Computer Support Forum

advanced virus removal/total security malware problem on my laptop

Question: advanced virus removal/total security malware problem on my laptop

this was my original topic that describes my problems: http://www.bleepingcomputer.com/forums/t/260661/please-help-me-with-advanced-virus-removal-software-cannot-even-load-windows/ i was told at the end to post this log:Running from: H:\Documents\Win32kDiag.exeLog file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:\WINDOWS'...Found mount point : C:\WINDOWS\$hf_mig$\KB890046\KB890046Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB912945\KB912945Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\addins\addinsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp\ZAP176.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp\ZAP21D.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP300.tmp\ZAP300.tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\assembly\tmp\tmpMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Config\ConfigMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Connection Wizard\Connection WizardMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Downloaded Installations\Macromedia Contribute 3.11\Macromedia Contribute 3.11Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imejp\applets\appletsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\ime\imejp98\imejp98Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\InCD\InCDMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\inf\ASM\ASMMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA330100007706000000000020\7.0.0\7.0.0Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\java\classes\classesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\java\trustlib\trustlibMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind LogsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET FilesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\msapps\msinfo\msinfoMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLESMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFFMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCHMount point destination : \Device\__max++>\^Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe[1] 2004-08-04 22:00:00 743936 C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe ()[1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\helpsvc.exe (Microsoft Corporation)Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPointMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFilesMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUsMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFSMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEMMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\TempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLogMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\repair\Backup\BootableSystemState\BootableSystemStateMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\repair\Backup\ServiceState\ServiceStateMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\setup.pss\setupupd\temp\tempMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\DownloadedMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policyMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msftMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msftMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msftMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msftMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msftMount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70Mount point destination : \Device\__max++>\^Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\RegisteredMount point destination : \Device\__max++>\^Cannot access: C:\WINDOWS\system32\eventlog.dll[1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation)[1] 2004-08-04 22:00:00 61952 C:\WINDOWS\system32\eventlog.dll ()[2] 2004-08-04 22:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)Cannot access: C:\WINDOWS\Temp\hsperfdata_SYSTEM\1404ERROR OCCURRED!------------------------------Windows Version: Windows XP SP2Exception Code: 0xc0000005Exception Address: 0x00402415Attempt to write to address: 0x00000000I also tried to run the DDS as advised but i didn't get the notepad pop up like i was supposed to. All i get is DOS window pop up that shuts itself down in literally a milisecond - I can't even read what was said.

Relevance 100%
Preferred Solution: advanced virus removal/total security malware problem on my laptop

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: advanced virus removal/total security malware problem on my laptop

excuse me, i know you guys are busy, but it's been 3 days and i havent gotten a reply yet. i thought i read somewhere that topics that dont get activity after 3 days get locked or deleted, so was just wondering about that.

even if you may not answer my question immediately, a response would be appreciated.

4 more replies
Relevance 99.63%

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

Answer:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

8 more replies
Relevance 89.38%

I have been infected with Total Security and Advanced Virus remover. My google searches are being redirected. I tried removing these with Malwarebyte's Anti Malware but everytime I perform the scan with it the program stops responding after less then 30 seconds of scanning. I have noticed that it is stopping on the file zipfldr.dll. My desktop wallpaper has been covered with a giant warning sign but all the desktop icons appear in fron of it. Also RootRepeal doesn't appear to run properly on my computer. When I try and run it it gives me a message saying "Could not read the boot sector. Try adjusting the Disk Access Level in the Options dialog." Once I click OK on that dialog box about 5 times it works. After it scans for awhile it come up with an error that reads "Attempt to read from address: 0x015b107c" I press OK at RootRepeal automatically closes. A file is saved on my desktop called "RootReapeal_crash_092409.193325"

DDS (Ver_09-07-30.01) - NTFSx86
Run by Zachary at 18:20:13.15 on Thu 09/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.408 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\S... Read more

Answer:Infected with Total Security and Advanced Virus Remover

I may have fixed the problem. Using Process Explorer which I had downloaded earlier following the instructions on another part of this site. I stopped the Total Security process as my computer was still starting up. The Warning message that covers my background doesn't appear and I am able to run Malwarebytes' and RootRepeal. I think I have gotten rid of total security and advanced virus remover. Here are my updated logs.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Zachary at 12:57:49.32 on Fri 09/25/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.425 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS... Read more

3 more replies
Relevance 87.33%

I needed to amend the instructions written by Grinler for removing total security which is a virus/malware in order to get it to work. The link to the instructions: http://www.bleepingcomputer.com/virus-remo...-total-securityTotal Security has gotten smarter and now won't allow most processes or applications to run. Nothing I tried at first would allow me to end the Total Security process. Total Security shut down anything I tried to run... like hijackthis, malwarebytes, spybot, adware etc....I surmized, that total security will not allow you to run any exe programs other than a few it knows about.My solution was to rename the ProcessExplorer file..... Procexp.exe to iexplore.exe. (Download process explorer from Microsoft on a different computer if you have to.).... renaming to other file names like explorer.exe may work too.After doing that I was able to end the process and proceed with process.I think Grinler has edited his instructions so everything is good.Thanks to Grinler for posting the instructions. Good LuckHarold

More replies
Relevance 82.82%

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Answer:Virus removal/remove Total Security

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic re-opened, please send me a PM.

Everyone else, please start a new topic.

2 more replies
Relevance 82.82%

Alright so the desktop, using windows xp, has the "total security" pop ups telling us we're infected blah blah virus. I tried looking at results for other people on this problem such as the "tsc.exe" removal but couldn't find it. So yea pretty much just need help removing it any help is greatly appreciated. Thank you in advance.
 

Answer:Total Security 4.52 Virus. Help needed for removal

16 more replies
Relevance 82%

Please help. New to the site, Currently experiencing Malware with a "your system is infected" popup and a background screen with "Your system is infected" text. I can't seem to get any antivirus software to work: McAfee, Kaspersky, Windows Defender, Windows Live OneCare, etc... Now I just downloaded MBAM, and when I try to run a scan I get an error Message "Run time Error '5' Invalid procedure call or argument". I don't have any administrator privileges, I can't pull up task manager or turn on Windows XP firewall. Here is the HJK:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:32:56 PM, on 8/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:&#... Read more

Answer:Unauthorized - Advanced Virus Removal - Malware

Turns out the Virus PAVRM and Renos and a couple others were worse than I expected...so I just re-formatted. Thanks for what you guys do.

2 more replies
Relevance 80.77%

I was never able to save procexp.exe nor rootrepeal to my desktop; the save as or run command would never appear. All I have been able to do is run the mbam. I hope this attachments shows up. Thanks for any help.

Answer:Total Security Removal Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

35 more replies
Relevance 79.95%

Its called 'Total Vista Security' and i never heard of it. When i log on to my pc, the security window pops up and acts like its scanning my pc and it says it finds a lot of infections but if i go to remove them it just tries to get me to buy the 'full' version.This thing keeps popping up on the side of my screen that says there is a security alert and if i try to block it, it brings up a page for me to register for a full version. Same thing when little bubbles pop up on the lower right hand corner saying my system is hijacked or tracking software found or something weird. i've tried running malware-bytes but it wont let me

Answer:Total Vista Security virus/malware?

Please refer here - > http://www.bleepingcomputer.com/virus-remo...irus-vista-2010 and post the results of your Malwarebytes log when complete.

1 more replies
Relevance 79.95%

I have a virus called "total security" I have looked at a few forums and tried some step by step instructions. it seems the most popular solution is to start up in safe mode and install "malware bytes" which I did and I started scanning the computer. After about 3 seconds, the program just quits and will not let me open it back up unless I reinstall it. I have also tried using "spyhunter" and it started scanning for a few seconds and then just quits. This is very frustrating and I need to know how to completely demolish this. I bought kaspersky antivirus because the best buy representative told me I could boot up from the cd and remove the malware but I guess it does not have that option.

Any help is appreciated!

Thanks,
Caleb

Answer:got virus "total security" I cannot run "malware bytes"

Hello, calaberator.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit. We Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.In your next reply, please include the following:RootRepeal.txtRegards,neomage

1 more replies
Relevance 79.95%

I originally had the XP total Security Virus and I believe it disabled my anti-virus software (Microsoft Security Essentials) and caused me to get another fake virus scanner.
 

More replies
Relevance 75.44%

Hi

I am not sure if I have malware, but the suggestion that I should have it checked out was enough to prompt me post here...

The following is the message I had from Advanced SystemCare 3 Security Analyzer:

Please note the items listed here are not all problems or malware. They are critical settings of your system and common targets of malware. Before you remove any item, make sure it is malware. The log file of Security Analyzer is 100% compatible with HijackThis log so you can save this report and submit it to any qualified online HijackThis log analyzer and HijackThis forums.

My HijackThis log is as follows:

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 11:42:11 AM, on 4/6/2011
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v7.0 (7.0.5730.13)
Boot mode: Normal

Running processes:
O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B... Read more

Answer:Possible Malware Problem after Advanced SystemCare 3 Security Analyzer

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

6 more replies
Relevance 72.16%

I recently posted a Tread on this subject in this section and was told it all sounded like an O.S. problem. So, I re-submitted the problem in the O.S. section and was told it's a malware problem. The following is a description of my problem if anyone can help:
I use windows 7 Ultimate, Norton 360 Anti-Virus, and Spyhunter 4. Intermittently, when I try to fill in google in my browsers (Firefox or Internet Explorer 9), my start menu search or any other search on my computer, as well as filling in any form ( like the registration form here) a separate search bar and box pops up and puts my letters in it's box. The toolbar box is the identical box you would use if you press Ctl + F on your key board. The only way I can stop it now is by using Task Manager.

I have, over the past two weeks, spent over $100 on software. Contacted Microsoft, four antivirus companies, numorus malware companies, 5 Tech Sites, and run just about every log , file, extractor, etc. you can imagine - WITH NO RESULTS!!

I would really hate to have to wipe and format my drive - I could never save everything. I back my drive up but unfortunately I backed it up with the problem, so I wiped my back-up drive.

This is my last resort, I hope someone can help me.
(Attached are screen shots of the problem)

Answer:Malware? Virus? O.S. Problem? A Total Mystery To Experts

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

What do you see under 'Options' in that unwanted toolbar under the BofA toolbar?

Can you post a pic of the entry in Task Manager that you have to End Process on?

------------------------------------------------------

I see you have SpyHunter installed on your system. This application was previously listed as a rogue program because of deceptive advertising. Please read here

Although no longer listed as such, we recommend uninstalling it via Programs and Features in your Control Panel and downloading antispyware programs that have proven themselves tried and true. See here for a list of trustworthy antispyware products.

If you decide to uninstall it, also delete this Folder if it still exists:

C:\Program Files\Enigma Software Group

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2Double-click SystemLook_x64.exe to run it. (Vista/Win7 users, right-click > Run as Administ... Read more

19 more replies
Relevance 71.34%

Hi fellow techs

Just got d above virus and Wat a mission it was to get rid of it

However it has left some damaging things behind like win updates thinks it's not turned on when it is!!!

As well as it's made some ordinary files like movies to be marked as hidden files

And all programs is not listing a thing but they are all still present!!!!

What the&hellip;&hellip;

Can anybody help

I will try restoring to a week ago soon to see if that works

Answer:Xp security 2011 / malware removal tool virus

You are still infected. We cannot help you here with Malware removal as per forum rules. Please head over to Virus/Trojan/Spyware Help and post there for more help
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

1 more replies
Relevance 70.93%

I had (still have?) the Windows XP Total Security virus - I *thought* I removed that main problem with MalwareBytes, but I'm now having browser (IE) redirect issues and "IE Script Error" pop-ups. Also, Windows Updates, Avira Updates are disabled.
I have run all reports: DDS below and Attach & GMER reports attached.
Thanks in advance for your help!

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by dwa1000 at 10:28:46.73 on Wed 04/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dwa1000\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {1... Read more

Answer:I had (still have?) the Windows XP Total Security virus - I *think* I removed that main problem with MalwareBytes, but I'm...

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

2 more replies
Relevance 69.7%

Hi,I am using Windows Vista Ultimate 6.0.6002 Service Pack 2 Build 6002 and have recently been infected by the Live Security Platinum virus (PUM.Disabled.SecurityCenter) and have cleaned it using the method from here.Everything's been going ok actually, except for the fact that now the whole of my Windows Security Center is unusable. I suspect it is due to the system files that were removed or modified during the removal process.Now Windows Update is not even present in the Services list and Windows Defender gives a "failed to initialize" error.It would be great if you could shed some light to me for this problem.Thank you.

Answer:Windows Vista Security Center problem after successful removal of Live Security Platinum virus

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

31 more replies
Relevance 69.7%

I just had my computer totally invaded by this crock of malware. I am running windows xp. I was not able to access anything (control panel, task manager, spyware program, avg program, adaware). I am very, very discouraged. I put the computer into safemode and used the system restore and took it back to just about a week ago. I have not seen any signs of this malware but who is to say that it may be lurking waiting to attack me again. I ran the spyware and avg programs. My question, is the total security still in the computer and if it is how do I find it and remove it? Thanks in advance.
 

More replies
Relevance 69.7%

Total security keeps poping up even after I select to continue unprotected. I was able to stop the program from running with the Task Manager.My son used sytem restore to go back 2weeks before the virus appeared.Thank you in advance for any help or adviceHere are the logs

Answer:Total security removal

Hello patmbeechWelcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

1 more replies
Relevance 69.7%

Well, I have the total security trojan on my machine and have tried for hours to eleminate this (*&%^$!! I followed the bleeping computer instructions to the letter.
I installed Malwarebytes and it ran flawlessly. When I rebooted, the problem was still there and now Malwarebytes won't run.
I have run the DDS tool, that ran fine and I tried running the Root kit program but that won't run either.
Here is the first DDS log.
DDS (Ver_09-07-30.01) - NTFSx86
Run by earl the pearl at 18:21:18.13 on Sun 09/13/2009
Internet Explorer: 7.0.6000.16890
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.912 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Spyware Doctor *enabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetw... Read more

Answer:total security removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 69.7%

I have a machine infected with the Total Security Anti-virus nightmare.

Task manager is disabled - cannot kill running processes
Safe mode BSOD's
No executables will run
Hijack this - won't load
Malwarebytes - won't load
Combofix - won't load
Run function - disabled
Sysrestore - disabled
Attempt to delete malicious files - automatically restored.

My only other option I can think of is to try to run a boot time anti-virus rescue CD

If that doesn't work I'm at a loss
Anybody got any ideas?
 

Answer:Total Security Removal Help

The boot time scanner - Kapersky Rescue Disk 2008 - worked - didn't get it totally but it was enough to return functionality to kill the rest of it off.
This is a nasty one.
 

1 more replies
Relevance 69.7%

Hi there,I just got the XP Total Security virus and it is blocking my access to all internet - I was trying to follow the steps from the forums here but the first step was to download Process Explorer which I am not able to do. I am able to boot into safe mode without see any signs of total security...Please help. I am not very technical at all.Thank you very much in advance!!!EDIT: Moved from XP to Am I Infected~~ boopme

Answer:XP Total Security removal help

Did you try the removal guide here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

6 more replies
Relevance 69.7%
Answer:Bitdefender Total Security vs Emsisoft Anti-Malware vs ESET Smart Security

Emsisoft.
 

1 more replies
Relevance 69.29%

Hi, yesterday I wanted to download 360 total security essential from the official site.
I've installed ublock origin that blocked the connection because the link to download the software was blacklisted by Malware Domains.
Do you know why?
 

Answer:Why 360 total security Internet Security in Malware domains list?

Probably a false positive from the list
 

21 more replies
Relevance 68.88%

I have Total Security 2009 and PC_Antispyware 2010 on my computer and I can not remove it. It has stopped all programs including internet explorer and firefox. If I am in safe mode I can get to the internet and download but nothing seems to work to get this off my computer. Everything is disabled in normal mode. Any suggestions?

Answer:Total Security Spyware Removal

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 68.88%

Hi,
I Removed "XP Total Security 2011" using steps here - http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Malware no longer manifests *but* the all mapping to 'exe' files is gone (eg cmd.exe etc...)

Anyone with some advice please.

Thanks,

Answer:Cannot launch 'exe's after XP Total Security removal

Hi lanrat,

Step 17 should restore your files http://www.bleepingcomputer.com/virus-removal/remove-windows-restore
Good Luck

3 more replies
Relevance 68.88%

My main PC has been hit by that annoying "Warning! Your're in danger!" wallpaper and "Total Security" rogue app.I could not open Process Explorer as advised in: http://www.bleepingcomputer.com/virus-removal/remove-total-securityI tried to start pc in Safe Mode, but everytime when I tap F8, it shows a set of instructions and then it reboots..I could not open any file including MBAM.What should I do since I couldn't even disable the rogue app's process?

Answer:Removal not working for Total Security

I even tried to race with Total Security by use Avenger to delete tsc.exe and Sc2C21UvvM.exe off, but after rebooting, the report states that both files are not found.

Please help.. the "Warning! Your're in danger" and "virus scan" is making me crazy..

13 more replies
Relevance 68.88%

I've been trying to remove a virus called Vista Total Security from my computer for a while now I have tried googling some removal guides but I cannot follow them as even in Safe Mode with Networking I cannot run a downloaded program, I'm locked out of pretty much all my programs I cant use CMD. The only process in task manager that I know is the virus is nyt.exe and after ending it as soon as try and open something or run something it doesn't want me to it appears back on task manager again straight away. Can anyone help I really don't know what to do with this Thanks Jordan.

Answer:Vista Total Security removal help

physically remove your drive and slave it to another PC and do your virus and spyware scans that way.Some HELP in posting on Computing.net plus free progs and instructions Cheers

3 more replies
Relevance 68.88%

I tried to follow How to remove Total Security (Uninstall Guide)Posted by Grinler on March 19, 2009 @ 10:04 PM and was able to copy the Process Explorer, rename it, but was unable to execute it. Total Security claims it is an infected file and will not let it run so....I can't terminate the tsc.exe. Is there any other way to get in and terminate the process?

Answer:Total Security Removal revisited

HelloI see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/254437/infected-with-win32-trojan-gen/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have ... Read more

1 more replies
Relevance 68.88%

i recently posted a topic about my infection

important logs and files are already posted there.

http://www.bleepingcomputer.com/forums/topic409462.html/page__gopid__2339526#entry2339526

the person who helped me assumes i need help from the malware removal team.
i hope someone can help me out.

Answer:in need of more advanced malware removal help.

1st log:
TDDSkiller log :
2011/07/17 20:49:24.0421 3828 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/17 20:49:24.0673 3828 ================================================================================
2011/07/17 20:49:24.0673 3828 SystemInfo:
2011/07/17 20:49:24.0673 3828
2011/07/17 20:49:24.0673 3828 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/17 20:49:24.0673 3828 Product type: Workstation
2011/07/17 20:49:24.0673 3828 ComputerName: PC_VAN_5738Z-42
2011/07/17 20:49:24.0673 3828 UserName: 5738Z-424G50Mn
2011/07/17 20:49:24.0673 3828 Windows directory: C:\Windows
2011/07/17 20:49:24.0673 3828 System windows directory: C:\Windows
2011/07/17 20:49:24.0674 3828 Processor architecture: Intel x86
2011/07/17 20:49:24.0674 3828 Number of processors: 2
2011/07/17 20:49:24.0674 3828 Page size: 0x1000
2011/07/17 20:49:24.0674 3828 Boot type: Normal boot
2011/07/17 20:49:24.0674 3828 ================================================================================
2011/07/17 20:49:25.0491 3828 Initialize success
2011/07/17 20:49:30.0357 5124 ================================================================================
2011/07/17 20:49:30.0357 5124 Scan started
2011/07/17 20:49:30.0357 5124 Mode: Manual;
2011/07/17 20:49:30.0357 5124 ================================================================================
2011/07/17 20:49:31.0005 5124 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci... Read more

12 more replies
Relevance 68.47%

Been told to move to this forum and post results from a dds scan. Some software called total domination has been downloaded on my pc along with some called bitlord and im struggling to remove it. 
 
DDS Scan log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by user at 18:16:26 on 2014-06-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.5422 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program F... Read more

Answer:total domination malware removal help

The rule here is one problem, one thread. Multiple threads not only tie up multiple Helpers on the same issue but also pose the risk of contradictory instructions threatening the well being of your system - please do not do it.
As the first post on this topic can be found here I have locked this one and the two others that you started.

1 more replies
Relevance 68.47%

I have been told to move my topic to this forum - I have downloaded some malware called total domination inadvertently along with some software/malware called bitlord. 
 
I am running windows 7 64 bit
 
DDS Scan result:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by user at 18:16:26 on 2014-06-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.5422 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Prog... Read more

Answer:'total domination' malware removal help

The rule here is one problem, one thread. Multiple threads not only tie up multiple Helpers on the same issue but also pose the risk of contradictory instructions threatening the well being of your system - please do not do it.
As the first post on this topic can be found here I have locked this one and the two others that you started.

1 more replies
Relevance 68.47%

Been told to move to this forum and post results from a dds scan. Some software called total domination has been downloaded on my pc along with some called bitlord and im struggling to remove it. 
 
DDS Scan log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by user at 18:16:26 on 2014-06-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.5422 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program F... Read more

Answer:total domination malware removal help

The rule here is one problem, one thread. Multiple threads not only tie up multiple Helpers on the same issue but also pose the risk of contradictory instructions threatening the well being of your system - please do not do it.
As the first post on this topic can be found here I have locked this one and the two others that you started.

1 more replies
Relevance 68.47%

Been told to move to this forum and post results from a dds scan. Some software called total domination has been downloaded on my pc along with some called bitlord and im struggling to remove it. 
 
DDS Scan log:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.60.2
Run by user at 18:16:26 on 2014-06-12
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8152.5422 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program F... Read more

Answer:total domination malware removal help

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

17 more replies
Relevance 68.06%

I was browsing the internet (reddit.com) when Total Security randomly installed itself on my laptop. I didn't really notice until it started bugging me about "infections," at which point Windows AntiVirus Pro had installed itself. I tried to open up McAfee, but it was blocked by WAV, shich stated that the file was infected and therefore could not open. I tried to uninstall it through the Control Panel, but the Add/Remove Programs window would not open. So, I googled how to uninstall WAV and happened upon this site, where I saw the tutorial on how to remove it. I downloaded the setup exe for Malwarebytes' Anti-Malware like it says in the tutorial, but the setup was blocked in the same manner as McAfee.

Later, while I was initially typing this same post, my computer randomly logged me out and went to a black screen, the only things showing up being the fake virus alerts from AntiVirus and Total Security.

I am currently posting this from my desktop PC.

Answer:Windows Antivirus Pro and Total Security removal

Hi,I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Please give them a link to this topic.Good luck.

2 more replies
Relevance 68.06%

hey, i need help removing this total security malware off my computer, i tried some of the given spyware deletion programs from this website nd they wouldnt work for windows stupid vista so i need help plz!

Answer:total security removal!! need help [Moved from Vista]

Moving to the Am I Infected forum for you.

3 more replies
Relevance 68.06%

Ok this Total Vista Security has somehow infected me, not sure how because im very careful not to click the popups etc about virus's i supposedly have but idk anyway ive found this http://www.bleepingcomputer.com/virus-remo...-total-security of how to remove, but it says to look for tsc.exe BUT i dont have it there :|Also says look for something else with a SHIELD or PADLOCK but again.. i got nothing!Someone please help me find out which i need to remove or give me a different method of removal, i need this removed asap! Thankyou

Answer:Help Asap! Total Vista Security Removal

Hello logue92 and good evening,Have you tried running any programs such as MBAM or SAS?Before running them, use TFC by Old Timer which can be found here. Make sure you close and save all your work before running TFC since it will more than likely need to reboot your computer.Are you pretty sure that you are dealing with the correct name rogue program? They tend to look alike and one word can change the removal process.

2 more replies
Relevance 67.65%

XP Total Security 2013 is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying XP Total Security 2013 and stealing your personal financial information.

As part of its self-defense mechanism,XP Total Security 2013 has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

XP Total Security 2013 is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for XP Total Security 2013 virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F8 key as your computer restarts.Ple... Read more

More replies
Relevance 67.65%

Hi folks,

Not very tech/computer savvy here, but really hoping to correct this issue with help from this forum.

Infected with XP Total Security earlier in the week. ESNOD was out of date (sad face/self flogging). Ran Panda Antivirus scan. Ran RKill + Malwarebytes. Both found one or two infected objects, but problem persists. No longer seeing XP Total Security pop-ups, but Google still redirects. There are four users on this machine (not networked). My personal settings have disappeared, as well as all my documents, files, data, etc. Kind of wigged out about that...

Thanks for your help. I'm feeling kind of hopeless at this point.

DDS Notepad -------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Michaela at 16:21:47.17 on Fri 04/22/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1391 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit... Read more

Answer:Infected w/ XP Total Security, removal attempts unsuccessful

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

48 more replies
Relevance 67.65%

Hello and good evening my friend just rang me, she seems to have downloaded, total security protection which I found is rogue software, and it says her laptop is infected......and I need to remove this for her.....i just want the easiest way to remove this dodgy software!!!!! ASAP!!!!

Answer:Total security Protection...rogue software removal

click here

10 more replies
Relevance 66.83%

I found the Total Security fake security portal on my desktop. I was able to remove it initially by renaming task manager and killing the process + deleting the program file, although it has since returned. Norton AV 2006 will not scan, cannot run any malware removal scans e.g. MBAM. Cannot run in safe mode I get a psuedo blue screen of death. Google links are redirected and many security related sites are blocked.

I tried following the instructions to prepare for my post however it appears that the virus is blocking execution of the DDS and RootRepeal scans. I attempted to follow removal instructions from threads as it appears this is a common issue but always get stopped at downloading/running MABE and the rename option does not appear to work. I've gone as far as I can without supervision. I worked with garmanma in another forum and after trying several log options the only one that would work was a WIN32kDiag - see below. He asked me to state that this is the only log I could run.

Norton is detecting two trojans but cannot remove: "c:\programfiles\shared\lib.dll" and "c\lcbckjms.exe".

Here is my OS and Computer info:

Dell Dimension 3000
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

Here is the log file:

Log file is located at: C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\... Read more

Answer:Total Security/Trojans Disable AV/MW removal, redirects Google + others

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 66.83%

Vista Total Security 2013 is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying Vista Total Security 2013 and stealing your personal financial information.

As part of its self-defense mechanism,Vista Total Security 2013 has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

Vista Total Security 2013 is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for Vista Total Security 2013 virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold the F8 key as your comput... Read more

More replies
Relevance 66.83%

Running Windows XP

I keep getting fake security alerts, etc. and am unable to access bleeping computer to download malwarebytes. I was able to download Sysinternals Process Explorer and found rww.exe... killed it, but was still unable to access the anything else on the internet. I get a screen that says "Firefox alert. Visiting this site may pose a security threat to your system!" whether I use Firefox or Chrome.

Thank you for your time!

Answer:Total Security Malware

Alright, I have no idea what I am doing, but this is what worked for me through trial and error. I opened Sysinternals Process Explorer and right clicked on one of the processes then chose "explore on internet" (may have been worded a little differently). This allowed me to get anywhere I needed to on the internet. After downloading Malwarebytes', I was not able to install it, even with multiple renaming attempts and using Sysinternals Process Explorer to kill rww.exe. What worked for me was right clicking the Malwarebytes install icon and choosing "run as.." and then unchecking "protect my computer and data from unauthorized program activity." This allowed Malwarbytes to install. Then I continued following the directions at How to remove Total Security (Uninstall Guide) by Grinler. Everything seems to be working fine now.Bleeping Computer is bleeping awesome!

1 more replies
Relevance 66.83%

The only way I can get to the forum unfortunately is in safe mode. I can't run any executable like task manager, regedit, the dds or the RoorRepeal programs. Thanks for your help!

Lee

Answer:Total Security Malware has got me

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

3 more replies
Relevance 66.83%

Yesterday, without me logging into any "unsafe" sites, my other computer got infected with a virus called "Total XP Security".

I have no idea how it got there, and just cannot get rid of it. I am basically looking for help on this matter if possible. That particular computer is now disconnected from my network and the internet, so I can work from this one until the problem is solved.

I have tried Malwarebytes/spybot, and even deleting files from the registry, but no matter what I do when I reboot, the problem comes back.

Many thanks in advance for any help or advice.
 

Answer:Total XP Security Malware

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.
**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to login to an infected user account, try using a differe... Read more

1 more replies
Relevance 66.42%

I don't know where this came from, but I have "Advanced Performance Platform Revenuestreaming" Cashtitan Malware on my PC and I would like to know how to remove it. Every so often, a voice ad will break in and it sounds like a radio station is playing in the backround. Also, when I go to the "add/remove" area of the PC, I cannot delete this. It asks for a code to remove the program.

Please help!

Thank you in advance.

B Mullen

Answer:Removal of Advanced Performance Platform Revenuestreaming Malware

from start

write : regedit ------> ctrl + f search : revenue -----> delete it.... you can install avg..

1 more replies
Relevance 66.42%

I recently inadvertently let in a virus that called itself XP Total Security. I am using Windows XP and was using Microsoft Security Essentials for Protection.OOPS!
After using another computer to search Bleeping Computer Forums, I managed to download RKill and Malwarebytes. I have ran both several times. Malwarebytes seems to remove the virus but when I re-boot it is back but with a different name. Now it is Windows Security Alerts. It has also hijacked by browser and will not let me do normal searches in my browser(Firefox) without re-directing to various other sites. I'm not sure what else to try. Now whatever the virus is - it is affecting non-web usage. While working on documents in Word or Excel, my computer will freeze and the only way I can move is to power down and then power back up.

Answer:Virus started as XP Total Security now Windows Security Alerts

I have also now tried Spybot and AVG. Even though they say they find trojans to remove - I am still having massive problems. Most of the time I can not log onto the internet and when I try to use System Restore - it either doesn't open or I get a pop up box that says System Recovery will not help me and then it exits. Please can anyone help?

2 more replies
Relevance 66.01%

Yesterday I found the Total Security fake security portal on my desktop. I was able to remove (I think) by renaming task manager and killing the process + deleting the program file. Desktop is now clear but symptoms remain - Norton AV 2006 will not scan, cannot run any malware removal scans e.g. MBAM. Cannot run in safe mode I get a psuedo blue screen of death. Google links are redirected and many security related sites are blocked. Although thankfully not yours!

I tried following the instructions to prepare for my post however it appears that the virus is blocking execution of the DDS and RootRepeal scans so I have no logs to post. I have attampted to follow removal instructions from threads as it appears this is a common issue but always get stopped at downloading/running MABE and the rename option does not appear to work. I've gone as far as I can without supervision.

Norton is detecting two trojans but cannot remove: "c:\programfiles\shared\lib.dll" and "c\lcbckjms.exe".

Here is my OS and Computer info:

DEll Dimension 3000
Microsoft Windows XP
Home Edition
Version 2002
Service Pack 3

Your assistance is requested please!

Thanks.

Answer:Total Security/Trojans Disables AV/MW removal. Blocks/Redirects Google + Others.

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

9 more replies
Relevance 66.01%

Hello,
I'd like to ask for help please.
I have caught a couple of viruses or malwares and tried to get rid of them but then windows and anti-virus software updates got blocked and I realised it was more complicated than I thought.
That?s when I found a thread http://www.techsupportforum.com/f100...te-467501.html and followed most of the steps.
Unfortunately I got stuck and don?t know how to create CFScript nor how to get rid of a virus which was found by kaspersky online scanner.
Please find the reports below.

Order:
1. mbam-log-2010-09-14 (12-30-38).txt - Malwarebytes before running Combo Box
2. CF log.txt - after running ComboFix
3. mbam-log-2010-09-15 (14-06-01).txt - Malwarebytes after running Combo Box
4. Kaspersky Report
5. Jotti report, scanned C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP54\A0012952.sys from Kaspersky Report

Could you please advise me what to do next?

Many Thanks,
Agatha

Answer:Problem with Virus / Malware removal

BUMP, please

1 more replies
Relevance 66.01%

Hi guys,

I have a big problem which has really been bugging me for 2 weeks now:mad .
I have searched all over the web but found no solution :tired .
As you may see i am new to this forum so please dont be harsh / strict :-o .

Just before i describe my problem i will list my laptop specs:
Acer Aspire 5820T
Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
4GB Ram (3.80GB usable)
64Bit Operating system

+ My OS (Operating System) , Windows 7 Home Premium

Ok so here's my problem:

Before 2 weeks my computer was fine but one day i got a problem which caused me to get Bsod and heavily decreased my speed. It also heavily decreased my startup and shut down speed. My startup speed was usually 15 secs and shutdown speed like 25 but now my startup speed is 4mins + and shutdown speed the same:confused .

So what i did was restore my computer to default factory settings with Acer eRecovery Management. Once i booted up again i still recognised the slow speeds like before; i also recognised that eRecovery only deleted all the files on my "C" drive so i went on my "D" drive and deleted everything and started eRecovery Management again.

Again i recognised the same problem so now i downloaded malware bytes and it blocks many ip's using the process svchost.exe i have only seen 2 ip's which it has blocked: "88.214.193.251" and "206.161.121.3" the first one is using port : 53075 but i didn't see the second ones port.
... Read more

Answer:Malware / Virus removal problem please help....

1111
 

35 more replies
Relevance 66.01%

I am having problems with my laptop. It originally had a rogue virus, unknown of the name, as far as i know it was know as the "system tool" virus and i thought i removed it and now i believe some pieces are left over and are still causing problems. I scanned with mbam and some PUP.Dealio's came up, try to remove them but they still appeared after a system restart and did not get rid of them. I have tried running RKUnhooker LE, and TDSSKiller. TDS. did not come up with anything, and RKUnhooker LE is not allowing me to run it, and error, Error loading driver, NTSTATUS code: 0xc0000368, appears with an "OK" button and then closes. I have tried running both programs in safe and normal and as admin.
 

Answer:Malware and Virus Removal problem

I have since removed the viruses however my laptop is now blue screening when I activate the network or plug in a hard line into the laptop.
 

1 more replies
Relevance 66.01%

Hello there,

I have run into some trouble while removing malware from a pc. I ran all of the normal scans that I run, deleted the culprit results. I wasn't able to update any of the antimalware/virus programs via the interface because of some problem with connectivity that I believe is due the the malware. To remedy this I thought that I would reboot in safe mode with networking and monitor my network's packets receiving/sending. When I went to do this I noticed that it wouldn't let me start in safe mode of any kind. Normal boot mode starts fine. I have done some research and have read many posts regarding the deletion of safeboot registry keys being due to some malware. I've tried several programs, AVZ, that have options for restoring deleted safeboot registry keys, but upon restart I have the same problem and cannot start in safe mode. Any help would be greatly appreciated. I've been at this myself for days and I have exhausted my knowledge. I am counting on the knowledge of the community. Thanks again.

Answer:Problem during malware/virus removal

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

3 more replies
Relevance 66.01%

Hello,Was infected with the "Total Secuirty 2009" malware package. Have run MWAB and it appears to have cleaned a lot of it, but would appreciate the help in verifying and removing any remaining components.Thanks!Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:27:26 AM, on 9/24/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Privoxy\privoxy.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgnsx.exeC:\Program Files\AVG\AVG8\avgcsrvx.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.... Read more

Answer:Total Security 2009 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

20 more replies
Relevance 66.01%

I have picked up a malware Total XP Security right on the heels of another malware last week. I think perhaps there was a trojan I did not get rid of that left me vulnerable. I would like to get rid of this before purchasing a virus protection program for my netbook. Thanks for the help.

Answer:I have picked up Total XP Security malware. Need help.

Please start by going here and following the instructions for removing Total XP Security. Please post the Malwarebytes log when complete.

1 more replies
Relevance 66.01%

Hi,

I got the Total Security malware last week. ON an XP with AVG Free and most other leading anti-spyware applications.

I did not realise initially what was happening so probably missed a window of opportunity to prevent it from taking control.

Anyway, situation at present is that I cannot run any exe files, cannot run Add/Remove Software, cannot run TaskManager and have tried a few ways around it. Also it won't boot in Safe Mood and so far have failed to boot it from disk (changed boot order and all that) though it is possible that the disk I was using wasn't suitable. Also I cannot install any programs.

What I can do in the Admin account is access non-exe files, so if I could find the relevant malware files maybe I can delete them that way. (I have serached for the usual file names in the suggested locations by other forums like this one, but no joy so far).

I can also use a non-admin account for about 30 min before the malware takes this one over and then a blue screen appears and system ceases. I can run exe files in the non-admin but they obviously have no admin access.

Any help, ideas is greatly appreciated.
 

Answer:Total Security Malware Nightmare

If you have gone thru the:
READ & RUN ME FIRST. Malware Removal Guide

Then the only thing I can suggest is that you try renaming the C:\MGTools.exe to C:\MGTools.com and see if it will run.

If it will not, and renaming the other tools is also unsuccessful, then you may need to slave the drive to a very well protected system and run the tools that way.
 

1 more replies
Relevance 66.01%

When using my computer earlier (not the internet) I had a program start running itself called Total Security which pretended to be an antivirus/spyware detector, i immediately terminated the process. Following that my symantec antivirus scanner started going crazy apparently scanning loads of emails simultaneously. Looked up total security and it is malware. Also my antivirus scanner over the last few days has been picking up stuff alot recently. I did this before and it cleared it all up so could someone please help me.this is my hijackthis log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:04, on 2009-08-30Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files&#... Read more

Answer:Hijackthis log >> Total Security and other malware

Hi guys, i've not had a reply to this yet. I know i was told not to bump topics BUT i'm away on holiday for the next week so please dont deactivate this thread. Thank you

3 more replies
Relevance 66.01%

hello,

how do i remove this total security malware from my pc? i am using kaspersky antivirus but i can no longer load pages unless i disable it. i am enclosing my hijacked log file.

I appreciate your help.
stressed out mom,

Theresa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:49 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctf... Read more

More replies
Relevance 66.01%

I have recently upgraded my laptop from Vista to Windows 7 to Windows 10.

I currently use 360 Total security (free version) and my anti-virus software.

In the light of the recent cyber attacks I wonder if i could also install Bitdefender or similar to run alongside 360 Total Security to protect against malware and ransom ware attacks.

Would appreciate any advice on suitable FREE software I could use, if that's possible
 

More replies
Relevance 66.01%

the 'Vista Total Security' malware has basically debilitated my sisters laptop.
Very little, if anything at all, will open. While Rkill will run, I get this message before it closes --

" sed.exe: can't read c:\users\anna\appdata\local\temp\rks1.log: no such file or directory "

and after that it doesn't terminate any of the malware keeping me from using Malware Bytes and Superantispyware.
The same goes for trying it in safemode....

Any help would be terrific !!

Thanks.

Answer:Vista total security malware

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 66.01%

I have been helping my mother out with removing malware from her computer for several months now, so apparently I am missing something that allows it to keep coming back. In the past I have helped her get rid of (or so I thought) the XP Total Security Malware and the XP Security 2011 one as well. Of course, now this one is back. So I decided to seek the help of experts. The malware has basically disabled the firewall, automatic updates, virus protection, and can not open any programs. I was able to get Avast to do a scan and it did detect the Win32:Renosa-D Trojan and was promptly deleted. Any help to get rid of this blasted thing will be greatly appreciated.

Teri

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Finney at 17:14:35.00 on Fri 05/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1387 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:... Read more

Answer:Infected with XP Total Security Malware

Hi Teri,My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. ... Read more

14 more replies
Relevance 66.01%

My laptop recently (two days ago) started popping up warnings that say "your computer is infected with 38 viruses) blah, blah, blah. Boxes pop up from Total Security showing a fake scan totaling to 38 infections of spyware, and telling me to download anit-virus protection from them. I did some research online and found that Total Security is a malware. I then came to this website and did a search of the forums to find a fix. I found an uninstall guide for Total Security and attempted to follow the instructions. I downloaded Process Explorer, renamed it to iexplorer.exe, ran it, and looked for the program TSC.exe to disable it, but it did not show up like described in the guide. I went ahead and downloaded the Malwarebytes Anti-Malware as directed. When I told it to Scan, it scanned for about 4 seconds then just went away. When I try to run it again, I get an error message that says, "Windows can not access the specified devic, path, or file. You may not have the appropriate permissions to access the item."
I had AVG 7.5 on my laptop prior to this. When this happened I downloaded AVG 8.5. I have tried many times now to update this, as it shows the last update was 06 June, 2009, but when I do, it just sits there, and I eventually get an error message that says something to the effect that the system could not perform the task because AVG.exe is infected with spyware.
My desktop has changd from my normal desktop to one that is totally white, with my nor... Read more

Answer:Infected With Total Security Malware

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.**NOTE: If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".After that, double-click and run Combo-Fix. Let it finish its job and post the log hereIf ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..NEXTPlease save this file to your Desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

2 more replies
Relevance 65.6%

Hi,   I have Vista and I got the virus when I went to the MLB.com website, at least that's whenmy computer when carzy. I got the blue screen of death 2 times , once almost immediately and then a second time whe I restarted the computer, not knowing what I had yet. I got the basci security suite main screen telling me I had tons of virues, which i figured out fairly quickly it was a scam virus. I went to Bleeping computer and several other forums and site in safe mode and on my laptop, to get some answers. Everyone says that you need to go into the Internet options and turn on the proxy settings, but with me it's the opposite. My proxy settings were checked and when checked I cannot access the Internet. when I uncheck them I can get online no problem. Also, in Safe mode, I am still getting redirected to other sites (which I somehow got a couple of weeks ago and can't seem to get rid of), but also when I first signed on in safe mode I opened up the help for IE8. Now whenever I do anything in safe mode, like open IE, or even trying to open RKill.com, the window for that exact hlep pops up, every time. I cannot run rkill as it closes and reports after 1 second. On the bleeping computer site they say to keep clicking until  it cathes, but I have clicked it over 200 times and nothing will stay open to run. I have run malware in safde  mode, and hijack this, trojen removal, AVG, and done everything I can from every forum I can find. My problen... Read more

Answer:I have a very different problem with Security Suite virus removal, need help

Scratch this question......I actually had read a forum wrong and I didn't have a different problem, especially with the proxy button in the LAN settings under connection in internet options. Not a big deal, but wanted to clear that up.I actually got rid of the Security suite virus by following the soft sailor directions and doing a few other things I saw on this forum, deleting some things from the registry like Tkbell and the proxy with 127.0.0.1=xxxx it was not the exact number most forums list in the xxxx area, but I knew it was bad. I googled every odd looking registry entry from hijack this and found good quality answers for each entry. Deleting the bad ones worked for me. This was much easier than I expected when combining information from this site and bleeping computer and soft sailor. All these guy and gals are great for what they post to help, I thank them all I managed to do this a strange way but it worked and my system is holding nicely now. I think I cleaned everything on my computer, but in the end it was worth it, good luck to all

2 more replies
Relevance 65.6%

Hi

Im pretty stuck here, googled and found your tutorial for the removal of this virus but can't get past step 3 as rkill keeps getting blocked before it can do anything, I have tried as suggested leaving the pop ups in place and trying again but still the same problem

I then followed the link for further help - Preparation Guide For Use Before Posting A Hijackthis Log, but unable to run this software either, its just blocked dead.

I don't know exactly how this virus got on the pc, no one is owning up.

There are no desktop icons, it has disabled the wireless internet connection, you cannot run system restore, I have been downloading the software onto a usb and transfering ot onto the pc. It won't let any software run that might remove it basically.

Any help gratefully received. Im running XP & have ESET Security installed

Answer:Security Tool Virus removal problem

Hello snowball2 and welcome to Bleeping Computer! My username is swagger and I'll be helping you. Have you tried downloading and running RKill with the different extensions? rkill.pifrkill.scrrkill.comrkill.exePlease Download Link #1. Save it to your Desktop. Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Double click the RKill desktop icon to run the tool.
If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.NOTE: 1. Try running RKill using Link 1, if it does not run, download Link 2 and delete Link 1 then try running it again. 2. If you still can't run RKill, repeat the same steps using Link 3 and 4. Please tell me if all the link does not work.*If the tool does not run from any of the links, Please tell me about it.Regards,swagger

3 more replies
Relevance 65.6%

I've been reading along with the other AVR infection (here:http://www.bleepingcomputer.com/forums/topic248011.html)I know that I have 'Advanced Virus Removal' because it's fake removal box popped up, but a lot of other things happened at the sametime and I am unsure if they are part of a separate attack. Here are somethings I realized were wrong.-Windows firewall turned off. I can't turn it back on.-My wallpaper changed without my permission. (warning me that I am infected)-When I attempt to open my task manager a box opens saying it is unavailable.-There are no system restore dates available.OS: XP SP3Security Software: McAfee (and when I went to McAfee to do a scan after my computer was infected, I noticed while reading the logs that it had been disabled by AVR)I cannot install Malware Bytes because AVR has disabled my wireless adapter as well. Here is the log from my RootRepeal scan:ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/08/14 23:05Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: Beep.SYSImage Path: C:\WINDOWS\System32\Drivers\Beep.SYSAddress: 0x90FFB000 Size: 52608 File Visible: No Signed: -Status: -Name: dump_iaStor.sysImage Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sysAddress: 0x9A01B000 Size: 851968 File Visible: No Signed: -Status: -Name: rootre... Read more

Answer:Advanced Virus Removal

I got MBAM to work but I was unable to update it, here is the log:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/14/2009 11:35:00 PM
mbam-log-2009-08-14 (23-35-00).txt

Scan type: Quick Scan
Objects scanned: 103887
Time elapsed: 3 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 10
Registry Data Items Infected: 6
Folders Infected: 3
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\winupdate.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Vinay\Local Settings\Temp\1F1F.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\hs7f3uhduhfukde.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\winhelper.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd56a320-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> Delete on ... Read more

3 more replies
Relevance 65.6%

Hello,
I was watching a video on the internet and my computer restarted. After it restarted I had a blue background with a black box stating that my computer had been infected. I could not get to Task Manager by ctrl-alt-del or start > run > taskmgr and I could not boot into safe mode. I also have a new icon on the desktop for Advanced Virus Removal and it keeps trying to update. I searched the internet (from another computer) and found a post that said that Malwarebytes would remove it so I downloaded it, updated and ran a quick scan. The quick scan found several items and I removed them, restarted, and ran another scan that found 1 item. Removed it and restarted then ran a full scan which was clean. I've used my computer but it was just work-related with no issues but the Advanced Virus Removal is back. Please help. I've tried the Malwarebytes again but I keep getting a message that the application could not be ran because the file is infected.

Answer:Help - Advanced Virus Removal won't go away

OK, just checked and it seems that I was mistaken. I don't see the icon for Advance Virus Removal on my desktop anymore but now when I restart the computer there are about 10 dos windows that pop up and then go away and whenever I try to launch anything a dos window pops up and then goes away.

2 more replies
Relevance 65.6%

I think I have been taken over by some program called Advance Virus Removal. It keeps popping up and has taken over my background. Please help, I have been to you guys before and have had much success.

Thanks so much.

Brian

Answer:Advanced Virus Removal

Hello.Try Malwarebytes. Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner s... Read more

11 more replies
Relevance 65.19%

Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijack this.

Man this thing is a bugger...

Would be thankful for any help at all on this nasty guy.

M

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by SHARIK at 9:57:15.78 on Sun 08/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.591 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {5727669C-2FEF-4657-BF2D-5DC46C76AB9C}
FW: Symantec Protection Agent 5.1 *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Symantec\SPA\smc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Symantec\SPA\SmcGui.exe
svchost.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
... Read more

Answer:Total Security 2009 removal help needed please - Can't run anything including a renamed version of hijackthis

UPDATE -

I found the fix for this.

Step 1 - format drive
Step 2 - Reinstall OS

Works great now...

2 more replies
Relevance 65.19%

Hi, yesterday I wanted to download 360 total security essential from the official site.
I've installed ublock origin that blocked the connection because the link to download the software was blacklisted by Malware Domains.
Do you know why?
 

Answer:Why 360 total security is in Malware domains list?

Probably a false positive from the list
 

21 more replies
Relevance 65.19%

Hi,
I have been redirected to this forum for some help. I have followed the instrucstion i and here is my DDS log

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Owner at 15:31:31.79 on Tue 09/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.274 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ca8.hpwis.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ca8.hpwis.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp... Read more

Answer:Malware-Antispyware 2010 and Total Security

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

4 more replies
Relevance 65.19%

This malware program called XP Total Security has taken over the computer and of course wants me to buy there program to remove infections
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by bsearls at 9:51:28.40 on Fri 04/29/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.80 [GMT -4:00]
.
AV: eTrust ITM *Enabled/Outdated* {33EA71EA-56CF-40B5-A06B-BD3A27397C44}
AV: *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Starfield\offSyncService.exe
C:\Program Files\Intel\Intel Matrix Storage Manag... Read more

Answer:XP Total Security Firewall Alert (Malware)

Good evening.

This machine has got so much slime onboard you wouldn't believe, far more than I would expect with proper security programs installed on it.
According to the DDS log your AV is eTrust ITM and although it's enabled, it's also outdated. How long has it been since your anti-virus program has been updated?
Also, is this a business machine, as the video conferencing software suggests?

5 more replies
Relevance 65.19%

Hi guys, came home from work today and keep getting pop up Total Security and TSC details saying I have 42 infected files etc - tried to remove TSC from computer but when doing so it asks for the 'product key' and asks me to purchase the product - I'm led to believe this is a hoax product after reading up tonight - please find the report below.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Andy at 21:07:57.54 on 20/08/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3061.1039 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRY... Read more

Answer:Total Security and other potential malware issues

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 65.19%

I am really rubbish with computers and only really use them for word and excel applications for work and social emailing at home (and booking the odd holiday)! I don't even know how to use tis site properly!!When I log onto my laptop, this Total Security thing starts running so I 'X' out of it to stop it. I then try and run my Norton Security (which in my opinion is a total rip off and I won't be renewing it when I can download better stuff for free!) but the the screen goes blank and says Windows has a problem and shuts down!!! What do I do? Do I let the TS thing run? I'm really stuck with this now. I really need my laptop for social emailing (rare medical condition and I need the support group) help help help!MOD Edit: moving from XP to the Am I Infected Forum

Answer:Total Security Malware has got me good and proper!

These are the steps to remove Total Security.http://www.bleepingcomputer.com/virus-remo...-total-securityWhen you are ready to remove Norton, let us know. There is a piece of software that rids your computer of it all. Also, get yourself a free downloadable copy of malwarebytes anti-malware. Run it.http://download.cnet.com/Malwarebytes-Anti...4-10804572.html

5 more replies
Relevance 64.78%

Hi,

Before registering I reviewed a previous post (quietman7 july 1, 2009 7:22am) on removal of dsnchanger and generic fakealert using the free software at malwarebytes.org. I installed the software on my laptop with some difficulty, having to change the file name to mysetup.exe and then from program files changing the file name to myscan.exe. After this the software ran as noted on the post. The software found 27 infected files and then removed all except for three which required a reboot of the system. I pressed ok to reboot. However during the reboot restart, after my user name I entered my password, and the screen icons for my programs appeared on the desk top but then the system stopped responding. Nothing is clickable on the desktop and the botton for the start menu shows an hourglass cursor. I can only shut-down from the on/off button, but the problem remains the same. I do not have access to the log created by malware removal program as it was saved in my laptop (Toshiba Sat m55 running Windows XP home).

I would greatly appreciate any help on resolving this probelm.

mike_dc

Answer:Problem with malware removal on my laptop [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

4 more replies
Relevance 64.78%

Hello,
Some months ago i downloaded a program I tought to be an audio editor in my laptop. It turned out to be a virus. After i changed all my passwords the virus kept infecting the laptop even after formatting 4 times.
Now around 3 months have passed and the virus has infecting my 3 home computers and 2 laptops. No antivirus will detect it. I really dont want to format my desktop for it has a lot of important information.
The virus installs Junos Pulse and stores it in the winsxs folders. I cant delete them for only the "trusted installer" user can

Answer:Virus Removal Help - Advanced Trojan

Junos Pulse is mobile security software.
 
http://www.juniper.net/us/en/products-services/security/junos-pulse/
 
What have you scanned your computer with?
 
Do you connect a ipad or other mobile devices to this computer?

6 more replies
Relevance 64.78%

I have Advanced Virus Remover on my desktop, and can not run malwarebytes to remove, wont let me run the registry edit, and need help removing this program
 

Answer:Advanced Virus Remover Removal

Welcome to Major Geeks!

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.

TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide
If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to s... Read more

3 more replies
Relevance 64.78%

Please help!
My brother's computer has been infected with the Advanced Virus Removal fake application among other things.
I got Malwarebytes to do a quick scan once under a new account and by renaming mbam.exe.
That app no longer responds but it did find over 80 bad objects on that one quick scan.
Ad-aware runs ok and removed 1200+ bad objects on first run.
Each time after that, it finds a trojan win????.tdss but it does not seem to successfully remove it.
I get the blue screen of death if I try to log in in safe mode (of and flavor).
The only symptom I see now is a redirect of all links following a google search.
Believe me, it was a lot worse 24 hours ago. I could not even run cmd before I started.
Here is my DDS. I hope you can help! Thanks

DDS (Ver_09-07-30.01) - NTFSx86
Run by john at 13:27:23.04 on Sun 08/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.69 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1&... Read more

Answer:Advanced Virus Removal etc Infected

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 64.78%

I was simply reading MSN stories when this popup came up on my taskbar, saying 'Click here to protect your computer from spyware!' with a message below it. Well since I have SAS and MBAM, I ignored it. To close it out and go through the removal process, I tried to bring up the Windows thing (Ctrl Alt Delete), it said it was infected. I tried installing the fixtm - nothing. I tried running MBAM and SAS - neither will work. It's even making icons on my desktop, advertising porn sites, which I can promise you I don't visit. ^.^;; Please let me know how to get this as far away from me as possible.. I have no desire to see this thing ever again. Here are my specs:

OS: XP Home
Browser: FireFox
Removal Programs Installed: MBAM, SAS, Avira, HJT, Dr Web

Edit: Now I apparently, in addition to AVR, have something that is acting like my Windows Security sheild in my taskbar. I'm gonna take a wild guess (note the sarcasm) that it's an infection too.. I'd like help removing that as well. Thanks.

Answer:Advanced Virus Removal -- really annoying

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets try to get Malwarebytes to run:let's try Fatdcuk's fix.Please navigate to the MBAM folder located in the Program Files directory.Locate MBAM.exe and rename it to winlogon.exeOnce renamed double click on the file to open MBAM and select Quick ScanAt the end of the scan click Remove Selected and then reboot.Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

3 more replies
Relevance 64.78%

Hi,
I am a new member and I hope you can help me to resolve this nasty problem.
I have encountered this virus in the past and by using Malwarebytes program it was able to remove the virus, however, this time around it is much more difficult. I was able to open the Malwarebytes program to scan the computer and remove most of the infected items when the computer is not connected to the internet. However, as I rebooted the PC each time and ran Malwarebytes again, there is always the same three items that seem to be never able to be deleted by Malwarebytes' program.

Registry values infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntivirusDisableenotify (Disabled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Firewalldisablenotify (Disable.SecurityCenter) -> Bad: (1) Good(0) -> Quarantined and deleted successfully.

With the task manager window opens I can see the virus is rebuilding itself once I connect the PC to the internet. An program call 923.exe or something similar will appear in the Processes tab under Windows Task Manager. The virus executable program appears in the Processes tab has a different name each time it appears w... Read more

Answer:Advanced Virus Removal 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

41 more replies
Relevance 64.78%

I know that I have 'Advanced Virus Removal' because it's fake removal box popped up, but a lot of other things happened at the sametime and I am unsure if they are part of a separate attack. Here are somethings I realized were wrong.

-Windows firewall turned off. I can't turn it back on.
-My wallpaper changed without my permission. (warning me that I am infected)
-When I attempt to open my task manager a box opens saying it is unavailable.
-There are no system restore dates available.

At this point I signed into my computer's guest account and everything appeared normal and I could open task manager. (firewall and system restore unavailable because this account doesn't have administrative privileges.) When I searched for advanced virus removal bleepingcomputer was the first result but when I click I was repeatedly directed to alternative sites. So it is still affecting me somewhat in this account.

A lot of things have been buggy and I wouldn't mind cracking out the restore disk. However I don't have my data backed up. (yea I know, not smart)

So my real question is: Should I try and back up my data and then use my restore disk or should I deal with the virus first and then restore?

Thanks for the feedback.

Edit...
OS: Windows XP
Security Software: Spybot Search and Destroy
I was using google chrome when I started to experience the problem. I don't remember what tabs I had open, but I was in the middle of reading the Daily Beast. I did... Read more

Answer:Advanced Virus Removal Symptoms?

Hi,well backing up those files is always a good idea.. Let's see if we can clean this so backing up will be safe.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all t... Read more

29 more replies
Relevance 64.78%

Hello

I am a recent victim of the infamous Advanced Virus Removal malware. I have followed some of the procedures mentioned in this forum along with others mentioned elsewhere in order to prevent needing someone else help. This one I just can't figure out.

I am running XP Home Edition and was using Firefox at the time the issue came up. I have attempted using Malwarebyte, Spybot and Advast but none of them were able to fix the issue.

At this time I am having trouble with the following:

Accessing the Start Menu
Opening an internet connection
Moving or copying any of the files
System performance
Running in Safe Mode
other

The errors messages I have seen upon start up:

Multimedia Card Device: Resource is not enough
Malwarebytes' Anti-Malware: Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with you application.
Windows Defender: application failed to recognize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually.

I am able to run HijackThis and can produce a log if needed.

Thanks in advance for any help you can provide.

Thank you

Tim

Answer:Issues with Advanced Virus Removal

If Malwarebytes Anti-Malware results in an error messages, check the Help file's list of error codes within its program folder first. If you do not find any information, please refer to Common Issues, Questions, and their Solutions, Frequently Asked Questions. If the error you are receiving is not in the list, please report it in the General Malwarebytes' Anti-Malware Forum so the research team can investigate.In the meantime, do this:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before s... Read more

3 more replies
Relevance 64.78%

Hi,
I am a new member and I hope you can help me to resolve this nasty problem.
I have encountered this virus in the past and by using Malwarebytes program it was able to remove the virus, however, this time around it is much more difficult. I was able to open the Malwarebytes program to scan the computer and remove most of the infected items when the computer is not connected to the internet. However, as I rebooted the PC each time and ran Malwarebytes again, there is always the same three items that seem to be never able to be deleted by Malwarebytes' program.

Registry values infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntivirusDisableenotify (Disabled.SecurityCenter) -> Bad: (1) Good (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Firewalldisablenotify (Disable.SecurityCenter) -> Bad: (1) Good(0) -> Quarantined and deleted successfully.

With the task manager window opens I can see the virus is rebuilding itself once I connect the PC to the internet. An program call 923.exe or something similar will appear in the Processes tab under Windows Task Manager. The virus executable program appears in the Processes tab has a different name each time it ... Read more

Answer:Advanced Virus Removal 2009

Is there no one that can give me some advise on how to get rid of this virus? Is re-formatting the drive the only option I have left?

Thanks in advance for the help.

5 more replies
Relevance 64.37%

can someone help me...my pc recently removed a malware and afterwards i cant connect to the internet (yellow icon no network acess)
heres the FSS log....thanx hope you can help me with this one
 
 
Farbar Service Scanner Version: 18-08-2013
Ran by marvin (administrator) on 01-01-2002 at 02:22:49
Running from "C:\Users\marvin\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
IE proxy is enabled.
 
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-08-19 10:05] - [2013-07-06 13:05] - 1293760 ____A (Microsoft Corporation) 4E8B9BE71B807B3BAEDB7F4243F85E3C
 
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\... Read more

Answer:internet connection problem after malware/virus removal

i'll really appreciate a quick reply

16 more replies
Relevance 64.37%

Today i got a bug.Copied this from malware removal,
While using my laptop today, I had a 'Security Warning' pop up. It said:

Application cannot be executed. The file [insert file name here].exe is infected. Do you want to activiate your antivirus software now?

This has been popping up every few minutes with different file names. Other windows have been popping up, telling me I need to install this or that to get rid of the virus. I did restart my computer once, but its still here.

It's also opening up explicit material websites and viagra websites.

I hope this is specific enough.

Just now another window popped up that says attention! Spyware aler!Vulnerabilities

I am running XP pro.I am also getting a small box that says :
Attack from 161.219.239.1,PORT 32145
Attack port 12647
Thread Win32/nuqel.E.
Let me know what else you need to know.
When I go to Malware removal that same Window security alert comes up..
Seems as though quite a few people I know got this today.

I had AVG but could not open it today.So I uninstalled with the intention of reinstalling it.Well this virus will not let me finsih installinfg it.
Also I tried to go to system restore but the virus will not let me in...
 

Answer:Virus problem and can't post in malware removal thread

9 more replies
Relevance 64.37%

I was happily on my computer & everything was swell. All of a sudden, I get this supposed anti-virus box that pops up so I do what it says, except I do NOT buy anything.

So I find out I have the malware Total Security. The icon is not on my desktop OR in the bottom right corner. The only way I know it's on here is when I look at my list of programs.

I Googled & found all kinds of sites that say how to remove it, which I've attempted for hrs, but it's still hard & I can't figure it out. I certainly can't do it manually.

Can someone please tell me in SIMPLE, VERY BASIC step-by-step directions from start to end on how to remove this malware. To show you how much of a novice I am, I don't even know how to set my computer into Safe Mode.

PLEASE HELP ME!!!

Answer:HOW to Uninstall Total Security Malware that's on Windows Vista?

Figured it out...I did a system restore from before the crap got on my comptuer.

1 more replies
Relevance 64.37%

Hi everyone,

I have been attacked by Win32:Fakeinit-H[TRJ]. These are things that I have done right after the attack:

1. Scanned my laptop with Avast and deleted whatever that is detected.
2. Scanned with Windows Defender - deleted whatever that is detected
3. Scanned with MalwareBytes - deleted whatever that is detected
4. Deleted whatever important personal info I have on the laptop
5. Clear all the cookies in Firefox

Things that I realised right after the attack:

1. I am using original Windows and I got a message saying that 'this windows is not original'.
2. I do not get any pop-ups even when I am online using the laptop.

Here is my DDS report:


DDS (Ver_09-12-01.01) - NTFSx86
Run by sarah at 9:54:02.11 on Fri 15/01/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.60.1033.18.1525.312 [GMT 8:00]

AV: AVG 7.5.519 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
AV: avast! antivirus 4.8.1229 [VPS 081221-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: avast! antivirus 4.8.1229 [VPS 081221-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windo... Read more

Answer:Win32:Fakeinit-H[TRJ] - Need Help For Total Removal of Virus

I no longer get the 'this windows is not original' message. Occasionally I will get an alert from Avast. So far, I have got 'Bredolab' and 'ZBot-MNS' apart from 'Fakeinit'. I have scanned my laptop many times using MalwareBytes, Windows Defender and Avast. So far, they are not detecting anything yet. I am not sure whether the virus is still here.

How can be 100% sure that the virus is no longer in my system?

I have deleted whatever that is detected in my early scans.

19 more replies
Relevance 64.37%

Hello,I'm usually good enough with my computer to avoid and/or repair these kinds of things on my own, but have never had this.It changed my desktop background from a picture to text warning me about malicious content, and at the same time my Windows Update icon flashed red, and my AVG anti-virus warned me about the bugs.Ad-Aware found and removed/quarantined some of them. AVG found and removed others.My task manager still runs properly and found a few programs that looked suspicious "fff.exe", "msctrl.exe", "16627184.exe", & "EtEngineU.exe".I run daily scans for all of my anti-virus and ad-aware, and nothing has come up previous to this stuff today, so I know it's new.One pop-up that looked like it came with a new Windows XP update I downloaded claimed it was "Windows Total Security" and that it would clean up malicious content, but that I'd have to pay.Thankfully I wasn't stupid enough to fall for that, just stupid enough to get it on my computer.I deleted a bunch of those programs from my task manager (ended the process tree completely), removed the programs from the control panel, searched out the files in "My computer" > "C:" > "System", etc.However, there are items in "startup" when I run "MSCONFIG" with the same names that claim they're going to run as soon as I start the program up again.I ran HJT, and the other scans this site recommends before posting a new ... Read more

Answer:Total Security virus - FFF.exe virus, 16627184.exe, EtEngineU.exe, perdm32.exe, msctrl.exe, & other viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.96%

How can I removed Advance Virus Removal - it's playing havoc on my computer.

DDS (Ver_09-10-26.01) - FAT32x86
Run by rs at 20:34:47.81 on Fri 11/20/2009
============= Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Rogers Online Protection\Rogers Online Protection\Fws.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\Acer\eManager\anbmServ.exe
SVCHOST.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers Online Protection\Rogers Online Protection\rps.exe
C:\Program Files\Rogers Online Protection\Rogers Servicepoint Agent\RogersServicepointAgentComHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxtray.exe
C: ... Read more

Answer:infected with Advanced Virus Removal - how to remove?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.96%

Hi, would you please help? here is my OTL log: OTL logfile created on: 11/28/2009 7:12:32 PM - Run 1OTL by OldTimer - Version 3.1.11.2 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 893.57 Mb Total Physical Memory | 385.78 Mb Available Physical Memory | 43.17% Memory free2.11 Gb Paging File | 1.50 Gb Available in Paging File | 70.85% Paging File freePaging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 181.01 Gb Total Space | 167.06 Gb Free Space | 92.29% Space Free | Partition Type: NTFSDrive D: | 5.28 Gb Total Space | 3.40 Gb Free Space | 64.37% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: YOUR-2CA16646B7Current User Name: OwnerLogged in as Administrator. Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)PRC - ... Read more

Answer:"Advanced Virus Removal" hijacked my Aunt's pc & I'm trying to help her rid of it. HELP PLEASE

Hello Shestarr,Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. **********************Link #1Link #2Link #3Link #4Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.Download Link #1.Save it to your Desktop.Double click the RKill desktop icon.
If you are using Vista please right click and run as Admin!A black screen will briefly flash indicating a successful run.If this does not occur please delete that application and download Link #2.Continue process until the tool runs.If the tool does not run from any of the links tell me about it.Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Ma... Read more

2 more replies
Relevance 63.96%

Hello, I've been affected by Total Security 2009. Basically; I restarted my computer and then it suddenly popped up on my computer; with the wallpaper of my desktop changed to a "Warning Message" and constant pop-ups telling me to purchase their software. Likewise, I suddenly had problems opening any programs at all including Task Manager, as the malware started to restrict all access to other applications, citing them as "infections." I've renamed the "taskmgr" to "iexplore" for the timebeing, but I fear that the computer will suddenly restart. Any help is appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:59:38 PM, on 19/09/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\User\Application Data\Microsoft\winlogon.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Fil... Read more

Answer:Total Security 2009 Malware? Trojan? Infected Computer

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

2 more replies
Relevance 63.96%
Answer:QUIO 360 TOTAL SECURITY Detected malware, false positive?

Check to Virus Total
https://www.virustotal.com/
 

2 more replies
Relevance 63.96%

Running Windows Vista SP2. I can't execute any applications, when I do, I notice xce.exe process takes over and Vista Total Security windows pop. Not much information proviced but I'm unable run gmer, per instructions.
Thanks for your assistance

Answer:can't start gmer.exe Vista Total Security malware takes over

Hello and welcome to Bleeping ComputerMy name is etavares and I will be working with you to fix your computer. Please read the info below...I doubt you can run it, but your situation may have changed. Just respond back if you can't run OTL. We have other ways to get your computer back. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who... Read more

2 more replies
Relevance 63.55%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies