Computer Support Forum

attempted removal of trojans try to install "malware removal software

Question: attempted removal of trojans try to install "malware removal software

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Windows\system32\dlcjcoms.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Users\0\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\0\Pictures\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0609&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\viruss~1\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: c:\users\0\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-18 214024]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-18 75048]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2009-6-22 703008]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-18 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-18 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-18 144704]
R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-9 19504]
R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-9 16432]
R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-9 59952]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-2 1153368]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-6-22 112128]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-18 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-18 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-18 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-18 40552]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-9-15 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-18 34248]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]

=============== Created Last 30 ================

2010-01-02 16:32:53 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-02 16:32:53 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-02 16:12:54 0 d-----w- c:\program files\Trend Micro
2009-12-31 16:53:53 0 d-----w- c:\program files\dl_Cats
2009-12-10 09:34:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 09:34:49 411136 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 09:34:48 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 09:16:12 281600 ----a-w- c:\windows\system32\raschap.dll
2009-12-09 09:16:12 244224 ----a-w- c:\windows\system32\rastls.dll

==================== Find3M ====================

2009-12-31 16:52:50 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-31 16:52:50 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-31 16:52:35 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 20:44:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 13:20:19 833024 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 13:16:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 10:55:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-22 12:56:04 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:58:49.38 ===============

Relevance 100%
Preferred Solution: attempted removal of trojans try to install "malware removal software

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

2 more replies
Relevance 75.98%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 97.58%

i got a virus(http://www.bleepingcomputer.com/forums/topic108871.html) and all the steps provided to me were ineffective, so i decided to go into safe mode and delete some sht myselfanyways, i need someone to review my HJT log and make sure i got it all, and possibly help me fix some system errorsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:28 AM, on 9/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\acs.exeC:\Program Files\CA\SharedComponents\Alert\ALERT.EXEC:\Program Files\CA\SharedComponents\ThirdParty\Tomcat\5.5\Bin\Tomcat5.exeC:\Program Files\CA\SharedComponents\iTechnology\igateway.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Belki... Read more

Answer:Attempted Malware Removal

Hello RevoZ,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Relevance 96.35%

Hi,
my Windows XP Pro. Sp 3 desktop Super Antivirus Checker detected a trojan and tried to remove it and then boot up in safe mode. Just after boot into SAFE mode a message appeared " No keyboard" or similar message. At the user login stage, the keyboard and mouse(PS/2) is disabled preventing any progress. The machine will boot into Windows normally with everything working but tries unauthorized port access to the internet. Re-running a virus scan with Avira or malware Bytes does not detect any problems.
Unfortunately, I have lost the trojan details, there is no log found, but I remember it was a file with the word 'Restore' at the end of the file locaton string.
The malware also prevents any Win XP updates and also prevents the installation of Windows defender.

Please find enclosed logs. I hope you can help with this problem, I have XP install disk if needed, thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Internet at 20:38:47 on 2011-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1358 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Table... Read more

Answer:Malware still active after attempted removal

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

-------------------------------------... Read more

9 more replies
Relevance 95.53%

Hello all,

I looked through the other threads, and my problem seemed to be slightly different.

I was infected with Allureon and TDL4.mbr. I couldn't remove them until i used this special avast tool. Well, after using it, i have the BSOD that arises everytime i try to boot windows7 (32 bit) ("0x0000007B (0x80786B58, 0xC000000D, 0x00000000, 0x00000000)". I cannot boot in safe mode. I tried the startup repair function several times, one after another, and also with restarts in between, but it always cannot repair the problem.

I have also tried several bootsector recovery commands (bootsect.exe /nt60 c: AND bootsect.exe /nt60 all). They each did not change the situation, but perhaps i used them incorrectly...

I have a windows7 upgrade kit, and one of the CDs appears to contain a "boot" folder that in theory could help me...

Basically, it is clear to me that I could use expert help to continue before i screw things up even worse ;-).

Thank you in advance!
 

Answer:Windows 7 BSOD after attempted malware removal

Welcome to Majorgeeks

So I guess you used aswMBR to reset the MBR to standard, yes?

My guess is that fixing the MBR broke the malware's ability to trigger a rootkit, Windows is still looking for it on boot but fails and errors out. Or, the rootkit/malware itself is blocking Safe Mode.

I don't think there's any easy fix except a nuke and reload. You could try to gain access via a PE CD like UBCD and use that to try to discover what's happening, fix the Registry manually, etc.

You might want to try the new anti-malware CD from MSFT, it might help, it's new so I haven't tried it out yet.
 

3 more replies
Relevance 95.53%

This is the third post trying to fix this problem: First Post to Am I Infected Forum:http://www.bleepingcomputer.com/forums/t/601413/dchp-and-dns-issues-after-removing-trojan/#entry3907418Second Post to Networking Forum:http://www.bleepingcomputer.com/forums/t/602425/dns-issues-after-virus-removal/page-2#entry3932653 Which leads me to here.  Quick Summary of events.  Microsoft Security Essentials warns me that computer has been infected with Trojan:Win64/Patched.AZ.gen!dll virus. I managed to remove it (or so I thought) using a combination of Spybot, and Malware Bytes, and some manual replacement of files.  After the Trojan was removed I could not connect to the internet and the DNS and DCHP services would not start. I eventually repaired those two services from starting by using the Windows 7 Install disc and running the repair console, however that still didn't fit my internet issues.  The weird part is that the computer connects to the internet just fine. I can ping Google/yahoo successfully, but when I open a web browser (IE, Firefox, Chrome) I can not connect to any websites. The other day I was surprised to see that Adobe was able to download updates to Adobe Reader without any issues. Yes, I have restarted the computer/modem/router/Switch multiple times.  FRST Log As Follows:Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01Ran by editor (administrator) on EDITING (13-02... Read more

Answer:Internet Blocked after Attempted Malware Removal

Greetings Belwell and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems... Read more

55 more replies
Relevance 95.12%

I am running Windows 7 & I have a W32/blaster worm (apparently) I have a window pop up that is titled Software Protection. I have tried to download the tools as instructed in the 'read me first' section, but the download is stopped. Please help
 

Answer:Cannot install any malware removal software

Try downloading them to a different computer and transfer them via CD or thumb drive. Try running them in normal mode, but if that doesn't work, try them in safe mode.
 

1 more replies
Relevance 94.3%

Hi,
my Windows XP Pro. Sp 3 desktop Super Antivirus Checker detected a trojan and tried to remove it and then boot up in safe mode. Just after boot into SAFE mode a message appeared " No keyboard" or similar message. At the user login stage, the keyboard and mouse(PS/2) is disabled preventing any progress. The machine will boot into Windows normally with everything working but tries unauthorized port access to the internet. Re-running a virus scan with Avira or malware Bytes does not detect any problems.
Unfortunately, I have lost the trojan details, there is no log found, but I remember it was a file with the word 'Restore' at the end of the file locaton string.
The malware also prevents any Win XP updates and also prevents the installation of Windows defender.

Please find enclosed logs. I hope you can help with this problem, thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Internet at 20:38:47 on 2011-09-01
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1358 [GMT 1:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\WINDO... Read more

Answer:[SOLVED] Trojan/Malware operating after attempted removal

Hi, can someone (admin/moderator) move this post to virus/trojan/malware help.

Thanks.

1 more replies
Relevance 93.89%

Hi,I have a Sony laptop that was infected with many different types of malware/spyware/viruses. These issues disabled my AV software and rendered it useless. I have run spybot and malwarebytes from safe mode and cleaned everything that it found. The computer has been running much better however I still have the following issues:1. Websearch malware will not go away even though the scans I ran found it and says that is cleaned it.2. I removed AVG because it was not working and now I cannot reinstall it. I have tried Avast and it installs but wont launch. The error Avast gives is that the .exe file might be corrupted and needs to be reinstalled which I have done several times. The error I get when trying to reinstall AVG is (Error: MSVC Redistributables installation failed. Installation of AVG can not continue.)Please review the attached information and help me please!DDS (Ver_10-03-17.01) - NTFSx86 Run by Shane at 16:58:26.03 on Thu 04/15/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.387 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Pro... Read more

Answer:WebSearch malware removal and cannot install/use AV software

Hi,Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab, disable files option and then click scan.Don't check Show All box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

10 more replies
Relevance 86.1%

Malware removed two trojans and several websearch PUP; PUN and I had a 'searchqu' that took over browser searches. I am attaching my HJT log and MBR logs
 

More replies
Relevance 85.28%

Hi,I was just wondering about the differences between trojans and rootkits and have alot of questions.
I understand that trojans can give access to your pc to a hacker,but why are rootkits considered more dangerous?
I was also wondering....if your pc was to become infected by a trojan or a rootkit can they all be removed or is there any that can't be?
What is it that they attack on your pc?
I always thought they attacked the os and wondered why you can't just repair the os to get rid of them rather than use removal tools.
Also what are some good programs to detect these types of malware and what security software should be installed on a pc?
And what are the ways in which you are susceptible to these types of malware,I can only think of file-sharing p2p or opening a spam e-mail but are there other ways?
Any info is appreciated,thanks.

Answer:Question about trojans and rootkits and removal software

 
Hi,I was just wondering about the differences between trojans and rootkits and have alot of questions.
I understand that trojans can give access to your pc to a hacker,but why are rootkits considered more dangerous?
I was also wondering....if your pc was to become infected by a trojan or a rootkit can they all be removed or is there any that can't be?
What is it that they attack on your pc?

Allybee, that's a big set of questions.
I have some experience in this area, but I'm not an expert such as you would surely find with the moderators and techno-magicians on this forum.
That said, here's a response to your inquiry, with an invitation for anyone interested to chime in and correct me where appropriate:
A trojan is a type of malware that -- when executed -- allows the bad guys to do certain things or to access certain things on a computer. But in essence, it's really just another program running alongside other programs on a computer. It's bad, because it's doing things other than what the user wanted it to do and because bad people will use this kind of access to attack other computers, steal your files or information and/or ... to install a rootkit.
A rootkit implies that the bad guys have gained root- or Administrator-level privileges on your computer. With that level of access, they're able to create/install new programs on your computer without you or your anti-virus software noticing. Also with such access, the option is theirs to modify your kernel, install virt... Read more

14 more replies
Relevance 84.46%

I am not sure what the current issue is, but I am thinking there is still some remnants of the FBI ransomware. I would like to use your expertise to help solve/resolve this problem.

There are no logs attached as I canot even boot up.
 

Answer:Malware Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

Hi, what is the version of your system?
 

11 more replies
Relevance 84.46%

Hi guys hopefully someone can point me in the right direction. I have no idea what im doing so please be gentle. 2 nights ago i was reading some gossip pages and picked up a lovely program called Strong Malware Defender. I used the removal guide I found on this site and successfully removed the program (completed up to & inc step 24).

Since then Microsoft Security Essentials picked up a trojan virus and removed it, within a few hours it picked up the same one again - Trojan:Win32/Lethic.B. My computer is now only able to operate in safe mode as it is so slow & jams up then shuts down saying a problem has caused windows to close - the box doesn't stay long enough to read any further. It has closed and restarted at least 20+ times in 24hrs, i fear I may have to throw it against the wall soon. I have run MSE at least 4 times and cant detect any other virus'. I am at a loss as to what to do from here, any ideas?

I am running windows 7 & only use Internet Explorer v8.

Thanks

Answer:2 trojans found after removal of strong malware defender.

Hello reboot into Safe Mode with Networking.Reboot into Safe Mode with NetworkingHow to start Windows 7 in Safe Mode<<><<><><><><><><><><><><><><><><><><><><><> Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>>>>>>>>Run RKill again.....Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with instal... Read more

10 more replies
Relevance 80.77%

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

Answer:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

5 more replies
Relevance 79.95%

Howdy Guys!

Right now I have a custom built PE for Windows. Has all the tools I need in order to repair systems with problems like viruses, driver issues, etc. Well, I kind of want to do the same thing for OSX (not too sure if there is a way to make a PE for OSX, but that's for a different day).

Right now I'm searching for virus removal tools (free of course) for OSX. Windows has a ton of them for instance like VipreRescue, Emsisoft Emergency Kit, Malwarebytes, Dr. Web Cureit!, etc, but does OSX have any type of good free software like those on Windows?

I've tried looking on the web but no such luck and after about half way through the list posted on Major Geeks I gave up because all of them were for Windows so far haha.

So anybody know of any free, reliable, full virus scans for OSX?

Thanks for reading guys!
 

Answer:Malware removal software for OSX?

i think the main one being used atm is: http://www.bleepingcomputer.com/virus-removal/remove-mac-shield . keep in mind it's for removal only, not active protection.
 

1 more replies
Relevance 79.95%

I would like to add a free malware removal software.  I?ve been getting those green double underlined links pop-up ads and they are driving me crazy.  I would like something easy to use.  I am running Windows 7, 64 bit operating system.  I already have AVG and CCleaner installed, but would like to add malware removal software.  Can anyone recommend a free malware removal program?

Answer:Malware Removal Software

https://www.malwarebytes.org/

1 more replies
Relevance 79.95%

Hi
Can anyone tell me please What is best Malware Removal Software.
Thanks.
 

Answer:How I can get Best Malware Removal Software?

6 more replies
Relevance 79.54%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 79.13%

Hi, I'm new to this forum. Like many others, unfortunately my first post is regarding trojan removal.

I've d/loaded the DDS tool and pasted the DDS.txt below.

Being a proactive guy, and before finding this site, I attempted to remove the trojan - but with limited success. Here's a summary of what happened:

AVG Free started to detect Generic14.DYJ, whenever I started IE or Firefox. Both would randomly redirect webpages.
No amount of healing as Power User helped, neither did full scans in normal or safe mode
Read some help pages and downloaded Malwarebytes Anti-Malware, which wouldn't run
Neither would HijackThis
Neither would the Microsoft's Malicious Software Removal Tool
PC Tools Spyware Doctor was the only thing that worked, but was also unsuccesful inremoving the trojan
So I read something where someone cleared it using Avenger.exe. I downloaded this and changed the details (long strings of letters in the dodgy filenames) to match mine, and it kind of worked (see Log2.txt). There were no more (or considerably less) AVG warnings, but the PC still locks up during random things. Thic can happen in any given webpage, whilst opening window explorer or when simply copying files to a memory stick. So I'm worried that something is still lingering... I appreciate what I've done isn't the correct procedure, but you learn from your mistakes right?

Hope someone can help.

Here is the DDS log...

DDS (Ver_09-06-26.01) - NTFSx86
Run by Andrew at 18:57:46.71 on 27/07/2009
I... Read more

Answer:Generic14.DYJ, attempted removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 79.13%

Anyone know what is the best free malware removal software that's out there?

Answer:Free Malware Removal Software?

Malwarebytes, but it's not a special removal tool.

3 more replies
Relevance 79.13%

that it please help
 

Answer:malware removal software for free?

9 more replies
Relevance 79.13%

Hi!

After using the malware cleaning software the internet stopped working (it only worked intermittently before anyway). I tried various methods to resolve the internet problem but came up blank. I then saw your website and tried some of the methods suggested here (FSS, FRST, TFC) but again to no avail. Another site recommended MiniToolBox, AviraDNSRepair, Microsoft Fixit for Host Reset, and Rizonesoft's Complete Internet Repair. Still no internet!

I'm hoping you can help.

Thanks in advance for any reply,

Gav
 

Answer:No internet after using malware removal software

Hi,

Before we begin, I want you to have this in mind:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like ever... Read more

48 more replies
Relevance 79.13%

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.

This appeared after I installed a chromium browser. I will never install another one after this.

Answer:Any 100% Free Malware Removal Software

ManyBreads said:

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.
This appeared after I installed a chromium browser. I will never install another one after this.



I'd guess installing Google Chrome also got you Ask.com. As for malware I and many others here use Malwarebytes. It has both a free version and a paid version, difference is the free has to be run manually now and then while the paid runs in the background and updates daily. When doing manual updates of the free version one needs to pay attention to the screens and uncheck the offer for the Trial version of Pro.

10 more replies
Relevance 79.13%

I know that there must sill be some malware on this machine, because I continually get a Dcom server launcher service failed error. I have Avast! 4.8 home edition on this machine and have used Mal-ware bye's Anti-mal-ware as my removal software. I removed "Personal Security" mal-ware about 3 days ago, I also had to fix the boot sector and mbr of my hard drive. Now for the finishing touch. Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:29:44 AM, on 1/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Microsoft Office\Office11\OSA.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe... Read more

More replies
Relevance 79.13%

Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.

This appeared after I installed a chromium browser. I will never install another one after this.

Answer:Any 100% Free Malware Removal Software

Originally Posted by ManyBreads


Everything I have tried requires you to buy it. I have tried using something suggested in another thread but malware is still here. I have also tried avg and avast but nothing. I keep getting redirected to another site when I use a search engine to search and I know I have not changed anything.
This appeared after I installed a chromium browser. I will never install another one after this.



I'd guess installing Google Chrome also got you Ask.com. As for malware I and many others here use Malwarebytes. It has both a free version and a paid version, difference is the free has to be run manually now and then while the paid runs in the background and updates daily. When doing manual updates of the free version one needs to pay attention to the screens and uncheck the offer for the Trial version of Pro.

0 more replies
Relevance 79.13%

Hello I need some free malware removal programs can u give me the best ones

Answer:Free malware removal software

Hey mate,

Your Built in Defender should work just fine for most things (full fledged antivirus, that). In addition, I would use Malwarebytes Free.
The last one is a manual scan to make sure Defender hasn't left anything behind concerning PUPs, etc.

Really, that is all you need for protection, unless you come across some heavy malware, or discover that you have a lot residing in your system, in which case you might need some heavier tools to help you fight back. Not that Defender doesn't do its job, but if you keep having problems, you may need some serious removal tools

23 more replies
Relevance 79.13%

I'm running Windows 7 64bit and IE 11 as well as Firefox. Everything is bang up to date. I am using Kaspersky Internet security 2015 and Microsoft Defender. I have just discovered some Malware in my computer! Which I have now removed using adwcleaner.
Question 1. Do I need some additional Malware removal software to run alongside adwcleaner or is the one software good enough? I'm not sure if adwcleaner just picks up Adware and not other malware.
Question 2. I have just discovered and downloaded Microsfts Maliscious Software Removal Tool. Is this any good. Can I run it alongside Adwcleaner. Will it do the Job or do I need something else to remove Malware?
Hope you cab help. Kim.

Answer:Help? Do i Need both Adware and Malware Removal Software?

For free versions I suggest 3 items (use ADW Cleaner mainly for toolbar attacks after the event) NB only have one anti virus., but these anti malware work well
I would not bother with Windows Defender.

Spywareblaster (Deters malware) Filehippo 1
Malawarebytes (MBAM)( the Premium version can be got for as little as £10 - lifetime) but this is the free one : Filehippo 2
Occasionally, ad aware tracking cookies are missed by the others so also have Superantispyware (SAS): Filehippo 3

4 more replies
Relevance 79.13%

I started having problems with my computer after downloading some video software through a torrent site. I uninstalled the software, but my computer was already infected. It happened about 2 months ago. I have been using the Windows XP malware removal guide, and it has worked, but always came back to the same thing. My resolution is at it's lowest and cannot bring it back to normal. Also the computer freezes in the middle of a task. Please help! I will include all the logs from the malware removal programs. Thanks. Page 1
 

Answer:Ran all malware removal software, still not fixed

Supra7boost said:





I started having problems with my computer after downloading some video software through a torrent site. I uninstalled the software, but my computer was already infected. It happened about 2 months ago. I have been using the Windows XP malware removal guide, and it has worked, but always came back to the same thing. My resolution is at it's lowest and cannot bring it back to normal. Also the computer freezes in the middle of a task. Please help! I will include all the logs from the malware removal programs. Thanks. Page 1Click to expand...

Here is the MGlog.zip also. Thanks again!
 

8 more replies
Relevance 78.31%

Hi all, my first post in here, so hello to everyone.

Could anybody be able to tell me how to completely remove Windows malicious software removal tool as it keeps coming up every time I turn on the laptop.
I have tried all usual channels like add/remove etc but can't see it anywhere. Could someone shed some light, many thanks

Answer:[SOLVED] Removal of 'Malicious software removal tool'

Have you let the MRT finish? The MRT is an On Demand anti virus scanneer with a very limited impact on the PC or
resources. there are NO reasons to remove it.

The utility is...
%windir%\system32\MRT.exe

Command line switches...

/? or /HELP = displays the command line switches
/Q = quiet
/N = detect only
/F = force extended scan
/F:Y = force extended scan and automatically clean infected files

If you really want to remove it browse to C:\Windows\System32 and delete MRT.exe

4 more replies
Relevance 78.31%

hi. i have recently been effected (and infected) by the above trojan (Win32:Trojan-gen {VB}) and attempted to remove it. HJT log is posted below. was wondering if someone could take a quick look and make sure theres nothing there that shouldnt be? Thanks in advance. Logfile of HijackThis v1.99.1Scan saved at 17:44:40, on 20/08/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\NVIDIA Corporation\nTune\nTuneService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\RTHDCPL.EXEC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Saitek\Software\Profiler.exeC:\Program Files\Saitek\Software\SaiSmart... Read more

Answer:Hjt Log After Attempted Removal Of Win32:trojan-gen {vb}

Hi sharko, If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you. A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Thanks for your patience!

5 more replies
Relevance 78.31%

I found the instructions to remove Security Tool here. I downloaded the program rkill.com, but it's not working. The black window just pops up and then in a flash, it's gone. It seems as if Security Tool is shooting it down. All the icons on my desktop are completely gone, I can't right click on my desktop to refresh, it's all disappeared. Every new program I try to install to delete this, they close in less than a second. And then a pop up "warning" from Security Tool comes up. I leave it there and everything, but it still closes itself. Nothing is working! Help, please!

Edit:
This is a Sony Vaio laptop with Windows 7. I currently have AVG Free as my anti-virus software.

2nd Edit:
The black window does indeed pop up. This time it closed in 2 seconds (give or take). I then tried to use the Malwarebytes software, but it wouldn't open. So I'm guessing that rkill did not fully do its job when it closed.

3rd Edit:
I have not "activated" it. I did not enter any credit card information, but it is, in a way, installed onto my computer.

Answer:Attempted Removal of Security Tool

Did you try all of the different links?It may take several times to get it to workAlso run this scanWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

1 more replies
Relevance 78.31%

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

Answer:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

3 more replies
Relevance 77.9%

Hi,

I was asked to help a friend remove the "Windows Antivirus Software" from her computer. The virus was downloaded as part of a photo contest form. Not only did they infect her computer, they charged her for the entry fee. (She's 84 years old and is pretty sure that her cat is the cutest in the world - so why not enter a contest ;). argh.

I was not able to get a screen shot of the virus (I have a pic of the cat if you want it), but I'll try to describe it.

Right after boot up, there is what looks like a splash screen that says "Windows Antivirus Software" (white background, green lettering) and has some technical-looking statistics on it about the number of viruses that your computer is effected with. The entire background behind the splash screen is a light blue. In front of this splash screen is a pop up that tells the user to "Click OK" in order to scan for viruses. The only interaction that the user can do is click "ok". Closing the window will not work, Ctrl+Alt+Del is ineffective.

As usual with these viruses, I tried to put it in safe mode to remove. The same splash screen shows up in safe mode which is why I decided to post here.

Here is how I removed it:
Activate Safe mode with command prompt. (Even in this mode, the desktop had that same light blue color that showed up with the virus - but at least the splash screen was gone)
Run system restore from the command prompt <Start Restore> (requires syst... Read more

More replies
Relevance 77.9%

Hello
yesterday i found out i cannot start AVG. I click it and nothing happens. When i click spybot it ask permission to run but then nothing happens.

I ran the guide on this forum (""Windows XP Malware Removal/Cleaning Procedure"".
Followed the procedure and downloaded Roguekiller, Mam, tdsskiller, hitman pro and mgtools. The results after installing the programms:
* Roguekiller: could not start the program (clicked it, asks permission, nothing happens)
* MAM:could not start the program (clicked it, asks permission, nothing happens)
* tdsskiller: could not start the program (clicked it, asks permission, nothing happens)
* hitman: The programm ran, found a bunch of malware. Did not remove it (as mentioned in the guide). Attached the log
* mgtools: It starst running in dos and then i get over and over a request to give permission in windows. I click yes and get the same request again. Over and over, but the programm does not run.

Attached are the log of hitman.

Please help me, don''t know what to do.

thnx
Ron
 

Answer:cannot run anti-virus and malware removal software

You have been infected with a file encryption program (CryptoWall). See the below:

http://www.enigmasoftware.com/cryptowallransomware-removal/

http://www.bleepingcomputer.com/forums/t/532879/cryptowall-new-variant-of-cryptodefense/page-4

http://www.malwarekillers.com/recover-files-encrypted-cryptowall-cryptodefense/

You will have to reinstall your OS. Many/most or all of your files may now be encrypted and may be unrecoverable. There is a chance that some could be recovered from System Restore or from Shadow Copy but normally it is only a small number compared to what is on your PC. If you are doing your part in securing your PC and personal files, you will have backups that you can restore from after reinstalling. If you have not been doing backs then you can now see why it is important to do backups.

Will Hitman Pro let you fix all it finds under the heading 'Malware' and 'Potential Unwanted Programs'?
 

3 more replies
Relevance 77.9%

I do a lot of cleaning of office computers, both in and out of the office. I dont mind paying for a GOOD product I can use on the road..
I have used many of the tecniques suggested on here
SpyBot, Adaware, Malware Bytes, Hijack This and as you no the list goes on and on

Does any have a suggestion of the best commercial product for REMOVAL/Cleanings for a technicial to use on the road or in the shop??

Tom

Not so much look for and ANTI product but a removal product
 

More replies
Relevance 77.9%

Hello, I went through the whole removing malware procedure which took me hours to try to fix my pc. I was told my logs are clean but it does not change the fact that my computer shuts itself down while trying to run in safe mode or running Kaspersky antivirus. Is there any further help before I just give in and reformat my machine?

Paul
 

Answer:Started in Malware removal, now in Software forum

Greetings, pauljacks411...

We need to know what OS and service pack# you're running, the Kaspersky version, and any other machine specs you can come up with...also, do you have a Windows disk, or do you have a recovery partition?
 

6 more replies
Relevance 77.9%

Hello,
I'm looking for some help on removing a possible trojan and some malware. I've been getting notifications with "Antivirus software" alerts and a trojan called Banker A.
I've went through the steps of using RKill and following up with Malwarebytes but they both come back after restart. I'm running Windows XP. Any help would be appreciated! Thanks!

Answer:Banker A/Antivirus Software Malware Removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 77.49%

My other computer currently has a trojan virus on it and I cannot connect to the internet from it. I tried installing it from a flashdrive, but it does not work, only saying to install the program. I'm trying to run the following program from:

http://www.malwarebytes.org/mbam.php

When I run it on the infected computer, it only says "Run-time error "0" or "Run-time error "404" So how do I install it on the infected computer to run it?
 

Answer:Install Malware Removal from FD

You may have to skip some steps when doing the below. But we need at least the log from running MGTools.

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto anoth... Read more

1 more replies
Relevance 77.49%

Hi there. I ran ComboFix to remove a virus on my laptop and it found rootkit activity. It stated that it needed to reboot but has not been able to successfully get past the Windows loading screen since.I have gone into the Recovery Console and and tried going into cd erdnt\hiv-backup and then performed the command batch erdnt.con but it still comes back with a BSOD when I set it to "Disable Automatic Restart on System Failure". dir c:\qoobox\quarantine\c shows DelUS.bat.vir but it was from 10/10/08 and this problem occured on 2/13/10BSOD stop code is 0x0000007BCan anyone help me with this? Thank you

Answer:PC reboots after combofix attempted rootkit removal

Hi,We need to create an OTL ReportPlease download OTLPE-ISO from one of these locations:http://oldtimer.geekstogo.com/OTLPE.isohttp://ottools.noahdfear.net/OTLPE.isoSave it to the desktop of a functional computer.Download BurnCDCChttp://www.hiren.info/download/freeware/BurnCDCC.zipUnzip and run BurnCDCCSelect "Browse" and choose the OTLPE ISOCheck "Read verify", "Finalize" and "Auto eject"Choose 32x speed and press "Start"After you have successfully burned the OTLPE ISO to disc you will need to transfer the disc to the CD drive of your sick computer and boot from it. Insert the CD-ROM into the CD-ROM drive, and then restart the computer.If your PC is not booting from the CD, you need to change the boot order:Restart your PC As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key. Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change. Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order The tab should now show your current boot order.If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be ... Read more

46 more replies
Relevance 77.08%

Thanks All,
running Windows Vista Home Premium on Acer Aspire 5100
duo core 1.70GHz, 1022 Ram
Receiving constant pop-up and more...like

"SYSTEM ALERT" MALWARE THREATS
computer infected by back door Trojan
click here to download malware removal software

obviously a scam but not smart enough to get rid of it, tried but failed. Asking for patience and guidance in solving this problem.

Thanks again
Dennis Compayre
LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:12 AM, on 12/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.e... Read more

Answer:lost in malware,pop-ups and fake removal software offerings

denniscom said:


Thanks All,
running Windows Vista Home Premium on Acer Aspire 5100
duo core 1.70GHz, 1022 Ram
Receiving constant pop-up and more...like

"SYSTEM ALERT" MALWARE THREATS
computer infected by back door Trojan
click here to download malware removal software

obviously a scam but not smart enough to get rid of it, tried but failed. Asking for patience and guidance in solving this problem.

Thanks again
Dennis Compayre
LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:12 AM, on 12/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\scit.exe
C:\Program Files\Windows Defender\MSASCui.e... Read more

1 more replies
Relevance 77.08%

Hi,I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found no infection (it automatically detected some trojan horses and quarantined them during the time I got infected - DWHE420.tmp, 49c2da87.tmp & DWH8AF4.tmp), then did a Spyb... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Welcome to BC--------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results... Read more

12 more replies
Relevance 77.08%

I was requested to post this hijack log from over here: http://www.bleepingcomputer.com/forums/t/214638/malicious-software-removal-tool-malware-trojan/Here is a summary of my problem (same as in the other thread):"...I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found ... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

13 more replies
Relevance 76.67%

Need the BEST Utility that monitors ALL software installations & removal?

<FONT face="Times New Roman"><FONT size=1>
 

Answer:Need the Best Install-Removal Software Utility

Stangit said:



Need the BEST Utility that monitors ALL software installations & removal?



<FONT face="Times New Roman"><FONT size=1>Click to expand...

not sure if its the best...but i've used add/remove plus before.
http://www.majorgeeks.com/download.php?det=727

its not free either
 

14 more replies
Relevance 76.67%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 76.67%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 76.67%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 76.67%

Help! My daughters laptop seems to be infected with browser hijacker I can't get rid of it. I can't download windows updates and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools. Super anti spyware was installed and wouldnt work, have tried to install windows malicious software removal tool via USB but it won't install or run, have also tried to install spybot via USB but it wont install, error message when it try's to connect to download some of installation files I think. Any advice you guys can offer would be very gratefully recieved, many thanks
 

Answer:Can't install malware removal tools

Welcome to Major Geeks!





TomPo said:





and all different browsers aren't working right, sending me to wrong sites and preventing download of AV and malware removal tools.Click to expand...

Has a proxy server been inserted in the browser? See the below:

Proxy Server - Changing Settings



TomPo said:





Super anti spyware was installed and wouldnt work,Click to expand...

You need to be more specific. Exactly what happens.





TomPo said:





have tried to install windows malicious software removal tool via USB but it won't install or run,Click to expand...

Exactly what happens? Any error messages.

Have you tried to install and run tools in safe boot mode as suggested in our cleaning procedures?





TomPo said:





have also tried to install spybot via USBClick to expand...

Waste of time anyway as it is ineffective against most of todays malware.


Also try the below to see if you can get anywhere.


Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator


You only need to get one of them to run, not all of them. You may get warnings from y... Read more

12 more replies
Relevance 76.67%
Relevance 76.67%

Heya!

The other night I removed (or at least tired to) a virus from my computer. All seemed well until I went to start up my computer the next morning and received the dreaded blue screen with the error: STOP: C0000135 The program can't start because %hs is missing. I've been googling around to see if I can resolve the issue and initially I though I might have found the fix at the following link: http://blog.crosbydrive.com/?p=245 but it turns out I didn't need to edit anything in the registry. My next attempt to fix the issue was to run Farbar Recovery Scan Tool (x64) ...now I'm stuck and could really use assistance. I have the Farbar log, I'll post it below

Thanks in advance!
Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 01-04-2012 13:55:30
Running from F:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [npawmp] rundll32.exe "C:\Users\Brianne\AppData\Local\Temp ... Read more

Answer:receiving STOP C0000135 - attempted virus removal

SubSystems: [Windows] ==> ZeroAccess

This can be easily fixed.Let me ask someone to assist you

good luck

25 more replies
Relevance 76.67%

Hello all,

First, as the name suggests I am a complete technophobe so apologies in advance for the stupid and/or dense nature of my questions and enquiries.

Second, thanks to whoever takes the time to have a look at this for me, very much appreciated.

So, recently I decided I wanted to remove Doubleclick and other spy/malware from my laptop. I was advisd to download Spybot Search and Destroy and let it get to work. I did so and ran the program a couple of times, making the fixes and deletions it recommended.

Around this time, the computer started acting strangely when i was attempting to use the internet. Speed of accessing sites is incredibly slow and some sites it wont load at all. On Firefox, when i click off one tab onto another, then return to the original tab, nine times out of ten that tab will now be blank. Sites that used to be very quick to use are now painfully slow, others i cannot access or just get the loading symbol infinitely.

So I uninstalled Spybot Search and Destroy and now if anything performance has deteriorated further. Very confused. I am blaming this program because i cannot think of anything else i have downloaded recently that may have caused an upset to my computer's sytem.

I have browsed these forums but saw that the fixes and solutions offered are done so subjectively based on the logfile of the individual, so I have prepared one here; again, my thanks in advance:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 21:20:48,... Read more

Answer:Firefox/IE etc behaving strangely following attempted spyware removal

sites that wont load include Tweetdeck.com and Tweetedeck the application, which i was using fine until now, plus several forums that i use regularly are now going slooooooooooow to the point that they are basically unusable.

Tried system restore this morning and ran CC Cleaner; no effect on internet performance whatsoever.

Please help!
 

1 more replies
Relevance 76.67%
Answer:No internet access following attempted removal of Optimiser Pro and Reimage

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

6 more replies
Relevance 76.67%

Hello, I would like to first of all thank anyone who is willing to help me. In the past 4-5 weeks there has been some malware on my computer causing things like: Random IE pop-ups, random audio Ads and automatically changing of volume. Recently I have noticed that the IE window pop ups have ceased whilst the ads and volume changing has continued. Previous attempts at removal has failed with GMER giving me a BSOD or freezing the program.

Possible relevant information:

-using windows xp
-using mozilla firefox as my browser
-using AVG-anti virus

Any help would be much appreciated
 

Answer:Random Audio Ads playing on my computer (2nd attempted removal)

Hi, stompydon

Welcome.

Please download and run Rkill by Grinler from any of the following locations (Vista and Win7: to run the application, right click on Rkill and choose Run as an Administrator):

rkill.exe
rkill.com
rkill.scr
rkill.pif
[/QUOTE]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------​
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------​

Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after runn... Read more

1 more replies
Relevance 76.67%

Hi, I am having trouble getting my computer back to running correctly after I had encountered a pretty bad virus of sorts. I am constantly getting random pop-ups in IE and my entire system is super slow. I have ran Malwarebytes and Superantispyware and seem tohave gotten rid of most of the virus. Windows update will not run, I get a error message saying the service is not running, the service is not present  in services.msc.  Im still in need of prefessional help. Thanks in advance.

Answer:windows update not running after attempted virus removal

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************Please download AdwCleaner by Xplode onto your Desktop.Double click on AdwCleaner.exe to run the tool.Click on Search.A l... Read more

5 more replies
Relevance 76.67%

Hi, my new laptop was infected with "Antivirus System Pro" fake anti-spyware. After following instructions from a co-worker, I attempted to remove using Malwarebytes, r-kill, and Hijack This...I also ran a registry cleaner. Although Antivirus system Pro seems to be gone...my laptop has slowed to a crawl...especially when downloading email (Thunderbird) or browsing the internet (Firefox).

System specs: Windows 7 64 bit / Intel Core i3 M440 3.13 GHz
Antvirus: Spyware Doctor w/Antivirus

Thanks for any help you can give!

Here is DDS.txt:
DDS (Ver_10-10-21.02) - NTFS_AMD64
Run by colleen at 6:41:38.00 on Wed 10/27/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2027 [GMT -4:00]
============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
C:\Progr... Read more

Answer:New laptop slowed to a halt after attempted virus removal :(

BUMP, please

1 more replies
Relevance 76.26%

I have many pop-up ads while browsing the internet these past 2 days. When I click my Windows Security Alerts icon, it states that I am "at risk" because my automatic updates have been shut-off. Even when I turn them back on, they reman shut off (i'm pretty sure this is the malware running defense for itself). The pop-up ads are for fubar.com, bigpoint.com, ovguide.com, and for vista antivirus 2008 & 2009 software. Basically they're trying to get me to buy bogus software to "fix" or "clean" the problem that they gave me.I'm running IE7 on Windows XP Home w/sp3. I'd really appreciate any guidance/help from the professionals on this forum with helping me remove these problems. Thanks in advance!-JimDeckard's System Scanner v20071014.68Run by JIM on 2008-08-03 19:30:59Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------System Restore is disabled; attempting to re-enable...failed; access is denied.Backed up registry hives.Performed disk cleanup.-- HijackThis (run as JIM.exe) -------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:31:55 PM, on 8/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC... Read more

Answer:Vista Antivirus: Bogus Software... Malware/virus Removal?

update: Spybot - Search & Destroy says it's Virtumonde. I think it could be more too.
Day 4...

28 more replies
Relevance 75.85%

I have run several anti virus software, Bitdefender,NOD32,AVG, and others removing some stuff. When i try to install hijack this or spydoctor or spy bot search and destroy, the install app is shut down. Or when i try to search the word spyware on the internet the browser is shut down.
I monitor the running processes while launching the insatll app for a spyware program, and i notice a random process ie***.tmp or is***.tmp quickly come close the app and then dissappear.
attached is the file output od WinPFind
 

Answer:Cant install Hijach this or any spyware removal software

Start WinPFind3U. Copy/Paste the information in the Quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Processes - All]
YY -> csrss.exe -> %System32%\exgwzhcrz\csrss.exe
[Registry - Non-Microsoft Only]
< Windows NT\\Load [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\load
YY -> C:\WINDOWS\system32\exgwzhcrz\csrss.exe -> %System32%\exgwzhcrz\csrss.exe
< Windows NT\\Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\run
YY -> C:\WINDOWS\system32\exgwzhcrz\csrss.exe -> %System32%\exgwzhcrz\csrss.exe
[File String Scan - Non-Microsoft Only]
NY -> urllogic , urllogic , -> %SystemRoot%\ackhek.dll
NY -> UPX! , UPX0 , -> %System32%\ss.dlltmp
Click to expand...

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.
 

1 more replies
Relevance 75.85%

StartupList report, 6/18/2010, 12:17:38 PMStartupList version: 1.52.2Started from : C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v8.00 (8.00.6001.18702)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\spnsrvnt.exeC:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exeC:\Program Files\Netbooster Client\Client\ventc.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files&#... Read more

Answer:System security AV pop up/removal of malware anf trojans from the logs/system slowed down

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

3 more replies
Relevance 75.85%

I have had many strange things happen after removing viruses and malware. But, this one is a pain.

Anytime I start the computer, or start IE, XP Pro tries to install MS Office. I have looked in the registry and start-up listings. I have been unable to find where this command to install office is. :confused
 

Answer:System keeps trying to install MS Office after MalWare removal

Hi

I just looked and you still have an active thread going in Malware that Chaslang is helping you with. It seems as though your machine was very infected.

Before doing anything else, you should really wait to get it all cleared out. This problem could also very well have to do with your infection.
 

4 more replies
Relevance 75.85%

I'm in great distress. Reading through the threads here I'd some idea about how to deal with my vundo malware problem. But that required of me to install the MBAM and Hijack this and post logs. I'm not able to install and run these softwares.
I'm encountering problems like others where vundo starts on start up no matter what and attaches to basic files like explorer.exe
Spywareguard2008 also shows up in green and the system is very slow.
I'm running windows xp sp3.

If someone can plz help me with this as i'm not able to install any software and have a lot of stuff on my computer to be salvaged.

Thanks
 

More replies
Relevance 75.85%

Hello:
I've just gone through a successful malware removal with the assistance of one of your extremely helpful malware annihilators. Unfortunately, I am now not able to download and install Adobe Reader. I'm hoping that you may have some suggestions for me. I've tried temporarily disabling the firewall and anti-virus (not crazy about this), but I was informed that it may be necessary to do so for the download to complete.

I gladly welcome any ideas you may have.
 

Answer:Cannot install Adobe Reader after malware removal

Have you tried running installer as admin?
 

2 more replies
Relevance 75.85%

Hello,

I discovered my laptop was infected with a Trojan Zefarch and took a couple steps in an attempt to remove it. I ran scans with Symantec, Spybot S&D, and Malwarebytes, ran RegistryCleaner, and deleted a couple suspicious-looking folders in my AppData folder. After doing all this and at least one restart, I discovered that the touchpad and built-in keyboard on my laptop were not working. I'm currently using an external USB mouse and keyboard until I can figure this out. I'm running Windows 7 on an hp dv6.

Here are the results from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:24:29 PM, on 8/13/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.e... Read more

More replies
Relevance 75.85%

Hi all. It seems i have the epxonwo toolbar infection on my computer (pretty sure I got it after installing a video codec I obviously shouldn't have installed).

I've followed the 5 steps and here are my logs.

Deckard's System Scanner v20071014.68
Run by Jono on 2008-01-13 04:13:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
66: 2008-01-12 20:13:45 UTC - RP343 - Deckard's System Scanner Restore Point
65: 2008-01-12 19:18:40 UTC - RP342 - Software Distribution Service 3.0
64: 2008-01-12 13:24:12 UTC - RP341 - System Checkpoint
63: 2008-01-10 02:20:20 UTC - RP340 - Restore Operation
62: 2008-01-10 02:13:44 UTC - RP339 - Restore Operation


-- First Restore Point --
1: 2007-10-15 18:25:34 UTC - RP278 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Jono.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:46 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS... Read more

Answer:Attempted epxonwo toolbar removal - 5 Steps: Posting of Logs

Hello Jono21, and welcome to TSF,

We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix

When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

7 more replies
Relevance 75.85%

I have a roughly 10-year old Dell Win XP-pro sp3 32-bit machine that I suspect has a rootkit virus that runs the cpu at 100%. (That virus appears to be under the name svchost.exe. Process Explorer shows this as its only name. There are other svchost.exe files running as well,  and when I stop this file from running the machine runs ok for a while but eventually the virus creeps back in to run the cpu at 100% cpu again. My MS security update is turned off so I don't think it is due to the Windows xp update screwup - but who knows? The problem seemed to begin after an update but I wasn't there when the automatic update occurred.) This is the root problem I had been working on for a while but now I have a start up problem that is either due to virus or hardware. 
 
Today, after running Malawarebyte's special rootkit virus removal program it won't boot up. It gives the message "DCOM server process launcher service terminated unexpectedly. Shutdown initiated..."
 
The start up problem had symptoms earlier. I had run a variety of antivirus programs - malawarebytes, superantivirus, hitmanpro and some others - and yesterday a new message said on startup- "Windows could not start due to computer disk hardware config problem... could not read from the selected boot disk...check boot path and disk hardware." I then created a windows recovery disk and ran it and it seemed to clean the boot up files, but the main p... Read more

Answer:Virus removal attempted.Unable to boot up.Rootkit suspected

Hi Phil another will respond here that handles these. It may not be tonight.You will probably need a Flash drive or CD drive and access to another computer.

19 more replies
Relevance 75.85%

Dear forum pros,
 
My Dell laptop running Windows XP was recently hit with a ransomware virus - the kind that locks the whole machine and won't allow you to boot to safe mode.  My internet research led me to try to repair my machine by running Kaspersky Rescue Disk from a USB.  I did this (apparently) successfully by letting the Kaspersky scan everything that was an option (including ticking the check box next to the C: drive) and then after the scan was complete and files had been moved to quaranteen I restarted my computer.
 
This is where I ran into problems.  Booting without the USB now yields a black screen that says "Missing operating system".  If I reboot to the Kaspersky USB again I have the same choices to scan and repair but notice that this time the C: drive does not appear in the list of items that can be scanned.
 
If you can provide any ideas as to how I can recover from this I would appreciate it.  Unfortunately I don't have the original Windows disks because the laptop was a work-provided machine that I purchased when I left my last job.
 
With thanks in advance,
 
Phil

Answer:Missing OS after attempted removal of ransomware using Kaspersky Rescue Disk

Hi Phil,
 
do you have a log file from your run with the Kaspersky Rescue Disk that shows what was found and deleted? If yes, please post it up.
Did you change back the boot order in BIOS so that the hard drive has first priority? Are all USB sticks and other flash drives disconnected from your computer when you try to boot into Windows?

6 more replies
Relevance 75.03%

This one crops up every Patch Tuesday, and is always ignored by the independent experts on other sites when they are recommending which updates to install, and which to decline. What do people here feel about it, do you guys always install the MSRT update or just hide it, and why?

Answer:Windows Malicious Software Removal Tool - does everyone install it?

Everyone SHOULD install it every month - unless they have very good reasons not to.
It's specifically designed to look for the worst known viral infections, and at least flag them, even if it fails to remove them.

6 more replies
Relevance 75.03%

I've got a netbook with Win7 Starter. It has IE10 already running, and I successfully installed the MSRT. But now Windows Updates keeps suggesting to install both of these (I'm set to notify, not automatically install). Actually, they're present in the list but not checked.

I went into Safe Mode and deleted SoftwareDistribution, to no avail.

Anyone know what's going on with this? Thanks!

Answer:IE10 and Malicious Software Removal Tool keep trying to install

Hello Paul,

It may be updates to them. What is the exact name of these updates with KB number?

8 more replies
Relevance 75.03%

helloafter formatting my HD i waited a couple of days before installing an AV but as i tried installing it wouldnt let me install any AV or Spyware removal tools tried ( panda norton avast S n D ) i tired all the online scanners to no availany help is greatly appreciated thanks in advancemy hijack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:54:00 PM, on 11/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20661)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\PROGRA~1\FASTRE~1\IQEngine.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program ... Read more

Answer:Cannot Install Any Spyware Removal Tool Or Antivirus Software..help!

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A HijackThis LogThanks,Charles

2 more replies
Relevance 75.03%

My dads updates keep trying to install Windows Malicious Software Removal Tool but it fails each time and the update sits in the tray???

why is this?

he also seems to have problems with updates mostly comodo and firefox have caused crashes
 

Answer:Windows Software Removal Tool wont install??

The MSRT update isn't a necessary update, especially if you have a full-time antivirus program running in the background and you run a scan with anti-spyware programs(such as Lavasoft Ad-Aware 2007 and Safer Networking Spybot - Search & Destroy 1.5.2) on a regular basis.

Microsoft releases new critical and recommended updates like clockwork on the 2nd Tuesday of every month. If you turn off the automatic update feature and then do a manual scan for new updates on the 2nd Wednesday or later of each month, you can take control of the update feature. Select the "Custom" option because this allows you to select which updates you want to install.

--------------------------------------------------------------------------------------------------------
 

1 more replies
Relevance 75.03%

I have been discussing with a few techs here locally and doing some research online.  What I have come across is that to do virus/malware removal can take up alot of time.  If a customer brought you a heavily infected pc what route would you take and please explain why so I might have some light shed on the subject.
 
Thanks,
CSimpson

Answer:Malware/Virus removal vs factory restor/new os install

sorry posted this twice.  can an admin delete this one or can I do it?

3 more replies
Relevance 75.03%

I found my computer to be infected with the "vista antivirus 2012" malware and attempted to remove it by following the instructions in this Bleeping Computer guide:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

After following all of the steps, I restarted my computer. During the start-up, windows titled "blank window2" began popping up and disappearing very quickly. This is causing my computer to run very slowly. I have seen error messages regarding "hello4.exe" while attempting to close programs and have had windows pop up saying that my browsing history is being deleted. I have also noticed in the task manager that there are many applications running titled "QTTask.exe" and "scvhost.exe" . I have seen other postings describing similar problems, but I do not want to attempt another fix without personalized instructions. What should I do?

Answer:blank window2 and hello4 after attempted removal of vista antivirus 2012

I am running windows vista, by the way, and I believe my computer troubles started when I opened a website about treating yellow jacket stings. An additional tab opened, and when I tried to close it, I encountered pop-ups. I ended all tasks in the task manager, and restarted my computer. It was then that I began receiving the "vista antivirus 2012" warnings and decided to follow the removal instructions in the link posted above, which has left me with my current problem.

phil

2 more replies
Relevance 74.21%

The title says it all. My browser got hijacked by some kind of malicious spyware and results are re-directed to different sites other than the one i've searched for using google or yahoo. It started last week after my cousin borrowed my desktopcomputer. Since i've rarely used my desktop after buying a sophisticated notebook, i didn't noticed that the virusbuster installed in it have already expired. When i attempted to install a new version, it simply won't get thru. It always give me incomplete error like this: Error code: #1603, 3002, 0X00. I used a registry error fixing utility and have deleted all of the errors but re-installing adaware or hijackthis and other spyware soft always resulted in getting exited halfway thru the installation process. I then uninstalled all of my spyware thinking it's getting in the way for my security software installation but then the result is always the same. I hope you'll help me fix this. Here's my dds log:

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by mama at 13:24:45 on 2011-09-15
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1041.18.2039.1330 [GMT 9:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\3347422529:3194124856.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\BUFFALO\Client Manager3\bwsvc.exe
svchost.exe
svchost.exe
C:\WIND... Read more

Answer:Browser Got Hijacked, Can't Install Spyware/Virus Removal Software

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follo... Read more

19 more replies
Relevance 74.21%

I just noticed it last week that Windows Malicious Software Removal Tool failed to install and when I checked the update history, it had already been like this since August 2016. Why is this so? How can I troubleshoot it. Thanks a lot.
 

More replies
Relevance 74.21%

I have a client who brought me their Dell Dimension 2400 desktop for a virus removal. Normally I don't have any problems getting a machine cleaned up and back to business, but this has me stumped. When the machine was first brought to me, I used UBCD4WIN to scan for malware with Spybot S&D. After updating and scanning with SB S&D, Virtumunde was found along with the koobface worm. Both seemed to be removed with the scan. After removing the UBCD disk and rebooting the computer, I attempted to go online, and a popup occurred notifying of a $1,000.00 Walmart gift card. Also, any Google search got redirected to crazy sites... I downloaded ComboFix, and scanned. It found TDL3 rootkit. I removed ComboFix and all logs. Rebooted machine. Browser still hijacked. Downloaded SB S&D and installed on infected machine. After update and scan, the program found no infection. Machine already had MBAM installed, so updated and scanned with MBAM, found nothing. Used my computer to search for Google Redirect Virus, and found information regarding TDSSKiller, downloaded it and it found TDSS.TDL4, and I made sure "Cure" was selected, and allowed TDSSKiller to do its thing.I then put ComboFix back on the "infected" machine, and attempted a scan. It came back clear, so I uninstalled CF and deleted all logs.I was going to install Comodo Internet Security (CIS) on the machine. After downloading and installing CIS, the machine reboots, and Windows installer star... Read more

Answer:Strange behavior after TDSS.TDL4 rootkit/Virtumunde/koobface attempted removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

2 more replies
Relevance 74.21%

I have undetect spyware on my PC that continues to open other browser windows when I connect to the internet. I tried unsuccessully to install malwarebytes and run it. I tried renaming the .exe files as indictated in some of your previous answers to other users and that did not work either. Can you please help me? I also could not see any images or examples listed in your guide.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Priscilla at 9:49:12.98 on Sat 09/12/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.603 [GMT -5:00]

AV: Windows Security Suite *On-access scanning enabled* (Updated) {1059D93C-4AF5-4F87-ACB6-495166CECFC6}
AV: Windows Security Suite *On-access scanning enabled* (Updated) {CB1D6A98-ADF2-4195-B7C4-4306AB79DB90}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Windows Security Suite *enabled* {9CFF5BB5-1F9F-4059-8DF7-BA3D21ED9B2B}
FW: Windows Security Suite *enabled* {4C086C0F-038B-4154-8C63-857CB30DC2F5}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDe... Read more

Answer:Have spyware but can't download or run any malware removal software. "media2.tmlatn.com/images/defaults41/approved/404...

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.*If you have since resolved the original problem you were having, we would appreciate you letting us know. *If not please perform the following steps below so we can have a look at the current condition of your machine. *If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.**If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.----------------------------*-------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is ne... Read more

2 more replies
Relevance 73.8%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 73.8%

I'm pulling out my hair please help. Here's my HJT logfile.

Logfile of HijackThis v1.99.1
Scan saved at 7:16:48 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
f:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
F:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\sobrado.AOA1\My Documents\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Soft... Read more

Answer:Malicious Software Removal Wizard, Spyware Removal Wizard, System Integrity Scan Wiz

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/488003-hjt-logfile.html
 

1 more replies
Relevance 73.8%

Hi.
 
I tried to install this month's updates today and all except one was successful - the malicious removal tool (KB890830).
 
I told Windows Update to search again, and it didn't find it.
 
I went to Microsoft's website and downloaded it to the computer. I ran it, but it seems like it didn't do anything.
 
I would like to mention that earlier this month, I received a duplicate download of the August version of the malicious removal tool and didn't realize the duplicate installed until it was too late.
 
Did anyone else experience this?
 
Any help appreciated.

Answer:Windows Malicious Software Removal Tool Sept. 2016 won't install

I tried to install this month's updates today and all except one was successful - the malicious removal tool (KB890830).
 
I went to Microsoft's website and downloaded it to the computer. I ran it, but it seems like it didn't do anything.
 
Hi a.h.h.10:
 
Open the scan log for the Malicious Software Removal Tool (C:\Windows\Debug\mrt.log) in with Notepad or any other text editor and see if you can find entry for the September 2016 v5.40 of the tool.  If so, are there any error codes for the scan?  A return code of "0 (0x0)" is normal and means "no infection found".  Here's what my log looks like for this month's scan:

---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.40, September 2016 (build 5.40.13000.0)Started On Wed Sep 14 11:50:41 2016Engine: 1.1.13000.0Signatures: 1.227.1155.0Run Mode: Scan Run From Windows UpdateResults Summary:----------------No infection found.Successfully Submitted Heartbeat ReportMicrosoft Windows Malicious Software Removal Tool Finished On Wed Sep 14 11:57:40 2016Return code: 0 (0x0)
 
------------32-bit Vista Home Premium SP2 * Firefox v48.0.2 * NIS v22.7.1.32 * MBAM Premium v2.2.1

10 more replies
Relevance 73.8%

Hi.
 
I tried to install this month's updates today and all except one was successful - the malicious removal tool (KB890830).
 
I told Windows Update to search again, and it didn't find it.
 
I went to Microsoft's website and downloaded it to the computer. I ran it, but it seems like it didn't do anything.
 
I would like to mention that earlier this month, I received a duplicate download of the August version of the malicious removal tool and didn't realize the duplicate installed until it was too late.
 
Did anyone else experience this?
 
Any help appreciated.

More replies
Relevance 73.39%

Hello everyone
 
A friend has given me her computer to fix as she has noticed that icons have disappeared from her desktop and that her favourites have disappeared from internet explorer. I have fixed similar problems previously for other friends by running various virus/malware removal programs like Malwarebytes, ADW Cleaner, Combofix, Junkware Removal Tool etc but this time the computer won't let me download and install anything. I have tried to download and install programs in safe mode but still no luck.
 
I decided to download the programs on a separate computer and put them onto a USB stick. I then booted up the infected computer into safe mode and transferred all the programs onto the desktop but when I double click on the set-up files I keep getting errors.
 
The errors I get are as follows
 
Malwarebytes - The system cannot find the path specified
ADWCleaner - Autolt Error - Unable to open the script file
Combofix - NSIS Error - Error launching installer
Junkware Removal Tool - Could not open the archive file "C:\Windows\system32\config\systemprofile\Desktop\JRT.exe. The system cannot find the file path specified
 
These errors occur in both normal and safe mode.
 
I have tried running DDS as advised in the Preparation Guide but I get the following error
 
dds.com - NSIS Error - Error launching installer
 
Please can one of the experts look into this for me and hopefully resolve the problems I'm having.
... Read more

Answer:Can't install virus/malware removal programs. Missing icons and favourites

Hello  stevieddj1, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

   Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  I will be analyzing your log. I will get back to you with instructions.  Please download Farbar Recovery Scan Tool and save it to your Desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them wi... Read more

18 more replies
Relevance 70.93%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 70.93%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 69.7%

Hi,

I have a few viruses on my desktop pc that I am aware of and cannot figure out how to rid them.

They make awful popups, mainly mostly from CiD and some from Zedo.

Another problem I have is that when I go into my task manager to see what processes are running it shows that IEXPLORE.exe is running even when no internet explorer applications are visibly running. This I believe is sucking up my memory usage and making my computer slower than normal.

If someone could please help me, that would be great.
 

Answer:Trojans, need help with removal

6 more replies
Relevance 68.88%

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:26 AM, on 4/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Belkin\F5D7010v8\Belkinwcui.exe
C:\Program Files\Belkin\F5D7010v8\jswpsapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Star... Read more

More replies
Relevance 68.88%

i just recently reformmated and installed windows again, have yet to download anythhing at all, only used for internet access (surfthechannel.com seems to have been the place where i picked up some malware) keep in mind that i have only browsed the web no downloads.i constantly see pop ups from different adds but these arent any spyware things like antivirus xp its just regular pop up adds, sometimes they wont even load a page. even when im just letting the pc sit there, randomly it will open a pop up, even with firefox and inet xplorer closed.i have attached a hijack this log.also i run a registry cleaner via tuneup one click, and trojan remover has failed to remove my trojans even in safe mode.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:07:37 PM, on 3/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\... Read more

Answer:trojans and spyware, need removal help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 68.88%

Hi there,

For the last week or so I've consistently had my Avira Anti-Virus popping up warnings about trojans on my computer. At times, it will pop up over 20 warnings simultaneously. One that it popped up, which led me to this forum, was for "crypt.xpack.gen", or something of the sort. Even when I run a full scan and quarantine or remove these trojans, more pop up in their place.

I'm not sure if it's an effect of these problems, but I've also noticed when searching using engines like Google, often a clicked search result will instead link through to a spam site.

I went through the READ ME and performed the scans, whose logs are attached below.

Any help you can offer would be tremendously appreciated.

Thanks.
 

Answer:Trojans sticking around even after removal

MGTools Logs
 

6 more replies
Relevance 68.88%

i saw on another post to download hijackthis and save the log so i did i really would appreciate it if some one would tell me what to delete
here is the log
Logfile of HijackThis v1.97.7
Scan saved at 6:46:25 AM, on 12/15/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp3\winampa.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\program files\altnet\points manager\points manager.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\PROGRA~1\Save\Save.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\WeatherCast\Weather.exe
C:\Program Files\ClockSync\Sync.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Compaq Conne... Read more

Answer:adware / trojans removal

Download & Run CWshredder from
http://www.merijn.org/cwschronicles.html
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected

then reboot &
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, press search for updates, then tick the updates it finds, then press download updates. Beside the download button is a little down pointed arrow, select one of the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

then reboot &
download AdAware 6
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

then.........

go to settings(the gear on top of AdAware)>Tweak>Scanning... Read more

2 more replies
Relevance 68.88%

It all started a few days ago when I noticed a file lodupgd.jpg running in my processes. I stopped the process and googled it. I followed the instructions on Symantecs website to remove Trojan.Bankpatch.D but ever since then more of them keep coming back.

I am using Windows XP. I have Malwarebytes, Trojan Remover, SuperAntiSpyware, Spybot Search and Destroy, CC Cleaner, Advanced Windows Care, Windows Defender, and AVG.

Day 1) I run each program separately. Trojans are found. I restart the computer after each scan. I go on to the next program and scan and repeat the process until I've done them all.

Day 2) The Trojans appear again but it's more of them. I repeat the process of Day 1 except that I do it in Safe Mode.

Day 3) Even more Trojans turn up including the ones I already deleted. I repeat what I did in Day 1.

Now here I am very frustrated because I don't think my system is clean. I just finished a Malwarebytes scan
and a Trojan Remover scan. Both have turned up things I already deleted.

Here is what has been on the computer TODAY from different scans throughout the day

Malwarebytes
Files Infected:
C:\WINDOWS\st_1241750755.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\t55ft2692f44.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
\Mstrkr32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
\Winvdrvr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\... Read more

Answer:Trojans Keep Reappearing After Removal

HelloI see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/225436/trojanbankpatchd-infected-system-keeps-coming-back/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as ... Read more

1 more replies
Relevance 68.88%

ran mcaffee virus scan and the following came up and will not allow me to remove each one.

ive tried to delete, quarantine, and clean all of them but the following message appears under status: "the disk is write-protected"

how do i remove these files? ive tried looking them up at the mcaffe website but it wasnt much help.

the names of the viruses / trojans are:

multidropper-KU
StartPage-DU.dll
W32/Sdbot.worm.general.i (this is the trojan im most worried about)
Aim-Lowdown


any help would b great...thanks in advance
 

Answer:Removal Of Following Trojans/viruses???? Please Help??

also, ive tried hijack this, trojan hunter, and stinger and none of them have been any help
 

9 more replies
Relevance 68.88%

Hi

Any advice on how best to remove trojans?

BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / [email protected] virus"

Strangely the anti-virus software that I am running - AVG (Free)(V9-LATEST) - completely failed to find either of these viruses, even though I regularly make sure that it is bang up to date.
STEPS TAKEN SO FAR
I have downloaded SuperAntiSpyware, MalwareBytes, and A-Squared Free(v4.5).
I tried rebooting Windows7 in Safe Mode, by hitting F8 repeatedly during reboot.
However I could not get this to work. The first time I tried all that happened is that Windows7 completely failed to boot! The second and third times simply produced a normal boot.

I then ran MalwareBytes which found some stuff, at which point (very late in the day!) AVG found some stuff too.

So then I tried running msconfig.exe and selected "Diagnostic Startup" and rebooted into a safe mode.

Right now I am running an A-Squared scan and re-running MalwareBytes scan...

...But what is extremely worrying to me, is that I can't get AVG to run a scan right now. if I click on the "Computer Scanner" tab, and then click on "Scan Whole Computer", all that happens is that it says "! There are no active components" at the top of that window. (Is this because I have booted into &quo... Read more

Answer:Help! - Any advice on trojans removal ?

  
Quote: Originally Posted by shiphen


Hi

Any advice on how best to remove trojans?

BACKGROUND
At the bottom right of my Windows7 screen, the Action Center gave me the following alerts:
- "Remove the W32/Gaobot.worm.genu - Win32/RBot.3eu!Worm virus"
and
- "Remove the Trojan.PWS.Legmir.AD / [email protected] virus"

Strangely the anti-virus software that I am running - AVG (Free)(V9-LATEST) - completely failed to find either of these viruses, even though I regularly make sure that it is bang up to date.
STEPS TAKEN SO FAR
I have downloaded SuperAntiSpyware, MalwareBytes, and A-Squared Free(v4.5).
I tried rebooting Windows7 in Safe Mode, by hitting F8 repeatedly during reboot.
However I could not get this to work. The first time I tried all that happened is that Windows7 completely failed to boot! The second and third times simply produced a normal boot.

I then ran MalwareBytes which found some stuff, at which point (very late in the day!) AVG found some stuff too.

So then I tried running msconfig.exe and selected "Diagnostic Startup" and rebooted into a safe mode.

Right now I am running an A-Squared scan and re-running MalwareBytes scan...

...But what is extremely worrying to me, is that I can't get AVG to run a scan right now. if I click on the "Computer Scanner" tab, and then click on "Scan Whole Computer", all that happens is that it says "! There are no active components&... Read more

9 more replies
Relevance 68.88%

:waveI have been working with a guy at Windowbbs.com with removing some Trojans, bots and dialers on a friends computer. We have removed most of it and everything seems to look ok except for the last file in this post. 023 Fax 2client (ms_fax). He said he had a question about it and a few others. He is suppose to be getting back with me and it has been a couple days. I just thought I would post it here and see if anyone could find anything that me or my friend from the other site couldn't see. Thanks for for your help in advance.
 

Answer:Trojans, bot and virus removal

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis​Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.​
When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
CounterSpy
AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
Bitdefender - from step 6
Panda Scan - from step 6
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat
HijackThis ---> the last log to run and attach!!
NOTE: You can only attach 3 files in a single message so it will re... Read more

1 more replies