Computer Support Forum

Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

Question: Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

This topic is tied to the following post: http://www.bleepingcomputer.com/forums/t/304226/unable-to-update-mbam-spybots-d-or-avg/I have malware on my machine that prevents me from updating any of my security apps (MBAM, SpybotS&D, AVG). If I do scans with them in both regular and safe mode I receive no results.Steps i've already taken with the help of a moderator includes: - running fixexe.reg - running TFC - running rkill - running SuperAntiSpyware - re-running MBAM (to no avail)Now I have run Defogger, DDS, and GMER and will post the results per the guidelines and attach the appropriate files:DDS.txtDDS (Ver_10-03-17.01) - NTFSx86 Run by Duong at 20:43:34.07 on Mon 03/22/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_05Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1270 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) coloro:#E567177FW: ZoneAlarm Firewall *enabled* coloro:#E567176FW: NVIDIA Firewall *disabled* coloro:#E567175============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Juniper Networks\Common Files\dsNcService.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\WINDOWS\System32\svchost.exe -k HPZ12C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\System32\svchost.exe -k HPZ12C:\PROGRA~1\AVG\AVG9\avgtray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\svchost.exe -k HPServiceC:\WINDOWS\explorer.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Duong\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://vpn.safelnk.net/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: HP Print Enhancer: coloro:#E567174 - c:\program files\hp\smart web printing\hpswp_printenhancer.dllBHO: HP Print Clips: coloro:#E567173 - c:\program files\hp\smart web printing\hpswp_framework.dllBHO: Adobe PDF Reader Link Helper: coloro:#E567172 - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: AVG Safe Search: coloro:#E567171 - c:\program files\avg\avg9\avgssie.dllBHO: Spybot-S&D IE Protection: coloro:#E567170 - c:\progra~1\spybot~1\SDHelper.dllBHO: /coloro9 - No FileBHO: SSVHelper Class: /coloro8 - c:\program files\java\jre1.6.0_05\bin\ssv.dllBHO: Google Toolbar Notifier BHO: /coloro7 - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [] uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [UpdReg] c:\windows\UpdReg.EXEmRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"mRun: [SBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /rmRun: [razertra] c:\program files\razer\razertra.exemRun: [nwiz] nwiz.exe /installmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [CTXFIREG] CTxfiReg.exemRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /rmRun: [CTHelper] CTHELPER.EXEmRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\satara~1.lnk - c:\program files\silicon image\3114 sataraid5\sam.jarIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000IE: /coloro6 - %windir%\Network Diagnostic\xpnetdiag.exeIE: /coloro5 - c:\program files\messenger\msmsgs.exeIE: /coloro4 - /coloro3 - c:\program files\java\jre1.6.0_05\bin\ssv.dllIE: /coloro2 - /coloro1 - c:\program files\hp\smart web printing\hpswp_extensions.dllIE: /coloro0 - colorc9 - c:\program files\hp\smart web printing\hpswp_extensions.dllIE: colorc8 - colorc7 - c:\progra~1\spybot~1\SDHelper.dllLSP: %SYSTEMROOT%\system32\nvappfilter.dllDPF: colorc6 - hxxp://housecall60.trendmicro.com/housecall/xscan60.cabDPF: colorc5 - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243592280312DPF: colorc4 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: colorc3 - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: colorc2 - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: colorc1 - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: colorc0 - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cabDPF: /colorc9 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: /colorc8 - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: /colorc7 - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cabDPF: /colorc6 - hxxps://www.clientspace.com/download/RapidocsX.cabDPF: /colorc5 - hxxps://vpn2.safelnk.net/dana-cached/setup/JuniperSetupSP1.cabDPF: /colorc4 - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cabHandler: cdo - /colorc3 - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLLHandler: linkscanner - /colorc2 - c:\program files\avg\avg9\avgpp.dllNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: avgrsstarter - avgrsstx.dllSSODL: WPDShServiceObj - /colorc1 - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: /colorc0 - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\duong\applic~1\mozilla\firefox\profiles\1dw1nxte.default\FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dllFF - plugin: c:\documents and settings\duong\application data\move networks\plugins\npqmp071503000010.dllFF - plugin: c:\documents and settings\duong\application data\move networks\plugins\npqmp071701000002.dllFF - plugin: c:\documents and settings\duong\application data\mozilla\firefox\profiles\1dw1nxte.default\extensions\coloro:#E567179\plugins\np_gp.dllFF - plugin: c:\documents and settings\duong\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\documents and settings\duong\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dllFF - plugin: c:\program files\divx\divx plus web player\npdivx32.dllFF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\coloro:#E567178---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.coloro:#E567177.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.coloro:#E567176.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 216200]R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 29512]R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-18 242696]R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-2-8 127768]R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-7-19 394952]R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-19 308064]R2 PfDetNT;PfDetNT;c:\windows\system32\drivers\pfmodnt.sys [2005-12-8 8192]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2007-7-19 57344]S4 app_filter;app_filter;c:\program files\nvidia corporation\networkaccessmanager\bin\nSvcAppFlt.exe [2004-11-20 139264]S4 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-19 916760]=============== Created Last 30 ================2010-03-23 04:42:45 0 ----a-w- c:\documents and settings\duong\defogger_reenable2010-03-22 20:19:27 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-03-22 20:18:38 0 d-----w- c:\program files\SUPERAntiSpyware2010-03-22 20:18:38 0 d-----w- c:\docume~1\duong\applic~1\SUPERAntiSpyware.com2010-03-22 20:18:07 0 d-----w- c:\program files\common files\Wise Installation Wizard2010-03-21 21:19:25 0 d-----w- c:\program files\Trend Micro2010-03-19 21:17:14 12464 ----a-w- c:\windows\system32\avgrsstx.dll==================== Find3M ====================2010-03-23 04:43:34 71376928 --sha-w- c:\windows\system32\drivers\fidbox.dat2010-03-23 02:31:48 838328 --sha-w- c:\windows\system32\drivers\fidbox.idx2010-03-19 21:17:15 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys2010-03-19 21:16:41 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys============= FINISH: 20:44:23.21 ===============Any help with this would be fantastic, thanks!

Relevance 100%
Preferred Solution: Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware preventing security apps updates (i.e. MBAM, Spybot, AVG)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

27 more replies
Relevance 88.97%

Hi Guys,

I could use some help getting rid of some malware that has been vexxing me for quite a while now. Looking back at my windows update history, I have been unable to install Vista Security Update KB979683 since 16 Apr 10 with it attempting to install everyday since then and always getting the same error 'FFFFFFFF'

I was unable to get a RootRepeal log as the program would use up all my RAM (2GB) and then just exit itself after about 20 mins.

My logs are attached. Thank You!
 

Answer:Malware preventing Vista security updates

Welcome to Major Geeks!

You ran steps in safe boot mode not normal boot mode. You should be running in normal boot mode to get proper logs unless that is not possible.

Also you skipped running step 6 of the READ & RUN ME so we cannot tell whether you have a Master Boot Record rootkit infection or it is just the disk emulation software you did not disable. To properly continue, you will have to run this step and then rerun MGtools and attach a new log; however, based on the sum of all logs, I don't think you are having malware problems.

While problems with Windows Updates can sometimes becaused by malware, it is quite frequently not malware. It could just issues with Windows itself or it could be your own protection sofware. You could try shutting down Symantec and Windows Defender and see if you can update.
 

3 more replies
Relevance 84.87%

I was sent here by boopme (moderator) and asked to post a RootRepeal log. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/254641/unknown-virus-disabling-security-and-hacking-firefox-ie/ ~ OB RootRepeal stops scanning when looking at C:\System Volume Information when I used the method mentioned on your front page. However, I've been able to run separate scans, except scanning "Files", that won't work.Drivers scan:ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/09/04 16:58Program Version: Version 1.3.5.0Windows Version: Windows XP SP2==================================================Drivers-------------------Name: 1394BUS.SYSImage Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYSAddress: 0xB80B8000 Size: 53248 File Visible: - Signed: -Status: -Name: ACPI.sysImage Path: ACPI.sysAddress: 0xB7E61000 Size: 187776 File Visible: - Signed: -Status: -Name: ACPI_HALImage Path: \Driver\ACPI_HALAddress: 0x804D7000 Size: 2142208 File Visible: - Signed: -Status: -Name: AegisP.sysImage Path: C:\WINDOWS\system32\DRIVERS\AegisP.sysAddress: 0xB8458000 Size: 18720 File Visible: - Signed: -Status: -Name: afd.sysImage Path: C:\WINDOWS\System32\drivers\afd.sysAddress: 0xB46F3000 Size: 138496 File Visible: - Signed: -Status: -Name: apoc6gxa.SYSImage Path: C:\WINDOWS\System32\Drivers\apoc6gxa.SYSAddress: 0xB6AE1000 Size: 225280 File Visible: - Signed: -Status: -Name: arp1394.sysImage Path: C:\WINDOWS\system32\DRIVERS\arp1394.sysAddre... Read more

Answer:Critter preventing HijackThis/MBAM/online scans/Spybot/AVG and hijacking Firefox and IE.

Hello mononc,Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. ==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\system32\logevent.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!: The Avenger is a VERY POWERFUL program, and can easily be misused.Certain misuses of this program can prevent your system from ever starting again.For this reason, it is strongly recommended to use The Avenger on... Read more

44 more replies
Relevance 79.13%

As stated, I need help regarding this.
I've tried to clean remove MBAM and re-install it but to no avail.
When I run the installer, it states, "CreateFile failed; code 80. The file exists".
And when I tried searching it, I can't find the file.
 
I uninstalled my outdated Avast Antivirus and installed the latest one, and the program won't run either.
 
Can anyone kindly assist me with this? ):
 

Answer:Virus/Malware preventing me from starting MBAM and my Antivirus Software.

Hello haekaru -
Are you stable to run in Safe Mode With Networking ? Ask if you need help.How to start Windows in Safe Mode
 
Download Malwarebytes Chameleon technologies get Malwarebytes Anti-Malware installed and running when blocked by malicious programs.
 
Usage -
Download Chameleon from the link to the right.
Unzip the contents to a folder in a convenient location.
Follow the instructions in the included Chameleon CHM Help File
Or if the help file will not open, simply try to run the files by double-clicking on them one by one until one of them remains open, then follow the onscreen instructions.
 
 
Thank You -
Edited to add Safe Mode link -

2 more replies
Relevance 75.44%

Hi

With Windows 8.1 Update, how do I prevent all users that the notification of any updates to the apps by Microsoft Store will never be displayed?

Thanks

Bye

Answer:Preventing the notification of any updates to the apps by Microsoft Store

This should cover it: Tech Blog :: Enable/Disable App Notifications In Windows 8

1 more replies
Relevance 75.44%

I somehow picked up a nasty piece of "ransom-ware."This afternoon I ran Ad-Aware (the free version) and it complained that it found a trojan. The file it identified was the executable of "Free Hi-Q Recorder," a free program I installed almost a year ago and have not run in at least 6 months. I was suspicious so I exited without removing or quarantining the program.I then ran MB Anti-Malware. The first thing I did was check for updates -- one was found. While downloading it I got an alert from Spybot S&D that a value was being changed. I assumed (probably incorrectly) that this was MBAM and I okayed it. I then started MBAM.Avast! immediately began reporting viruses and, while MBAM was running, reports that too many identical emails were being sent. I manually stopped each one. I got a "license" form for something similar to Superantivirus 2008," Firefox windows opened and tried to connect to the Superantivirus site and another site for something like "SuperiorAntiVirus 2008," etc. (Firefox blocked those sites.)When MBAM finally stopped it found many (maybe 20+) infected files. I "fixed" them all. I then ran Spybot and got rid of all the threats it found. I ran CCleaner and dumped my temp files, etc.I then ran MBAM again. It found a few more trojans, etc. I fixed them and it warned me to run MBAM again in "Safe mode" to make sure I cleaned them all. I did. Then I ran MBAM and it came up cle... Read more

Answer:Malware surviving MBAM and Spybot

Okay, I read some additional posts and saw that I should permit changes to values after I run MBAM -- I did that and I seem to be clean.Firefox seemed to be hijacked -- my first selection whenever I ran a Google search sent me to a shopping site. I solved that by clearing all my cookies.I still have the red shield in the tray, and I'm wondering if it's a valid Windows alert. I went in through:Start >> Control Panel >> Security CenterAnd it appears that the Windows firewall is down. I'm on a small network of family computers behind a router. My wife uses her business computer behind that router and I believe she has a firewall set up, but her business computer is critical and she's in charge of security settings for our network. I'll check with her. In the meantime, since I never had this warning before, I assume I had it running before (it's been years since I set this up) and I suppose I can set it up to run at minimum settings. Whatever virus this was, it disabled the Windows Security Center and I assume that's when the firewall went down.Anyway, I'd still appreciate any comments or advice I can get. I'm already adhering to all the safe internetting principles I've read about. I'd appreciate any advice.Thanks.

24 more replies
Relevance 74.62%

My computer got a nasty little bug on it.

I believe it was one of those fake antivirus trojans. I had one before and Malware Bytes took it right off, but it couldn't do it this time. The malware keeps reloading on the system regardless of what I use.

I've used PC Tools Spyware Doctor (which I paid for and it has done nothing of note); Spybot and MBAM. The program keeps redirecting my browser to google-redirect.com or something like that and giving me tons of ads.

This is the log that I got after the most recent MBAM attempt.

I've removed and rebooted, with this and spybot, but the result is the same each time.

Please help.

Thank you.

Malwarebytes' Anti-Malware 1.36
Database version: 2084
Windows 5.1.2600 Service Pack 3

5/6/2009 7:14:22 PM
mbam-log-2009-05-06 (19-14-22).txt

Scan type: Quick Scan
Objects scanned: 86122
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run�... Read more

Answer:persistent malware - ran MBAM, PC Tools, SpyBot, still there

i have the same issue please help. Except I only have Usernit

3 more replies
Relevance 72.98%

Hello. im really tired trying to clean this redirect. I really need help.Logfile of random's system information tool 1.06 (written by random/random)Run by Familia at 2009-05-31 05:36:04Microsoft? Windows Vista? Home Premium  System drive C: has 151 GB (32%) free of 477 GBTotal RAM: 2046 MB (63% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5.36.18, on 31/05/2009Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\mobsync.exeC:\Users\Familia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GEE5IBP0\RSIT[1].exeC:\Program Files\trend micro\Familia.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet ... Read more

Answer:malware smartbizsearch-com help- DNS change, pop up, spybot & mbam doesnt work

info.txt logfile of random's system information tool 1.06 2009-05-31 05:36:20======Uninstall list======-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exeAdobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}Adobe Reader 9.1 - Italiano-->MsiExec.exe /I{AC76BA86-7AD7-1040-7B44-A91000000001}AdunanzA-->"C:\Program Files\eMule AdunanzA\Disinstallazione eMule AdunanzA.exe"Assistente per l'accesso a Windows Live-->MsiExec.exe /I{DC7B9AB3-2635-45AA-957D-90FDE7CD51D7}Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALLCanon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.iniCanon MP160-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0010Centro gestione dispositivi Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exef... Read more

3 more replies
Relevance 71.34%

Info in this thread:
http://forums.techguy.org/windows-nt-2000-xp/736643-automatic-updates-rundll32-error.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:55:39 PM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avi... Read more

Answer:MalWare preventing Automatic Updates?

Er hm, was I suppose to post the HJT log while in non-safe mode?
 

1 more replies
Relevance 71.34%

Hello.

I posted in the Vista section about trouble I am having with updates installing. One person replied that "[b]ecause of the large number of problems in category items that [I] posted, and the corrupted SFC store," before I do anything else, I should post in this forum to make sure my system isn't infected.

To briefly summarize what I posted over there, I can't get some updates to install, and I have some corrupted files (or corrupted something . . . I honestly don't know enough to know what the problem is).

Here is what I got when I ran the dds:


DDS (Ver_09-03-16.01) - NTFSx86
Run by admin at 16:00:03.31 on Thu 04/16/2009
Internet Explorer: 7.0.6000.16830 BrowserJavaVersion: 1.6.0_07
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.2037.1118 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkS... Read more

Answer:Possible malware infection preventing updates

Hello ti2,

I'm not seeing any malware in these logs. You can run an online scan and see if it detects anything lurking about. It can take some time, so please be patient and allow it to run it's full course:

**Vista users - right click on the IE icon and run as administrator

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.



Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

2 more replies
Relevance 71.34%

Hello guys, I hope I've posted this in the correct place. I'm only averagely tech minded so I'll try my best

I'm running Windows XP (sp3) and mostly use Chrome browser with IE occasionally.

My Avira Free has refused to net update for over 24hrs, and when I look at Internet Options I see the 'use proxy server' button is checked although I've previously un-checked it. I've managed to download manually from Avira and am currently running a scan with it & Malwarebytes.

I have some log files but I take notice of the warning against posting hijack this logs in this forum.

There are several processes & files that look decidedly fishy to me but am not sure of where/how to proceed. "ProxyServer = http=127.0.0.1:49717" for example!

I also use Malwarebytes free version & update & scan regularly with this & Avira free AV.

I usually scan any potentially fishy files with AV & MWB before downloading but something's gotten through (could be another user when I've not been here is responsible) or can hardware like a cheap chinese USB hub be responsible?

Answer:malware &/or virus (I think) is preventing AV updates

Welcome joolzLet's run these as I feel you have a rootkit.Many malwares like to change the proxy setting on you.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.... Read more

10 more replies
Relevance 71.34%

Please let me know if I have not posted this in the correct area. If so, please let me know where i should post.

I have read as much of the instructions and "read before..." posts as I could find here.

symptoms

complete URL's typed into IE or FireFox are redirected to a google search results page that looks legit, however clicking on the search results sends me to a crappy search engine with completely different results that are sponsored.

URL's clicked from emails or going to a favorites page from the start menu would not open any browser.

If I went to a norton.com, symantic.com, or other site to research the infection, my browser would immediately close. I made copies of iexplore.exe and firefox.exe with new names and was able to start the browsers that way. However, the search hijack symptom remains.

I notice that firefox is very slow, much slower than usual. It was difficult or impossible to use drop down menus on web pages with the mouse (down arrow worked) and clicking between browser tabs was also tough.

Opera Browser, Chrome browser and Safari Browser seemed unaffected, however Chrome just began to randomly close tabs this afternoon. I unistalled it and will re-install.

Every time Internet Explorer starts (Now from "copy of iexplore.exe) I see a window that warns me that IE is running in compatability mode. Firefox also warns me that it is no longer my default browser (i start it from a "copy of firefox.exe".

I downloade... Read more

Answer:mbam & other anti-malware apps killed by rootkit infection

Hello andygreeneWelcome to Welcome to BleepingComputer =====================Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Check the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.===========Download This file. Note its name and save it to your root folder, such as C:\.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.Click on this link to see a list of programs that should be disabled.Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")Allow the driver to load if asked.You may be prompted to scan immediately if it detects rootkit activity.If you are prompted to scan your system click "Yes" to begin the scan.If not prompted, click the "Rootkit/Malware" tab.On the right-side, all items to be scanned should be che... Read more

1 more replies
Relevance 68.88%

Hi, my computer somehow picked up some nasty little programs that caused a lot of problems. This is my first time posting on a tech help forum so I hope I followed the rules correctly. If I've done anything wrong or you need some information I didn't supply, please let me know and I'll try to correct it ASAP.

Thanks in advance for your help :]
Okay, here's an outline of my problem:

Initially the desktop of my computer was changed into a screen that read "Warning! Spyware has been detected on your computer!" in Blue and Yellow text.

I downloaded and ran a few different antispyware programs:
SUPERAntiSpyware Free Edition
Dr. Web Cure It!
and Malwarebyte's Anti-Malware

Each of these programs detected some things and I had them remove them.

The desktop issue is no longer present now, however two issues that I know of remain.

I use Mozilla Firefox 3 and it works normal, same homepage and everything, except when I do a search in google, I can not follow the links. If I click on a link it'll divert me to some other things.
At first the links (under properties) all lead to some weird website that started with an "a" sorry I don't remember what it was...

Now all the links are to a go.google.com/? followed by a ridiculously long string of characters.

Some of the redirects try to get me to download some pseudo antivirus program antivirus 2009? I think it was called.

Other issues I have is I can't access any help sit... Read more

More replies
Relevance 67.65%

Hi - I found this site looking to clean my infected system. I am actually on a different computer now as my infected system (desktop - wireless) can't access security sites.

The problem started Dec 2nd, 2008. I'm running XP SP 3. The system was set up to autodownload MS updates once per day, and AV every three hours. Somehow it got infected with a nasty malware program - I'm guessing via human interaction of a family member clicking something they shouldn't have. The system has TendMicro Internet Security 2008 running on it and had it running at the time of infection too. I've spent about 10 hours trying to clean it so far with little luck. I'd appreciate any help anyone can provide.

Symptoms:
-Running a little slow, to very slow at times, especially when downloading files. Not consistent though.

-Originally it wouldn't boot past the loading windows screen, but that has stopped now

-Trendmicro found GetModule, Adload, and Generic12.KAO but couldn't clean them. Adload and Generic aren't found anymore, and I cleaned GetModule via instructions on the TrendMicro site

-I cannot surf to any security sites (including this one) nor can I get to windowsupdate, but I can surf to msn, yahoo, etc

-tried loading AVGFree AV by downloading it to my clean laptop, burning it to cd, and then transfering it to the desktop, but it runs with errors and ends up doing nothing

-Also transferred over mbam-setup, HJTInstall, spybot, but they won'... Read more

Answer:Malware Infection on XP - can't run mbam or other security programs

I'm still discovering more information. I did a netstat -o while booted in normal running mode, without any network connections of my own open, and found many entries all mapped to a process ID of 1512. This PID lists in my task manager as svchost.exe. in the netstat - o results, http connections are open to the following:

207.68.173.231

205.128.73.126

206.33.45.124

8.12.222.126

65.55.239.188

a96-17-75-139.deploy.akamaitechnologies.com

204.160.99.125

65.55.197.247

198.78.200.124

65.55.197.254

199.93.63.124

192.221.114.124

8.12.222.126

65.55.21.250

89.188.16.36

hosted-by.xentronix.nl

89.188.16.36

62.4.83.195

-All are listed as CLOSE_WAIT at the moment. I doubt the IPs or domains will help in resolving my issue, but I thought I'd include them just in case. Also, if they aren't other unsuspecting infected computers, maybe this information will be read by someonw who can help add their info to security tools/scanners.

5 more replies
Relevance 64.78%

Someone please help me. Here are the symptoms of the infection I have not been able to get rid of for the past two months:

1. In the beginning, there was a lot of hard drive activity for no apparent reason. This basically froze my computer for 15 - 20 minutes.

2. Then, periodically (but not every day), the computer just reboots itself, with no prompting from me. It's as if it's executing some program and then needs to reboot.

3. Cursor movement (especially when using web browser) is extremely slow in responding, so it's difficult to control. THIS is the main symptom. Makes browsing PAINFULLY slow and very difficult.

4. Programs (web browser in particular) are slow on start up, and also slow to respond to input (opening new tabs, closing tabs, etc.)

I've tried the following already: Spybot S&D, Adaware, Malware Bytes, Avast. I even bought Norton 360 and added another couples Gs of RAM to see if that would help. None of these things have been able to locate or fix the problem.

ANYTHING you can do to help would be greatly appreciated. My HJT log is below.

Thanks,
Sayang
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:12 PM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System... Read more

More replies
Relevance 62.32%

Hi

Thanks for looking at this.

Security Toolbar 7.1 has appeared from somewhere.
I get pop ups telling me I have malware, trojans and various other problems and windows that look fake open up saying use this to fix your problem.

Norton picks up nothing on the scan.

My Hijack list is below/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:46:41, on 26/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Progra... Read more

Answer:Spybot mxt, Malware & Security toolbar 7.1 problems

14 more replies
Relevance 61.5%

There is something, most likely a rootkit, that keep son redirecting searches and preventing MBAM from running or reinstalling. i already tried running combofix and rkill, but it only got rid of some of the symptoms, like .exe files not opening

i am running windows xp

Answer:Unkown rootkit redirecting searches and preventing MBAm from installing

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 61.09%

Hello, I am running windows XP on my laptop. I have the following security apps installed: Kaspersky Internet Security 7, Malwarebytes Antimalware, and SuperantiSpware Free. I am connected tho the internet via direct connection to a modem.Recently, i could not update any of the above security apps. On Kis: the update source is selected, but "error connecting to update source".On SuperAntiSpyware: when i try to update, the message "there was an error trying to retrieve definitions. make sure your firewall is not blocking SUPERANTISPYWARE.EXE from accessing the internet. i have made sure to add it in my firewall and allow "any TCP and UDP activity". but still cannot update.on Malwarebytes Antimalware: update failed. make sure you are connected to the internet and your firewall is set to allow malwarebytes' anti-malware to access the internet. i allowed it too, still cannot update. However, I can open and load pages on firefox, except: kaspersky-labs.com to manually download definitions, malwarebytes.org, and http://downloads.superantispyware.com/down...AntiSpyware.exe, but i can go into the website of superantispware. they say Page Load Error. but i can open google, facebook, gmail, etc... On scanning:Malware: no malicious items on FULL scanKIS: no viruses foundHelp?

Answer:possible malware? cannot update security apps

See if you can connect and run Kaspersky's online scanner------------------------------------------If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.Open the Kaspersky Scanner page.Click on Accept and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and let it run.Once the scan is complete, click on View scan reportNow, click on the Save Report as button.Save the file to your desktop.Copy and paste that information in your next post.You can refer to this animation by sundavis.

4 more replies
Relevance 58.22%

I got home from school today and turned on my PC to get an AVG warning that said a trojan had infected cideamon.exe. I liked it into the virus vault and proceeded to do a virus scan only to find out that I couldn't open my AVG user interface or Spybot SaD. So I talked to a friend and he said that the Trojan could block me from opening those programs. I restarted in safe mode and did a virus scan and found nothing then restarted in regular mode and removed AVG because I still couldn't open it and installed Avast. Then I got another spyware remover because i thought that was slowing down my internet. Next I went to google and was brought here and decided to ask for help if someone is willing. I don't know much about viruses and try to avoid them, so getting one always sends me into a panicy loop.

Rig: AMD Athlon Core 2 Duo, 2 GB Ram, XP SP3, GeForce 8800

I went ahead and used Hijack This after using it before and reading another post of someone who had a similar issue:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:16 PM, on 9/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program F... Read more

More replies
Relevance 58.22%

Hello,
I usually use Spybot - S&D to protect my computer for the most part and over the past two years it has been fine. Somewhere along the way in the last two weeks or so, I was infected with some malware resembling the google redirect virus, and the problems have began to escalate. Now, when I type in a browser it comes out backwards and is messing with my highlighting of text, making it staggered and making it stop at times. Also, when trying to access or install Spybot, use the Kapersky scanner or other virus tools, the program or connection will be intercepted. I recently reformatted using the HP Recovery drive, but the issue remains. I use uTorrent and a few other programs that are sometimes associated with malware, but these are downloaded from the correct sites so I think that they shouldn't be the problem. I think the problem might be from a Firefox Add-on I downloaded, but I am not exactly sure. Thanks for the help, I've tried to describe the problem as best I can, underneath is my DDS log. I have attached the attach file, but Gmer's scan is getting errors and preventing me from getting an ARK file. Thanks again.

DDS (Ver_09-05-14.01) - NTFSx86
Run by Joe's Laptop at 8:09:08.27 on 21/05/2009
Internet Explorer: 7.0.6000.16386
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.2.1033.18.1013.244 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\... Read more

Answer:Google Redirect preventing use of SpyBot

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

------------------------------------------------------

The reason your Vista system got infected is likely due to the fact that the UAC has been disabled. Please read this

Before you go any further, protect this system and re-enable that feature. Click Start>Control Panel>User Accounts and turn it back on.

------------------------------------------------------

I need to see a rootkit scan before I can help you.

Download RootRepeal.zip to your Desktop and click 'Extract all files' to extract the compressed file to it's own folder.
Double-click on RootRepeal.exe to run it.
Click on the 'Report' tab, and then click on 'Scan'.
A window opens asking what to include in the scan.
Check th... Read more

11 more replies
Relevance 57.81%

I'm new here, and I apologize if I do not have this question in the correct forum.

I recently had the "Antivirus Security" spyware on my computer, and possibly more, but followed the recommendations given on this site for removal of said problem. It appears that I did get the Antivirus Security removed, but now, something has happened somehow that will not permit me to run Spybot Search and Destroy or Malwarebytes Anti-Malware again. A window pops up that reads:

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

Does anyone have any suggestions on how I can fix this and run Spybot and MBAM?

forgot to mention that if I perform a search on google, it will pull up a list of suggestions, with legitimate sites, but when I select one from the list, I am redirected to a different site, usually to one that appears as an advertisement.

Answer:Spybot and MBAM appear to be blocked

Some rootkits can terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Further investigation is required to determine if this is the case with the issues you have described. Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad, then copy and paste the entire contents starting with Running from... to Finished!) in your next reply.Then go to > Run..., and copy and paste this command into the open box: cmdpress OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop and open in Notepad.Copy and paste the contents of that file in your next reply.-- Vista users can refer to these instructions to open a command prompt.

3 more replies
Relevance 57.81%

Ok, please bare with me as I'm not a tech guy, but I am learning.I use AVAST on my PC. I have Spybot S & D and in is installed and running as is MBAM. I can't open the interface on the latter 2. I've uninstalled and re-installed to no avail. Spybot has popped up these things and I'm not sure if I should allow the change. The 1st when I deny, the 2nd one pops up and then I deny it the 1st one comes back and just keeps that up. Looks like without allowing, they won't go away. Avast has notified me that it has found something suspicious and say it's been identified as a "False Positive" and it has found other things. Without being able to open the interface on SB S& D and MBAM I can't scan with those. I don't know what to do now, can somebody please give me guidance?-LBThis is the result of my latest scan with AVASTAlso as of late I've been gettin "Rediect" when using Google and trying to copy pics form my Photobucket account.

Answer:AVAST, Spybot S & D, MBAM ???

I'm still learning about computers too but it would appear that you have an infected registry. I know from my experience here at BC that I would not be able to help you with it but the guys here are more than willing, just be patient. The registry is a very touchy area to go poking around in(if in fact that's your problem) and I wouldn't recommend trying to fix it on your own. It also could be that you're posting this in an area not designed for 'help threads'. Mod. edit. When topics are misposted, we move them to the proper forum, as I am doing now. Moving to AII. ~ OBSorry I couldn't be more help but I hope you get your problem fixed soon.

3 more replies
Relevance 57.81%

Hi everyone, thanks in advance for helping me out. I just started downloading torrents, and in under 24 hours, my security programs stopped working, as well as all download agents. I click on them but nothing happens. Trying to rename any of the files doesn't work, as access is denied to them (including mbam.exe, unfortunately). I've tried to do all of these things in safe mode, to no avail.Here's my DDS, which is also attached:DDS (Ver_09-07-30.01) - NTFSx86 Run by Hal at 1:08:49.48 on Wed 09/23/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.608 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\explorer.exeC:\Documents and Settings\Hal\Local Settings\Application Data\... Read more

Answer:Can't run/rename my Mbam, SpyBot, etc.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 57.4%

Hi,I have been unable to use Windows Update for a while (it keeps checking for updates and then eventually fails with error code 8024402F). I first thought that it was a Windows Update issue and tried a bunch of fixes but to no avail. However, I figured something was amiss when I couldn't download security tools like Trend House Call or Microsoft Malicious Tool Remover. To cut a long story short, Malwarebytes detected three items (Malware.Packer.Gen, Trojan.Downloader,and Trojan.Bancos) and removed them. These items were found in keygen installer files that were put on our computer without authorization (ours is a public computer in a non-profit organization). Luckily the programs that these files were for were not installed. We do not use or condone the use of pirated software and I deleted these installer files immediately. However, I still could not get Windows Updates. I then tried to reset the hosts files but this didn't help either and I am not sure if it worked. I tried to create a HiJack This log but error message stating that "the system denied write access to the Hosts file" and is unable to create a logfile. I am attaching the logs that I have run below and would really appreciate help in resolving the issue. Thanks! DDS LogsDDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16448Run by Sangeet Kendra at 18:25:43 on 2012-12-27Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.4011.2447 [GMT 5.5:30].AV: Microsoft Securi... Read more

Answer:Malware prevents Windows and other security updates

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Lets start with this.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.htmlNote: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===Third party programs if not up ... Read more

16 more replies
Relevance 57.4%

Hi everyone,

I am new to this site and hoping you may be able to help me.

As the title says, I haven't had any windows updates in ages, and I can't update any anti spyware applications. I used to have ad-aware, I removed this as it wasn't updating.

I then installed Spybot, and I still can't update this either.

I have tried running spybot as it is but it detects no problems.

I am using AVG as my antivirus, this updates fine, but cannot detect any problems.

A lot of the support pages for these applications have been blocked, sometimes when I do a google search I click on the link and I get redirected to another page.

Internet is running a lot slower than normal.

Any help is appreciated, I have followed the instructions and attached all relevent files. I was unable to do a full scan with the gmer.exe as it kept crashing.



DDS log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Khus at 19:04:51.78 on 04/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2045.1184 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe... Read more

Answer:Virus/Malware has blocked security updates

I would like to ads, with ad-aware I downloaded the update for it on another un-infected computer and transferred over via usb, and the application didn't seem to load update, or acknowledge that it had been updated.

8 more replies
Relevance 56.99%

This is happening on my laptop. The links on google are being redirected to completely random websites. I am unable to run spybot. I can't even run it in safe mode. Every anti spyware site I try to visit are shown as unable to connect. Any help?
 

Answer:Links are redirected, can't run spybot, can't run mbam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:15 PM, on 4/12/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Java\jre1.6... Read more

1 more replies
Relevance 56.99%

Gooday, I've been redirected here from the Windows NT/2000/XP forum because I have many major issues with my Windows XP Édition Familiale OS. I can't obtain any logs, so I'm posting any problems I've encountered the last few days. Here's the original thread for reference: http://forums.techguy.org/windows-nt-2000-xp/848054-solved-windows-xp-2.html

Issues:
Spybot S&D: Appears in system tray, but the program itself won't open.

Nero Express: Won't detect any CD/DVD drives(and I have two)

System Restoration: I can open it, choose a restoration date, and click next...but at the last page clicking next doesn't do anything. Sometimes it does work, but as the restauration is done and the OS reboots, I get an error message saying the computer could not be restored to the chosen date.

ActiveX: I don't know what's going on with this, but as I tried bitdefender.com's free online scan and such, it can't find the version of activex it needs to operate.

Any security program gets an error message while trying to load definition updates.

I booted in safe mode and restoration acted in the same manner... Spybot inaccessible also

Then from when I asked for help:

I installed Malwarebytes anti-malware, but the program won't open from desktop nor from the start menu

My Windows XP disc only lets me do a new install and I get an error message saying my windows is more recent than the one on the disc (because of SP2 I guess... Read more

Answer:Spybot HJT MBAM blocked no BurnRights etc

16 more replies
Relevance 56.99%

I think the app suspension feature as implemented pretty poorly without the option to disable this behaviour for select apps. I'd like to use the apps but I simply can't seeing that the main programs I use break when they're suspended.

Skype stops all contentions and will rarely give me message notification on new conversation, and while most types of downloads in Chrome will break including streams and sometimes even normal http downloads. If I want to check on another app like Skype or my email I'd like to switch from Chrome and come back hoping my stream be complete or download still working. Instead I have to juggle my apps around to make sure Chrome never leaves the screen for more than 5 seconds or I'll have to start all over

I wouldn't mind if Skype and Chrome were in the background using memory 100% of the time. I know this should be left to the developer to improve the background app functionality, but for the time being is there any way I can prevent suspension?

More replies
Relevance 56.58%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:30:53 AM, on 9/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16414)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\Explorer.EXEE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Trend Micro\Internet Security 2007\pccguide.exeE:\Program Files\BillP Studios\WinPatrol\winpatrol.exeE:\WINDOWS\system32\ctfmon.exeE:\Program Files\BySoft FreeRAM\FreeRAM.exeE:\WINDOWS\system32\netdde.exeE:\WINDOWS\System32\svchost.exeE:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exeE:\WINDOWS\System32\tcpsvcs.exeE:\WINDOWS\System32\svchost.exeE:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exeE:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exeE:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeE:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeE:\Program Files\Safari\Safari.exeE:\Documents and Settings\PYRO\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsof... Read more

Answer:Possible Spy/malware Detected; Security Logs/updates Fails

Hello FireItUp Welcome to Bleeping Computer! Sorry about the delay. We're all volunteers here, and it's been very busy. If you still need help, please post a new HijackThis log to make sure nothing has changed. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log <--link And I'll be happy to take a look at it for you. I also need to see a different type of log from Hijackthis: Run Hijackthis.Click on "Open the Misc Tools section".Next click on "Open uninstall manager".Press the button 'save list'. It will open a Notepad file.Place the content of that file here in your next reply.Thanks, for your patience. Stelios

1 more replies
Relevance 56.58%

DDS.txt is at bottom of post

I have the following problems:
background replaced by active desktop warning or the following

"Warning
Dangerous spyware
many viruses were found on your computer such as : Trojan horse,
PassCapture, etc.
you personal information can fall into "third hands"
please check up the computer with a special software
thank"
taskbar icons such as wireless, sound, and battery indicators missing
a red x shows up in this same taskbar with a balloon coming out that says:

"Warning! Security report
Your computer is infected! It is recommended to start spyware cleaner tool"
receive "Invalid floating point operation" or program simply closes itself
when trying to open up legitimate spyware cleaners such as spybot adaware and malwarebytes
desktop icons replaced by icons with same image but that all link to <http://lsp-test-nax.ind.in/land/eurl/?code=15>
this page pops up randomly: <http://antivirusxp-pro2009.com/?code=0000049>
my documents opens by itself
a process call msmpeng.exe eats up alot of my processor
windows explorer keeps crashing
and finally...
every 4 hours or so a message shows up telling me that the generic host process for win32 is not working properly
and the computer forces shut down within a minute (unless i don't hit ok on the message window)

DDS (Ver_09-02-01.01) - NTFSx86
Run by langefbd at 15:02:53.17 on Wed 02/11/2009
Internet Explorer: 7.0.5730.11
M... Read more

Answer:spybot/mbam/adaware disbaled by spyware

Hello langefbd,Sorry for the delay. We have many logs backed up. If you still need help then proceed.Have you been playing with Registry Cleaners? Because Registry Cleaners can break Windows. The following is referring to Eusing Free Registry Cleaner . Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:Registry tools can cause irreparable damage to your Operating SystemRegistry tools can, as a result of the above, render your pc to be inoperable. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Java SE Runtime Environment (JRE) 6 Update 12.
You want the 32-bit version, not the 64 bit version :!: Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 12". Click the "Download" button to the right. At the Select Platform and Language for your download drop down box
Select Windows and Mult-Language, then press Continue Selecting Windows give you the 32 bit version. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u12-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel... Read more

16 more replies
Relevance 56.58%

I am infected with Safety Center. I dl and installed MBAM, it will run for 2 seconds then close. I also tried to run it in safe mode. I was able to locate some of the files in the registry and removed them.

Answer:Safety Center Virus-Cannot run mbam or spybot

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

10 more replies
Relevance 56.58%

try this again... I had taken an hour and a half to rite out these problems i was having and Firefox crashed before i could post it!!!

So, as I was saying, I've been having a problem with Firefox for a week and a half now with it redirecting to other sites. It always goes to the correct site on the forth try; and works every time if I use the address bar, (I never liked bookmarks or other ways to track / navigate the web).

I was looking at the download history for windows update because I have had to download the Malicious Software Removal tool 9 times in the last 10 days, (somtetimes twice a day).

This prompted me to start a clean-up process i have done for years, which includes leaving Win. Defender and AVG open before there schedualed tests (so the results will be displayed the next morn.), (of which they found nothing)...

Next would be Spybot Search and Destroy : everything was working fine, (would load fine, check for updates, I checked the start up list, immunize the system and check System Internals without incident) but if I try to run a full scan it will for about two seconds and then close the program, (I tried a few times)...

The Defrag I use still works, as well as Disk Cleanup and CCleaner.
Should i get another program (such as ad aware or the like?)

If I reboot my computer Live Messenger will automatically strart (but not sign in) yesterday (sept 22nd) i woke up to about ten error mess. onscreen (all the same) : <Windows Live Communications P... Read more

Answer:redirects 3 times; spybot / mbam not working???

6 more replies
Relevance 56.58%

The computer in question was originally infected wth a department of justice ransomware. the computer was locked subject to a payment of $300 per moneypak.
i was unable to enter through safemode, but was able to get in with safemode with networking when i downloaded mbam and ran it.
 
I was able to get in normally at that point so i ran mbam again and downloaded avg free
 
since then every scan with mbam still comes up with infections and avg pops up repeatedly with trojan horse threats.
 
I then ran malwarebytes again, removed threats, downloaded spybot, ran it, removed threats, ran avg still found threats, removed them, then next restart encountered a windows\system32\command.com parameter incorrect error
ctrl+alt+dlt end explore.exe process, opened spybot and unchecked the spybotdeleteing from startup log and parameters were fixed
 
i am still infected and continue to scan with mbam
 
just now i ran dds here are the reports from that those are all the logs i have at the moment.
pls help!

Answer:Ransomware surviving mbam, spybot, and avg several times

also on start up i am getting a rundll error

5 more replies
Relevance 56.58%

I've got a tough one for you.   It's a hijacker of some sort, it blocks me from accessing sites like AVG, superantispyware.com, spybot, etc.  It also won't let me run Spybot, SAS, MBAM, etc... when I try to run them the computer just processes for a few minutes, and nothing happens, even when I try in Safe Mode.  Other than that, I've run everything as close as possible to the instructions in the sticky post at the top of this forum.  I can run AVG and have updated it manually by downloading the defs on my uninfected laptop, and did the same for Adaware, but both scans came out clean. My HJT log is attached.  The "DBRas" and "Confidence Online" entries are for getting onto my work's network from home.  I've tried updating HJT to the latest version, and it does not work... it just processes for a minute and does not continue.I'm running Windows XP Pro, Version 5.1 (Build 2600.xpsp_sp3_gdr.080814-1236 : Service Pack 3)It's a homebuilt machine, Pentium 4, 3.2Ghz, 1.00 GB of RAMI've had no hardware problems, and first noticed this problem about two weeks ago.  Edit:  AVG reports that I have an adware.secondthought infection.  I'm going to try removing it by using the instructions at www.safer-networking.com/removeadwaresecondthought.php  I doubt this is my only problem but we'll see.  Edit #2:  no luck.  Still there.Thanks for your help!... Read more

Answer:Tough Hijacker - can't run Spybot, SAS, or MBAM, and HJT log looks clean

I have been having the same problem. I went to the Spybot site and cannot navigate anywhere there. Wanted to E-mail Spybot about the problem, but when I try to click to go to the contact E-mail, get a failed connection notification.

1 more replies
Relevance 56.58%

I have some kind of malware that is redirecting me to ad sites and has placed a google desktop icon on the lower right hand section of my screen. I first tried running mbam and it is blocked. I also tried spybot and it is blocked as well. I have McAfee Total Protection which I ran in safe mode with networking. It came up with nothing. So I have downloaded rkill now but I still can't open mbam to do a malware scan. I still can't open spybot. Is there another way to bring up mbam? Do I need to download rkill again since I have rebooted?

Answer:Can't open mbam or spybot after downloading rkill

Ok, so for starters, have you actually run rkill? If not, I would go ahead and do that as it should stop the virus from stopping you from running mbam. If you still can't run mbam, I would try running it in safe mode. I would do a full scan inside of safe mode, that way it can atleast detect and remove some of the virus' files required for running.

2 more replies
Relevance 56.17%

I've noticed that even though I didn't run 'Reader' it's running and in Task Manager.
At times I also see 'Store' running when I haven't run it.
Any way to prevent unwanted apps from running??

BTW. I'm well aware of how to close them.

James

Answer:Preventing Apps From Staying in Memory

Try Alt + F4. bye, bye app

6 more replies
Relevance 56.17%

I haven't been able to sucessfully install updates for Trend Micro Security. I tried manually installing, but it didn't take. It also continuously disables my firewall. I ran hijack this. Here is my log... help please! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:29:56 PM, on 2/21/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\lxdncoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Trend Micro\Internet Security\SfCtlCom.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Cano... Read more

Answer:Unknown malware? Problems with firewall and installing security updates

Hello Amy,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.The current formatting of your log makes it difficult to read. Please open Notepad:On top, click Format >uncheck Word Wrap.Thanks,tea

2 more replies
Relevance 56.17%

we only do WSUS Security updates at work, and I need to MANUALLY download the update to MS Malware Protection Engine to get to version 1.1.10701.0. everything I find says windows update - can't do it.  I need a URL to go to that has the definition
to download, every URL I find only has information regarding it. I need a URL to download the update. Any help would be appreciated.

Answer:need to download MS Malware Protection Engine / we use Security updates only in WSUS

Hi,
Like below article description, the Microsoft Malware Protection Engine is running in these products:

Microsoft Forefront Client Security Microsoft Forefront Endpoint Protection 2010 Microsoft Forefront Security for SharePoint Service Pack 3 Microsoft System Center 2012 Endpoint Protection Microsoft System Center 2012 Endpoint Protection Service Pack 1 Microsoft Malicious Software Removal ToolMicrosoft Security Essentials Microsoft Security Essentials Prerelease Windows Defender for Windows 8 Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline Windows Intune Endpoint Protection
Thus you only could update it via these products as its description. This article provides information about how to update the Malware Protection Engine. Please read it as reference:
http://support.microsoft.com/kb/2510781/en-usKaren Hu
TechNet Community Support

2 more replies
Relevance 55.76%

I think I have had this one for a while but it was "hibernating" or whatever. So many things it could be. It has recently shown up as spawning duplicate svchost.exe processes which are definately not mine (there were 8 at one point eating up all of my CPU) I have not had much time to hunt this thing down, although I have suspected for months I had something nasty on here hibernating.

Spybot S&D has been removing spyware, but it is the same spyware each time, like it keeps reinstalling itself. On startup it catches illegal registry write attempts. When this occurs, Malwarebytes catches an outgoing request and blocks it. A full scan using MB and S&D detects nothing even after it catches these breaches.

I found a file in an empty combofix folder called "catchme.sys" and thought "yeah I should use combofix, but what is this, some kind of mocking cracker joke?" so I downloaded combofix, ran it. I had to uninstall Windows Security and Ad-Aware - I don't understand why they run without my permission. I even shut them down in task manager and combofix still bleeped they were going. That is truly annoying, or maybe I was doing something wrong.

Well that's about all I can think of. Here is the Combofix log:
ComboFix 12-01-21.02 - Naomi 01/21/2012 21:51:01.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1304 [GMT -8:00]
Running from: c:\documents and settings\Naomi\Desktop\ComboFix.exe
AV: Microsoft Securit... Read more

More replies
Relevance 55.76%

Hello.I have previously asked about this in another thread so background is in there - http://www.bleepingcomputer.com/forums/ind...p;#entry1221094Briefly, I am getting redirected when using Google. It performs the search okay, but about 30-50% of the time when I click on a link instead of taking me to the correct page it will go somewhere different, an advertising page or a different search page. I can usually click the back button and retry the link and it will take me to the correct page then.Also sometimes, maybe 10% or less of the time, when I click a link I get a popup message that says updates to my 'web media player' need to be installed (it does not mention a specific program or brand). I close the popup and get a blank white screen with a message saying Web Media Player Updating and a series of file names flash up to indicate they are downloading.I have not installed any new 'web media players' recently and can only assume this is something I do not want downloading.Every time it happens I just close the page. I don't know where it downloads to so I don't know how to check what has happened.I had a few other issues (mentioned in the other thread) but they all seem to have stopped recently.Yesterday on one occasion my computer shut itself down and rebooted totally unprompted. I had a problem with it doing that about 6 months ago, it went through a phase of rebooting randomly, and eventually windows became corrupted. I thought at the time it was my hard drive packing ... Read more

Answer:Google redirect problem which isn't found by Spybot / MBAM

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 55.76%

Thank you in advance for any help. I found a similar issue and followed the instructions in the preparation guide.1. Can't delete or update AVG (errors). AVG 8.5shows no components and I tried to uninstall and then download 9.0 but it will not install. Installer detected that there are deletion pending flags set for some services of AVG 8.0. I have restarted several times but cannot install.2. Spybot and others won't start. I re-dowloaded it and MBAM and cannot install them3. Redirects some things from Google although I can get back to it4. Security balloon pops up saying serious security issues please remove them, then windows pop up showing these names: Trojan-Downloader.Multi; Backdoor.Win32; Net-Worm.Win32; Email-Worm.Win32.NetSky.q; Trojan.win32.Agent.dcc; Net-Worm.Win32.Mytob.; Trojan-Downloader.JS.Multi.ca; Backdoor.Win32.Agent.ich; Virus Win32.Hala.a; VirusChin09.Win; VirusWin32.Hala.aClicking enable protection takes me to a Malware Defense installation that I couldn't stop, it runs an unregistered copy and goes to the site to buy it. It runs a scan showing 13 dangerous viruses.A warning popped up: Attack from 214.82.202.70: 22203; 86.206.102.222: 17963ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2010/01/09 09:29Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: avgrkx86.sysImage Path: C:\WINDOWS\... Read more

Answer:Infected Virus Chin09.Win, MBAM, spybot won't start,

I have solved my problem. Thank you for all the information, by sifting through this website I was able to figure out how to get rid of the Malware Defense and restore the other programs.http://www.bleepingcomputer.com/forums/style_emoticons/default/clapping.gif

2 more replies
Relevance 55.76%

Came home from my honeymoon the other day to find my house sitter managed to get something on my computer, been banging my head off my desk trying to fix it by means I would have used in the past.... except I'm unable to. Whatever this is, shuts down every program I try to use to clean the system after a few seconds of scanning and then changes the permission on the executable "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item" so I'm unable to launch it again. I've tried renaming the executables, and sometimes they will run again, only to be shut down and locked again.

Firefox is constantly being hijacked as well, usually when I'm trying to search for something on google, and I click the link, I get redirected to sites like btcar.com www.luckyresults.com. And when I just tried to do a search for "browser hijacked" can't run antivirus, the browser won't let me click the search button now, even after closing and restarting it. I haven't run into this problem with IE yet, but I've barely used it so far.

Not sure of how to go forward from here, I've tried everything I would have done in the past, and I'm hoping someone here will be able to offer some input and help.

Thanks for your time.

Answer:Browser hijacked, can't run MBAM, Spybot, HJT, any rootkit detection

We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr

3 more replies
Relevance 55.76%

I recently had a couple of trips back and forwards to a high street shop. The first copy of Railroadtycoon 3 installed successfully but the play disk was not recognised. The replacement cds had different symtoms, the install disk setup.exe would show up in the task manager but no subsequent cd reading activity would occur.Has any other people discovered problems with new software's copy protection preventing new installs potentially due to over zealous copyright protection?

Answer:CD/DVD burning apps preventing game installs?

Yes - I had this with FS2004, though I'm not sure that it had anything to do with copy protection. Go into Device Manager and find your IDE Controller (this is easy to accomplish using "view by connection" mode; it'll have your drives hanging on the end of it). Select the channel that your CD/DVD drive is on (most have it on secondary - you'll know) and have a look at the transfer mode. I solved all my problems by amending this from "BIOS default" to "PIO Mode".

6 more replies
Relevance 55.76%

ComboFix 10-12-04.06 - Administrator 12/06/2010 14:39:15.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1524 [GMT -8:00]
Running from: g:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\FBStoolbar.dll
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE... Read more

Answer:Aantivirus and malware apps will not connect to the internet for updates, also sending out random emails, also internet does no...

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

51 more replies
Relevance 55.35%

Windows 7 Home edition PC.
 
I'm getting the 0x80073b01 Error Code when I install Security Essentials after it completes the installation but before it starts the program for the first time.  If I click on it from the start menu, it gives the same error as I try to start it.  I believe the same problem is preventing the Microsoft updates from happening as well....they show two new critical updates needed, but it is never able to install them.
 
Found the program titled "PC Speed Fix" installed on her computer.  I uninstalled it, and after reboot it shows up again (now it is not showing up in her installed programs list).
 
I have ran updated versions of Malwarebytes and SpyBot...both removed some items, but still unable to start/run Security Essentials.
 
Any help would be greatly appreciated!!  Thanks!!

Answer:Malware stopping Security Essentials and Microsoft Updates (0x80073b01 Error)

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

5 more replies
Relevance 55.35%

Hello,

My computer was running slowly and my Comodo and Avast were disabled. I tried to enable them, but nothing happened.

I downloaded and ran Super Anti Spyware, MBAM, AdAware and Spybot and while they each found and deleted something, I still am unable to turn Avast back on. The computer is still very slow on start up.

Attached are the DDS and gmer logs.

Thanks!

Answer:Ran SAV, MBAM, Adaware, and Spybot, still running slow after spyware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

18 more replies
Relevance 54.94%
Answer:Why am I recieving message that 2 apps are preventing me from shutting down on my Windows 10 P.C.?

When it says that, it shows you what the apps are... this is not uncommon if you have unsaved work and the app prompts to save it.

more replies
Relevance 54.94%

Hi,I posted this already, but was moved to another section of the forum:http://www.bleepingcomputer.com/forums/topic252804.html#Straythe and Blade helped me. Blade told me how to successfully run RootRepeal (disconnecting from the Internet). And I was able to get a log for it to post up. After I posted up the log, I was told my system has an active rootkit on it. Then I was instructed back here to post my partial RootRepeal log and a Win32kDiag log. However, I was unable to run DDS.scr and generate logs for it because it keeps crashing (just the software keeps crashing and not my system). Moreover, I'd like to add the infection has been doing a lot of site redirections. For instance, I'll do a Google search for 'boxes' and when I click on a 'amazon.com/boxes' (just an example) link within the results, I am redirected to some non-related site. I haven't had any other problems with site redirections just through Google, since that's the only search engine I use. I can go to websites and click within a website and I will get the site of the link I clicked on. So again, just Google searches.Also, I don't know if this is due to the infection, but my system keeps freezing up. I have cleaned the inside of my PC from dust, but it keeps freezing up. So I am constantly having to restart my PC by way of the restart button on the CPU. BUT when I do, the PC won't boot up. It's not until I've pushed the restart button on the CPU multiple (and I mean multiple) times when it chooses to boot ... Read more

Answer:Infected with Rootkit / Site Redirections / MBAM, TrendMicro, SpyBot, and DDS.scr Crashes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 54.53%

Dell m1330 Vista home premium. I have malware isses, frequent memory dumps, google redirection and something is preventing me from running or installing anti-malware programs. I had to install malwarebytes using the rename method, but the program will not run in safe mode or normal. I had spybot previously installed but I was also prevented from opening, so I tried reinstalling, but before it can complete the installation I get the blue screen of death memory dump! Before reading the procedure I ran coolweb, kill2me, windows defender and windows malicious software tool. None of the programs found anything. I also perfomed a couple system restores, but both failed.

Should I continue with the cleaning procedure (combofix), or does anyone know how I can get malwarebytes and spybot to run?
 

Answer:Trying to follow malware removal procedure, but malware is preventing me?

Here's my MGtools log, it was the only program that worked.
 

4 more replies
Relevance 54.53%

Hi. I am trying to diagnose a problematic laptop for a friend. I don't know the details of what happened to cause the problems. The main problem I can detect is that the laptop is EXTREMELY slow. It seems like anything I try has a delayed response (even a simple mouse click). I followed the Malware Removal Guide, but was only able to run two of the five suggested tools as follows:

1) SUPERAntiSpyware - I ran this after manually updating the definition files on the version already installed and the scan found nothing.

2) Malwarebytes Anti-Malware - I was not able to update the definition files for the current version installed. After several attempts to uninstall this (via the Control Panel), I was able to do it via CCleaner. However, I was not able to re-install a more recent version due to problems with the Windows Installer service. After uninstalling an outdated version of Java (Update 14) via the Control Panel, I have not been able to install/uninstall any more programs.

2) combofix.exe - not compatible with 64-bit OS

3) RootRepeal - did not run on 64-bit OS

4) MGtools - did run; kept getting errors, but continued to completion

Attached are the SUPERAntiSpyware and MGTools logs:
 

Answer:Possible Malware preventing me from running malware removal tools

I am not seeing any malware in those logs. I do not know why MalwareBytes would not run, are you able to run it in safe mode? How does the PC behave when you use safe mode?

More than likely I think I will be sending you off to the software forum.

We can do this:

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:



O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file)
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsM... Read more

5 more replies
Relevance 54.53%

Windows XP Machine infected with XP Internet Security malware software.... removed using Malwarebytes and Spybot, but now have red sheild in bottom tray saying XP AutoUpdates are turned off, when in fact they are turned on.Also Microsoft Security Essentials will not update either.I presume part of the malware is still left over and stopping these things working.Please find logs below and attached..DDS (Ver_11-03-05.01) - NTFSx86 Run by Peter Brand at 21:23:44.95 on 12/05/2011Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.257 [GMT 1:00].AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: ZoneAlarm Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

Answer:Removed XP Internet Security Malware... now MSE and XP Auto Updates dont work...logs inside.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

3 more replies
Relevance 54.12%

Hello,

Computer worked fine with Win8.1 until my antivirus self-disabled and a very high CPU/Mem/Disk usage episode occured last night. Following that, it became impossible to run Firefox and Chrome, they keep crashing. IE works for very brief periods, then crashes too. Tried MBAM twice but it refuses to complete and hangs up at some time. DDS will not run and gives out a 'compatibility mode' issue. Tried uninstalling / reinstalling firefox to no avail. After further tests, every kind of app seem to crash on startup or after a little while, including notepad... However windows boots fine.

The kind of crash is weird. ctrl alt delete seems to hang up too. I have to reboot or must be very patient.

I suspect malware because computer is recent and worked A1 til last night and everything was so sudden.

Sorry I cannot post the requested logs.

Thanks for your time.
 

Answer:Suddenly all apps crash, MBAM refuses to complete

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same d... Read more

6 more replies
Relevance 54.12%

I am running a Lenovo T61 with Windows Vista Business. Yesterday evening, my Norton 360 notified me that it was no longer working due to a problem with LiveUpdate. Norton recommended I uninstall and reinstall the program, and try to update again. I did this three times, and all three times it rendered Norton inoperable when I tried to run LiveUpdate.

Then I tried to run MBAM, which showed me an error when I tried to update its definitions:

Spybot likewise fails to update.

Also, as of this evening, I cannot connect to the internet with IE, Firefox, or Skype, though Chrome is still working fine (for now, anyhow).

At first I thought I just had a glitch with my Norton, but with so many products failing, I'm worried it's actually a virus or malware program.

I don't know if it's relevant, but I wasn't able to download DDS from the link on BleepingComputer tonight. I had the program from the last set of computer problems I worked through on the forum, so I used that to create the log below. GMER downloaded fine and ran as well.

I'd appreciate any suggestions you can give me!

Thanks,
SMH1105

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_30
Run by Stephanie at 20:00:32 on 2012-02-01
Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.3054.1469 [GMT -5:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D... Read more

Answer:Norton, MBAM, and Spybot will not update/run; IE and Firefox won't connect to internet (but Chrome works)

Hello, my name is Elise and I'll assist you with this issue.

Can you please rerun DDS and post me attach.txt (no need for dds.txt)?

12 more replies
Relevance 53.71%

I recently ran Spybot - Search and Destroy, and wound up with some 116 problems. Upon fixing them, I noticed that one was Virtumonde, a problem I've had with on a previous computer. After trying to fix it by Spybot (and failing), I did exactly what I had done in my previous encounter - went to VundoFix and ran it. Came back with nothing. Thinking that it was a mistake, I looked online and found another. VirtumondeBeGone was also unsuccessful. I've looked around on this website before and saw that there was another individual with a similar problem. I followed the previous advice and used Malwarebytes Anti-Malware's File Assassin to delete the file. I ran Spybot again, and it is still there. The location is unchanged: C:\Windows\System32\rcpnet.dllPlease help!!

Answer:Spybot Detects Virtumonde - Both Spybot and Malware Can't Delete It

http://www.computerhope.com/forum/index.php/topic,46313.0.htmlgo to above post the 3 logs here an expert will see them , harryyou can also read this belowhttp://www.computerhope.com/search.htm?cx=003411668307610607965%3Ah4yba8pbdco&cof=FORID%3A9%3BNB%3A1&q=virtumonde&sa=Search#1297

8 more replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

1 more replies
Relevance 53.71%

Hi,
Right now i have about 56 updates pending, most of them office updates, and a couple of Windows updates.
I've discovered that a update is preventing my PC from sleeping, as when i do a system restore back to before i updated my PC will sleep, and then instaill them again my PC wont sleep.

I'm assuming its a windows update rather than an office update causing this problem.
Is there a better way to see which update is causing the problem rather than instailling each update, one by one?

More replies
Relevance 53.71%

I'm having startup issues with a Windows 10 Build:
Cumulative update for Windows 10 ver. 1511
KB3192444. (I hope I copied it correctly).

Before this update is installed the problem doesn't exist, after it's installed it does.
I posted this issue here but have not gotten any help.
Because windows 10 automatically installs updates I needed to go into Group Policy Editor-Computer Configuration-Windows Components-Windows Update and set it to
"Notify for download and notify for install"

But, when I go back into settings for windows update advanced settings, the choose how updates are installed has remained with the same 2 options.

How can I be sure that Windows 10 does not install this update????
Does changing this setting in GPE work ok?

Any help will be appreciated,
James

Answer:Preventing Auto Updates

Hi, to hide (stop) a particular update see:
Windows Updates - Hide or Show in Windows 10 - Windows 10 Forums

3 more replies
Relevance 53.71%

I've somehow got some malware/ trojans/ viruses, whatever you may call them, and I'm unable to update my spyware/ anti-virus software. I currently have Spybot, Zonealarm pro, ad-aware pro and a recent download of the free avg anti virus...all of which are outdated. Can anybody please assist in the removal of these things causing the problems?

Thank you!
 

Answer:virus preventing updates

Welcome! to MajorGeeks.com!

Please follow the instructions in the READ & RUN ME FIRST link given further down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in Safe Mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
To avoid additional delay i... Read more

3 more replies
Relevance 53.71%

Hello
 
I recently did a fresh install of Windows 7 on my PC. I guess I forgot to install any AV until I was prompted to by Windows Update, which if I remember correctly, did install OK originally. Normally I would have installed AVG and MB, but I've had quite a few PC problems recently and so was a little haphazard, I can't remember whether I actually got MB installed prior to these problems or after. Anyhow, recently I started up my PC and upon starting got a message that MSE couldn't start because of error occurring during initialization, Error 0x80073b01.
 
I found a similar topic here and have run a few of the programs, most optimistically Hitman Pro, which found a couple trojans and malware items and deleted them. But I still have this issue with MSE that it can't load, can't be reinstalled and can't be uninstalled.
 
Other symptoms: Malware Bytes icon on my desktop went from being their logo to a generic .lnk/shortcut image and wouldn't load. I managed to reinstall it after using safe mode and using mbam clean to get rid of the mbamext.dll that wouldn't delete normally. I now have MBAM on my desktop and I can run it, but it won't get the latest updates (it appears to download them, but then says the db is missing or corrupt) and it won't let me do a scan.
 
I have been trying to copy some files to an external HD, but the ones with Security in their name can't be moved.
 
It seems like something is definitely running in the background ... Read more

Answer:Malware preventing MSE and Malware Bytes running?

Try running in Safe Mode and doing a full system scan with your antivirus.  You could also try a System Restore.  

2 more replies
Relevance 53.3%

The following was copied/pasted from https://forums.malwarebytes.com/topic/200634-malwarebytes-31-now-available/  

Malwarebytes v.3.1 is now available.  You can download this new version -- v. 3.1.2.1733 -- from our main website or from this link.
You can install this new version directly over any earlier Malwarebytes version you might be running. 
Here's What's New & Improved:
Performance/protective capability

Multiple enhancements result in reduction of memory usage
Faster load time and responsiveness of third-party applications
Improved performance of Web Protection
Faster Malwarebytes 3 program startup time and responsiveness of user interface
New detection and protection layer with machine learning based anomaly detection (to be deployed gradually even if it shows “enabled” under Settings)
Improved Self-Protection by requiring escalated privileges to disable protections or deactivate a license
Enhanced malware protection techniques and remediation capabilities
Added an automatic monthly scheduled scan in Free mode

Usability

Added ability to control the priority of manual scans on the system
Added setting to turn off ‘Real-Time Protection turned off’ notifications when protection was specifically disabled by the user
Added ability to exclude the last website blocked by Web Protection via the tray menu
Fixed several defects related to configuring Custom Scans, including selecting child folders and fixing issu... Read more

More replies
Relevance 53.3%

Can anyone tell me where the definition updates are stored on vista ultimate 64? SAS definitions, and Mbam definitions
I've got an infected laptop, and can't connect to the internet with it, so I was gonna get the definitions off my system, and move them to a flash drive and apply them to the infected laptop. Thanks for any help.
 

Answer:Mbam, Sas def. updates

The database definitions are here.

SUPERAntiSpyware Database Definitions December 14, 2011

Malwarebytes' Anti-Malware Database December 12, 2011
 

3 more replies
Relevance 53.3%

There was an Office vulnerability that was fixed with the April patch Tuesday in an Office update, but we've had trouble making sure all users have the updated Office patch as N-Central(our patch management tool) doesn't always list what build/patch Office
is currently running accurately.

We do know all our PCs have the April/May security updates. Is the Office Update combined into the big monthly one?

More replies
Relevance 53.3%

hello everyone,
my sons laptop has acquired a virus. (an acer aspire 5100 on xp)basically it is preventing any windows updates & any security scans. It is clever; for example if i attempt trend micro house call i get blue screen & the pc shuts down immediately. When i reboot it refers to fat32 as follows:
checking file system on c the type of the file system is fat32.

i have current subscription to trend micro internet security for three pc's but can't download due to the virus.
i am not a "power user" but i am capable of starting the the laptop in safe mode & carrying out basic tasks.(but it appears to be stopping that unless i'm doing something wrong with the "f8" key)

how serious is this & is there the idiots guide to a resolution?
thanks for looking bob (uk)
 

More replies
Relevance 53.3%

I have a Compaq desktop at home running Windows 7 Home Premium. My girlfriend has a user account on it that she uses from time to time. She sometimes needs to restart the computer. When she tries to do that, many times the shut down screen shows "Install updates and Restart" as the default action. Is there a way to eliminate that option for her account or at least make Restart or Shutdown, without installing updates, the default choice? She is careful about changing the option, but I am concerned she might slip up one time.

I have no desire to upgrade to Windows 10 at this time (Yes, I know the free upgrade offer is supposed to end at the end of June). On my account, I manually go through the list of new available updates and remove any that are related to preparing the computer for Windows 10 or actually downloading and installing it.
 

More replies
Relevance 53.3%

i keep getting this message. i have already disabled automatic updates through group policy editor.

Answer:updates preventing my computer from shutting down

With this batch script you can automatically close apps not responding at shutdown in windows. Please execute the batch script as a administrator.

1 more replies
Relevance 53.3%

What can I do to prevent updates from preventing me from using my computer?
Apparently whoever designed Windows update never considered the possibility of people using small SSD drives that only have a fraction of the space required to run applications. Everything worked under Windows 7, although I did have to do some tweaking to get it to install apps directly to drive E: (my multi-terabyte hard drive). After installing Windows Update, I had to do the same registry tweak to make it install programs on drive E:, and it worked fine the first six weeks or so, but then it started routinely breaking one or two of my applications with each update. The problem was initially tedious to fix, but I eventually got everything working. However, I was not successful at getting Windows to comply with running my Chrome browser from E: I finally relented, and moved as many of the commonly used apps to drive C: (the SSD) and consequently had to set the cache size smaller. Everything was fine for another month or so.
However, beginning sometime in November, Windows updates started failing. It schedules an update, runs the update, reboots my computer, says the update failed, and reboots the computer again, uninstalled the update, and then it works. This was an annoyance, but since it only happened once a month, I put up with it.
Recently however, Windows has started retrying updates every few days, and doesn't bother warning me in advance or asking my permission. It just unceremoniously shuts... Read more

Answer:What can I do to prevent updates from preventing me from using my computer?

In updates, there is a setting to schedule restart, usually 3am. Can you check that setting is enabled?

2 more replies
Relevance 52.89%

The following was copied/pasted from https://forums.malwarebytes.org/topic/180348-mbam-221-patch-release/
Hello—
We’re happy to announce that our latest MBAM patch release, MBAM 2.2.1.1043, was released today.   
You may download MBAM 2.2.1.1043 from this link.
We’ll be enabling automatic upgrades for current users beginning next week.  If you’d like to upgrade before then, simply download the new version from the link above and install.
Here's the full list of What’s New in v. 2.2.1--
Improvements:

Context Menu scanning option is now enabled by default.  Note if you had this option disabled previously and want to retain that setting, you must disable again manually this one time only.  Future updates will retain the setting properly
Improved renewal experience for those who purchased in retail store so that the original license key is retained post-renewal instead of requiring that a new key be entered and activated
Improved End of Trial experience so it is clear that trial has expired and real-time protection is no longer available
Added additional license checks to ensure subscription details are updated as quickly as possible after a renewal is processed
Updated company and product logos with new logo
For Premium subscription licenses, removed Renew button from My Account screen to avoid confusion over license term

 
Issues Fixed:
 

Fixed security vulnerability to ensure database updates are down... Read more

Answer:Updates 3/18/16 - MBAM, Firefox

Firefox Version 45.0.1 (  https://www.mozilla.org/en-US/firefox/45.0.1/releasenotes/ )
 
Fixed
Fix a potential performance regression (Youtube for example) (1220502)
Fix a regression causing search engine settings to be lost in some context (1254694)
Bring back non-standard jar: URIs to fix a regression in IBM iNotes (1255139)
XSLTProcessor.importStylesheet was failing when <import> was used (1249572)
Fix an issue which could cause the list of search provider to be empty (1255605)
Fix a regression when using the location bar (1254503)
Fix some loading issues when Accept third-party cookies: was set to Never (1254856)


Changed
Disabled Graphite font shaping library

----------------------------------------------------------------
Available via the internal updater:   Help / About Firefox

4 more replies
Relevance 52.89%

I have MBAM 2.2.0.1024 Free.

Are Definitions Updates available everyday? If so, can they be downloaded everyday? If so, does this apply regardless of whether you have the Paid or Free version?

Ever since the MBAM 1.75 era ended, my being able to download Definitions Updates has been very sporadic. The process goes through the motions like it's downloading them. However, once the process is finished, the Virus Definitions status will still be the OLD ones.

With MBAM 1.75 I used to be able to download Definitions Updates any and everyday that I chose to do so. After that version, once the new breed of MBAM came onto the scene, more often than not, I've encountered Definitions Updates mirage after mirage ... aka FAILURES. Today was another one of those failures. I'm still stuck at the September 22nd Definitions. :crap :mad :guns

What's going on? What am I supposed to do to get the MBAM Definitions Updates to download and install any and everyday that I choose? Or does MBAM now only put out Definitions Updates periodically every 3 weeks or so?
 

Answer:MBAM Updates: Available Everyday?

Are Definitions Updates available everyday?Click to expand...

Yes. It might even be hourly.




If so, can they be downloaded everyday?Click to expand...

I assume Yes. I am running 5 paid versions so I have no experience with the free version.




If so, does this apply regardless of whether you have the Paid or Free version?Click to expand...

Yes.

Grab the November 5th database at MajorGeeks.
http://www.majorgeeks.com/files/details/malwarebytes_anti_malware_database.html
Note the size of 16.8MB so you need a broadband connection. If you are on dialup or a very slow connection, I suspect it will fail.
 

5 more replies
Relevance 52.89%

I'm not sure if I am in the correct section of the forums, but I'll give it a go here. I was recently infected with Windows Anti-virus Pro and I used SuperAntiSpyWare & Kaspersky Online Scanner to detect the virus and remove it (or so I hope). Now I am having issues with MBAM. It won't update, and when I do attempt to update I get the 732 error. I tried the suggestions at the MBAM forum, which mostly consisted of allowing my Norton Firewall to allow the program to update. That did not work. I also found that my IE 8.0 doesn't work either (it gives me the "Cannot display webpage" and "Address not valid" error). However, I am connected to the internet, as my firefox does work. Are these two issues related? Or does it sound like I may still be infected? I have tried removing and reinstalling MBAM, but the same issue still occurs with the updates.

Thanks for your help in advance.
 

Answer:Issue with MBAM updates

Please click here to download and install the HijackThis installer. ​
Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything​
 

3 more replies
Relevance 52.89%

I just realized that my paid version of MBAM is not auto updating as it should (yes, it's enabled and set for 7pm) on my new install of Win7x64 Home Premium. I just did a manual update just 'for fun' and noticed that I was about 20 versions behind on the definition database. I'm pretty sure that UAC is blocking the update. How do I configure it to allow the updates? AntiVir (the free version) is updating OK.... I know I could completely disable UAC, but that isn't what I really want to do.
 

Answer:UAC, Win7, and MBAM updates

Nothing? :confused

I don't want to disable UAC in order to get MBAM updates, as it seems a bit contradictory to turn off one level of protection in order to obtain another level of protection. I can manually update MBAM daily (which I'll do for the time being), but, knowing me and my wonderful memory (note the sarcasm LOL ), I'm sure I'll forget on a regular basis. I thought there was a way to create UAC exceptions, similar to how you'd set up a firewall. Any ideas or suggestions will be greatly appreciated.

[dlb]
 

3 more replies
Relevance 52.89%

Hi, My name is Roy, ive searched all the other forum threads in this topic and i couldn't find what i was looking for.

Now, my problem is that my Windows 8 apps wont update and i cant install new apps. ive had this problem before, but i forgot how to solve it. I remember it had something to do with a folder not being in the C:/windows folder. I also remember it began with a "A" (Appinstaller?).

i was wondering if anyone who CAN install their apps and update them could look into their C:/Windows folder and write down a list of folders that appear starting with the letter "A".

Thanks in advanced!

Roy (emoteen134)

Answer:Updates to Window 8 Apps and Installation of Apps

Hello Roy, and welcome to Eight Forums.

Usually when you have issues with installing or updated apps from the Store, you would need to clear the Store cache to fix it.
Store Cache - Clear in Windows 8
If that doesn't help, then double check through the troubleshooting steps in the tutorial below to see if one may be the issue.

Apps and Tiles Not Working or Responding: Fix in Windows 8
Hope this helps,
Shawn

1 more replies
Relevance 52.48%

Source: Why Android malware scares are almost never as bad as they seem
On Android, it's split between the OS and Play Services.
Google Play Services is a system-level app, which is updated in the background by Google on every Android phone going back to 2010's Gingerbread release. As well as providing APIs that let developers interact with Google services, and porting many features back to older versions of Android, Play Services has an important role in Android security.Click to expand...

Google Android Security: Shielding you from Potentially Harmful Applications
Earlier this month, we shared an overview of the ways we keep you safe, on Google and on the web, more broadly. Today, we wanted to specifically focus on one element of Android security?Potentially Harmful Applications?highlighting fraudsters? common tactics, and how we shield you from these threats.

?Potentially Harmful Applications,? or PHAs, are Android applications that could harm you or your device, or do something unintended with the data on your device. Some examples of PHA badness include:

Backdoors: Apps that let hackers control your device, giving them unauthorized access to your data.

Billing fraud: Apps that charge you in an intentionally misleading way, like premium SMS scams or call scams.

Spyware: Apps that collect personal information from your device without consent

Hostile Downloads: Apps that download harmful programs, often through bundling with another program

Troj... Read more

Answer:Verify Apps: Protection against Potentially Harmful Apps (Google Android Security)

More information about Potential Harmful Apps; Android Security.

Feb'17 Blog: Shielding you from Potentially Harmful Applications
Support: Protect against harmful apps - Accounts Help
Documentation: PDF: Potentially Harmful Apps classifications

 

1 more replies
Relevance 52.48%

Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks

Answer:Automatic updates now preventing access to internet

Quote:





Originally Posted by duncan hill


Hi,
Since an automatic update on my computer, my computer will not access the internet. I have tried to resart the computer to a previous point pre-updates but now it will longer do this either. So i am a stuck. Can you help?

Thanks




I have a similar problem. Bun not from automatic updates. I updated Adobe reader(it says "Install security update). Since then It appeared in system Tray an yellow triangle with an exclamtion mark on it. If I click on it, it disappears, but my network connection has stopped working. It connects normaly, but the computer works like it would not be connected to the Internet. I unistaled the update, but the problem reappeard after 2-3 days. Now it looks that it is all OK, but I do not know what am I suposed to do.

7 more replies
Relevance 52.48%

I was going to download Norton 2009 antivirus, but the setup said that the computer needed and upgrade. I proceeded to the windows update to check. Sure enough I needed windows service pack 2. I tried to download this but got the error 80072efd. Its not the firewall, but i also realized that I cannot download it directly from the windows update website. I am really confused and need this antivirus cause my computer is infected at this time. All help will be appreciated.

Answer:error 80072efd is preventing me fom downloading updates

hi and welcome to TSF the first thing you should do is go here
http://www.techsupportforum.com/f50/...lp-305963.html and get help for your infection and then see about antivirus i would not choose norton or mcafee as they can cause issues with vista

3 more replies
Relevance 52.48%

I have a paid version of AVG Internet Security 2012 which commenced in August 2012. I've had paid versions in the previous two years and until the last two months have had no problems.
In the past few days when I switch on my PC (Windows XP with Mozilla Firefox browser, wired connection with BT) the automatic AVG update will not proceed, nor will a manual attempt.
Within a few minutes of switching on the following Windows warning box appears on the screen:
'The software you are installing for this hardware - Non-Plug and Plug Drivers - has not passed the Windows Logo testing to verify its compatibility with Windows XP. Continuation of installation of this software may impair or destabilise the correct operation of of your system either immediately or in the future.'
Two options are then given: Continue anyway or Stop installation.
The updates waiting to be downloaded are all version 2238 of the the following: Alert Manager; Anti Rootkit Driver; Anti Spam Component; Scanning Engine; Set Up Component; Kernel components; E-mail Scanner; Firewall Component; User Interface Component; Identity Protection; Language Files (English); Online Shield (Settings); Resident Shield Scanner; Link Scanner HTTP Redirector; Systems Tools Component; TDI Component; Pc Analyzer; Update Component.
If I click on 'Continue anyway' the system attempts to download the updates again but aborts very quickly and the same warning notice appears. If I do nothing the warning notice remains but my AVG page sa... Read more

Answer:Windows preventing paid AVG updates download

I'd recommend putting this to AVG in the form of an email. Even copy and paste what you posted here.

2 more replies
Relevance 52.48%

Full Article: http://androidcentral.com/why-android-malware-scares-are-almost-never-bad-they-seem

On the iPhone, everything that matters lives inside the OS. On Android, it's split between the OS and Play Services.

Google Play Services is a system-level app, which is updated in the background by Google on every Android phone going back to 2010's Gingerbread release. As well as providing APIs that let developers interact with Google services, and porting many features back to older versions of Android, Play Services has an important role in Android security.

The "Verify Apps" feature of Play Services is Google's firewall against app-based malware. It was introduced in 2012, and first enabled by default in Android 4.2 Jelly Bean. At the time of writing, 92.4% of active Android devices are running version 4.2 and up, and older versions can manually enable it in the Google Settings app.

Verify Apps works similarly to a traditional PC virus scanner:
Whenever the user installs an app, Verify Apps looks for malicious code and known exploits. If they're there, the app are blocked outright ? a message is displayed saying "Installation has been blocked." In other, less suspicious cases, a warning message may be displayed instead, with the option to install anyway. (And Verify Apps can also help remove known malware that's already been installed.)

While the underlying exploit may still be there, this makes it impossible for the bad guy... Read more

Answer:Android Security; How Verify Apps protects you against Potentially Harmful Apps

More information about Potential Harmful Apps; Android Security.

Feb'17 Blog: Shielding you from Potentially Harmful Applications
Support: Protect against harmful apps - Accounts Help
Documentation: PDF: Potentially Harmful Apps classifications

 

1 more replies
Relevance 52.48%

Hi,
So recently i had a virus or something that redirects my online google searches.

I went to download malwarebytes anti-malware, and the website seems to be blocked from access. It comes up with the error like i have no internet connection or that the website doesnt work. So i downloaded from download.com and am currently running a scan. It wouldnt let me update, however.

I am running XP with sp3

i tried running spyware doctor scans, ewido security scans, and finally super anti-spyware scans. The SAS would not update. They removed some things but the problem still persists.

At first, when i noticed this problem, i was getting an error when i tried to access my c:/ drive. Something to the effect of 'missing file Recycler/S-(and then a bunch of letters/ numbers)'
I ran scans and can now access the drive, but i am still getting redirected on google searches and cannot update the MBAM or SAS.

I cannot access the malware bytes website at all either.

I ran CCleaner and cleared temporary files

I have Hijack This if i need to post a scan.

Any help is greatly appreciated!

Answer:URL Redirector/ cant access MBAM or SAS updates

ok after MBAM most recent version ran, i got 8 errors, but after being fixed, its all working and i can update it and everything

2 more replies
Relevance 52.48%

Hey
A few days ago "Antivirus Live" got onto my computer,
I found MBAM which worked perfectly in removing "Antivirus Live".
However now MBAM won't update, I guess "Antivirus Live" is still.....???
Thanks<

MrStupid
DDS (Ver_09-12-01.01) - NTFSx86
Run by Ron at 16:34:05.28 on Thu 12/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.271 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\s... Read more

Answer:Antivirus Live - Now no MBAM updates

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 52.48%

Help... Firefox is fine to surf the web, but we need IE for work related stuff. IE gives a port error, avgfree doesn't find anything, mbam found and resolved two issues and won't update. Latest update was 8/3.

IE doesn't connect, spybot and adaware doesn't load?

Please help.

Thanks,

Mike

Answer:no IE, no Mbam updates but FF works fine

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs ta... Read more

5 more replies
Relevance 52.07%

For some reason, whenever windows 8.1 updates, internet explorer stops working. Every time I try to get on the internet, I just keep getting a message that 'this page cannot be displayed'. Skype still works, so the problem seems to be internet explorer itself.

I have decided to switch to google chrome to fix the problem, but I can't do so without getting on the internet.

I would like to restore the computer to a point in which it worked, and I have one restore point which I'm certain will work, but the problem is, immediately after restoring, windows automatically updates, which kind of undermines the entire purpose of the restore. I have tried changing the update settings so it will restore without updating, but as soon as the system restores, my changes are undone and windows then proceeds with the stupid updates.

I just want to get on the internet somehow to install google chrome! (and no, I can't just copy and paste from the computer I'm currently on because this one has windows 7).

Any ideas?

Thanks,
smile puppy

Answer:Windows Updates Preventing Internet Explorer from Running!

Unplug your router, then do your system restore. You then have as much time as you need to configure Windows Update not to auto check.

2 more replies
Relevance 52.07%

I am not able to install the windows updates>>used Express and got like 72 updates required. dloaded all but NONE installed.. got this message>>

A problem on your computer is preventing updates from being downloaded or installed

any help on this? this is after a windows XP install/repair

thanks, bo bo bolinski
 

Answer:A problem on your computer is preventing updates from being downloaded or installed

Re: A problem on your computer is preventing updates from being downloaded or install

no help on this? I am suprised! do I have to do the HJT routine or does someone have an easier solution??

thnx, bo bo bolinski
 

3 more replies
Relevance 52.07%

I have 93 updates for XP & Office 2003 which I cannot install. I have stopped and re-started the update service & tried everything else I can find on the web.

I would be very grateful for any help anyone can provide!

Answer:A problem on your computer is preventing updates from being downloaded or installed

Is your windows update allowed to install updates automatically? Check your settings in the security center. I hope you are updating via a broad band connection. Also does windows download the updates and stalls have way thru the installation? During the install of the downloads, Windows will ask you to accept certain agreements. You may not be seeing these and think Windows has stopped installing. Windows will not move forward unless you respond to these agreement. When downloading be sure all the downloads are complete and upon the installation part, Minimize your screen to see these agreements. IE7 download and install is one of the biggest culprites. It hides behind your Download and install screen.
Hope this helps.

5 more replies
Relevance 51.66%

I timed MBAM on updates this week and it seems they are releasing updated signatures every 30 to 10 mins. This is cool as it will improve detection! Anyways this is new MBAM use to update every 3 to 5 hours now it updates every 10 to 30 mins.
 

Answer:Post Has anyone noticed MBAM now updates every 10 to 30 mins now?

I don't know if this will always happen but they are quick in releasing new signatures.
 

2 more replies
Relevance 51.66%

MBAM updates are generally VERY fast--less than 6 or 7 seconds, tonight took about 6-7 minutes.

Answer:Anyone experiencing very slow MBAM definition updates?

Just updated and took about 4 seconds...

4 more replies
Relevance 51.66%

Today I had offers for and installed updated versions of Malawarebytes - v2.2.1.1043 (I have premium but I guess same applies for free version); iTunes, v 12.3.3, and CCleaner v 5.16.5551. This last took 4 attempts as there seemed a problem on the Filehippo site at first. Defragged afterwards.

Answer:3 programme updates - MBAM, CCleaner and iTunes

Updated CCleaner from Filehippo about 4 hrs ago without problems
Mbam Free just offered the database update not the program yet.

6 more replies
Relevance 51.66%
Question: Preventing Malware

I am not sure the best place to post this. I am trying to find a secure method of moving files from home to office. Our office has a rule stating that you should not bring a thumb drive into the office from home without going through IT. This is to prevent infecting the work network. IT can run a Symantec scan on the USB device but is still not in favor of using the USB due to what might not be caught on a scan.

Any ideas of methods that IT might be willing to implement that allows the convenience of USB drives and the security that IT needs. I am in the position of greatly influencing this research if I had a direction to suggest. Of course IT would be researching in order to feel confortable. Thanks in advance. If there is a better forum for this question please advise.
 

Answer:Preventing Malware

There is not a lot that you can do to insure that any USB device is clean without running scans on them. Your IT department would have to insist that all employees install programs such as AutoEater on their home computers and scan them with something like USB Vaccine. But that would require faith that all employees took these measures.
 

2 more replies
Relevance 51.25%

Hello all!Firstly, thank you so much for running such a magnificent site with such detailed and easily understandable instructions. I direct everyone I know to this site once they become infected--you offer such useful tools and great suggestions. Anyway, onto my problem. I'm working on a friend's laptop that was infected with System Check. (Boo!) The computer is unable to connect to my wireless, nor his wireless at home and the Windows diagnostic tool is of no help in that area. So everything I'm downloading to run on his computer, (rkill, gmer.zip, etc.) is being downloaded on my computer and transferred via flashdrive. Everything is being run on this computer while it's in Safe Mode with Networking. After going through the steps per the removal guide for System Check, I discovered that the infection was a lot tougher to remove than previously thought. It has kept MalwareBytes from being able to update, and I had to initially rename both TDSSKiller and MalwareBytes installer with single word names so that the malware wouldn't stop the process from running. When trying to run MalwareBytes after going through the guide with Rkill and TDSSKiller (which found no infection,) I receive an error from MalwareBytes that states: Program_Error_updating(11004,0,No address found)I am unsure if this is related to the rootkit, or if the rootkit is preventing the update due to the wireless connectivity issue. So I suppose my questions are thus:1.) Is the rootkit... Read more

Answer:TDSS infection preventing updates to MalwareBytes/Internet connection

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated f... Read more

18 more replies
Relevance 51.25%

Emsisoft Anti-Malware & Emsisoft Internet Security 9.0.0.4783 ? with BETA updates enabled:

Emsisoft Anti-Malware:

Improved GUI loading speed for other than en-us languages.
Improved license renewal behavior.
Improved functionality for all grid columns (auto-width, sorting).
Improved Behavior Blocker logging for application rules.
Improved behavior for Alert windows: no focused default button to avoid accidental confirmations.
Improved functionality for the Quarantine submission form (added ?Back? button?).
Improved functionality for detections from scan results: manual addition to the white list as ?file?.
Improved stability and GUI enhancements.
Fixed a possible memory corruption.
Fixed an issue causing an ?SQLLite 5? error.
Fixed an issue with multiple confirmations in the factory defaults feature.
Emsisoft Internet Security:
additionally :

Improved Installer checks on required Microsoft patches and existence of Virtual Box.
Improved Firewall logging for application rules.
Improved Firewall application rule?s additions. (automatic).
Improved Firewall performance and stability.
Fixed a network blocking issue during raised Firewall Alert.
Fixed an issue where addition of a CIDR network rule caused a lockup.
Source
 

Answer:Emsisoft Anti-Malware & Emsisoft Internet Security 9.0.0.4783 – with BETA updates

I got false positive so removed beta
 

1 more replies
Relevance 51.25%

Emsisoft Anti-Malware & Emsisoft Internet Security 9.0.0.4925 ? with BETA updates enabled:

IMPORTANT:
It is not possible to downgrade (by un-ticking ?enable beta updates?) to current public stable 9.0.0.4799. You will have to uninstall 9.0.0.4925 and reinstall 9.0.0.4799 stable.

Emsisoft Anti-Malware:

Fixed a possible install wizard hang after entering an incorrect license key.
Fixed an occasional issue where ?Application changed alert? resulted in a loop.
Fixed a crash on GUI unload after ?shutdown on scan finish?, if auto-quarantine option selected.
Fixed repeated removable drive notification.
Fixed an issue where sending a test email froze the GUI.

Improved Emsisoft Protection Platform implementation.
Improved logging details for Behavior Blocker/File Guard/Surf Protection.
Improved automatic refreshing of logs.
Improved notification with scan statistics after boot, if pc was shutdown due to enabled setting ?shutdown when scan finished?.
Improved added Scheduled Scans button on scan page.
Improved added context menu to Application Rules grid.
Improved ?Restore? and ?Save copy? from Quarantine shows a dialog whether you want to add the file to white-list.
Improved Restore from Quarantine shows a dialog whether you want to overwrite an existing file.
Improved White-list grid keyboard navigation and columns correctly resized.
Improved Automatic Update scheduler.
Improved Installation Wizard now requires a reboot in last step instead of after ... Read more

More replies
Relevance 51.25%

Emsisoft Anti-Malware & Emsisoft Internet Security 9.0.0.4799 ? with BETA updates enabled:

Emsisoft Anti-Malware:

Improved column header sort indicators for all grids
Improved stability and GUI enhancements.
Emsisoft Internet Security:
additionally :

Fixed a network shares being blocked issue.
Source
 

More replies
Relevance 51.25%

Emsisoft Anti-Malware & Emsisoft Internet Security 9.0.0.4519 ? with BETA updates enabled:

Fixed an occasional crash bug after performing an update.
Fixed a few permissions related issues.
Fixed an installation issue on Windows Home Server 2011.
Fixed an occasional issue during updating.
Fixed an accidental quarantining issue.
Fixed an issue with application rules being incorrectly added.
Fixed a crash in a2cmd with incorrect ?/quarantine? parameter usage.
Fixed a crash after disabling guards when an alert was shown.
Fixed an occasional firewall not starting issue.
http://changeblog.emsisoft.com/2014/09/29/beta-updates-2014-09-29/
 

More replies