Computer Support Forum

Cyber Security removal; Malware removal not working

Question: Cyber Security removal; Malware removal not working

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\windows\system32\svchost.exeC:\windows\system32\svchost.exeC:\windows\system32\spoolsv.exeC:\windows\System32\SCardSvr.exeC:\windows\system32\svchost.exeC:\Program Files\Altiris\AClient\AClient.exeC:\Program Files\Altiris\Altiris Agent\aexnsagent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\CEAL\VPN Client\cvpnd.exeC:\windows\SYSTEM32\DWRCS.EXEC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\windows\system32\mfevtps.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\windows\system32\svchost.exeC:\Program Files\McAfee\VirusScan Enterprise\mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\mfeann.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\alg.exeC:\windows\Explorer.EXEC:\Program Files\Altiris\AClient\AClntUsr.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\McAfee\Common Framework\udaterui.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\windows\system32\ctfmon.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\windows\system32\wuauclt.exeC:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exeC:\Program Files\Kyocera\FileUtility\NsCatCom.exeC:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeC:\Program Files\TechSmith\SnagIt 7\TSCHelp.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\iPod\bin\iPodService.exeD:\Documents and Settings\greg.middleton\Desktop\HijackThis\HiJackThis.exeC:\windows\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://pulse.ce.corp/irj/portal/anonymous?logout_submit=trueR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://createpdf.adobe.com/?Language=ENUF2 - REG:system.ini: UserInit=C:\windows\SYSTEM32\Userinit.exe,C:\windows\system32\sdra64.exe,O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXEO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/WirelessO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logonO4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exeO4 - Global Startup: Scanner File Utility.lnk = ?O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\windows\system32\shdocvw.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\greg.middleton\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://*.birst.ce.corpO15 - Trusted Zone: http://dev1sap03.ce.corpO15 - Trusted Zone: http://dev1sap04.ce.corpO15 - Trusted Zone: http://dev1sap06.ce.corpO15 - Trusted Zone: http://kb.ce.corpO15 - Trusted Zone: http://pulse.ce.corpO15 - Trusted Zone: http://pulselogin.ce.corpO15 - Trusted Zone: http://syd1sap03.ce.corpO15 - Trusted Zone: http://syd1sap04.ce.corpO15 - Trusted Zone: http://syd1sap05.ce.corpO15 - Trusted Zone: http://tst1sap01.ce.corpO15 - Trusted Zone: http://tst1sap02.ce.corpO15 - Trusted Zone: http://vantage.ce.corpO15 - Trusted Zone: http://wmweb.ce.corpO15 - Trusted Zone: http://grapevine.in.ce.com.auO15 - Trusted Zone: http://*.syd1mww01O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...le.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...en/x86/client/wuweb_site.cab?1173196238562O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://corporateexpress.webex.com/client/T...bex/ieatgpc.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CE.CORPO17 - HKLM\Software\..\Telephony: DomainName = ce.corpO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CE.CORPO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ce.corp,CE.CORPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CE.CORPO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ce.corp,CE.CORPO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ce.corp,CE.CORPO20 - AppInit_DLLs: C:\windows\system32\kbdsock.dllO23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exeO23 - Service: Symantec Management Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\aexnsagent.exeO23 - Service: AltirisAgentProvider - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files\CEAL\VPN Client\cvpnd.exeO23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\windows\SYSTEM32\DWRCS.EXEO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exeO23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe--End of file - 9963 bytesGregMidd

Relevance 100%
Preferred Solution: Cyber Security removal; Malware removal not working

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\spoolsv.exeC:\windows\System32\SCardSvr.exeC:\windows\system32\svchost.exe -k LocalServiceC:\Program Files\Altiris\AClient\AClient.exeC:\Program Files\Altiris\Altiris Agent\aexnsagent.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exec:\Program Files\CEAL\VPN Client\cvpnd.exeC:\windows\SYSTEM32\DWRCS.EXEC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exeC:\Program Files\McAfee\Common Framework\FrameworkService.exeC:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\windows\system32\mfevtps.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\McAfee\Common Framework\naPrdMgr.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\McAfee\VirusScan Enterprise\mcshield.exeC:\Program Files\McAfee\VirusScan Enterprise\mfeann.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\System32\alg.exeC:\windows\Explorer.EXEC:\Program Files\Altiris\AClient\AClntUsr.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\McAfee\Common Framework\udaterui.exeC:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXEC:\windows\system32\ctfmon.exeC:\Program Files\McAfee\Common Framework\McTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exeC:\Program Files\Kyocera\FileUtility\NsCatCom.exeC:\Program Files\TechSmith\SnagIt 7\SnagIt32.exeC:\Program Files\TechSmith\SnagIt 7\TSCHelp.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\iPod\bin\iPodService.exeD:\Documents and Settings\greg.middleton\Desktop\HijackThis\HiJackThis.exeC:\windows\system32\NOTEPAD.EXEC:\Program Files\Internet Explorer\iexplore.exeD:\Documents and Settings\greg.middleton\Desktop\dds.scrC:\windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://pulse.ce.corp/irj/portal/anonymous?logout_submit=trueuInternet Connection Wizard,ShellNext = hxxp://createpdf.adobe.com/?Language=ENUmWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileTB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileTB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No FileEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [AClntUsr] c:\program files\altiris\aclient\AClntUsr.EXEmRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/WirelessmRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKeymRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONEmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logonStartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\scanne~1.lnk - c:\program files\kyocera\fileutility\NsCatCom.exeStartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 7\SnagIt32.exemPolicies-explorer: NoWelcomeScreen = 1 (0x1)IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501}IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - d:\documents and settings\greg.middleton\start menu\programs\imvu\Run IMVU.lnkIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLLTrusted Zone: ce.corp\*.birstTrusted Zone: ce.corp\dev1sap03Trusted Zone: ce.corp\dev1sap04Trusted Zone: ce.corp\dev1sap06Trusted Zone: ce.corp\kbTrusted Zone: ce.corp\pulseTrusted Zone: ce.corp\pulseloginTrusted Zone: ce.corp\syd1sap03Trusted Zone: ce.corp\syd1sap04Trusted Zone: ce.corp\syd1sap05Trusted Zone: ce.corp\tst1sap01Trusted Zone: ce.corp\tst1sap02Trusted Zone: ce.corp\vantageTrusted Zone: ce.corp\wmwebTrusted Zone: com.au\grapevine.in.ceTrusted Zone: syd1mww01Trusted Zone: taleo.netDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1173196238562DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cabDPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://corporateexpress.webex.com/client/T26L/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: AtiExtEvent - Ati2evxx.dllNotify: igfxcui - igfxdev.dllAppInit_DLLs: c:\windows\system32\kbdsock.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL============= SERVICES / DRIVERS ============================== Created Last 30 ==================================== Find3M ================================= FINISH: 15:33:29.31 ===============Merged topics in order to retain place in line and for the sake of continuity. ~ OB

3 more replies
Relevance 95.12%

I accidently installed Cyber-security. When we tried to remove it, a page pops up telling us to buy the product because the computer's infected. We tried to remove the cyber-security the way the website describes, but it didn't work. Going through the procedure a second time nothing showed up, but the cyber security pop ups keep coming up and the shield is still next to my clock... in fact, yesterday a second shield turned up after restarting the computer. PLEASE HELP.

DDS (Ver_09-10-13.01) - NTFSx86
Run by Katie at 21:34:40.67 on Tue 10/13/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.385 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nero&... Read more

Answer:Infected by Cyber Security: Looks like it multiplied after 1st removal attempt

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 93.07%

How to remove the Mandiant U.S.A Cyber Security ransomware (Virus Removal Guide):

Tried removal instructions but after scan by Kaspersky Rescue Disk and it stops at 1% scan and points to object: c:/msvcr70.dll. Can't find a way to quarantine or delete the file. It was an incomplete scan. Instructions also point to do updte but not working since I don't have internet access. I deleted it during one minute access to computer but did not make a difference.
 

Answer:How to remove the Mandiant U.S.A Cyber Security ransomware (Virus Removal Guide)

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

7 more replies
Relevance 80.36%

When I try to run the Sysinfo, the message is MacFile opener can't be opened.
I have a Mac mini, late 2009, OSX El Capitan, version 10.11.6
I had MacKeeper security software for years.
2 weeks ago I allowed them to remotely reconnect the MacKeeper and run a cleanup to regain memory space.
They called the service MacKeeper Remote Assistance.
Now my computer password does not work, I can't access I cloud and I can't open system preferences.
I believe my computer has been compromised.
MacKeeper is owned by Kromtech.
I have no transportation to take my computer to be checked out.
Does anyone have an idea what I can do to get rid of this.
I would appreciate any suggestion
 

More replies
Relevance 80.36%

I have a custom built computer about 6 years old. I have Windows XP Home. I use AVG Anti-Virus free version 7.5 and SpyBot.

I am a personal property appraiser and after not having used my computer for about five months because of open heart surgery I am getting back to work. Recently started working on an appraisal that visited several foreign (Japan, China, Germany) sites.

During the past week I noticed that when searching on google and get zillions of hits on a subject I would click on the hit and at the connection find that it had nothing to do with what I was looking for...often a listing of services, clicking back sometimes took me to the desired site but often instead of being misdirected nothing happened until I got the message "not responding" and "ending now" took me out of Google and I'd have to start the search all over.
I finally noticed that the blue title bar at the top of the page said "jump...." and then would quickly flash off so I started searching google for "jump redirected internet searches and hence found your site.

I have read your instructions and have downloaded the program that scans my computer and prints out a log. I have saved it and will paste it below.

AVG has not detected this virus. Spy Bot (after loading updates that were neglected when I was sick) discovered a trojan...can't remember the name right now...and it was deleted. It wasn't the problem because I'm still having the same pro... Read more

More replies
Relevance 79.54%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 79.54%

Help! To remove AV Security Suite Malware. I tried booting in the Safe Mode and unchecking proxy server, then running rkill.com, and then running Malwarebytes to remove AV Security Suite Malware. All efforts have been unsuccessful.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Robert DeAngelis at 10:01:57.89 on Fri 10/01/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.673 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Robert DeAngelis\My Documents\Downloads\dds.scr============== Pseudo HJT Report ===============uLocal Page = \blank.htmuWindow Title = Windows Internet ExploreruDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8mSearch Bar = hxxp://www.wtywsdclgucnkkrhwzcxvhf.com/4tJGAN... Read more

Answer:AV Security Suite Malware Removal

Hello BobDeaWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.====================Please download Rootkit Unhooker and save it to your desktop.Double-click RKUnhookerLE.exe to run it.Click the Report tab, then click ScanCheck Drivers, Stealth Code, Files, and Code HooksUncheck the rest, then click OKWhen prompted to Select Disks for Scan, make sure C:\ is checked and click OKWait till the scanner has finished then go File > Save ReportSave the report somewhere you can find it, typically your desktop. Click ... Read more

1 more replies
Relevance 79.54%

My sypmtoms began as "AntiVirus Studio 2010" fake spyware removal software and "Security Shield"

I thought using Malwarebytes Anti-Malware I had removed the problem. Unfortunately, there have still been issues.

The current issues are intermittent.

Blue Screen (iastor.sys)
Pop-Ups for Viagra, Porn Removal, Free giftcards, etc. (I have not had a pop-up since trying to pay more attention)
Often very slow (sometimes just before blue screen)

GMER text is attached.

Please note that the DDS did not run.

?   ?? ? @ ? ? ? ?!?L?!This program cannot be run in DOS mode. (This is followed with pages of characters)

Please help me with this malware and instruct me how to properly run the DDS software.

OK, since I already attempted removal before finding this forum, here are copies of MalwareBytes Anti-Malware logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/22/2010 8:14:25 AM
mbam-log-2010-12-22 (08-14-25).txt

Scan type: Quick scan
Objects scanned: 159223
Time elapsed: 10 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys ... Read more

Answer:Malware Removal - Security Shield?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

2 more replies
Relevance 79.54%

this seems to be just like AVP 2009 mess that I removed a while back (pop ups bogus warnings, etc) with the exception of this one actually hides the desktop icons also....

DDS LOG:
DDS (Ver_09-09-29.01) - NTFSx86
Run by Sharon my Love at 20:56:23.85 on Thu 10/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.358 [GMT -4:00]

AV: Verizon Internet Security Suite Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsy... Read more

Answer:security tool malware removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 79.54%

Malware has attacked my computer and gives that red shield in the bottom that says something like "You have a security alert!" and makes many pop ups and takes over internet. I deleted ~tmpa.exe and ~tmpd.exe. But it comes back when I reboot. Log below.You help is greatly appreciated. I am sure if I delete the correct things, I can lick this.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:25:06 PM, on 1/15/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Tr... Read more

Answer:Malware removal Help - Security alert!

Hi, allingtonj Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.... Read more

2 more replies
Relevance 79.54%

The computer is infected with Win 7 Security 2011. I ran House Call last night, it found ten objects but wouldn't remove them. It chose ignore, and wouldn't allow me to quarantine them. I ran a quick scan, and found nothing. The complete scan took 4+ hours, and came up with the ten objects.

MalwareBytes will not load up, and HJT will not create a log file. When I ran the suggested program..., it came up with a "sample hosts file", and there were no lines mentioning HJT. The output is below:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

I ran TFC, OTL, DDS, and TSG SysInfo.

SysInfo output:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows 7 Home Premium , 64 bit
Processor: AMD Athlon(tm) II P320 Dual-Core Processor, AMD64 ... Read more

Answer:Win 7 Security 2011 malware removal help please

7 more replies
Relevance 79.54%

I read many of the other posts regarding how to remove the Security.Hijack malware. I ran Malwarebytes anti-malware and got 2 warnings about the Security.Hijack i asked Malwarebytes to remove them and i restarted the system but didnt actually remove anything so now i'm here asking for some help to how i can remove the 2 warnings in my system.

I followed another ''guide'' that was made within this forum but i kind off got lost in the rain
 

Answer:Removal of Security.Hijack Malware

It looks like you started to do the following, but didn't finish. So finish these instructions and attach the requested logs.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 79.54%

I have noticed that I've been having popup ads lately, which is very strange since I've had popup blockers for a very long time. I keep my antivirus programs (mostly) up to date, and I rarely go on 'bad' sites. However, today when I restarted my computer, I had the "Security Tool" program pop up and give me a list of fake viruses that it wanted me to delete. I didn't delete them; instead, I opened my Killbox program and deleted two of the Security Tool files, but it would not let me delete the main folder for them. I opted to do the "delete on restart" method, which took out the main folder.

However, I've been trying to run the suggested "Malwarebytes Anti-Malware" scan to make sure the Security Tools is gone for good, but I absolutely cannot seem to run it. Every time I try to install/run the program, I get an error message or the program will start and stop itself. Eventually, it will be unable to find the mbam.exe file that is needed to run the program. I've tried to do all the suggested methods to make the program work that were listed on different forums from google.

I am still getting popup ads. I am unsure if this was the only problem my computer is having. To be safe, I have run a Hijack This, DDS, and RootRepeal scan on my computer. I do have Killbox, so I can manually delete anything that isn't safe (if it lets me delete it). Any help would be greatly appreciated!

If I read the "How To Post" thread correctly, I'll post... Read more

Answer:"Security Tool" Malware Removal

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Relevance 79.54%

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

Answer:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

3 more replies
Relevance 79.13%

Hi
Hope you can help. I downloaded something that was recommended to me for child internet security on phones. Attached to it was 'Student Life' and 'Family Cyber Alert'. These damn things wont go away. The installation screen is there everytime I turn on the laptop. I am not a genius in these matters but these are the steps I have taken. Managed to get rid of Student life but not Family Cyber.
I have gone into Task Manager and located the file 'FCA' after minor detective work found that this was the guilty party. Have ended process tree (numerous times) / created dump file / have done this over and over.
Ran a full scan twice - using Windows Security Essentials and Malwarebytes - IT IS STILL THERE! even after some other alerts came up that I got rid of. Obviously this thing is running in the background so want it off my system completely.
Please help. Bear in mind Im no genius like you guys so simple language and step by step - I would be grateful for.
Oh and I am using Windows Vista - Home Premium 2007 - 32 bit - If you need any other details let me know.

Thanks R
 

Answer:Family Cyber Removal

16 more replies
Relevance 79.13%

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

Answer:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 78.72%

Hey there experts =)

My son clicked something a few days ago, giving us the Win 7 security virus. I followed the directions here, and removed it with malwarebytes.
Everything was running smoothly.

Today I get home and see that my browsers (all of them, firefox, chrome) are being redirected. When they are being redirected my McAfee detects a virus and removes it, yet it continues to happen. After much reading, here and on other computer boards ... there seems to be something leftover from that virus that isn't always detected? From what I've read, there's a possibility there's a virus in the MBR ?

I do not have a Windows 7 disc, as this came pre-installed, nor do I have a recovery disc. All advice points towards running combofix, although all that advice comes saying 'DO NOT RUN combofix unless instructed to do so by a professional'

Well? You guys are the professionals so here I am. You're my last resort to getting this fixed, sans taking it into a shop which I'm REALLY trying to avoid. ;)

I do work a full time job, so my responses may not be immediate, but I will check daily or multiple times daily when I can and follow your directions ... if you can and are willing to help!

Thanks in advance!

Beachy

Answer:Help with removal of hijacker after Win7 security virus removal

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

14 more replies
Relevance 78.72%

Hi,

Thanks in advance for any help. I will do my best to provide all the necessary info. Last week, I got the Outerinfo and Internet Speed Monitor infections. I used online tutorials to remove these items using ComboFix and AVG Anti-Spyware, etc. Yesterday I got Security Toolbar 7.1 infection that causes pop-ups (with the little yellow triangle) and slows the system down, and I cannot seem to remove it. I ran the ATF cleaner and created a system restore point. I ran an updated version of AVG Anti-Spyware (but I cannot find the log). I tried to run Super Anti-Spyware but got an install error. I ran Panda Active Scan. I have updated the security patch for XP. I still have this infection.

Here are the logs I can provide:

First is Panda scan log:'
Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\winshow.exe
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\d37f2pwb.default\cookies.txt[hc2.humanclick.com/hc/51325817]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James\Co... Read more

Answer:Solved: Malware Security Toolbar 7.1 Removal

10 more replies
Relevance 78.72%

Hello,I'm out of tricks to get rid of this nasty rookit infection I have. It started this past saturday 12/17 with the XP security 2012 malware. I followed instructions online and removed it (various reg edits and running MBAM etc). It had corrupted my rundll32.exe file, which I restored from my XP disk (you will see a reference to the "old" copy I made be overwriting in the DDS log). After that my applications all worked again and my computer seemed fully functional but then I realized the virus also has a rootkit attached to it that causes google redirects in Firefox. I ran TDSSkiller and it found something and cleaned it the first time. Since then it has re-surfaced many times. MBAM found something once or twice upon resurfacing, but hasn't found anything the past few scans. TDSSKiller doesn't find aynthing anymore. SuperAntiSpyware doesn't find anything. I decided to run Mcaffee anti virus, and it said it found 3 files with Downloader-BMN.gen.g(Trojan) .. This was exciting, I hoped that would be it. But alas firefox googles still redirect. I haven't done any more scans and thought its time to call in the pros. Also forgot to mention I've run defogger and disabled my CD emulators, and ran CC Cleaner multiple times and deleted all my history and temp files etc. I have NOT run comboFix yet .. Here is the DDS log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30Run by Bill at 21:11:18 on 2011-1... Read more

Answer:rookit won't go away after XP security 2012 malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

18 more replies
Relevance 78.72%

Hello,I'm Jon, and I have an infected PC, yadda yadda yadda. Please forgive me, but I am not as spyware savvy as many of you are, I'm sure. My computer just started getting a small white X in a circle in the tray, and a pop up window down there saying: Warning! Security Report. Your Computer is infected! It is recommended to start spyware cleaner tool. When I right click on it, it sends me to an antivirus page, and then does tab afetr tab of crap. I also am getting warnings on my normal browser pages as well, now. I am not clicking on any of them, of course, because it appears to be malware? I run a Windows XP OS. I am not sure if it is NT or not. I am in an office with six different computers on our network. It is wireless internet, with a server running cables to all of our computers. I use Internet Explorer, maybe version 7? I am not the most tech savvy out there, so forgive me if I am being too vague. I have Ad-Aware, Spy-Bot, and I believe we are running Symantec Antivirus, but I think I only have Endpoint protection. Perhaps it is installed on our server, then distributed in our small network? I also noticed that my task manager will not work, and my background photo has been disable on my desktop? Can anyone help me remove this nasty thing?Thanks for any help-Jon(Moderator edit and note: thread moved to more appropriate forum. jgw)

Answer:warning security report! malware removal??

G'day, Jon,Can you please Post into this Area and be Patient, we are having a very busy time just now?http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Someone will come there to Help you out.

4 more replies
Relevance 78.72%

Hello all,

I have the malware Security Protection on my desktop. A quick search on google can show you what it is. Anyway, I have run MBam numerous times, each of which has removed, it seems, a portion of Security protection. However, a link of security protection still winds up residing on my decktop as well as a reloaded version of SP later on. I cant seem to fully get rid of it. any ideas?

SW
 

Answer:security protection malware complete removal

Hiya and welcome to Tech Support Guy

Can you run the tools in this thread:

http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

And then post the following:

1. Copy and paste the HijackThis log.
2. Copy and paste the contents of the DDS.txt file.
3. Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions
4. Copy and paste the contents of the ark.txt file.

Regards

eddie
 

1 more replies
Relevance 78.72%

I have followed the suggested guide to removal the malware 'Security Tool' (Remove Security Tool and SecurityTool (Uninstall Guide)). However when I try to run the rkill file the virus shuts it down before it has a chance to act.I have tried not clicking on the pop up boxes however this does not work.I have been able to download the malwarebytes set-up however the malware is blocking me from running the program.Is there any other way I can either run the rkill program or allow the malwarebytes to open and install?(I am using a new samsung r519 laptop running windows 7. It is a week old so has no unusual software or hardware)Any help would be really appreciatedEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ AnimalAllen

Answer:Failed Removal of 'Security Tool' Malware

Thanks Animal..Run FixExe.regFixExe.reg ....click Run when the box opensIf you get an alert that Rkill is "infected", ignore it. The alert is just a fake warning given by the rogue software which tries to terminate programs that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine. Or try running SAS first after Rkill.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the... Read more

1 more replies
Relevance 78.72%

sir, Two computers(winXP-pro-sp3) in my office have infected with virus/malwares but of different nature. In First machine, Avira free was installed. Same machine had to be reformatted(only C-drive out of three partitions, C, D & E) a week ago after a virus removal exercise with Mcafee AV, which resulted vanishing of Desktop & start menu. Probably fresh virus infection occured due to non-formatting of other two partitions containing lot of data( mainly .doc, .pdf, .jpg, .htm & .txt). This time I tried to clean the machine with a updated Nod32(installation folder copied from another machine) kept in a flash drive. cleaning was done in safe mode when some 2000+ virus was removed by Nod32 including some conficker,autoit viruses. Before reaching safe mode, I tried TaskMgr, Msconfig, regedit & windows search, all of which were disabled. However, it was possible to view hidden files & file extentions, inluding system files. But after reboot, viruses not removed, took control of machine & reaching safe mode was blocked. One thing i noted is infection of svchost.exe & explorer.exe. First one was operated from a folder(2537452) within system32, second one was associated with a file "regsvr.exe"I read your article for removal of security tool & accordingly downloaded rkill.com, kept in desktop & wanted to run but every time virus terminated the application before starting. I could install a current version of malwarebytes' Antim... Read more

More replies
Relevance 78.72%

Hi,

My computer got infected with the koobface several weeks ago. I posted in the 'Am I infected? What do I do?' section and the Hijackthis logs section and we have used malwarebytes to remove the infected files, restored windows to the last known good configuration and used the XP system restore feature and updated security.

Unfortunately none of this has worked. After using the internet (through both IE and Firefox) for around 5 mins the window freezes so I have to close it down. My computer then blue screens and I receive the ***STOP: 0x0000000A message. After logging back on I receive the following message 'loading model error. load default model?'. If I log off before internet freezes I get this message 'the instruction at 0x000f2fc0 referenced memory at 0x000f2f0. The memory could not be written. Click ok to terminate the program. Click cancel to debug the program'.

The last time my computer blue screened I received an error report after logging back on. I thought the info could be of help. Please find all of the details below:

Error Report Contents
The following files will be included in the report
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp
C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\sysdata.xm

Error signature
BCCode : 1000000a BCP1 : 0000BA33 BCP2 : 00000002 BCP3 : 00000001
BCP4 : 806E4A8E OSVer : 5_1_2600 SP : 2_0 Product : 256_1 l

I've had the problem for a couple of months now and I'm keen to get it fixed asap. Pl... Read more

Answer:Still getting BSOD after malware removal [moved from security]

'C:\DOCUME~1\JAIME-~1\LOCALS~1\Temp\WERc30b.dir00\Mini100409-01.dmp'

It made a minidump, so look for them and zip up the latest 4 and attach them.

7 more replies
Relevance 78.72%

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!
 

Answer:Vista Home Security malware removal

9 more replies
Relevance 78.72%

Hi

I'm trying to remove this malware from my laptop computer but all instructions that I've read indicate to download removal spyware...but my browser won't start up! I tried burning the indicated software to a CD and then loading to the infected computer but still no luck...

Any ideas?!

Thanks!

More replies
Relevance 78.72%

hello fellow tech heads

i've had a day from hell trying to remove the above trojan. none of the things found on the net worked for me like booting into safe mode as the virus was still active and stopping things. blocking task manager so i took things into my own hands and downloaded rkill which was the only thing that i could acctually load in safemode, killed it ran malwarebytes got rid of it well i taught i did but then when i booted into windows my programs are still missing from the start menu, malwarebytes i just installed was not there so reinstalled it and still was not lising in my programs

win update thinks its turned off when its on

accidentally turned hidden files on and found some of my movies and files which are marked as hidden OMG what the.........

so i can use my computer as per normal now and for internet i have to go through windows explorer but i am still infected and not sure how to fix it now as i cannot remove avg as its saying that its missing some reg file and therefore cannot run combofix

help pls :)

Answer:xp security 2011/ malware removal tool

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Who instructed you to run ComboFix?

As you should have read here in Step 2 of our NEW INSTRUCTIONS thread:

Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

------------------------------------------------------

We first need to verify if there are any rootkits present and how they could affect our tools.

DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present and decide whether to deploy ComboFix.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one ... Read more

19 more replies
Relevance 78.31%

Dear Sirs. I need help I followed instructions on this site to unblock pc from ice cyber crime virus removal but the reboot using a USB with hit an pro does not work , please advice.
Thank you

Answer:Ice cyber crime virus removal.

Hello, Conejo123.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
Please reply within 3 days to be fair to other people asking for help.
When in doubt, please stop and ask first.  There's no harm in asking questions!

 
 
 
Step 1
 
 
What version of windows are you running?  The answer will tell us which of our tools will work.
 
etavares

3 more replies
Relevance 77.9%

The malwarebytes antivirus did not remove the winweb pop up security alert. When I run the scan it does not detect any malicious items. The only malware quarantined was from the vendor Adware.Zango. The item is very long. I would cut and paste it here but can't seem to do that. It starts with HKEY_CURRENT_USER. This was the only one found in the registry of malware antivirus. There are many other items in the winweb security alert like trojans and others. should I write these down in the postings? The pop up Lsas.keylogger keeps coming up too.I did switch to firefox. Before winweb was on my screen I used Internet explorer. I'm not sure if the browser matters. I've used firefox eversince winweb has been popping up. Also, I could not run kapernsky's free scan for some reason. I did download the new runtime JAva but I still couldn't get a scan.I will cut and paste the reports from RSITLogfile of random's system information tool 1.04 (written by random/random)Run by sam pratt at 2008-12-03 10:43:54Microsoft Windows XP Home Edition Service Pack 3System drive C: has 258 MB (3%) free of 8 GBTotal RAM: 254 MB (27% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:46 AM, on 12/3/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS&... Read more

Answer:Malware removal request( winweb security alert)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

3 more replies
Relevance 77.9%

I have a malware infection I can't figure out how to fix. It started with a fake Windows Security Center scan warning, which I did not allow to run and then I notice several instances of ooj.exe running in my task manager. It has blocked me from opening almost any program/.exe. Windows just asks me to select a program to open the file. I can't run mbam or Super AntiSpyware. I have tried running FixExe.reg from a USB drive, it seemed to help initially, but no longer does.

I followed your general instructions. I could not run the defogger or gmer.exe (it just hung when trying to run). I did run the DDS (log pasted below and attach log is attached).

Any help would be greatly appreciated. Thanks!

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 15:42:08 on 2011-07-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.969 [GMT -6:00]
.
AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\hki183.exe
C:\Documents and Settings\All Users\Application Data\gj8Be6Sx.exe
C:\WI... Read more

Answer:Help wiht Malware Removal - ooj.exe, Wndws Security Cntr

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/412109 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

34 more replies
Relevance 77.9%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 77.9%

I hope I am finally in the right forum. Please, please help.Mod Edit: Topic in XP forum, http://www.bleepingcomputer.com/forums/topic433359.html/page__gopid__2516139 .Following pinned instructions for 2012..Security..XP, I was able to remove a number of Trojans with Malwarebytes, restored the firewall, reran Avast, and thought all was OK. And it seemed to be for a couple days.... Then Avast informed me it couldn't protect for firewall/email. Removed a few more trojans with malwarebytes, but could not get the firewall back up. Another forum has directed me here, explaining that I probably have resident malware.At this time, my computer is hung on the "windows is shutting down" window (I was trying to restart.) Before that, I had physically unplugged from the internet. A lot of services were running huge I/O and Other while I had nothing up but the CPU usage screen. InCDsvc and lsass were the most active. Oddly, I got a message the last couple reboots, that InCD could not be started.The scary thing for me (other than that the screen hangs there) is that all these processes were running very actively, but none were identified with a user - usually, it specifies network, local, Irena - like a ghost in the machine. It got quiet when I stopped the InCD, and very quiet after I pulled the Internet plug.The message was: Windows cannot start the Firewall/Internet Connection Sharing (ICS) service. I didn't go online after that. Now it's just a hung "shutting ... Read more

More replies
Relevance 77.9%

Hey Guys,
 
I Follow the 

CryptoLocker Ransomware Information Guide and FAQ
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#decrypt
and set the security policies to avoid CryptoLocker attack my computer which are these 
 
Block CryptoLocker executable in %AppData%

Path: %AppData%\*.exe Security Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block CryptoLocker executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*.exePath if using Windows Vista/7/8: %LocalAppData%\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from %AppData%.

Block Zbot executable in %AppData%

Path: %AppData%\*\*.exe Security Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block Zbot executable in %LocalAppData%

Path if using Windows XP: %UserProfile%\Local Settings\*\*.exePath if using Windows Vista/7/8: %LocalAppData%\*\*.exeSecurity Level: DisallowedDescription: Don't allow executables to run from immediate subfolders of %AppData%.

Block executables run from archive attachments opened with WinRAR:

Path if using Windows XP: %UserProfile%\Local Settings\Temp\Rar*\*.exePath if using Windows Vista/7/8: %LocalAppData%\Temp\Rar*\*.exe
Security Level: DisallowedDescription: Block executables run from archive atta... Read more

Answer:Security Policies doubts after Malware Removal Tools

Instead of playing with the Local Group Policy Editor manually to set these GPOs, you should just download and use the free version of CryptoPrevent that will do everything for you and also offers you various options when it comes to the "thightness" of the settings.https://www.foolishit.com/vb6-projects/cryptoprevent/This tool was created following Lawrence Abram's instructions you just followed, plus some custom made rules, so you'll be good if you use it.

1 more replies
Relevance 77.9%

Hi All and Brian
 
I have moved my issue to the correct spot as requested.
 
All of a sudden I had Antivirus Security Pro flash up and tell me a had a whole heap of virus' and that people on the net could see me via my camera (my camera light was consistently on).  I suspect I got this from a dodgy site I visited (which obviously Microsoft essential did not pick up)
 
I following the instructions from this site http://www.bleepingcomputer.com/virus-removal/remove-antivirus-security-pro which appear to have removed most of it but I still have the following issues.
 
No matter what I download the virus windows comes up and deletes the file and secondly
And I could not find Microsoft Security essentials to uninstall. 
 
I have tried a Microsoft programme to try and remove/rectify  Microsoft Sec Essentials but it seem to still be there because I cannot install any new anti virus program (I have tried reinstalling MSE and even Trend but to no avail)
When I try and install MSE I keep on getting the 0x80070643 error
 
I have been contemplating doing a complete reformat??
 
 

Answer:Cannot remove Microsoft Security Essentials after malware removal

You are probably infectec with ZeroAccess rootkit.Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/Follow this guide --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

2 more replies
Relevance 77.9%

Hi All
I don't know where to put this request, it kind of crosses over different topics.
I had that Antivirus security pro virus which has now been removed following the method from this site (many thanks for that, it has been a huge relief), however I still get the .exe file errors and deletion when I try and download something and I cannot remove or reinstall Microsoft security essentials.  I have re run the malware program several times now and says everything is clean??
I have window 7 64bit if that helps
Cheers
DAvid

Answer:Cannot remove Microsoft Security Essentials after malware removal

G'day David, fellow aussie here.....
 
I would just about bet money that your PC is still infected mate . In fact i would probably bet the farm on it !
 
Ok...(on a more serious note)....Post a new Topic here :: http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Describe what led you to know that you were infected....and what steps you have taken since.
 
Kind Regards,
 
Brian

1 more replies
Relevance 77.9%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 77.9%

I followed the Malware removal guide top to bottom, and it successfully removed the problem I had - which was that Google searches were returning false results

Thank you!

After completing the procedure I now get error alerts on my existing Security software:

1. Norton Internet Security 2009 -
a Risks in compressed file "dc1.exe"
b Risks in compressed file "Combofix.exe"

2. Spyware Doctor -
Application.NirCmd (22 infections)

Do you know if these are false alarms related to the Malware removal process?

Should I ignore these alarms, or let the software apply a fix?

Can I now safely toggle System Restore?
 

Answer:Security threats reported after completing Malware removal

I can't see log files for Malwarebites AntiMalware or for SuperAntiSpyware

I did run the scans but I don't think they found any infections
 

5 more replies
Relevance 77.9%

Sirs,
My desktop was recently infected with a malware security shield.After doing some google search I used first stopzilla avm 2113 .But since It wanted a registraion for repair scanning threats that I could not afford,I uninstalled it and then of my own I ran combo-fix.After that there seems to be no problem with my system that is windows7/32bit.however I donot understand the contents of its log report and need help from a suitable helper.the log report is enclosed.
moreover I want to know how should I protect my computer from subsequent threats as I cannot afford a fully paid anti virus.
thanks
vkwd7

More replies
Relevance 77.9%

On internet i have seen several times the advice to change the name by which a particular malware removal program is known since some malware recognizes the files
or the ---.exe and then prevents its installation onto an infected computer or its execution, even if the program was installed on the computer before the infection took place.
This was advised for TDSSKiller (tdss.exe should be renamed to e.g. whatever.com)
Malwarebytes AntiMalware should be renamed before using it on an infected computer.
See e.g.
How To Easily Remove Google Redirect Virus
http://www.usenetmessages.com/view.p...&id=476887&p=C

Can anyone say anything about this? And should this also be done routinely with other malware removal programs? If that would really be necessary/advisable then why wouldn't the providers give you the choice of renaming by asking if you want to, or simply give you no choice but rename their product? Probably not many people would ever think of doing it themselves.

Answer:Should malware removal programs be renamed for security reasons?

I'm perhaps being rather cynical, but I'm very suspicious of articles that have a link to a 'registry cleaner' or any other so-called utility that claims to clean or speed up your computer.

I'm of the opinion that some of these can easily corrupt your registry or your system.

Microsoft Security Essentials along with Malwarebytes and ignoring suspicious web pages or links has kept my computer free of viruses so far.

As for renaming Malwarebytes, I certainly wouldn't do it. If the door is already open, the undesirable alien is already in and only its removal will suffice.

The door needs to be locked, not just have its name changed.

6 more replies
Relevance 77.9%

Hello,

I seem to have the same issue as the poster below - except that I'm runnin Windows Vista. I can't seem to be able to download any program - even in safe mode - as the malware starts popping up it's own security windows. I would greatly appreciate any help.

http://forums.techguy.org/virus-oth...5697-vista-home-security-malware-removal.html

Thanks
 

Answer:Vista Home Security 2011 Malware removal

I was really hoping that someone can help on this. It's been 2 days since my original post; so I thought I would bump it up. Any help would be greatly appreciated. Thank you.
 

1 more replies
Relevance 77.9%

HI
could you please help me in solving my system problem.

when i start the computer it says the following message

The path'c:\WINDOWS\o4251227.exe' does not exist or is not a directory.

Windows cannot find "'C:\WINDOWS\o4251227.exe'".Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search

then when i click on the browsers it open very late.

Next is if i goto for google search and when i click the result it will open the websites like

'http://goldenmango.com/fine.cfm?pt=2&rpt=1&kt=1'
http://216.133.243.28/2.php?sid=677...LaW5nZG9tCUdC&objTimStr=0.22215900+1203094488
http://www.uncoverthenet.com/search/?q=fine'

unrelated links..

After going thru these website i have installed the Hijack This and the report is

Logfile of HijackThis v1.99.1
Scan saved at 10:08:41 PM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\C... Read more

Answer:Solved: System is in a big trouble. security and malware removal

13 more replies
Relevance 77.49%

My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Answer:IE not working after Malware Removal

Still having the same problem, though I have installed Firefox and it works fine. I would still like to make sure my laptop is clean and get everything back working. I did receive some sort of error message that says 'Host Process for Windows Services stopped working and was closed'. Did another Malewarebytes scan and it found 0 infected files.

6 more replies
Relevance 77.49%

Original Problem: My IE is currently not working. I noticed a program called AntiMalware Doctor running on my computer with pop up screens and I used the guide I found on your website to remove it. I now have Norton Security Suite and Maleware bytes' Anti Malware installed. I have already ran a scan with both programs and removed the infected files. The only program I am currently having difficulty with is IE. When I open it, it the window stays white and it finally says that the program stopped working. My system is Vista with IE 8. If someone could please help me I would be greatful!

Thanks!

EDIT** Norton has identified and blocked several 'Intrusion attempts'. All originating from the same IP address but with different sources listed.

Also, I have received an error message that states that the 'Windows Host file stopped working.' I would like to be 100% sure My laptop is clean and working properly.

Here is the DDS log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jacalyn at 19:21:01.02 on Wed 04/27/2011
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.3069.1052 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows... Read more

Answer:IE Not working after Malware removal

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

6 more replies
Relevance 77.49%

Well it just says to pay a fine of 100$ iTunes. Gift card realistically I don't think Federal Personel would ever ask for iTunes Guft Cards. Please help tell me how to remove it.
 

More replies
Relevance 77.49%

Hello, I have a computer that was infected with this virus.  I have tried unsuccessfully to run anti-malware and also tried a Kaspersky rescue disk start up as well.  Nothing has worked so far and I cannot even run Windows in safe mode.  I have an HP computer with Windows XP 32-bit.  Please let me know if there's anything more I can do to get rid of this virus.  Thanks.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:ICE Cyber Crime Center - Virus Removal

You don't specify if you have followed this guide so I will add it: ICE Cyber Crime Center Ransomware Removal Guide

11 more replies
Relevance 77.49%

Hello.  I tried the self-help removal guide for the ICE Cyber Crime Center Ransomware on my Windows XP 32-bit.  I did all the steps up to the one that says the Hitman Pro should automatically start 15-20 seconds after the lockscreen appears.  I waited for 30 minutes and the Hitman Pro never started.  I booted from the USB where the files were downloaded to and got the Kickstart black and white screen and pressed 1.  Windows loaded, the lock screen appeared and that's where it is stuck.  I can't install anything or even click anything so I can't install the DDS to get the logs for you.  What should I do?  No safe modes work at all.  Note:  This computer has Credent Encryption software on it, in case that matters.

Answer:ICE Cyber Crime Removal Guide Did Not Work - HELP!

We are going to try System Restore to restore the system prior to the infection.Depending on your Windows version.Windows XPOption 1.Step 1: Use F8 to Boot to SafeMode With Command PromptStep 2: Use ctrl/alt/del (keys) to get task manager openedStep 3: choose file and create new taskStep 4: Then Navigate to:C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)Step 5: Restore Computer to a Date you know you were virus freeStep 6: Run MalwarebytesOption 2.Step 1: Use F8 to Boot to SafeMode With Command PromptAt the command prompt type in: rstrui.exe

14 more replies
Relevance 77.49%

My main PC has been hit by that annoying "Warning! Your're in danger!" wallpaper and "Total Security" rogue app.I could not open Process Explorer as advised in: http://www.bleepingcomputer.com/virus-removal/remove-total-securityI tried to start pc in Safe Mode, but everytime when I tap F8, it shows a set of instructions and then it reboots..I could not open any file including MBAM.What should I do since I couldn't even disable the rogue app's process?

Answer:Removal not working for Total Security

I even tried to race with Total Security by use Avenger to delete tsc.exe and Sc2C21UvvM.exe off, but after rebooting, the report states that both files are not found.

Please help.. the "Warning! Your're in danger" and "virus scan" is making me crazy..

13 more replies
Relevance 76.67%

I recently (about a week ago) had adware on my computer. I am not sure where it came from but that's not the point. I had it completed wiped the malware out today and now the internet connection is not working for my the used to be infected computer.
 

Answer:Internet Not working after malware removal

I meant adware sorry...
 

6 more replies
Relevance 76.67%

I have worked on a couple of machine lately that have had rootkits (.zeroaccess) and after removal devices would not work. I tried the easy stuff like uninstalling/reinstalling devices, replaceing driver files, reinstalling inf files for the devices, SFC, and repair installs but the devices do not work correctly again. On one machine it is the CDROM, on another the mouse and keyboard. The mouse/keyboard with work ater a removal and reinstall but stop working after a reboot. A wipe and reinstall will do the trick but I sure would like a better answer. Has anyone else run into this or found an answer?

Answer:Devices not working after malware removal

Are you looking for a general answer or do you have an infected machine?

2 more replies
Relevance 76.67%

Hi,

My computer has been attacked by malware.
Now I followed the instructions on the opening thread of this forum and download DDS.scr, but I cannot make it to work.
After opening the program, I dont think it is doing anything. No logs are created.

Please let me know how to go about the first step
Btw, the symptoms of my machine are -

1) Random new browser windows opening with hoax antivirus pop-ups asking for download
2) Firefox crashing everytime it is launched. Crash report submittal is failing.

3)Unable to connect to Internet through wired LAN. It shows connected status but no sites open.

4) Sometimes my McAfee Antivirus is closing down abrutly throwing warning that it has been closed although the system guard icon of McAfee is still active.

Thanks!
Ron

Answer:Need help to get started with malware removal-DDS.scr not working

Hi
Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

19 more replies
Relevance 76.67%

USB port not working after malware removal. I use a card reader on the usb port loacated on the front of my computer. After succesfuly removing "my way s#ar#h assistant", The card driver doesn't work. Do I need to insal a driver to get it functioning properly?
Thanks for all your help
 

Answer:USB port not working after malware removal

Hi

I would say your are best to follow what Chaslang posted HERE and attach the logs in that thread of yours in malware forum as while you may look ok and malware free, their maybe some malware files causing this.

We may be able to reinstall the driver but that may not change anything, unless all malware is removed first.


The info we would need to get the correct driver is in below steps, but TBH, do make sure you are fully clean from malware first.





If your PC is one from the likes of DELL, HP, Sony, etc what is the Make and model varient as this will assist us if we need drivers?

If your PC is a home or custom build what is the motherboard make and version?

Download and install Everest to find this info, at times a summary log of your PC can help, to do this

Install Everest and run
Click Report (top menu) > Report Wizard > Next
Choose System Summary Only > Next
Choose Plain Text > Finish and wait for report to generate
Click Save to File and leave the File Name as Report, then click the Save as Type dropdown and choose Report files (*txt) and click Save (n.b. Save to desktop is best as easy place to find it, use Browse to locate desktop)



Then attach your log to your next post as per these instructions HOW TO: Attach Items To Your Post [/URLClick to expand...


 

1 more replies
Relevance 76.67%

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

Answer:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

3 more replies
Relevance 76.67%

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

Answer:malware removal/popup/iexplore removal

16 more replies
Relevance 76.67%

I posted the software forum yesterday and was instructed to complete the malware removal steps and repost here. I have a new computer running Windows 8.1. When I say new, I mean I started having problems within a couple of hours after turning it on!

I have McAfee antivirus protection and downloaded and installed my MSOffice 2013 Home and Student. All seemed to be fine. The MSOffice was up and running and McAfee said I was protected. Suddenly and I don't remember what I was doing...it said Microsoft something (sounded like an antivirus or firewall something) had detected several problems and I needed to "clean my computer". Oh so ignorant of all that was going on with learning Windows 8.1 after using XP for years I told it to clean. Somewhere in there it suggested I do a system restore. All seemed OK until I realized MSOffice was no longer there. I tried to download it again and reload, but with no luck. It occurred to me it had something to do with the system restore so I tried to undo the restore. That of course didn't help. I'm also now getting messages from McAfee that I am covered and safe but that my firewall is turned off and needs to be turned on. However I can get McAfee to do nothing. I can open a screen, but nothing I do makes it do anything. I tried downloading their "Virtual Technician" before I started the process you recommended and it acted like it was downloading, but 20 minutes later it was still "spin... Read more

Answer:malware removal help - removal instructions attempted

Can you try running the tools that were not working before including Hitman, in safe mode please. Let me know how you get on.
 

16 more replies
Relevance 76.67%

I read and followed precisely "Vista and Win 7 Malware Removal/Cleaning Procedure"

My issue: I was informed my my isp the following: "Mail Log Parsed from Feb 15, 2013 19:47:04 to Feb 16, 2013 19:47:04 User sent approximately 141,801 messages to 136,591 unique recipients. There were 2598 bounces received in this period, 1 percent of the emails sent. "

I have AVG, running constantly. ISP changed my password to stop the mail. I ran AVG in safe mode. Still not sure trojan erradicated. ISP referred me to your site.

I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.

Please advise if you believe my system is clean, or what further I should do. Since I haven't seemed to find anything, it's hard for me to be comfortable that it's clean.

Thank you emmensely!!

Mike Sieber
 

Answer:Help with malware removal--have performed removal instructions

Welcome to Major Geeks!




mike sieber said:





I performed all steps. I have attached all logs except TDSSKiller. While it ran clean, no apparent log was generated. All except RogueKiller found no issues. RogueKiller found as reflected in log.Click to expand...

Not problems. It is just junk from AVG. All of your logs are clean. Many times when something like this happens, it is not an infection. It is due to a spammer/spammers getting your email login and password and they use it from other PCs to send out their spam. There are cases of infections that can cause spamming ( like some master boot record or partition infections ) but you show no signs of these.


If you are not having any other malware problems, it is time to do our final steps:
We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to ... Read more

3 more replies
Relevance 76.67%

I read the ICE Cyber Crime Center Ransomware Removal Guide posted by Lawrence Abrams on June 6, 2013.  I booted the HitmanPro program form a USB drive as directed and found one trojan file that was associated with FlashPlayer. Instructed HitmanPro to delete the suspicious file, then rebooted computer. Still infected with ICE Cyber Crime  Screen Locker.  Ran HitmanPro program again, but it did not find any other suspicious files.  Still cannot get past the ICE screen locker with normal boot-up.  What should I do next?
-pwt57
 

Answer:ICE Cyber Crime Center Ransomware Removal Guide

Hello pwt57 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

10 more replies
Relevance 76.26%

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mou... Read more

Answer:advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 75.85%

Hi,
I got infected with some unknown spyware and decided to use AdwCleaner to remove it. Unfortunately, after removal and restart of my comp, all my browsers (chrome, firefox and ie) shows that I'm unable to connect to proxy server and i cannot get on the internet

Below are my stats and the Adw Reports

Thanks

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8077 Mb
Graphics Card: NVIDIA GeForce GT 740M, -2048 Mb
Hard Drives: C: Total - 190423 MB, Free - 4238 MB; D: Total - 264346 MB, Free - 44283 MB; G: Total - 476799 MB, Free - 476786 MB; H: Total - 953861 MB, Free - 6912 MB; I: Total - 476927 MB, Free - 476171 MB;
Motherboard: ASUSTeK COMPUTER INC., K46CB
Antivirus: Windows Defender, Disabled
 

Answer:Internet not working after removal of malware using AdwCleaner

# AdwCleaner v4.208 - Logfile created 06/08/2015 at 18:22:38
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Gladwin - GLADWIN
# Running from : C:\Users\ASUS\Downloads\Programs\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****
***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\eakacpaijcpapndcfffdgphdiccmpknp
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_niloccemoadcdkdjlinkgdfekeahmflj_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_user.qzone.qq.com_0.localstorage-journal
File Found : C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_v.qq.com_0.localstorage
... Read more

6 more replies
Relevance 75.85%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

8 more replies
Relevance 75.85%

Hi,
2 weeks ago Malware.Trace & Net-Worm.Win32.Koobface were removed from my pc (using F-Secure and MAB). Things seemed ok at that point.

Last week I noticed I wasn't able to access the SEARCH function. A few days later Windows Media Player wasn't working and my scanner wasn't being recognized by the system.(Had a death in the family and didn't have time to pursue the issues at that time.)

Today I reinstalled Media Player and the scanner. Scanner is fine.

Both Windows Media Player and the SEARCH function work just fine when I use the Administrator account.

When I try to run WMP in any of the 3 limited user accounts I get this message: "An internal application error has occurred."

When I try to use the SEARCH function in the limited accounts, a window opens with only a blank folder in the title bar.

Please let me know what you think I should do.

Thanks a lot!

Answer:Computer not working right after virus/malware removal

You never really did post any logs in your last topicIt's possible that you could still be infectetedUpdate mbam and run a FULL scanPlease post the resultsThen run ATF and SASATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click [Please download Dr.Web CureIt, the free version & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, then choose Cure > Move incurable.
(This will move any... Read more

12 more replies
Relevance 75.85%

Hi all, let me first introduce myself. My name is Andrew.

Here is my current situation: The other day while on my computer, I started receiving messages I've never received before. I kept receiving popups on my desktop saying that threats had been detected and then proceeded to perform a fake system scan. The "dialog box" said something like 'PC AntiSpyware 2010'. I also had the little red circle with the white X in my system tray. Anytime you'd mouse over it, a warning balloon would pop up.

After doing a little research around these forums, I decided the best bet would be to download, update and run MalwareBytes' remover tool. I did a scan, checked all the objects that came up (all 44 of them! OUCH!) and had the program delete them. I then restarted my PC and voila! No sign of the malware at all. Awesome.

Except now my internet doesn't work. Both my wireless adapter tray icon (D-Link DWL-G122) and my wireless network icon are shown as being connected and having excellent signal strength. I even did a ping of google.com using the CMD prompt and it showed no errors in either direction! Weird. It doesn't appear to have anything to do with my network either, as every other computer connected to this network also connects to the internet with no problems at all.

So my question is wtf is going on here!? lol

I'm running out of ideas and would really like to get this resolved ASAP. Any help/advice at all will be greatly appreciated!

Thanks... Read more

Answer:Internet not working after malware removal. Please help, I'm desperate!

Mods, please close this thread as I am already receiving help elsewhere.

Thank you and I apologize for the inconvenience.

2 more replies
Relevance 75.85%

Ransom virus popped up on kid's phone (yeah, I know)...Samsung Axiom running Android 4.1.2. None of the tactics found online work. Avast does not open. Tried installing Malwarebytes...installed, but unable to open through play store. I tried hooking it up to a pc with Malwarebytes, but the program won't let me scan the phone.
 
I need ideas. Please help.

Answer:android: malware removal steps not working

G'day nomad, Click on THIS LINK,...(I am assuming this is not the avast program you already have) ....install the program, follow the prompts, and let me know if it gives you any joy.

3 more replies
Relevance 75.85%

Hi, I have been using Google Chrome for many months without a problem. However, last night I was somehow infected by malware. A fake anti-virus program appeared in my system tray and I could not kill it or any other processes. It prevented me from running MalwareBytes or getting to the Task Manager. I restarted my computer in safe mode and ran MalwareBytes and it removed 7 things. However, since then, I have not been able to use Google Chrome or Internet Explorer; I am currently only using Firefox because that is the only browser that works. I did some searching online and found that other people have had this problem after removing malware from their computers as well.I would greatly appreciate it if someone could help me figure out what is wrong with my computer.I am running Windows Vista (64-bit) SP 2.As stated in the Preparation Guide, here is the log produced by DDS. Also, I ran GMER, and I attached the file that I saved from it. However, a bunch of the options were grayed out, so I wasn't sure what else to do. I will await further instruction and rerun GMER if need be.Thank you so much!DDS (Ver_10-03-17.01) - NTFSX64 Run by Ken at 13:18:11.29 on Sat 07/10/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_14Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.4093.2571 [GMT -4:00]SP: Windows Defender *enabled* (Updated)
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Bottom */
google_ad_slot = "5165859604";
google_... Read more

Answer:Google Chrome not working after malware removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

13 more replies
Relevance 75.85%

Hey

So my hp tablet (windows xp) was infected with fake virus alerts which would not allow me to connect to the internet.

The malware has been removed, but I still cannot connect to wireless at any location (others can). Wired ethernet works. Right now my laptop is connected to a wireless router via an ethernet cable.

I can "see" wireless networks. When I try to connect, I am told I am connected, but I can't do anything and become disconnected in about 5 seconds. The connection continues to "connect" and "disconnect" every 5-10 seconds, although I still can't use the internet either way.
When I "repair" connection, I am told the ip address cannot be renewed. I have renewed the ip address manually in command prompt, but that doesn't change anything.

When I run ipconfig/all in command prompt, I get this (minus the host name):

Windows IP Configuration
Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network
Connection
Physical Address. . . . . . . . . : 00-16-6F-94-32-DB
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
... Read more

Answer:Solved: Wireless not working after malware removal

16 more replies
Relevance 75.85%

Problems:1) automatic updates unable to turn on (can't even manually start using services list)2) On Avant Browser, new windows with content related to open tabs pop up randomly3) Can't use gmail or google on Firefox (this may be application problem)4) Frequent pop-ups in Internet 7 browserPrograms:Used to have Ahnlab V3 Security Center (along with Adaware, Spybot, and Spydoctor (disabled) ), but switched to AVG upon review of this thread with similar problem (located here: http://www.bleepingcomputer.com/forums/t/36589/automatic-update-not-working/ ). Enabled Spydoctor and added C-Cleaner and did several online scans with programs on said thread. Computer started getting slow after installing V3Malware may have found it's way in after installation of the game Peggle. (See AVG log)I did an AVG scan and spybot scan in Safemode, log is as follows:AVG 8.0 Anti-Virus command line scannerCopyright ? 1992 - 2008 AVG TechnologiesProgram version 8.0.134, engine 8.0.0Virus Database: Version 270.4.7/1546 2008-07-11HKLM\SOFTWARE\Classes\MayaAsciiFile Found Adware.CommonName C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested. C:\Documents and Settings\Bienna Song\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested. C:\Documents and Settings\Bienna Song\NTUSER.DAT Locked file. Not tested. C:\Documents and Settings\Bienna Song\ntuser.dat.LOG Locked file. Not tested. C:\Document... Read more

Answer:Automatic Updates Not Working/malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.... Read more

14 more replies
Relevance 75.85%

Hello, I've just about given up trying to fix this and am ready to reinstall the OS, but maybe someone here knows what's wrong and how to fix it. The computer was upgraded to Windows 10 and had some minor malware that was removed. After the clean up the printer no longer works (I'm not sure if it was working before the clean up since it wasn't tested). The computer has no other problems or errors in the event log.


The printer is an HP OfficeJet 8500 A909g. The OS is Win 10 x64.


Symptoms:

-The printer is detected in devices and printers
-The scanner actually works
-It will print an internal test page of some kind from the HP Solution Center, but not the Windows test page or anything else.
-The same problems happen with both network and USB installs
-When printing a text document it says "The handle is invalid." with a yellow triangle and exclamation mark.
-When printing a Word Document it says "We couldn't print because there doesn't seem to be a printer installed :-(" with a yellow triangle and exclamation mark and a "show help >>" button.
-Opening the printer properties from devices and printers gives the following error with a red X before the properties windows opens: "C:\Windows\Explorer.EXE Function address 0x3f416fda caused a protection fault. (exception code 0xc0000005) Some or all property page(s) may not be displayed."

Attempted repairs so far:

-Uninstalled the printer and rein... Read more

Answer:Printer not working after Win 10 upgrade plus malware removal

Hi jcompguy and welcome to Tenforums.

That's a problem, yes, and you've tried just about everything I would have tried.

Have you run the Utility-Diagnostic Tool (just below the driver/software download) here?
HP Software and Driver Downloads for HP Printers, Laptops, Desktops and More | HP® Customer Support

If the printer works with other machines, then it's definitely that computer. Perhaps you could run sfc /scannow to make sure all system files are intact?

Also, before doing a clean install, I always try a repair install using an in-place upgrade. That just might do the trick.

Hope that helps!

0 more replies
Relevance 75.85%

I have discovered some Malware on my computer - under advice from my own techie friend I have run MalwareBytes and Combofix to remove and both do so for a short period of time and then the computer gets reinfectedThe virus disables all my .exe files and am sure probably more than that and I just want to clear it for goodI use Symantec as my anti virus etc all installed by a professional so really would like some help in clearing thisBelow is the log from Malweare and Combofix run in that order today - Malware always finds the same 6 problems Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4485Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870229/08/2010 09:27:51mbam-log-2010-08-29 (09-27-51).txtScan type: Quick scanObjects scanned: 172496Time elapsed: 26 minute(s), 31 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 2Registry Data Items Infected: 4Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOC... Read more

Answer:Removal of Hijack This etc Malware and COmbo not working

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

more replies
Relevance 75.85%

Hello,

Sorry for the length of this post, but I try to describe in detail what I've done. I have used the instructions in the "READ & RUN ME FIRST. Malware Removal Guide".

The reason I have done this is, because Avast On access scanner periodically alerted me to trojans in the temporary internet folder for the past two weeks. I instruct Avast to delete these files but the messages always come back a short while later. Two days ago it started alerting me of blocking access to a malicious site (the url for this site is garbled and ends in .cn). This message would pop up every 5 to 10 seconds. So I attempted to remove the malware on the pc with the help of the instructions of this forum yesterday night.

I am not sure where the trojan/malware originated from, as I am not the only user of this computer (my parents also use it). Around the time that the problems started, I visited a reputable (or so I thought) job site (engineeringcareers.co.za) - upon visiting Avast alerted me to a trojan attempting to download and gave me the option to block the connection to the site, so I did so.

Now, on to how I followed the instructions in your guide and the problems that I encountered:

I followed all the instructions to the letter, up to and including the Malwarebytes' Anti-Malware. Super antispyware had to be renamed to SAS.exe to run, as the explorer window crashed if I tried to run it normally. After MBAB finished, I could not connect to the interne... Read more

Answer:following malware removal instructions - MGTools not working

Hello again,

Here are the combofix and rootrepeal logs I intended to post. I wanted to post them directly after my earlier post, but real life interfered in the time between posting and my post showing up in the forum. This will probably be seen as a bump, but oh well - so far it looks like my problems are sorted out, so far Avast has not given me any more alerts to trojans/rootkits.

Thanks again,

Z.
 

8 more replies
Relevance 75.85%

I just removed a virus (winsvc32.exe) with Malwarebytes, which was awesome but now my Windows Security Centre is not working, the little icon for it is on the system tray with the X and says my protection is turned off. How do i fix this so that I can have it working again?
 

More replies
Relevance 75.03%

Hi
I have a Windows 7 64bit home laptop, it was infected with Malware. I installed MSE and it removed the malware but now can't browse the Internet, I've tried chrome and IE. I have tried to install malwarebytes but get a runtime error. I contacted their support and was asked to run FRST and send them the two log files which I did but not heard back yet. If anyone has any suggestions it would be really appreciated.

Answer:Internet Explorer and Chrome not working after malware removal - please help!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/593024 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 75.03%

I?m running Windows XP (2002). Yesterday, I had the ?Hard Drive Diagnostic? issue that I removed using the self-help guide. I ran rkill, Malwarebytes? Anti Malware, and Unhide.exe. Doing so took care of all problems and put all of my documents back in the ?my Documents? folder, except that the start menu shortcuts were not there (a bunch of empty folders where I anticipated links to MS Word and the like) and the background of my desktop had changed to the basic blue (or whatever that color is). I tried to follow the advice today of disabling antivirus software and running unhide.exe again; however, I was shortly being bombarded with the annoyance of Malware Protection. (I should note just prior to doing disabling AV software, I ran a Malwarebytes scan to make sure I wasn?t missing anything and came up with zero infected files.)

I tried starting in Safe Mode with Networking and running rkill; however, every time that I did so, the command window would open and state hat it was running and to be patient. Less than a half minute later, I would get a desktop message: ?Windows is running in safe mode. This special diagnostic mode of Windows enables you to fix a problem which may be caused by your network or hardware settings. Make sure these settings are correct in the Control Panel and then try starting Windows again. While in safe mode, some of your devices may not be available. To proceed to work in safe mode, click yes. If you prefer to use System Restore to restore your co... Read more

Answer:Malware Protection removal and TDSS Killer not working

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

29 more replies
Relevance 75.03%

At some point during the removal of malware, the Task manager of one of two user accounts stopped working. When accessed, it appears without headings or options except New Task at the bottom right of the pane. When I click on it, I get "Create New Task" box, which says, Open: Combofix. If I click the down arrow I get the following list: Combofix/uninstall, Combofix\uninstall, Notepad.exe, Regedit, cmd, appwiz.cpl, System recovery. I recognize these as being remnants of the clean-up process that was just completed. If I click ok, I get Combofix box - "Windows cannot find Combofix." Combofix was uninstalled after we were done removing all the malware.
The other user account is working fine. Also, I downloaded and installed the latest Internet Explorer 8 and Windows updates, but that didn't seem to do anything. The other user account, the one with the functioning Task Manager, is running better in general, updated. ? There is a thread that describes what we did, but I don't know how to link it to this thread.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) M processor 1.60GHz, x86 Family 6 Model 13 Stepping 8
Processor Count: 1
RAM: 502 Mb
Graphics Card: Mobile Intel(R) 915GM/GMS,910GML Express Chipset Family, 128 Mb
Hard Drives: C: Total - 71186 MB, Free - 57582 MB;
Motherboard:
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Dema... Read more

Answer:Solved: Task Manager not working after Malware removal.

11 more replies
Relevance 75.03%

Hello all, let me thank you in advance for your time on this.
I am working on my mother's computer (Aspire 6gig ram, 1T HD, Pentium)
She has been unable to access her email for a while now, and I took an initial run at the issue with HighjackThis. (I'll attach the logs)
HJT recommended a series of fixes, which I checked, only to find that they didn't go away.
I then turned to this faithful site.
I have run the Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure.
Attached are those logs.
As always, all advice and attention is greatly appreciated.
Thanks.
-Dave.
 

Answer:Working through Vista, Win 7 and Win 8 Malware Removal/Cleaning Procedure

Added the log files.
Thanks.
-Dave.
 

2 more replies
Relevance 74.62%

hello, a friend has droped off a broken windows xp computer with me for repair. The followed http://www.bleepingcomputer.com/virus-remo...-security-suite this guide section 'automated removal section and now the PC bluescreen's on both normal and safemode. Looking for guidance as to what they might have broken. Thoughts? The BSOD is a stop c000021a - windows logon process system process terminated unexpectedly with a status of 0xc00000005 (0x00000000 0x00000000).

Answer:BSOD after following "automated removal instructions for security suite using malwarebytes anti-malware guide

Hi .The majority of references I see for this...are for Win 2K. XP users who have this error...don't really seem to get a resolution of any sort that I can see.From looking at the Win 2K references, I'd say that the registry is jumbled. A repair install effort would be worth a try...but I suspect that a clean install will be the ultimate resolution.Some Google Links.Louis

1 more replies
Relevance 74.21%

Hi

REGISTRY/DRIVER ISSUE

I have an Acer Aspire 5740g laptop running windows 7 (log attached below).

I'm already indebted to you guys for your "READ & RUN ME FIRST. Malware Removal Guide" by chaslang, because it helped me to remove some nasty malware that was popping up on startup.

I ran through that guide till completion, including re-enabling UAC and doing the system toggles etc, including running all the anti-spyware programs even after the problem seemed to have been solved (although only the first two seemed to actually finish). The problem is gone thankfully but I've noticed an unusual side-effect:
audio no longer runs in browsers.

I'm wondering if some driver/registry change has caused this change. I've only tried testing the problem by opening clips that use sounds in youtube and megavideo (i'm using latest IE).

So far I have tried:
-restarting my computer
-updating adobe flash player to the latest version
-changing a flash player setting which is supposed to help in some situations (according to their support site)
-uninstalling and reinstalling flash player
-updating my sound drivers (found on the acer website- which involved removing the old drivers and installing the driver i downloaded).
-going into IE internet options> advanced> checking the "play sounds in webpages" box is checked
-closing all IE windows and restarting IE
-trying out (the limited) solutions google has thrown up

... Read more

Answer:Audio stopped working in browsers after running malware removal

Hi

It would be best as you have had malware on your PC to as you mention you have run the read me guide to actually attach the logs that that guide has you produce to your thread in malware forum HERE so that the experts in that area can give you an all clear on any remianing malware components, as while you may not see any issues outwardly, there maybe malware components left that are causing the audio issues, so need to remove them first before trying any driver fixes.


Once given the al clear on malware then post again here and we can try a few fixes.
 

9 more replies
Relevance 73.8%

HEY GEEKS NEED A LITTLE HELP. I HAVE A WINANTIVIRUS POP U THAT COMES UP EVERYTIME I AM ON THE NET, AFTER U X IT OUT 5 TO 6 OTHER POP-UP COME UP ABOUT A VIRUS. I AM RUNNING AVG EVERY MORNING, SYBOT SEARCH AND DESTROY, AD-WARE 6.0. HERE IS A HIJACK THIS LOG FILE TELL ME WHAT TO GET RID OF PLZ.

EDIT: Removed inline HJT log


THANKS

DOOKIE
 

Answer:winantivirus removal, malware removal

Hi and Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.


Run this first

Virtumonde aka Trojan Vundo Removal - some people also refer to this as WinFixer

Then run the below and atach the requested logs for the malware experts to look over.


Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.



When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

[*]runkeys.txt - the log from GetRunKey.bat
[*]newfiles.txt - the log from ShowNew.bat
CounterSpy - ONLY IF you were not a... Read more

1 more replies
Relevance 73.8%

MS Removal Tool is a rogue software. It restricts you from accessing your desktop. You cannot start Task Manager, and you cannot open Internet Explorer or any other programs. This situation is the result of malware (a variant of Win32/Winwebsec) that is infecting your computer.
To remove the MS Removal Tool, follow the steps below: Boot your computer into Safe Mode.
Windows XP and Windows Vista:Start your computer and press and hold the F8 key.A Windows Advanced Options menu will appear. Use your arrow keys to scroll to Safe Mode and click the Enter key.Click the Start button, and then click Run.Type cmd then click OK. A black command prompt window will appear.Locate the affected directories:
Windows XP:Type cd c:\Documents and Settings\All Users\Application Data\ and press the Enter key.Type dir and press the Enter key.
Windows Vista:Type cd c:\ProgramData\ and press the Enter key.Type dir and press the Enter key.Type c:\Users\All Users\ and press the Enter key.Type dir and press the Enter key.Scroll through the list to find directories with random names that contains 18 characters. For example: cHl08200gMhHd08200 , pJg08200fBmPl08200.Type rd /s /q <random name>, and then press the Enter key. Replace <random name> with the 18 character name. Repeat this step for each random name you find.Type reg delete hkcu\software\microsoft\windows\currentversion\run once /v <random name> /f, and then press the Enter key. Replace <random name> with the 18 cha... Read more

More replies
Relevance 73.8%

hi bikash_ibat,

Your log is a few days old. If you still need help simply reply to my post and we can begin.

More replies
Relevance 73.8%

Hi -I had this malware and per the suggestion in this topic: http://www.bleepingcomputer.com/forums/t/263016/cyber-security-malware/I ran Malwarebyte's Anti-Malware. The quick scan did not do the job, but the full scan seems to have. Would you mind taking a look at the log pasted below to confirm that all is well? I am running Windows Vista Version 6.0 SP2.ThanksMalwarebytes' Anti-Malware 1.41Database version: 2993Windows 6.0.6002 Service Pack 210/19/2009 11:12:00 PMmbam-log-2009-10-19 (23-12-00).txtScan type: Quick ScanObjects scanned: 86362Time elapsed: 5 minute(s), 46 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 2Files Infected: 11Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearc... Read more

Answer:Cyber Security malware: is it gone?

I think its self explanatory "quarantined & deleted successfully" but its always good to have a second opinion so why not download SuperAntiSpyware and do another scan. Make sure you update it and do the full scan.

You might want to ask someone how to go about deleting the registry values left behind by your spyware but i am not the person to be giving you that kind of advice. Good Luck

4 more replies
Relevance 73.8%

Hello,

I would be grateful if you can help me.

I went to my comp today and found flashing virus warnings. I notice that there is a new Icon on my desktop called Cyber Security. I suspected that it must be a 'nasty' so tried to remove it with 'Remove programmes' It won't let me. I searched on google and found a site that gives instructions on manual removal but it involves changing the registry and all sorts, I'm not confident in doing that without guidance.

Can anyone help me get rid of it?

I am using XP home and have Avira free. Not sure what other info you may need.

Thanks in advance for any help you can give me.

Ruth

Answer:Cyber Security malware?

i have received the same icons and can't remove this from my system. When i go into remove programs, it says,"This version of cyber security is for evaluating purpposes only. The removal features are disabled."

22 more replies
Relevance 72.98%

About two weeks ago whilst my son was looking for some images on the google site (not that google is in any way implicated here) a box popped up on the screen saying we had a virus called Cyber Security.  It outlined that there was a solution and of course when you followed those links the upshot was you had to pay for a download to fix it.Luckily we'd heard a segment on bbc radio about this virus and ignored it and started to hunt down a fix ourselves.After a number of what appear to be false starts (ie scans that tell you the virus is there but then demanding money to put it right!) and another reference to the bbc we found you guys.I've worked through the malware removal guidance and have hopefully correctly posted the three relevant logs below.It would appear that the "cyber security" rogue has now been removed but I'm following your advice and posting anyway - hope that's right and I look forward to hearing from you.lc[Saving space, attachment deleted by admin]

Answer:Cyber Security virus/malware

1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.QuoteR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/searchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/searchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Accelerator Plugin - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRA~1\PEOPLE~1\PRPL_I~1.DLL (file missing)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)2) Next perform a full scan with malwarebyte antimalware as follows.Make sure it is updated before performing a scan.* Open Malwarebyte A... Read more

1 more replies
Relevance 72.98%

Hello,I'm hoping you can help me. I have a similar problem as earlier experienced by others...see the following forum link...http://www.bleepingcomputer.com/forums/t/263016/cyber-security-malware/I logged into my computer last night and after a couple of hours on it, I was getting flashing virus warnings. I notice that there is a new Icon on my desktop called Cyber Security. I may have picked up this malware from a download I did the previous day for a media converter called "SUPER". Before I downloaded it I googled around to be sure it was safe as it is freeware, no reviews I read reported problems with this software. After downloading it, I attempted to launch it, but nothing occured. This raised my suspicions and fears, so I immediatley uninstalled it. Possibly the site I got it from was bogus, or maybe I picked up the malware somewhere else. Now, a day later, I am experiencing this Cyber Security malware which can't be uninstalled or disabled. When trying to disable it, I get the message:"This version of cyber security is for evaluating purposes only. The removal features are disabled." My laptop is an HP Pavilion dv6449us, and Im running Vista SP2...I was able to generate the DDS logs and Attach.txt, but the Root Repeal would not complete after 5 hours, so no report here. Is this normal? How long should it take to complete and generate a report? It seemed to lock up when scanning the c:/Windows/system32/Gather^1.VBS, showing a scan status of "Locked to the wind... Read more

Answer:Cyber Security malware infection

One addtional thing, after attempting to run the but the Root Repeal, which never finshed (it just idled for several hours), explorer.exe seems to have gotten corrupted. I now get the "Windows Explorer Has Stopped Working" message box, followed by "Windows Explorer is Restarting". These two pop ups loop endlessly and prevent ny command, even in Safe Mode. I tried to restore my laptop to a previous restore point, back to October 4, but the explorer launch errors still occur!

20 more replies
Relevance 72.57%

I hope I have posted this in the right forum - most of the topics I see here on the first page seem to have the "Moved" tag on them. Despite what the title and the first paragraph describing my problem may suggest on a quick skim, I don't believe this problem is currently being caused by malware nor removed with malware removal tools, but rather being a system problem in nature.

I recently cleaned a Windows XP SP3 Media Center Edition machine of SystemFix, which was quickly followed by another malware program I don't remember, and after that by AV Protection 2011, using MalwareBytes' Anti-Malware. Since then, the computer shows in Network Connections that it has been connecting to our Linksys router, but no packets are being sent or received and there is no internet access available, and I can't even access the router administration page from the affected computer. The internet works without issue if I boot to Ubuntu Linux off of a CD/USB drive, so the problem should be with the Windows software. I've tried just about every possible solution I could possibly find on the internet, as well as a few I made up on the spot, which to my memory includes but is not limited to the following (all under an account with administrator rights, of course):

- scanned computer with MalwareBytes' Anti-Malware, COMODO Antivirus, SuperAntiSpyware, Ad-Aware, ESET, IOBit Advanced SystemCare 5, Sophos Anti-Rootkit, and avast! aswMBR.exe
- attempted to run tdsskiller.e... Read more

Answer:Internet not working after malware removal - system/registry/setting damage suspected

and welcome to the Forum

We have a malware removal forum and I suggest you post there. Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

2 more replies
Relevance 72.57%

A summary for the time-strapped can be found at the bottom of this post. If you have read my previous topic, the main new details are a more informative description of the unnamed malware and a brief mention of an attempt at a wired connection that I forgot earlier.

I have reposted this from the XP forums at the request of a team manager, though I feel it belongs there rather than here. Despite what the title and the first paragraph describing my problem may suggest on a quick skim, I don't believe this problem is currently being caused by malware nor removed with malware removal tools, but rather being a system problem in nature. Even so, I suppose that won't be so much of an issue if my helper is experienced in both subjects.

I recently cleaned a Windows XP SP3 Media Center Edition machine of SystemFix, which was quickly followed by another malware program I don't know the name of (it redirected search result links, and opened Mevio alerts and hidden iexplore.exe processes randomly with sporadic spurts of random audio in a manner similar to that described in this topic), and after that by AV Protection 2011, using MalwareBytes' Anti-Malware and possibly other automated removal tools which I can look up if that would be helpful. Since then, the computer shows in Network Connections that it has been connecting to our Linksys router, but no packets are being sent or received and there is no internet access available, and I can't even access the router administration pag... Read more

Answer:Internet not working after malware removal - system/registry/setting damage suspected

Hello and I guarantee the problem is still malware related.

What I need from you, is a proper set of logs so I can see the current state of the machine. I'll have to ask you to please stop doing any other self fixing while we're working together, or you'll make my job that much more difficult.

Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

19 more replies
Relevance 70.93%

Hi,

I have a dell xps 8300. It started acting up about 1 week ago (freezing while working online, freezing while trying to boot). Today i got the Blue screen asking me to restart if this was the first time I had received a blue screen.
I restarted it was fine for 30 minutes and everything froze.
I restarted it and I received error beeps ( 4 beeps)
I looked that up on dell support and they said it was RAM problems.
I opened up the computer vacuumed a bit, took out ram cards and reinstalled them.
It had been working o.k.for about 1 hour and only froze once more.
I decided to try the malware removal guide and here are the logs
Malware bytes did not find anything
TDSSKiller did not find anything
MGtools ran but as soon as it was done the window closed. i don't know how to find the log
Your help will be greatly appreciated
 

Answer:malware removal - have followed malware removal guide

I still want to see the log from Malware Bytes please.





MGtools ran but as soon as it was done the window closed. i don't know how to find the logClick to expand...

Should be directly on C:\ if that's where you boot Windows from. If you really cannot find the log, you'll have to run MGTools.exe again in order to produce a MGlogs.zip. Thanks.
 

20 more replies
Relevance 70.93%

I have run the malware removal intructions and when through each programs as they did remove some of the malware and virus. The issue that I am having is that when I open the computer under seperate user and try to run the malware removal programs via internet or through USB drive, I keep seeing a window which pops up asking me which program I want to use to open the program. I have run the computer under the adminstrator and do not seem to have problems running the

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log



View attachment hijackthis.log

malware removal steps and have attached the reports from the intructions.

Even when I try to open add or remove programs under control panel- I get the following message: "C\windoesn\system32\rundll32.exe- application not found. I am thinking that It is something to do with AVG and have removed the program with the step.

Please help....

View attachment mbam-log-2011-03-28 (17-02-07).txt



View attachment combofix log.txt



View attachment SUPERAntiSpyware Scan Log - 03-28-2011 - 16-42-24.log
 

Answer:Help with malware removal- have run malware removal instructions

ssmehta007 said:



....try to run the malware removal programs via internet or through USB driveClick to expand...

Specific download and installation instructions are in our R&R ME FIRST guide :
ComboFix
Running from: l:\combifix\ComboFix.exe <--- belongs on your desktop

RootRepeal
Save it to your Desktop

SAS & MBAM
Installed to the Default Location - "C:/Program Files", as we suggest that you keep them after malware removal.

MGTools.zip
Download this file to the root folder of the drive where you have installed Windows (Typically this would be C:\ and thus you would have a C:\MGtools.exe file after downloading). ​
Please make those corrections and attach the missing RRlog.txt (from RootRepeal) and MGlogs.zip - normally it is C:\MGlogs.zip . Please tell me any problems you still have.
 

18 more replies
Relevance 70.11%

StartupList report, 6/18/2010, 12:17:38 PMStartupList version: 1.52.2Started from : C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.EXEDetected: Windows XP SP2 (WinNT 5.01.2600)Detected: Internet Explorer v8.00 (8.00.6001.18702)* Using default options==================================================Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\spnsrvnt.exeC:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exeC:\Program Files\Netbooster Client\Client\ventc.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\DAP\DAP.EXEC:\Program Files\Skype\Phone\Skype.exeC:\Program Files&#... Read more

Answer:System security AV pop up/removal of malware anf trojans from the logs/system slowed down

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a better look at your system, please do the following so I can get some more detailed logs.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appe... Read more

3 more replies
Relevance 69.7%

Tip ST04-016
From
National Cyber Alert System Cyber Security US-CERT Cyber Security Tip ST04-016 -- Recognizing and Avoiding Spyware
. On the above link you wil learn:
What is spyware?
How do you know if there is spyware on your computer?
How can you prevent spyware from installing on your computer?
How can you prevent spyware from installing on your computer?
How do you remove spyware? .

Answer:Tip: National Cyber Alert System Cyber Security Tip ST04-016

Attached Poll to this Thread

5 more replies
Relevance 69.7%

2016 WINNER

For immediate release:

2016 'ASTORS' Homeland Security Award Winners Announced - American Security Today

American Security Today?s comprehensive Homeland Security Awards Program was organized to recognize the most distinguished vendors of physical, IT, port security, law enforcement, and first responders, in acknowledgment of their outstanding efforts to ?Keep our Nation Secure, One City at a Time.?

Blue Ridge Networks AppGuard

Platinum Award, Best Cyber Anti-Malware Solution

 

Answer:2016 Homeland Security - AppGuard Best Cyber Anti-Malware Solution

U.S. Department of Justice
Executive Office of United States Attorneys
Department of Commerce
Department of Defense
Department of Homeland Security

Department of the Interior
Department of State
Department of Transportation
Army
Navy
All protected by Blue Ridge Networks products - past and present.
 

40 more replies
Relevance 68.47%

Hey,

So I got infected with this virus/malware MS Removal Tool. Things that I noticed: it created a file nvpcpl.dll, hid all my d drive files and removed 90% of the items from the Start > All Programs menu. I ran through all the scans but still cant seem to get the programs in the All Programs menu back. Attached are my clean scans in the order recommended. Just as an fyi, C: is my primary drive, D: stores all documents/pictures/music, F: is the external hard drive. Thanks for the help.
 

Answer:Malware removal help - MS Removal

Things that I noticed: it created a file nvpcpl.dllClick to expand...

See this link About nvpcpl.dll You do not have macafee installed and I am not seeing the file in your logs. Do you still see it? If so give me the full file path. But you also have NvCpl.dll running which relates to Nvidia which IS installed.

Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.


Right-click OTM.exe And select " Run as administrator " to run it.
Paste the following code under the area. Do not include the word Code.

Code:


:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]

:files
C:\Documents and Settings\All Users\Application Data\oJh06504hBkGg06504

:Commands
[emptytemp]
[Reboot]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy everything in the Results window (under the green bar), and paste it into notepad, save it as something appropriate and attach it into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file prese... Read more

3 more replies
Relevance 67.65%

Hi,

I have become one of the many with a PC infected by 2 fake security scams (Cyber Protection Center and Cyber Security). I purchased Spyware Doctor recently, thinking that this would get rid of it, since the free scan did identify them, or so I thought, but it has failed. Can someone possibly advise me on how to get rid of them please? My computer has slowed down a lot, and the constant pop-up messages are really annoying.

I have a HJT log file, below.

Many thanks in advance.

G

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03:30, on 20/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Spyware Doc... Read more

Answer:Cyber Security and Cyber Protection Center

Welcome to TSG

Before i get started, i need you to remove all your Anti-Virus program except one. You have numerous programs installed. Running muliple AV programs will cause system slowdown and crashes. Thanks
 

3 more replies