Read more

Answer:Security Toolbar 7.1 / Security Alert: [email protected]

Hi,* Download ComboFix from here. **Save it to your desktop**In case you have used Combofix before, please delete the version you are having and redownload it again, because Combofix is being updated everyday.In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix, please disable your scanner and redownload Combofix again. Because some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.* Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.In case you see a sed.cfexe error with the option to send a report or not, choose "don't send".When finished and after reboot (in case it rebooted), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

10 more replies
Relevance 90.61%

Warning to All Windows users,

I have had multiple attacks from hackers who are using Windows Update to gain access to my system, and to create a public network so they can alter, monitor, and disrupt my network and system.

They show up as multiple Windows Updates that have the same Windows Update ID number that shows as being already installed. We all know that Windows is an unstable operating system with security flaws, but this is something that Windows needs to alert it's users to and to fix.

How can I update if I am unsure if it is a hackers update or a valid Windows update. I have Windows 7 Ultimate, and Vista Basic on the laptop, and both systems have been affected.

They hide their tracks by making their programs system files, and thereby fooling anti-virus and security software. I wanted to alert all Windows users, and share my experience with them.

clem65

Answer:Security Alert - Warning

For one thing, only MS have access to Windows Update and I can assure you all the software and updates on WU are secure. Dont get updates from anywhere else other than WU or microsoft.com addresses.

9 more replies
Relevance 89.38%

My mom's computer has got this virus that is really tricky, and I can't figure out how to get rid of. It pops up when windows loads and scans the system saying it's finding all these viruses and spyware, and asked if you want to clean it or continue infected. I slows the whole system down, and clears all the desktop icons off. It also blocks all websites that have anything to do with viruses, and other websites like microsoft and stuff. Says internet connection not working when going to those sites, and popups will come up. Also, it prevents task manager from being run, and for that matter, ANY .exe executable file. ANY. So I can't run any program to run spyware or antivirus programs. I can't even get in command prompt, run task manager, or goto system restore. Nothing. I tried running a bunch of programs off a flashdrive too, and same issue. I've read al these things about using malware bytes & combofix, but yet again, they are executable files, and when I try to run them I see a popup from the security alert icon in the bottom right corner that says that file is infected and "trying to send credit card info to ...." and to register the program again.... The computer doesn't start in safemode either, it will restart and ask to start it in normal or last known good config...

Any ideas?

Ryan

Answer:Help with System Security / Security Alert Virus!!!!

So when you try to start it in safe mode, your only option is last known good configuration?

7 more replies
Relevance 89.38%

I am not really sure where to begin . I have done the 5 steps before posting and I have attached the reports from Panda Active scan first then the Decker system scanner. My son was working on the computer on Thursday July 28th and said that a security alert came up after he downloaded an update to yahoo. Since then whenever you open up the internet explorer a system security status tab opens and then an internet explorer pop up that says:

"Warning!"
[email protected] is a virus that infects files with .exe extensions.It attempts to steal passwords and private information from the infected computer.
Type:Virus
Infection Length:138,293 bytes

Then it wants you to to click Ok or cancel. And when you try and close the tab another small pop up comes up that says

asD
release

And it wants you to click ok or it has a red x.

I have downloaded the McAfee virus protector and scanned my computer and it disinfected all the cookies and viruses but there were two that it said that it cannot remove and I am sorry but I did not write those down but it was some kinds of trojan virus. I would appreciate any kind of help.

Thank you!


Panda Active Scan




Incident Status Location ... Read more

Answer:Security alert virus/Trojan virus [moved from Security]

Hi and welcome to TSF.

Can you post the main text from Deckard System Scanner,it can be found at C:\Deckard\System Scanner\main.txt,thanks.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies
Relevance 88.56%

Hello.
I have suddenly started getting a security warning when I start my computer up. It is a warnig about the application App data\my name\local\idglie\inlhstva.exe. It asks me if i would like to run or cancel this file. I have tried running scans but this doesn't help.
Otherwse the computer function seem s to be ok.

thanks,

brendan

Answer:Security warning alert when i start my computer up

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

1 more replies
Relevance 88.15%

I got this virus a couple of days ago.I'm running Windows XP service pack 2When I re boot the computer, there's a fake red sheild on the bottom left of my screen beside the clock.When I try to open ANY programs, I get a "OPEN WITH" pop up window .I have rebooted in safe mode with networking, and am able to run programs from there.I have tried "rkill" as well as "Malwarebytes", and "Kapersky". I've also run a program from Microsoft to get rid of malware( I can't recall the name)My computer is still infected, and any help would be appreciated. Thanks

Answer:Windows security alert virus

I forgot to add that I also did a system restore, which didn't help.

18 more replies
Relevance 88.15%

I keep getting popups in my task bar saying 'windows security alert' telling me the computer is infected. However, upon clicking, it takes me to the AV security suite demo, then wants me to buy the product.

However, now I can't open anything. Ive tried clicking Spybot and Adware and the popups just say, application cannot be executed. File is infected. I tried downloading Malware bytes.. but after installation it too wouldnt open.

Might I be able to run these in safemode?

I dont know what to do. Any advice is greatly appreciated. Thank you.

More replies
Relevance 88.15%

I got pop ups for windows security alert and now all these porn sites are popping up and I can't do anything. We got this at work in Dec and someone from here helped me remove it. It was time consuming but it worked well. Can anyone help PLEASEEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:windows security alert virus

BC Removal Guide, Windows Security AlertThere are a number of these bogus programs...users need to provide accurate names to obtain the appropriate attempted solutions.Louis

18 more replies
Relevance 88.15%

I am having trouble opening any files, especially .exe files or update my virus protection, etc. Please help! SuperDave, you commented on a similar problem a while back, post titled:  Application cannot be executed. The file *** is infected. on: November 16, 2009, 09:44:38 AM I am reluctant to follow suggestions without expert advice.... Thanks in advance!

Answer:Help with Windows Security Alert virus

Hello.RKill by GrinlerLink #1Link #2Link #3Download Link #1.Save it to your Desktop.Double click the RKill desktop icon.If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.If the tool does not run from any of the links tell me about it.This only kills the active infection, the actual infection will not be gone.==============Please visit this webpage for a tutorial on downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixSee the area: Using ComboFix, and when done, post the log back here.

9 more replies
Relevance 88.15%

HELP!!!I have the same problem as highlighted in a previous threadhttp://www.computerhope.com/forum/index.php/topic,95177.0.htmlCan't open any of the versions of Rkill that are linked in there. I have tried installing various versions of Malwarebytes and renaming it and all the .exe files all to no avail. At the moment I keep getting a popup saying the file wuauclt.exe is infected roughly every 20 secs or so and it keeps reopening.Anybody got any ideas?Thanks in AdvanceM

Answer:Windows Security Alert Virus

Also forgot to add that this virus also causes IE to open at websites such as porn websites and other such websites every couple of minutesThanksM

2 more replies
Relevance 88.15%

My dad got this virus today but in some unusual form because damn thing has blocked every single program in the computer. So far I have been searching for hours to find a solution but nothing has worked. For this I am using my laptop 'cause his computer can't run any programs. I tried every single solution provided on numerous forums but nothing works. Computer is running windows XP service pack 2.95% of solutions says to download and install anti spyware, anti male-ware or anti virus programs but the problem is that none of the programs work to be able to do that. I even tried downloading it on my laptop than burning on a cd and trying to transferring it via flash drive but i can't open it in his computer because it is blocked by the virus.I tried safe mode, normal mode, tried to disable all startup items via ms configure but the virus still loads on startup. Only thing that I can open is My Computer but can't go any further and Control Panel but same thing like my computer I can't go any further than that. After all failed attempts I decided to do system restore which can't be done and reformat the drive but that is not working either.The thing is that whichever program I try to run Windows security alert starts scanning the computer instead and the program I tried to run doesn't open. For some reason Start Task Manager works and there is a thing called UVA.exe which is only one of unknown programs running and when I turn it of then windows security alert shuts down for ab... Read more

Answer:Windows security alert virus

start the computer in safe mode with networking and then run system restore, I had to do that recently and my computer now works fine

8 more replies
Relevance 88.15%

Hi my name is Dean and I am new here. I have tried reading some of the othere posts with similar problems to mine and have already run SDFix, SmitfraudFix, Kaspersky Online Scanner, Malwarebytes, Superantispyware Remover, McAfee online Scan, Webroot Windows Washer,AVG Antivirus and Spyware, Spybot and Adaware and Vet Antivirus and I STILL HAVE THIS THING POPPING UP ON MY SCREEN.It has popped up 4 times while I wrote this message so far.Here is a copy of my HJT report and SDFix report and I have attached a word doc that has a pic of the alert I get. Please note that everytime the alert comes up the virus name changes. Some I have seen are:Trojan.Spy.Win32.Logger, Trojan.Spy.Win32.Agent, Trojan.Spy.Win32.Greenscreen, Trojan.Spy.Win32.bankfraud, Trojan.Clicker.Win32.Tiny.h and the list goes on.PLEASE HELP.This is My SDFix Logb]SDFix: Version 1.218 [/b]Run by Dean on Fri 22/08/2008 at 23:32Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : No Trojan Files FoundRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-22 23:38:45Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidde... Read more

Answer:Pop Up Windows Security Alert Saying I Have A Virus

Hello allin1piWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

1 more replies
Relevance 88.15%

where can I get a up to date download of hijack this? Is this where I should start? I have Vista. It says windows security alert, infilration alert, details 114,153,104,236 port 42988 attack port 61441 threat win32/nugel.e , Thanks
 

Answer:Windows security alert virus. Help

13 more replies
Relevance 88.15%

I got the Windows Security Alert virus. I've run Malwarebytes and Super AntiSpyware in both regular mode and safe mode, and I can't get rid of it. What are my next steps?

Answer:Windows Security Alert Virus

Download DDS and save it to your desktop. DDS.scrDisable any script blocker if your Anti-Virus/Anti-Malware has it.Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr to run the tool.When done, the DDS.txt will open.Click Yes at the next prompt for Optional Scan.When done, DDS will open two (2) logs:1. DDS.txt2. Attach.txt (do not zip just copy/paste) Save both reports to your desktop then post them please.

7 more replies
Relevance 88.15%

Hi,

Since yesterday, I keep getting these pop-ups for Windows Security Alert then my computer tries to install Windows Anti-Virus 2009. I've downloaded an ran multiple anti-virus softwares but nothing seems to work. I looked on your forum and saw that you've recommended the following to things for other users with similar problems.

1. SmitfraudFix (by S!Ri) - I downloaded this zip file, extracted the files, rebooted my comp to Safe Mode, but when I try to open the SmitfraudFix.cmd file, I get a command prompt screen for 2 seconds then it disappears.

2. I also tried downloading and running the Superantispyware (SAS) free home version - I was able to successfully download, but when I select the .exe file to install, nothing comes up.

I'm not sure what else i can do, any suggestions?
 

More replies
Relevance 88.15%

Please help! Is the "Windows Security Alert" and "the Red shield" on the task bar a Virus?Thank you from TiredOfVirusesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 21:06:52, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\WINDOWS&#... Read more

Answer:Is Windows Security Alert a Virus?

Hi tiredofvirusesWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please do this.Download RSIT by random/random and save it to your desktop.Double click RSIT.exe to start the tool.At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.Please post the contents of those logs here in your next reply.Thanksmaranatha

2 more replies
Relevance 88.15%

Hi,

I recently got a virus on my laptop and am not sure how to remove it. Its the Windows Security Alert Virus. Any program other than browser won't open and I get a prompt saying that file is infected. The Windows Security Alert prompt keeps popping up in the lower right corner of the screen. And another window opens up with a fake scanner, link to purchase the virus software.

I scanned my computer a couple of time. And cleaned up some bugs in that process, but that didn't get rid of this particular virus.

I ran HijackThis and my log is below. Can anyone review this and see if they kow what the problem is? Any thoughts on what to do would be great. Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:13 AM, on 12/1/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Roger\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\... Read more

Answer:Ad Pop Up Virus - Windows Security Alert Pop Up

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 88.15%

Hi, I've read a few topics about this virus on here, but I've seen that it is important to start your own thread.  This is the virus that makes every program say "Application cannot be executed."  I already have SuperAntiSpyware and Malwarebytes Anti-Malware installed on the computer, but the problem is that neither of them will run unless it is in safe mode.  Also, I cannot go to any websites in normal mode or safe mode.  In normal mode, the virus makes it say that the webpage might be infected and safe mode just won't let me access websites.  This keeps from being able to update those programs as well as posting log files on here.  Right now, I am on a different computer in order to find help.  Any help would be greatly appreciated.  Thanks!Edit: I'm reading that if you use Safe Mode "with networking" that the internet should work, but it still doesn't for me.  Maybe this is because I am using wireless internet or because I'm using Internet Explorer (I don't have Firefox).

Answer:Windows Security Alert virus...

When I run SuperAntiSpyWare in Safe Mode, it finds the virus, but when I restart like it instructs, the same problem is still there.  I've also run Anti-Malware, but it doesn't detect anything.  I have tried absolutely everything I can think of.  Does anybody have any advice?  Thanks.

4 more replies
Relevance 88.15%

I ran rkill, malawarebytes, vipre anti-viurs and it stopped the alert message but now my computer is freezing when I shut down and half the time it doesn't get past the welcome screen when I boot it up. Explorer also freezes when I open tabs or try to navigate to links. Also continue to get random pop ups. When I first encountered problems I did a system restore which did not help and afraid it may have caused more damage.DDS (Ver_10-10-10.03) - NTFSx86 Run by Matt Sands at 18:02:28.65 on Fri 10/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2490 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate ... Read more

Answer:Windows Security Alert Virus

Hello Stakkibotris ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

17 more replies
Relevance 88.15%

I've had this virus for a couple of weeks now I believe. At first it told me that I had a virus or malware had infected my computer, etc., etc. I ran malwarebytes and avira, removed some files from the registry, all based upon reading entries from this forum and others. That seemed to work for about a week. Now, I get popups telling me various things, such as Damaged hard drive clusters; RAM memory is critical; Delayed Write Filed; etc.

It won't let me run Windows Defender, Windows Firewall, DDS, gmer, but it still does let me run Malwarebytes, Avira, and Hijackthis. Also, i can't access MS Outlook and must get my mail from another machine.

Help! I can post the last logs I got from when I ran the above programs or I can run them again to create new ones to post. Please let me know. Thanks!

Answer:Windows Security Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 88.15%

I have a Windows security alert popup telling me that windows auto update is infected and that I need to activate my AV software and update.I am locked out of task manager and add/remove programs; I have tried Spybot, AVG, MBAM, HijackThis, and Process Explorer...nothing works. Can any of you give me a hand with this? Thanks in advance.
 

Answer:Windows Security Alert Virus

6 more replies
Relevance 88.15%

Hello all, I would like to start out by saying that what you all are doing is a wonderful thing. With so many threats on the net, it's nice to come across a site with members who actually care enough to help us out. I want to thank you all for what you do. So here's the problem(s). My son's netbook was somehow infected with this fake windows security alert virus. It would keep giving "security threat detected" messages, and try to get us to subscribe to something to fix it. It also hijacked internet explorer, telling us that we had to subscribe to browse safely. After looking around online a bit, I decided to try malwarebytes. I ran the scan, it found and removed bunch of things. Since the scan however, we have started getting these audible "commercials" that play randomly through the pc's speakers. Also, every few minutes we will get multiple internet explorer script errors, even when internet explorer isn't running. The last part of the problem also started after the malwarebytes scan, this one is that every time we try to open any program, it brings up the "open with" menu. All of this has led my son and I to become very frustrated. Any help is greatly appreciated. I ran the DDS, but could not run the gmer, because it asked me to "open with." Here's the log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert at 19:27:43.75 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.... Read more

Answer:Windows security alert virus... help please

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------Download EXE File Association Fix and Save it to your Desktop.
Extract the reg file to your desktop and double-click xp_exe_fix.reg
Answer 'Yes' to merge/add it to the registry.
Click 'OK'.
X out of the window.
------------------------------------------------------

You should be able to run gmer and other executables now. Please post the gmer log in your next reply.

------------------------------------------------------

19 more replies
Relevance 87.74%

Hello,

I recently joined this site in hopes I can find a solution to a pesky problem on my laptop. When I launch Firefox, it goes to a page "Internet Threat Security" and then promptly crashes. Then security alert center pops up with the message that I have "Trojan.Zlob.G, asking me to enable protection. I cannot restart firefox and the security center alert pop up will not go away. Please, please help! My laptop is my workhorse and I need to find a fix. I am currently using a desktop to type this message because I cannot get online on my laptop. Thank you for any help in advance!
 

Answer:Firefox crashes and Security Center Alert Warning

Welcome to TSG

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply with a fresh Hijackthis log too.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.
===========================================================

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the ... Read more

3 more replies
Relevance 87.33%

Hi, I'm having a problem with pesky malware of some kind. It started with bogus "Windows Security Alert" messages, "Antivirus Software Alert" and "Infiltration Alerts", and "Security Warning / Application cannot be executed. The file xxxx.xxx is infected. Do you want to activate your antivirus software now?". It would also redirect me to different websites in IE8.Based on that info, I found the sticky forum on here that deals with that virus, and I ran RSKill, MalwareBytes, and also Spybot, etc. but the problems come back after the next reboot. I ran through the removal routine several times, but it keeps coming back.At the present time, the computer takes a very long time loading upon reboot, and IE8 blanks out whatever site address I type in -- it replaces the address with "http:///" and returns with a "the address is not valid" page. At the moment, the "Infiltration Alerts" are not happening, so I don't know if that first virus is gone, but it let another one in the door in the meantime, or if this is just a different manifestation of the original virus?I tried running DDS.SCR program as asked in the Preparation Guide. But it just flashed me the little black window with the DDS introduction for a few seconds, but never gave me the DDS.txt or Attach.txt results. I tried several times, without success.I was able to run the Gmer program on the second attempt. The first attempt ended after a... Read more

Answer:bogus Windows Security Alert messages, Infiltration Alerts, Security Warnings

Hello johntee, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. I will be analyzing your log. I will get back to you with instructions.

39 more replies
Relevance 87.33%

I'm trying to follow this link (http://www.computerhope.com/forum/index.php/topic,46313.0.html) but when I try to step 3 and click on super antispyware free edition it says fail to connect so theirs no way for me to download and continue. Can someone please help me. Thank you in advance.

Answer:Windows security warning virus

Hi,I got a download from here :http://www.filehippo.com/download_superantispyware/Maybe that might help .. hope so 

2 more replies
Relevance 86.92%

Hey guys, need some help getting this stupid security alert virus removed, its been on my computer for months and ive tried most things to try and eliminate it and no joy. Ive been using the right programs just not the right way lol. Can anyone help please?
 

Answer:Windows security alert virus removal help please?

16 more replies
Relevance 86.92%

I curently have a problem with my security center. It keeps poping up and saying do you want to block this suspicious software, trojan.win.agent.doc , net-worm.win32.dipnet.d it has more than these two these are just the ones poping up while i am writing this. I have searched forever i rand avg and superantispyware in normal mode as well as safe mode and nothing works i also ran a specialized program called sdfix that ran out of ms dos. All of these have found multiple trojans but it is like they aren't deleting them or its multiplying fast.
What really scares me is that when i run in it safe mode is that the pop ups still continue in safe mode.
Any advise on how to fix this would be extreamly appreciated.
THanks
 

More replies
Relevance 86.92%

On Sept. 24 my Windows XP PC began flashing "pop-up" boxes resembling Windows security system, but also simultaneously screensaver page porn icons appeared, random tv-radio sounding audio runs, and security system/protection system icons appear on screensaver page and lower right bar.

I am not a tech-savvy user. I have researched and read some other users' experience with the same, both in the past and in the past week.

I am not tech-savvy. Does anyone know how to permanently remove this spyware/malware program/

Thanks.
 

More replies
Relevance 86.92%

The other day, as I turned on my computer, I was bombarded with a bunch of suspect security messages and Internet Explorer popups. Having poked around online, it seems that this is a pretty common problem, and earlier I took logs using Malwarebytes and Hijackthis. I know these logs were not requested, but I figure posting them can't hurt... I'm not good with this stuff, so I'm not sure if there could be anything useful in them. The two requested files are posted/attached as well.Oh, and I've also been in safe mode for the last DDS and GMER logs, I hope that doesn't skew any data.And one last thing- should I not turn my computer off or disable safe mode throughout this process?MBAM log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 6.0.6001 Service Pack 1Internet Explorer 7.0.6001.180005/4/2010 1:00:34 PMmbam-log-2010-05-04 (13-00-34).txtScan type: Quick scanObjects scanned: 124686Time elapsed: 7 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted... Read more

Answer:Infected with Windows Security Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

12 more replies
Relevance 86.92%

Hello,I am encountering a problem with my machine, its a windows XP. I had received an email and opened the email but suspected something amiss as I didn't know who this person was, so I didn't open the attachment. Normally such mails goes in the spam folder. After opening that email, I am having this problem, a pop up next to the windows system bar comes up and it says " Windows Security Alert. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan of your computer. Your system might be at risk now" and then it opens up IE which is not my default browser and goes to a site called "http://avprocess.com/purchase?r=57.6" and after closing this browser, it also opens up an Antivirus Suite Demo called as "Antivirus Suite" and tries to perform a scan. I stopped the scan. Then again in the System bar it shows another pop-up which shows an "Infiltration Alert which says your computer is being attacked by an internet virus. It could be password-stealing attack, a torjan- dropper or similar. and then it gives details like the IP address 91.156.176.121", and then it asks, "do you want to block it YES or NO" .I ran SuperAntispyware and it showed couple of infected files. I removed them using SuperAntispyware, but still the computer was behaving abnormally. I then ran Malwarebytes AntiMalware in normal mode and it also showed ... Read more

Answer:Windows Security Alert - Suspect a Virus

Hey, i've just picked this up a second ago too

Java started up for no reason, then this happened...............so at least we know how we got it!!! Damn Java!!!

I'm totally blocked from running anything now. Can't even run MBAM off a usb key

3 more replies
Relevance 86.92%

I somehow got a windows security alert virus and I can't get rid of it. I used malwarebytes and it did not find anything. I can't get on internet from my laptop and every few seconds windows pop up telling me I have a virus and asking me to run scans and download things.

How do i get rid of this?

Answer:windows security alert virus removal

Try this: How do I remove the Microsoft FakeAV Alert

1 more replies
Relevance 86.92%

A nasty little virus popped up on my computer last night masked as a Window Security Alert. I downloaded MalwareByte's Anti-Malware and performed the scan several times both in Safe Mode and in normal operating mode followed by CCleaner. Although all of the infected files, keys, etc. were tagged, quarantined and removed, the icon is still in my taskbar. I don't want to click on it; from what I've read, that will launch the virus again, but how can I completely remove it?Any assistance would be much appreciated!

Answer:Windows Security Alert Virus in Taskbar

See msg.2 in the thread at the link below.http://forum.soft32.com/win3/Window...Tufenuf

3 more replies
Relevance 86.92%

The Other day the Windows Security Alert virus popped up on my laptop. Following the directions in another older, and now locked, thread on this website, I ran Malwarebytes' Anti-Malware and Hijackthis, and have logs from both. Does anyone know what can be done to erase the virus completely?MBAM log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4052Windows 6.0.6001 Service Pack 1Internet Explorer 7.0.6001.180005/4/2010 1:00:34 PMmbam-log-2010-05-04 (13-00-34).txtScan type: Quick scanObjects scanned: 124686Time elapsed: 7 minute(s), 10 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:05:09 PM, on 5/4/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18444)Boot mode: NormalRunning processes:C:\Progra... Read more

Answer:Help! Windows Security Alert Virus (w/ logs)

I would try booting into safe mood with networking (hit F8), and download http://usa.kaspersky.com/trials/hom... and scan with this. Or, download http://www.combofix.org/, disable your antivirus and rename the file to something like 123.exe, scan with it, and save the log to your desktop. Do NOT attempt to remove anything yet as it is a very powerful tool and doing the wrong thing could damage your system. Post the log here. But, if you're not comfortable with that, then I suggest using Kaspersky Anti Virus as mentioned above and doing a scan in safe mood.

4 more replies
Relevance 86.92%

Ive somehow ended up with the fake window security alert virus. Ive run Spyware Doctor and Super Anti Spyware remover and at first the combination of those two seemed to have removed it (the desktop icon dissappeared). However, the system try icon remains and ocassionally pops up to alert me that "Your computer may be at risk. Automatic updates is turned off. Click this balloon to fix problem." So I went into safe mode and ran Smitfraud Fix accordingly however it did not solve my problem, so Im coming to the experts. Any suggestions would be greatly appreciated.Thanks!John

Answer:Fake Windows Security Alert Virus

Start with this:Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.... Read more

35 more replies
Relevance 86.92%

Hi Im new on here...Thanks in advance for anyones help.I have yesterday recieved a virus that pops up a fake windows security alert every 15 minutes or so claiming i have suspicious software, i have read other forums and virus sites and it seems im not the only one.name: Trojan-Keylogger.WIN32.FUngRisk: High"keep blocking" and "unblock" are grey with the only option being "enable protection" which i havnt clicked. I understand it links to a fake spyware site.I have Run virus scanners ...-AVG-Malwarebytes Antimalware-Super anti spyware-regcure-ATF cleanerNon of which have worked, so i am now at a loss at what to do ?Please please HelpThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:43:51 a.m., on 30/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG... Read more

Answer:Fake windows security alert pop up virus

Hello andrewsha and welcome to BC Please follow these steps:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click o... Read more

2 more replies
Relevance 86.92%

Hi,

Looks like my laptop has been infected with the security center alert virus. I have XP installed on my laptop & I did a quick search to similar posts. Based on some of the results that I saw I have carried out the following steps

1. Saved HJTInstall.exe to my desktop.
2. Performed a system scan and saved a logfile button.

The entire contents of the log are pasted below.

Appreciate your help.

Thanks & regards

Rockingraj

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:47:34 AM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NETGEAR\WG511SCU\... Read more

More replies
Relevance 86.92%

Hi Im new on here...

Thanks in advance for anyones help.

I have yesterday recieved a virus that pops up a fake windows security alert every 15 minutes or so claiming i have suspicious software, i have read other forums and virus sites and it seems im not the only one.

name: Trojan-Keylogger.WIN32.FUng
Risk: High

"keep blocking" and "unblock" are grey with the only option being "enable protection" which i havnt clicked. I understand it links to a fake spyware site.

I have Run virus scanners ...
-AVG
-Malwarebytes Antimalware
-Super anti spyware
-regcure
-ATF cleaner

Non of which have worked, so i am now at a loss at what to do ?

Please please Help

Thanks
 

Answer:Fake Windows Security Alert Virus

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:51 a.m., on 30/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDO... Read more

2 more replies
Relevance 86.92%

Hey Everyone,I dont know what else to say but I need some help. I recently had a popup show that stated I had viruses and that I needed to install Personal Security tools to remedy the situation. I closed it out and my browser opened with a fake windows security alert which showed that I had all these trojans, malware etc... I have researched this for two days now and it seems to be common. Many people are experiencing major issues as the result of this, but that is what I do not get. I have no issues except for the popup showing twice in the last few days, but I do not want it to get to that point. Everyone has processes related to personal security, bogus files and registry entries. I have none, that I know of. I searched for all the known definitons I could find, with no luck. I know a little bit about computers and have always remedied the situation, but I just dont know about this.I have a dell laptop running Vista and nortons antivirus. I downloaded hijackthis and the log is below. Any help would be appreciated. ThxLogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:42:52 AM, on 1/8/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Google\GoogleToolbarNotif... Read more

Answer:Fake windows security alert and popup - Personal Security

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

2 more replies
Relevance 86.92%

Hello, 
 
Everytime I boot up my computer, my desktop (and icons) go away and I start to receive pop ups from a fake McAfee Security Alert and sometimes Windows Security. I have ran RKill, Malwarebytes, ADWCleaner, Junkware Removal Tool, as well as Hitman Pro and none of them found anything. I have also reset all my browsers and looked for any unusual programs/processes (which I found none).
 
Not quite sure where to go from here, any help would be appreciated. 
 
Attached is my Hijackthis log.
 
Thank you!
 
 

Answer:Fake McAfee Security Alert and Windows Security popups

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.How to attach a file to your reply:In the Reply section in the bottom of the topic Click the "more reply Options" button.Attach the file.Select the "Choose a File" navigate to the location of the File.Click the file you wish to Attach.Click the Add reply button.===Please post the logs.p.s.HijackThis is no longer supported and not ready for your operating system.I suggest your remove via the Control panel > Programs > Programs and Features Applet.Use the Farbar tool from now on to report problems.<<<>>>

6 more replies
Relevance 86.92%

I know you can help me with this - but I'm entirely lost.I'm getting notifications/pop ups from AV security suite saying my computer is infected, "Application cannot be executed. File xxxx is infected. Do you want to activate your antivirus software now?."Odd thing - This is happening on two machines, which to the best of my knowledge have never shared a removable drive, and haven't even visited the same websites for months - my desktop running XP and my wifes laptop running Vista.I'm also seeing the (I assume) associated windows security alerts and spyware alerts windows.In the AV suite window I'm seeing malware names such as "Backdoor win32, and Downloader win 3...On my XP machine I had it in to the "Easy Techs" a short time ago - for a virus removal [trojan AV] which obviously didn't remove it. I haven't experienced any of the Trojan AV virus on wifes laptop and the AV suite thing is new and started on both  (seperate machines) at the same time?I haven't downloaded any fixes or requested any help anywhere else for this issue.can you help please?

Answer:I too have AV security suite and Trojan AV issue, windows security alert, etc

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.Save Rkill to your desktop.There are 4 different versions. If one of them won't run then download and try to run the other one. Vista and Win7 users need to right click Rkill and choose Run as Administrator You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.* Rkill.exe* Rkill.com* Rkill.scr* Rkill.pifOnce you've gotten one of them to run then try to immediately run... Read more

14 more replies
Relevance 86.92%

I have an infected computer that is popping up multiple Security Warning and Spyware Alert! notices and then open IE and redirects to www.prono.org. I can't open the task manager or the add/delete control panel.

I've tried restarting in Safe Mode with networking and then running Malewarebytes (updated) however still have problem. I tried running rkill.com and then uninstalling/reinstalling Malewarebytes in Safe mode with know luck.

I tired following steps in the "Preparation Guide for use before posting about your potential Malware problem". I downloaded dds.scr and RootRepeal.exe to a clean computer and then transferred to infected computer on a USB drive. When I tried to run (double clicking) dds.scr it pops open Notepad with a bunch of random text. The only thing readable is a note that says "This program cannot be run in DOS mode". dds.scr shows as a File Type "DWG TrueView Script" on our computers (we run AutoCAD).

I decided to stop there and post. I'm posting from the clean computer.

As always, any help will be greatly appreciated.

Answer:Multiple Security Warning, Spyware Alert!, and www.prono.org redirects

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

1 more replies
Relevance 86.1%

Hi everybody, and thank you so much for your generosity in participating on such a helpful, altruistic website!I've got a serious problem with the "Windows Security Alert" hijack, but I am unable to follow any of the extant advice I've found on the site because I cannot even download or run new applications AT ALL for a number of reasons.Here's what's happening in brief: -the message "Windows security alert" continually appears in my tray, about once every eight or ten seconds. This is accompanied by an icon of a green shield with a checkmark over it called "Antispyware Soft"-although I'm a Firefox user, occasionally I get an Explorer pop-up that I cannot close prompting me to download something called "Antispywaresoft - Powerfull (sic) PC Protection !"-my search has been hijacked and will not work at all-my downloads tab has been hijacked, and nearly every new security app I attempt to run is blocked by the virus. The only program I have been able to run successfully is TFC.exe, but I suspect even it is being interrupted-I'm not even sure if I'm successfully downloading some of the anti-hijack programs I've attempted to use, as nothing I've attempted to download is showing up in the usual location when I attempt to search for it manuallyIn short, I am completely snarled and have no idea what to do next. Are there any specific dll files that I should destroy myself? Is there perhaps a webform... Read more

Answer:Urgent help needed re: Windows Security Alert virus

Wow everything that you just said is happening to me too. 

2 more replies
Relevance 86.1%

I have a Windows security alert saying that my anti-virus s/w may be off or out of date - I have checked and it is neither! How do I get rid of the alert (it happened after I installed IE 7 beta! i have now uninstalled IE7)

Answer:Avast Antii-Virus & Windows security alert

Did you set up a restore point or look for a restore point before IE7 and go back to it

6 more replies
Relevance 86.1%

Hello, I've got an issue with my computer, and i've been coming here for problems like this for a long time so I'd love some help. As of right now I have a virus on my computer that is causing several warnings to pop on the tool bar saying various files are infected, and that the application cannot be executed. It wont let me open task manager, It wont let me run HJT to get a log to post, it wont let me run malwarebytes, it wont let me do ANYTHING...Any help would be awesome....and much appreciated.
 

More replies
Relevance 86.1%

I'm a newbie,
I have the fake windows security alert popping up. I usually close it by going to task manager and stopping it with end process. But it obviously comes back. Not every time I reboot, but when a friend uses the system to surf, that is when I got it and it just so happens TONIGHT it appeared for the first time in weeks after he was online. I believe he goes to EBAY and other auction type sites, I don't know where he got it but I am certain it is on my system due to his surfing.
Attached is my Hijack this log, I also have Norton on my system and find it to be useless. If it is in fact less than optimal to have it on my computer I would also like to find a way to get it OFF my computer.
Thank you in advance,
ktkia

Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:42:18 AM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\S... Read more

Answer:fake windows security alert malware/virus

16 more replies
Relevance 86.1%

Good evening,

I just spent the latter part of the day killing off numerous viruses and malware on this PC. However, I don't think they're totally gone.

When I browse certain webpages, I'm redirected to scour.com or other websites. There used to be pop-ups, but I've nixed that with Housecall. TDDSkiller or something nailed another virus and I ran malwarebytes, adaware and AVG. It seemed like my PC was clean, but the redirects are happening at random.

Also, there's an annoying Windows alert stating that my automatic updates are turned off when in reality, they're on (so it says on Automatic Updates in the Control Panel). When I click the balloon, it shows I have it off and I try to turn it on but it says that I'm unable to and have to do it manually - but as i said, it seems to be turned on already!

I have a Windows XP SP3. I didn't want to run any additional stuff unless instructed to.

Would really appreciate the help.
Thanks.

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

... Read more

Answer:Redirect virus, Windows security alert balloon

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

19 more replies
Relevance 85.69%

Before I posted this thread I read the "5 step process." I tried to open add/remove program but it wouldn't open it says operation cancelled contact admin.

My actuall problem is that I keep getting a pop-up that says:

"Windos Security Alert - Warning Potential Spyware Operation - Your computer is making unauthorized copies of your system and Internet files. Run full scan now to prevent any unathorised access to your files! Clik YES to download spyware remover ...

Could I please have some much needed help with this problem.......

Thank You in Advance!!!!

This is my Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:19, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Toshiba\Wi... Read more

Answer:"Windos Security Alert - Warning Potential Spyware Operation

Hello -

If you had completely read all 5 steps of the pre-posting advice, you'd have seen:

Quote:




It is appreciated that the level of infection may not allow you to complete all these steps. Therefore, if for some reason you cannot perform one of the steps, move on to the next step and advise the Analyst accordingly when you post the requested logs.




And:

Quote:




Posting Rules

1. Please do not start a new thread each time you reply. We need you to keep your logs in one thread only. It?s almost impossible to complete a fix by trying to follow more than one thread.




I deleted your other two threads.

You'd also have seen:

http://www.techsupportforum.com/secu...sting-log.html

Where what we really want is a set of logs from Deckard's System Scanner. It's more comprehensive than HijackThis alone.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button und... Read more

1 more replies
Relevance 85.28%

Please help me to remove these... here is a log file

Logfile of HijackThis v1.99.1
Scan saved at 9:01:23 PM, on 26/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files... Read more

Answer:Virus Alert! / Security Alert! taskbar icons - spyware

Hi phlie - welcome to the forum

You have smitfraud/SpyFalcon on your system.

Run HijackThis again in safemode, select the following and fix:

C:\WINDOWS\system32\atmclk.exe

C:\WINDOWS\system32\dcomcfg.exe

O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp

O4 - HKLM\..\Run: [Ml31K3T] C:\WINDOWS\djwoqb.exe



You also need to run all the fixes HERE exactly as instructed - then run CCleaner to remove any rubbish left behind.

Then get rid of your Norton AV and install a decent one like Kaspersky - plus download and install Windows Defender, Ad-Aware, Spybot S&D and SpywareBlaster from HERE
 

16 more replies
Relevance 85.28%

Hello, and thank you in advance for your time.I recently got my PC (Windows XP HE 2002 Service Pack 3) hooked back up to the internet. Oh joy. Soon thereafter, trying to get some sort of Windows Security Update (I believe it was a false one, but it looked like the real deal with the flashing shield icon) resulted in my computer becoming infected with some sort of vicious virus... I suspect it's a Trojan, but I don't know?? I don't believe I ever downloaded that service pack 2 for XP that was mentioned, but I do now have Service Pack 3, so I guess it's entirely possible. Either way, I went to work trying to clean out all of the junk... I followed your Preparation Guide to the T. I can still get online and perform relatively simple tasks, but I have a few problems that remain. My comp is still uber slow, in the sense that it can't run anything requiring more resources, like videos, Itunes, and ProTools. Even startup is slow and weird: the intro Windows music is all digitally choppy and weird sounding. The system is just bogged down. Trying to stream a video online from ABC, for example... my computer can't handle it, and it used to be able to. The weirdest thing is, in the process of all this, my CD and DVD/RW drives aren't being recognized anymore. When I tried to reinstall them, it detects them as being connected, but the drivers are missing. Weird stuff! To me at least, I'm not very troubleshootin savvy. That's why I need help from someone! I really don't want to hav... Read more

Answer:Help With Unknown Virus That Started Out As The Fake Windows Security Alert

Hi and Welcome to BleepingComputer.Please open Notepad. Select Format from the Menu and remove the checkmark from Wordwrap. That will allow us to better read your reports. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unl... Read more

2 more replies
Relevance 85.28%

A couple of days ago I got a link to a website from a friend and clicked on it thinking it was safe (is there a way to scan websites for viruses BEFORE visiting them?) and since then my computer has been acting fishy. Immediately, my NOD 32 blocked it, stopped the connection and removed it (or claimed it did all that stuff). Then a new window for Antivirus 200X popped up 3 times and I x'ed out all three. About a day later, NOD said it found something new that it never encountered before and sent it in for evaluation.

Since I clicked on that link, every time I'm in Firefox, new windows open, despite my pop-up blocker software running. Sometimes they aren't even visible (but very audible) and show up as a blank icon when I "alt-tab," so I know they're there.
My computer has slowed down A LOT and can't run as many programs at the same time. I use to run BitLord, FireFox, Multiple Video players and iTunes- sometimes even a game, at the same time- no problem. Not any more. One or two "don't respond" or have to "shut down immediately"

There is a Red Shield with an x down on the XP toolbar to the bottom right that claims it is Windows Security Alert. I've read up on rogue antivirus software bearing both the Windows Security and Antivirus 2008 name, but neither are in my Programs folder. I also noticed two questionable processes: wscntfy.exe and a rundll32.

A fully updated NOD32 didn't find anything in a scan; b... Read more

More replies
Relevance 85.28%

Hi everyone,
the search function seems to not work for me. My screen stays blank for awhile so i'm sorry if this is repeated.

I use the antivirus program avast (avast! 4 Professional Edition)


Although my computer seems to not be able to detect it.


This happened to me before when i had macfee but i was given an option to redirect it (from where i can remember) and the problem was resolved easily. Although this time it only gives me this option


it still gives me a warning after and its just annoying. Can someone help pls and thank you

Answer:Windows security alert not detecting anti-virus program

Hi there Stole

You need to tell windows that you have your own anti virus running..

Click on control panel - select Security centre
Look at the bottom of the window you will see the option
Manage Security Settings For
Select the recommendations button
Now place a tick in the checkbox near the bottom next to which says which says "I Have an antivirus program that ill monitor myself (.....etc)"
Click on the OK button and the virus protection screen should turn yellow

Hope this helps

2 more replies
Relevance 85.28%

OS: Windows XP

My brother was using my computer and, at some point, noticed that my computer was acting strange. He started getting error messages about the hard drive, and all of the icons on the desktop disappeared along with the start up menu options and the "All Programs" list. When I investigated, I was not able to boot up in safe mode. Instead, I got a blue screen which read:

"A problem has been detected and windows has been shut down to prevent damage to your computer.
IRQL_MoT_LESS_OR_EQUAL"

And then it would go into a memory dump. After it was finished it would give me the option to boot up in safe mode, but if I chose that option I would get the blue screen with the message again. So I eventually booted up in normal mode and attempted to access files by making hidden files viewable (all files were made hidden by the virus), but I would get interrupted by a program posing as a windows security alert and windows recovery which would constantly pop up warning messages.

I would finally manage to make the files viewable, but then the virus would change the option to make them unviewable again -- after repeating this process a few times, it would force a shutdown. I wasn't able to access the task manager either. After several reboots and a little persistence, I was finally able to execute a full malwarbytes' scan which found a bunch of stuff and deleted them. I ran spybot right after which found some more stuff and deleted them. Then I ra... Read more

Answer:Fake windows security alert/recovery -- virus/hijacker

Please ignore this thread, I got help in another forum. :)

2 more replies
Relevance 84.46%

I recently downloaded a movie from a non-trusted source and, voila, I now am the proud owner of the Security Suite! I am a lucky man. Anyway, I need to wipe this stuff off my laptop and haven't had any luck using the generic removal guide on this site. I use firefox and cannot access the internet (browser starts up but stalls and must be ctl-atl-delete shut down) so I'm posting from my clean desktop. I've used this fantastic site in the past and it was my first thought upon contracting this annoying bug. Any help would be greatly appreciated!

I'm getting multiple pop-up warnings on my desktop, including a "Security Warning" which states: Application cannot be executed. The file (this part can vary) rundll32.exe is infected. Do you want to activate your antivirus software now? Another pop-up is RUNDLL with a large red X on the left side. It says: Error loading cffqp.dll (this also changes depending on what I'm doing). The specified module could not be found. You can only click OK on this.

There's a pop-up on the lower right where the shield from the malware is on the taskbar. It states: Windown Security Alert with a red X to the left. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now. (I'm not particularly impressed with their sentence structure)

It will... Read more

Answer:Windows Security Alert / Security Suite

I noticed Pandy edited this post and removed it from MR. I cannot run DDS to get a log! Read my post!

2 more replies
Relevance 84.46%

Security Alert. Virus Alert! Application can't be started
I am screwed...my kids got this virus on my work laptop.
It just keeps popping up
Windows Security Alert
Attention Spyware alert.

Can anyone help please get rid of this virus..
Thanks,
Stephen

Answer:Security Alert. Virus Alert! Application can't be started

Hello.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install th... Read more

1 more replies
Relevance 84.46%

I found the site after getting the worst virus ever. It seems that I have removed almost all of the damage it did to my computer, by following the directions in this post, from a person who has the exact same problem as me: http://www.bleepingcomputer.com/forums/t/161834/window-security-alert-keeps-popping-up-saying-i-my-computer-is-infected/I did everything in that post, twice, as well as running SmiFraudFixI then did every thing on the prep page (http://www.bleepingcomputer.com/forums/topic34773.html) to the last detail. The Stinger found many viruses that it would not remove, only list, and I do not knw why my fully updated Symantec cannot find them. I have spent over 12 hours on this, and I am at my wit's end... considering a format & reinstall, but I do not have my original Windows disk...I am still getting the pop-up security alerts, and my virus program keeps catching IEDefender.Should I post a ComboFix or HiJackThis log? My d/l rate and computer speed has slowed significantly since installing all all this third party software.Please help! Thunder seems to have this down.Mod Edit: Topic moved from HJT to more appropriate forum~ TMacK

Answer:Windows Security Alert, Iedfender, And Anti-virus Software Question.

Please run this tool first Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Sho... Read more

7 more replies
Relevance 84.46%

Hi

My first post here, so here we go...

Laptop was infected a couple of days ago, windows security alert pop ups, and constant warnings that windows explorer has stopped responding and crashing whatever program that was running

I ran malwarebytes, avg, trojan killer (all in safe mode) all programs reported infections but after removal I was unable to run the laptop 'normally', the only way I could run was in safe mode, but still had the window explorer had stopped working and crashes problem.

I have done a system restore, and everything seems to be working, but slowly!! i have also noticed that i have 'tango' in my add/remove programs which a can't get rid of, I have run malwarebytes but the log is clean.

I am worried that there is still bad stuff going on, can anyone advise please...........HJthis log
 hijackthis.log   6.72KB
  1 downloads

Thanks in advance

Answer:windows security alert virus, tango toolbar, slow computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

2 more replies
Relevance 81.59%

Was hit by the FBI MoneyPak ransomware virus a couple of days ago. Seem to have successfully removed that virus along with a number of other ones (ZeroAccess.Trojan; Java/Exploit.Agent.NBD.Trojan; . Unfortunately, my computer continues to show a Windows Security Alert ("red shield") in the start-up tray indicating that "Computer may be at risk" because "Automatic Updates is turned off." Also, while using a cleaning tool (adwcleaner.exe) during the FBI ransomware virus clean-up, a security alert (from AVG Anti-Virus Free-Edition 2012) popped up to warn that the cleaning tool (adwcleaner.exe) was a "rogue" program.Have pasted contents of the ddt.txt below. Also attaching the Attach.txt.Was going to attach Ark.txt (GMER log) once the GMER scan was finished, but got a blue screen saying: "A problem ahs been detected and windows has been shut down to prevent damage to your computer.""IRQL_NOT_LESS_OR_EQUAL""If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:[I will spare you all of the details here and just add technical info.]"Technical information:*** STOP: 0x0000000A (0xFAABDC00, 0x00000005, 0x00000001, 0x806F48EE)Beginning dump of physical memoryPhysical memory dump complete.Contact your system administrator or technical support group for further assistance." Any help in figuring out how to remove this malwar... Read more

Answer:Windows Security Alert ("red shield") appears in start-up tray & report of "Rogue Virus" threat when using...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

18 more replies
Relevance 81.18%

Hi Moderator,
This is observed that when Virus Protection is disabled, Action center displays message that Virus Protection is OFF and "Turn On" button is enabled. After clicking it below dialog is displayed.

--------------------------------------------------------------------------------------------
Action Center
--------------------------------------------------------------------------------------------
Do you want to run this app?
You should only run apps that come from publishers you trust.
Publisher: Symantec Corporation
Program: Symantec Corporation

--> Yes, I trust the publisher and want to run this app
--> No, I would like to verify the identity of the publisher before
      running this app.
--------------------------------------------------------------------------------------------


My question is why this dialog has been displayed? Before that Notifier application is double signed with Verisign CA. When I click on "Yes, I Trust the publisher ..." dialog disappears and Protection is enabled. To "Don't show me..."
I have checked checkbox so that it should not appear again but alas, next time when I disable Protection and again try to enable it from action center, same pop-up is displayed. So what is causing this pop-up message? This behavior is observed on Windows Vista
and versions post Windows Vista.

Thanks in Advance, with confidence that I will not be upset on MS forums and ge... Read more

More replies
Relevance 80.77%

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

Answer:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

4 more replies
Relevance 79.95%

Hi, I'm a n00b who accidentally downloaded the Security Alert virus. I've gone through the initial steps as indicated, but Super Anti-Spyware won't run no matter what I do. I'm running Windows 7 and am admittedly unfamiliar with it. Can anyone help me get rid of this virus? I would be eternally grateful.
 

Answer:HELP--I've got the Security Alert virus

shellberry24 said:





I've gone through the initial steps as indicated, but Super Anti-Spyware won't run no matter what I do. I'm running Windows 7 and am admittedly unfamiliar with it. Can anyone help me get rid of this virus? I would be eternally grateful.Click to expand...

If SAS doesn't run, skip it and move on. We need to see what logs you can get us.
 

1 more replies
Relevance 79.95%

I've tried to get HJT onto my machine, but w/o any success. I can not access the internet. I used another machine to save HJTsetup to a flash drive. When the flash drive is installed it appears to be on and communicating, but the PC does not recognize the drive.

I can access the control panel, but can not delete any programs.

I have had sporatic success with launching Task Manager.

My Desktop is blank/black.

Whenever I try to perform a task I receive a security alert warning me of impending danger and the program trying to access credit card information. The file that's normally referenced in the warning is Lsas.Blaster.keyloger.

The machine has been restarted twice since the initial warning.

I believe I may have received the infection from installing Malwarebytes' Anti-
Malware from download.com

Yep...I'm dead in the water at this point.

Thanks In Advance!
 

Answer:Security Alert virus

A little clarification:

the popup is Security Tool

There's a "fake" icon for security tool with a red X through it in the tray.

There's also a red X on the Window's Defender icon in the tray. Clicking on either of these icons provides no results. There's another icon with a red circle with a diagonal line through it for Blocked Startup programs...right or left click results in a menu and for "Run blocked program" it shows Malwarebytes Anti-Malware.

Please advise.

Thanks!
 

2 more replies
Relevance 79.95%

I see in the forum that others have had this problem since 2010, with Explorer and Google, no satisfactory response was ever offered.  The pop-up appears pretty quickly after pulling up home page (mine is yahoo), and either will not close regardless
the option chosen, or re-appears so quickly I can't function behind it. 
Pop-up says "The identity of website or integrity of connection cannot be verified." this is followed by 2 checked bullet points "Security certificate is from a certified authority," and "the security certificate date is valid." 
But 3rd bullet point is marked with an alert symbol and reads, "the name of the security certificate is invalid or doesn't match name of the site." Followed by "Do you want to proceed?
Is this truly an alert?  If so, what should I do, security-wise??  If not, how do I stop the pop-up???

More replies
Relevance 79.95%

Yesterday evening my son was doing his homework and alerted me that numerous XP Security Center windows popped up and he couldn't get rid of them. I checked it out and couldn't get rid of them either. I tried to open Microsoft's Security Essentials and run a scan but couldn't open it up. I then tried to access the internet to get some help but couldn't get on that either. We tried to get on the internet with (2) other non-infected computers and no problem. I should also mention that several months before Christmas I was getting a lot of redirects and "Warnings that this site is unsafe". I ran Microsoft Security Essentials, found some viruses, and removed them. Everything was working fine until now. What should I do? How do I get rid of this? Keep in mind, I can't access the net so any suggestions or solutions will have to be downloaded onto a flash drive and then copied onto the infected computer.

Thanks.

Answer:XP Security Alert Virus

Hello, I am moving this fron XP to Am I Infected.If you cannot het connected in Safe mode you can copy the tools to a Flash Drive or CD and run from there.or the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.ORGo to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process.>>>>>>>>>>>>Please follow our Removal Guide here Remove Win 7 Antispyware 2012 .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply

3 more replies
Relevance 79.95%

Hey Tech Guy (s),

My parents infected their computer with a virus that pops up upon turning the device on. The virus seems to have been brought about when they clicked on a spam email. The computer they have is an older Dell (Dimension 2400) and runs XP. The virus is a "Security Alert Virus" that will not allow any program to open up when you are booted up in regular mode. It just keeps saying that each program you try to open up "may be infected." It is even blocking their access to the Internet. I booted up in safe mode and ran Avast and Spy Bot, but I would be willing to bet they did not totally delete the virus from the device. My old lap top had 2 Trojan viruses and a similar forum helped me out. I have already ran a HJT log and it is posted below. If you could please help me help them, that would be great! We would like to thank you in advance for you time and support with this matter.

Sincerely,

Greg

It seems that the message is too long with the HJT log. I will post it in a subsequent reply and attach it to this one.
 

Answer:Security Alert Virus

Still cannot post HJT log because of length. Hope the attachment can do.

Thanks

Greg
 

1 more replies
Relevance 79.95%

Yesterday evening, numerous windows popped up displaying "XP Security Alert" and advised me that I had a lot of viruses on my computer. In order to clean my computer it said I needed to purchase a full version of their program. I figured it was a scam or virus and immediately clicked out of them. I then tried to run a scan using Microsoft Security Essentials and I couldn't open it. Then I tried to log onto the internet to get more information on what to do but couldn't log on. I immediately shut everything down and disconnected the computer from my router. I should also mention that a few months ago, I was having problems with "redirects" when surfing the web. At that time, I ran Microsoft's Security Essentials, removed several viruses, and everything seemed to be working fine until last night. I was talking with a co-worker this morning about my problems, he said he had similar issues and suggested I contact you. Can you help in any way?

Keep in mind, I can't log onto the internet, so any information you provide will have to be downloaded onto a flash drive and then copied onto the infected computer.

Thanks.

Answer:XP Security Alert Virus

Hello, I moved this from XP to the Am I Infected forum.Please follow our Removal Guide here Remove XP Security .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

1 more replies
Relevance 79.54%

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

Answer:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

4 more replies
Relevance 79.13%

Ok, so I recently re-installed windows (Windows 7 Home Prem. 64 bit, SP 1), had no issues with it before, Had this PC for year and a half, and today suddenly it gives me the above error when i try to download a file (Even windows updates) off of IE, It's also worth noting pictures do not show up either.
I have found a temporarly looparound by moving a Firefox copy onto this PC from my Labtop via flash drive, but its far from a fix. Still can't download anything, but I can see images and watch some youtube videos.

But theres another error as well when i try to download off of firefox:

I have tried changing my Internet Security settings, but they don't solve anything and they actually reset themselves back to the defualt (Your current security settings do not allow this file to be downloaded) after about 5-10 minuites.

Pretty confident it's a windows issue and not a Networking issue as everyone else can connect fine, and iits also causing issues like "File is corrupt" whenever trying to open files, and is breaking both Firefox and IE, But if mods think this thread is more appropiate somewhere else, Be my guest to move it where it would get awnsered better.

Tried so far:
Reinstalling windows (Yes i moved my games/files to flash drive(s) and formatted my disk when installing)

Changing Internet Security Settings

Thanks in advance.

Answer:Security Alert Your current security settings do not allow this file to be downloaded

Hi, welcome to the forums you say changed internet security settings go to start, search and (copy paste) inetcpl.cpl ,,2 Open custom and make sure a check in "enable" is set for "Downloads". If you have already done this (it is this way by default) what Anti Virus do you use, and firewall.

8 more replies
Relevance 78.72%

On booting up this morning I received a Windows Security Alert claiming my anti-virus was switched off. I use Kaspersky Internet Security and on inspection it says that it's switched on and that my computer is protected. However, on clicking the Security Alert there's a red cross on the list saying my anti-virus is OFF. Is this simply a mistake, or is there something I should do about this? I have Windows XP Home with SP3.

Answer:Anti-virus/security alert

Some AV's were not recognised by Windows XP. I run Karspersky with Vista, and there is no problem.If this is a new problem try a system restore.

3 more replies
Relevance 78.72%

A copy of the log file from hijack this is enclosed. I'm using my laptop as my main computer since my regular computer will not allow me to log onto the internet. I dont trust the XP security. So send the information either to this email account or to my emial account as I can still apen that. Here is a copy of the log. HELP ASAP!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:48:51 PM, on 4/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
h:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Motive\McciCMService.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\CDBurnerXP\NMSAccessU.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe
H:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\ctfmon.exe
h:\PROGRA~1\MI239C~1\msseces.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Documents and Settings\Geof\Local Settings\Application Data\dcv.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - H... Read more

More replies
Relevance 78.72%

A yellow triangle with an ! in the middle with a box that says Security Alert:[email protected] Virus that infests executable files, damage level high. Hijackthis logLogfile of HijackThis v1.99.1Scan saved at 9:22:45 PM, on 3/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\UAService7.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\BCMSMMSG.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:&#... Read more

Answer:Security Alert:[email protected]

Hi Download SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.zipExtract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.______________________________Download : Download AVG Anti-Spyware 7.5 and save that file to your desktop.This is a 30 day trial of the programOnce you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Select ?Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
Go to Start > Run and type: services.mscPress "OK".In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard.When you find the guard service, double-click on it.In the Properties Window > General Tab that opens, click the "Stop" button.From the drop-down menu next to "Startup Type", click on "Manual".Now click "Apply", then "OK" and close the Services window.Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.On the main screen select the icon "Update" then select the "Update now" link.Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, manually upd... Read more

1 more replies
Relevance 78.72%

I keep getting an icon in my toolbar that says:

Security Alert: [email protected]
Type: Virus/Network Worm
Damage Level: High
Description: Virus that infects executable files.
Recommendation: Delete/quarantine immediately
Protection: Click this baloon to download certified Antivirus Software

This in not the only message i get from this balloon and they keep coming up every 2 minutes.
If I click on the balloons it tries to install bestseller antivirus. How can I get rid of this thing. I read somewhere that this may be a part of a program called Security toolbar 7.1 which is also on my computer and I think is causing many pop ups from IE saying that I have viruses. I cant get rid of this thing either. Can someone help me get rid of these things?:cry Help would be appreciated.
 

Answer:Security Alert: [email protected]

1. Download this file - Combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Then do: READ & RUN ME FIRST. Malware Removal Guide

Attach the ComboFix log along with the other requested logs.
 

3 more replies
Relevance 78.72%

I am looking for some help as my Computer has been taken over by a Virus.I am using the computer downstairs.I am not by no means a expert so i will require step by step directions.My Computer keeps poping up with following message:Window Security Alert application cannot be executed the file wltuser.exe is infected.I currently do not have a anti-virus on the computer because last time we installed it the computer slowed down to where you could barely use it.The virus will not let me run anything,but if i restart there is about a 2 min window before the virus takes over.I have been successful in running Hijack this and have a log available.Please help!!!

Answer:Window security Alert Virus

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.Let's try this.Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run. Save Rkill to your desktop.There are 4 different versions. If one of them won't run then download and try to run the other one.  Vista and Win7 users need to right click Rkill and choose Run as Administrator  You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.Rkill.exeRkill.comRkill.scrRkill.pifOnce you've gotten one of them to run then try to ... Read more

14 more replies
Relevance 78.72%

So, this malware is bugging the bejesus out of me. I've tried AVG and AdAware, both scanning and removing all problems it finds, but I cannot seem to shake this damn thing. Please! I implore you! Help! I will do whatever you ask! hehe...

Answer:Security Alert [email protected]

Hi, welcome to Tech Support.

Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Delete the older version once you have successfully downloaded and installed the latest version.

Run the a scan and submit a fresh HijackThis log for my review.

2 more replies
Relevance 78.72%

I believe this is part of the perfect defender 2009 malware. cnat get rid of it. i run the standard programs plus malwarebytes but still get the security alert popup. here is HT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:54 PM, on 12/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\S3trayp.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\... Read more

Answer:security alert sinowal virus

We apologize for the delay in responding to your request for help. We are volunteer staff at Bleeping Computer and get overwhelmed at times with the large number of users seeking help. We are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate your letting us know. If not, please perform the following steps so we can have a look at the current condition of your computer. If you have not done so, include a description of your problem along with any steps you may have performed so far.When you have completed the steps below, a staff member will review the log and provide instructions for you to get your computer clean and free of malware.Thanks and we apologize for the delay.We need to see current information on what is happening in your computer. Please perform the following scan: Please download DDS by sUBs from one of the following links. Save it to your desktop.DDS.com DDS.scr DDS.pif After downloading the tool: Disconnect from the Internet. Disable all antivirus/anti-spyware protection. If needed, please read How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. Double click on the DDS icon, allow it to run. Please note: If the scan fails to run, you may have to dis... Read more

3 more replies
Relevance 78.72%

Running Windows Vista Home Basic on a Dell Inspiron 537S. Got a virus with fake security alert pop ups and it would also randomly open up x-rated websites. It started the night before we left for holiday vacation so I just turned it off and left it for 2 weeks until we came back. Did a little research and ended up running Malwarebytes Anti-Malware Software in safe mode. It stopped the pop ups and random websites, but computer is still acting up and no websites will load at all. I have two profiles set up on the computer, an administrator and a guest. The admin profile has very limited use. It will not open some programs and will not load the internet at all. The guest profile can acess the internet, but when trying to open some sites (e.g. Facebook) it acts as if it is trying to download something rather than open a web page (File Download - Security Warning Do you want to save this file, or find a program online to open it? Name: facebook_com Type: Unknown File Type, 8.80KB From: www.facebook.com. With a window behind it that says: 0% of / from www.facebook.com Completed). I have gotten rid of a few viruses in the past without problem, but this one is getting very frustrating. Please Help!

Alicia

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:52:18 PM, on 1/4/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\Dell\apache\bin\httpd.ex... Read more

Answer:Fake Security Alert Virus - Need Help

6 more replies
Relevance 78.72%

A few weeks ago, the computer got some sort of virus when visiting an online website. The virus would not let me access Malwarebytes, I would click on the icon but nothing came up. The virus would also not allow access to the internet websites. However it did allow messenger, a friend sent me Rkill and I used it, then I used Malwarebytes and Avira Antivir, both found many infected objects and took care of them. This virus had a multi-colored shield in the bottom right icon list and after running the Malwarebytes and Avira, the icon dissapeared and it seemed like the virus was gone and maybe it was.Then just a few days ago, I was browsing the internet and a virus sprang up onto the computer. The virus looked like the "Windows Security Alert" icon except it was called "Security Center Alert". This one did not seem to interfere with the use of the internet, Malwarebytes or Avira at first but every time I tried to get on the internet Avira popups kept popping up constantly, then later on I noticed that Avira Guard was not working. Everything on the Avira list was green except Avira guard. I updated and ran Malwarebytes and Avira extensively. Everytime I ran them they found errors. Then I disconnected the internet from the computer and ran them twice. The first time, they found infected items but the second time they didn't. Then I ran them again just to be sure and nothing was found.I then uninstalled the firefox browser and ie8 browser in safemode, after ... Read more

Answer:Security Center Alert Virus?

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you hav... Read more

21 more replies
Relevance 78.72%

I keep having incessant various "Windows Security Center Alert" pop-ups. First, one keeps saying that I have no Anti-Virus program installed (I have McAfee), another keeps offering a free download of "Windows Protection System" or the installer for it. Also another pop-up saying it is a Security Center Alertkeeps saying that I am infected with Win32.Kbot.al, Trojan.win32.Agent.dcc, or Virus.win32.Hala.a and wants me to "enable protection". On the bottom right icon program bar I keep getting "Danger" alerts from the Windows security shield icon, and also get a pop-up saying the Google installer has met difficulty and wants me to send an error report or not. All these pop-ups keep occuring every minute or so, whether I am on-line or not. I have run 2 virus scans, and an Ad-Aware scan, and neither has helped, and my System Restore refuses to work. What can I do to stop this?

My OS is XP Professional.
 

Answer:Security Center Alert virus

10 more replies
Relevance 78.72%

Please help - need to remove the infection in my computer

Security Update and Internet explorer are not functioning

This is the page

http://awarninglist.com/

and
http://antivirusgolden.com/?aid=1338
I keep getting pop-ups and warnings

Please Help
 

Answer:SECURITY Warning IE and AVG virus - Pop - Ups

6 more replies
Relevance 78.72%

I have loads of pop-ups which say "Security Warning: application cannot be executed. the file wuaclt.exe is infected. do you want to activate your antivirus software now?
and a thing comes up that is scanning my computer

ive tried several things including malwarebytes anti-malware, ccleaner but nothing has worked!

this is the hijack log: (please help!!!!!)
Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Administrat&#65533;r\Mina dokument\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L&#65533;nkar

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Windows Live inloggningshj&#65533;lpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Program\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe... Read more

Answer:Security Warning Virus

I ran Malwarebytes Anti Malware and CCleaner and Superanti Spyware and eventually it calmed down (don't know exactly which one did the trick)
However, I have an expired Trojan Remover that only scans but can't remove anything and it keeps picking up two 'restrictive windows explorer policies' : one that disables digital signature checks on downloaded files and one that allows files with invalid signatures to run without prompting

here is my most recent hijack log, have i got rid of it?
Logfile of HijackThis v1.99.1
Scan saved at 09:08:04, on 01/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\AVG\AVG8\avgwdsvc.exe
C:\Program\Bonjour\mDNSResponder.exe
C:\Program\WIDCOMM\Bluetooth-programvara\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program\AVG\AVG8\avgemc.exe
C:\Program\AVG\AVG8\avgrsx.exe
C:\Program\AVG\AVG8\avgnsx.exe
C:\Program\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\mqtgsvc.e... Read more

1 more replies
Relevance 78.31%

I've searched through the forums and there's just SO MUCH information. I'm SO overwhelmed. I need someone straight forward (not TOO many "or you could..."s) and simple to lead me.

Here's the deal...I have windows 7 and my Bitdefender just ran out. I let it go, downloaded several of the free suggestions that I found in various places but feel like I must need a tried-and-true, most have heard of it and validated that it's good stuff, household name kinna stuff to ease my worries. (I know that's silly...you don't have to tell me.) I kept getting alerts of free version ending, messages about needing a secondary "this" to make the current work properly, etc. etc. So I've been getting all of that off my computer and now need advice.

I use my computer for various internet "stuff" (email, researching info---Googlologist, online bills, general browsing, etc.) all day, every day. Using it is easy...keeping it NOT bogged down (which I feel Bitdefender slowed things significantly) and safe is less user friendly IMO. I don't want any viruses, spyware, malware (tho I'm not 100% sure what that actually IS but hear it often enough to know it's bad) or anything else that might be trouble. I'm not working for NASA or anything earth shattering but do want to keep what's mine, MINE and keep my computer running smoothly. Because of my lack of understanding, I need something USER FRIENDLY that a monk... Read more

Answer:Solved: PATIENCE NECESSARY ALERT...Security for Dummies not enough need Security for

12 more replies
Relevance 78.31%

Windows XP home
Internet Explorer 8
sev. pack 3
desk top

Try logging in accout on a site that I vist weekly and it come across top of screen Security Alert, Problem with sites security certificate. Ask if I would like to proceed anways, and still pops up over and over. I have tried adjusting in internet option in security, trusted sites but still does same thing. Called Dell said I have a virus but not coverd $$$. Have McAfee Security Center says everthing ok. Go to McAfee site try to get tec. support by e mail it will not let the Go Assist connect to talk to them. Tried to do a system restore but it says it is unable to do it. Any ideas
Thanks
carpfish

Answer:Security Alert (Problem with sites security certificate)

Have you tried scanning your machine with Malwarebytes or SuperAntiSpyware? Another good program is HitmanPro. This may fix your issue as these programs are effective in detection of sneaky viruses.

Malwarebytes- www.malwarebytes.org
SuperAntiSpyware- www.superantispyware.com
Hitman Pro- www.surfright.nl/en/downloads

If you are able, also scan your computer with ESET online scan. www.eset.com/us/online-scanner

1 more replies
Relevance 78.31%

Okey, So i went on some random site and I got this toolbar, Security Toolbar 7.1. I've seen here around its a spware/adware. I did a virus scan with F-Secure, found 4 virus/spyware/risk object, I removed them. But now This Security/System Alert wont stop warning me of Network Worm, Every 5 secs. It's really annoying, I've already scanned and theres nothing there. And also my homepage changed to securitypills.com that recomends a anti-virus(aka a virus) named VirusHeat i think it was.

How do i get away the System Alert and Security toolbar..Please help..

Heres hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 22:22:20, on 2008-03-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program\NetProject\scit.exe
C:\Program\NetProject\sbmntr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS... Read more

Answer:Security(System) Alert/Security Toolbar 7.1 - hijackthis log

Umm..Heres the ComboFix log :
omboFix 08-03-27.1 - Conny 2008-03-28 23:58:48.1 - NTFSx86
Running from: C:\Documents and Settings\Conny\Skrivbord\ComboFix.exe
* Resident AV is active

.
-- Script messages for sUBs --
Findstr -MIF:/ sursen
MTEE /+ d-delA.dat

catchme -apx
MTEE /+ d-delA.dat

Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program\????????*[0-9].dll"
SED "s/\\/\\\\/g"
MTEE /+ cfiles.dat
SED -r "/^svchost.exe$/I!d; s/.{37}//"
Handle .exe
Handle .exe
Handle .exe
Handle .exe

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Conny\Application Data\macromedia\Flash Player\#SharedObjects\K5DFURMM\www.broadcaster.com
C:\Documents and Settings\Conny\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Conny\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program\VirusHeat 4.3
C:\Program\VirusHeat 4.3\vpp.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-28 )))))))))))))))))))))))))))))))
.

2008-03-29 00:18 . 2008-03-29 00:18 0 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-28 21:52 . 2008-03-28 23:22 <KAT> d-------- C:\Program\Enigma Software Group
... Read more

1 more replies