Computer Support Forum

Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Question: Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\TouchED\TouchED.ExeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\toshiba\ivp\ism\pinger.exeC:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exeC:\Program Files\NETGEAR\WN511B\Utility\WN511B.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Softwin\BitDefender10\bdmcon.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\RAMASST.exeC:\Program Files\Softwin\BitDefender10\vsserv.exeC:\Documents and Settings\Joseph Carter\Local Settings\Application Data\Google\Update\GoogleUpdate.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Joseph Carter\Desktop\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com" target="_blank" class="invilink">http://www.toshiba.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon OnlineR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exeO4 - HKLM\..\Run: [000StTHK] 000StTHK.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [TFNF5] TFNF5.exeO4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.ExeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exeO4 - HKLM\..\Run: [TFncKy] TFncKy.exeO4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /runO4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exeO4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hideO4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\Joseph~1\LOCALS~1\Temp\{70405EC3-3249-43A2-BFD6-44001F3011C4}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silentO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.comO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{AF68B77B-6628-41B5-A326-94FEE3FF6D96}: NameServer = 85.255.112.210,85.255.112.65O17 - HKLM\System\CCS\Services\Tcpip\..\{D86346EB-3357-4701-B0A1-D22E72079FD2}: NameServer = 85.255.112.210,85.255.112.65O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.210,85.255.112.65O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.210,85.255.112.65O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeO23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exeO23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe--End of file - 7496 bytes

Relevance 100%
Preferred Solution: Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

2 more replies
Relevance 87.87%

Help please dear scumware fighter!

Here's a tricky one that's brought me to halt. I have an infection from some malware that is hiding itself and seems to be actively crashing anti-virus/anti-malware sw before they can id it or remove it.

Here are the symptoms:

Discovered when I upgraded to version 10 of Avira's Antivir Free version. It wouldn't run completely through and crashed. Checking with Avira's forum, others had the same problem and it was identified as an existing infection. It was then that I noticed that I haven't even had a successful full system scan with the previous version since mid-Feb (even though I manually run a full scan every month or so). Virus definitions were being downloaded normally every day.

Then it started crashing Windows and Firefox. Couldn't turn off the computer and had to hard reset with the power button several times.

Downloaded and ran MalwareBytes which found 1 virus immediately, id'd as "Trojan: FakeAlert" in C:\END. I quarantined this item.

Ran a full system scan and MalwareBytes ran for about 10 minutes but crashed at the same directory that I thought I had seen Avira stop on.
I repeated and it stopped at the same directory. This is the file that it stopped on:

windows\assembly\NativeImages_v2.0.50727_32\ehiVidCtl\063bdcb7c733d30d0ac1e533ae9191f7\ehiVidCtl.ni.dll

I tried downloading Microsoft Security Essentials and that failed to even finish the download for some unknown error. Another ... Read more

Answer:Insidious Infection Blocking Anti-Malware Programs & Removal

BUMP, please.

3 more replies
Relevance 79.17%

Hi!

My dad owns an internet cafe, and i maintain it for him as regards to OS, and basic networking stuff. I do have a little background with tech support work.

I've received no special training (apart from the usual training with OS, and basic stuff when i used to work for dell tec support), most of the things i do to fix computers have come from years of experience doing self help, and self research.

Recently I've had problems with the usual malware effects on our cafe server (other computers arent affected so i'm pretty sure it's local to the server), Task manager disabled, regedit disallowed, but i was able to figure that out and it was caused by a startup entry wscript.exe, auto.vbs, which i promptly disabled, and deleted in the registry.

However, a couple of days later, new symptoms have appeared. I don't really know whether it's related to the earlier issue, but this time, I'm stuck. I'm posting this using my home computer and it's far from where our cafe is located. Allow me to give an overview:

1. noticed that when browsing on any website, while data is being loaded on the browser, it freezes intermittently. This is on firefox. On IE7, it's worse, it won't display any webpage. I fixed this by flushing the dns, and doing a winsock reset and rebooted the system.

2. In order to check further problems, i decided to download latest versions of smitfraudfix, combofix, and update spybot. No go. When i use google and search for smitfraudfix siri.geekstogo ... Read more

Answer:Unknown Malicious software Blocking anti-malware installs, sites and progs.

Hello & welcome to TSF,

have you tried any of this in safemode on the hidden administratore account ?

also your right may have been removed

check here to see

administrative right / user contols

when you power on your system start tapping the (F8)key & keep tapping it until a screen is revealed thet give you the options

safe mode
safe mode with comand prompt
safe mode with network

and many others

you will want to select (safe mode ) then enter

then a screen with all types of codes will scroll down

then you will get the welcomscreen stating that windows is loading

then you will get the user log on screen

here you wil have a list of all users and a hidden (administrator account) you will need to log onto this account

then you will get awindow that is notifying you that you are loging into safe mode on this account / you will check the box & then select ( yes / okay / apply )

then the account will compleatly load

once loaded you will want to select start / then select (my computer ) by right clicking it / then you will want to right click on the icon for your harddrive icon/ local disk / from the drop down menu you will want to select (properties ) then another window will appear , you will want to select ( security)

it is here that you can set the administrative right for each account that you have created on your system

when you are done ajusting the settings you will need to select ( apply ) then s... Read more

6 more replies
Relevance 78.3%

I was requested to post this hijack log from over here: http://www.bleepingcomputer.com/forums/t/214638/malicious-software-removal-tool-malware-trojan/Here is a summary of my problem (same as in the other thread):"...I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found ... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

13 more replies
Relevance 78.3%

Hi,I would like help in removing some infections that my computer has got since a few days ago. Somehow (while I was browsing thru the internet for some live streaming video I guess) some trojan got in (this was later found by my Symantec Endpoint protection) and since then, a new malware program got installed (unremovable by the less sophisticated me). It is called "Malicious Software Removal Tool"...it runs at startup everytime (red shield with a cross in my task bar) and runs a scan automatically. Then says my computer is infected, lists 3 infections, said it fixed one and I have to buy a MS product to fix the rest. Though the screens look exactly like the microsoft product with the same name (I checked the internet) I am quite confident that this is not authentic. Soon after, if I dont do anything with the program, it starts giving me messages such as "Critical System Warning! Your system is probably infected with a version of Spyware.IEPass.thief." or some other similar msgs with a red balloon with an 'X' in the task bar. Temporarily what I have been doing for a few days is just going to task manager and terminating the 'malwareremoval.exe' program. This helps get rid of the program but my computer has slowed down significantly.I did a Symantec scan, and found no infection (it automatically detected some trojan horses and quarantined them during the time I got infected - DWHE420.tmp, 49c2da87.tmp & DWH8AF4.tmp), then did a Spyb... Read more

Answer:"Malicious Software Removal Tool" Malware & Trojan

Welcome to BC--------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results... Read more

12 more replies
Relevance 75.69%

I looked and went through the removal guide, but still nothing has worked.

Every time I boot up AVG says that is has detected a threat and I move it to the vault. Even if I move it there every boot up it says the same message and I always send it to the vault. Then there is sometimes another threat detected after that, that cannot be sent to the vault or healed, it has some error doing so, so I have no choice but to ignore it. AVG Anti-Virus is also detecting files, and Spybot (on the first scan) found a lot of stuff, one being Virtumonde, and everything was "fixed" but I am not to sure about that. I can provide any reports from scans if needed.

Thank you,

smssoleimani
 

Answer:All of my Anti-Malware programs keep detecting multiple malicious files

smssoleimani said:





I looked and went through the removal guideClick to expand...

...you obviously didn't because....



smssoleimani said:



I can provide any reports from scans if neededClick to expand...

...you would already have done this as per the instructions if you are still experiencing issues.

So......

Welcome to MajorGeeks.com!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

Read & RUN ME FIRST Before Asking for Support
 

8 more replies
Relevance 100.86%

With the recent acquisition of the popular Junkware Removal Tool software, Malwarebytes has added another string to its security bow. Although, I guess it?s really a case of strengthening an existing string rather than adding something new. Although not sporting a traditional GUI and purely a command line tool, Junkware Removal Tool has proven to be a popular download among those wanting to rid their computers of unwanted crapware.Click to expand...

http://www.davescomputertips.com/ma...um=email&utm_campaign=Weekly+Recap+Newsletter
 

More replies
Relevance 100.45%

This is a follow up to my posting in the "Am I infected? What do I do?" section.Thank you extremeboy for answering my plea for help. Below is a paste from the infected computer's HijackThis log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:02:33 PM, on 1/8/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeH:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeH:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeH:\WINDOWS\System32\svchost.exeH:\Program Files\Java\jre6\bin\jqs.exeH:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeH:\WINDOWS\system32\nvsvc32.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\Explorer.EXEH:\Program Files\Java\jre6\bin\jusched.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\QuickTime&... Read more

Answer:Malware Won't Let Anti-Malware Run, and Redirects to Malicious Websites

Title was: Browser Redirect - wdmaud? ~ OBTried to get help posting hijackthis file last week...no takers, so I started to do a little homework.My browser redirects to bogus websites (most of the time), and redirects to bogus websites when trying to go to anit-malware sites all of the time.Was able to get Avira AntiVir loaded, but doesn't detect the virus. Able to get a HijackThis log. McAfee won't launch, Malwarebytes won't launch, Spybot won't launch, etc.Reading up on the subject of recent browser redirection, there is a lot of people having trouble with the wdmaud file in their Windows/System32 directory. I tried to rename it and reboot, but it just came back. Tried to delete it, and it wouldn't let me. Then I loaded the Gibbon Gipo program, that forces the file to be deleted upon reboot. That works with every file except wdmaud! It keeps reappearing after reboot.This may or may not be the infected file...might be chasing a ghost here, but any help or suggestions would be appreciated.Thanks!

4 more replies
Relevance 100.45%

Somehow I got redirected to a site that gave my a virus/malware, even though pop-up blocker was enabled. I knew somthing was up, so I decided to run Spybot, but it wouldn't launch. i rebooted and tried to launch again...no luck. I then uninstalled Spybot, and went to Safer-Networking website to redownload, but the site was blocked. Norton blocked. McAfee blocked. Trend Micro blocked.

To make things stranger, when I search for these using Google, then click on anti-virus websites, I get redirected to something strange...every time.

The only site I could go to was Microsoft One Care, which did a scan of my computer from the MS website, but it found nothing.

Using a different computer, I was able to download Stinger, burn it to a CD, then run it on my computer, but it found nothing.

I then burned another CD with HijackThis, but it wouldn't launch on my computer. When I renamed the file to banklogin.exe, it was able to install.

It seems that I was able to install Malwarebytes' Anti-Malware, but it doesn't seem to launch, no matter how many times I reboot the computer.

Because I can't log into this website from my infected computer, it would be difficult to transfer Hijackthis results to this forum.

My computer (when not running Stinger, HijackThis, or other programs) is utilizing the Ariva AntiVir Personal anti-virus software.

Any help/ideas would be greatly appreciated!

Answer:Malware Won't Let Anti-Malware Run, and Redirects to Malicious Websites

Hello cougkyle and welcome to BC!! Please do not post the Hijackthis log in this forum. Hijackthis logs are supposed to be posted in this forum. Experts there will help you deal with your Hijackthis log.Because I can't log into this website from my infected computer, it would be difficult to transfer Hijackthis results to this forum.Well you can burn that file onto a CD and transfer it to your clean machine. However, if you don't have a CD Burner on your infected machine then you can burn a CD Burner program from your clean machine and then transfer it to your infected machine. After that you can install it using your infected machine and burn the hijackthis log using your infected machine and transfer the file to your clean machine. Then you can post the logs in to the HJT-Malware removal forum I mentioned above.. Hope that helps you.With Regards,Extremeboy

3 more replies
Relevance 100.04%

Ran a pcpitstop scan last week as my pc is becoming increasingly slow (particularly when it comes to opening web pages). The scan showed that the pc is infected with Kollah, trymedia as well as various others. Started searching for solutions on the web, and subsequently installed Malwarebytes, HijackThis, Superantispyware, etc (already had spybot S&D) Malwarebytes and hijackthis would install but refuse to run. I found this forum, and followed the READ AND RUN ME FIRST Malware removal guide - to the letter.
Superantispyware scanned ok, but didn't find anything.
Malwarebytes won't run.
Combofix gets to stage three and then i get the BSOD and have to crash and restart.
Rootrepeal and MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.
Incidentally, Spybot S&D and Adaware both don't find anything more sinister than a few tracking cookies.

I'm losing the plot now!

I have attached logs as instructed. Would really appreciate any help that you can give me!

Thanks
 

Answer:Trojans/malware blocking virtually every malware remover tool

Welcome to Major Geeks!





badlydrawngirl said:





MGtools seemed to work ok and generated reports, although I am unable to find a zip file containing a log in the MGtools folder on the c drive.Click to expand...

It is not in the MGtools folder. See the instructions which said it would be in the root folder of your Windows boot drive. i.e., C:\MGlogs.zip

We need this log to even begin.

Why are you attaching instructions for using SDfix?
 

10 more replies
Relevance 99.22%

Hello. I am working on a friends machine that seems to have a nasty infection. This machine is a dedicated server running Windows Server 2003 Web. Everything I am doing to it is via remote desktop which is making it a little more of a challenge. Web browsing on the server was incredibly slow when he asked me to take a look at it. I figured he was infected with something so I was going to try and install a few things on it and run a few scans, only to find that all of the sites that I found to use are blocked or disable by whatever is infecting the server. Any attempt to access an anti-virus or anti-malware website results in a message stating server cannot be found. Any other website can be accessed though.

There is an FTP server running on this machine, so I do have that availability to FTP to the server to get any file or program to it that I need to. Please just let me know what you need from me and I will get it up here as soon as I can. I am a fairly experienced user and can grasp things pretty easily. Thanks for your time, I greatly appreciate it.


Jamie

Answer:Malware Blocking all Anti-Malware/Anti Virus websites

If it doesn't block you from softpedia or download.com, the get the anti virus software from their sites instead. Hopefully it won't block them. When they are downloaded, rename the file names.

2 more replies
Relevance 98.81%

Hi all,My dad has asked me to take a look at his computer after it's been acting odd, and it looks like he's got a doozy of something running on the system. He's been getting some pop ups advertising various programs, the desktop is changed to text reading "Your system is infected! System has been stopped due to a serious malfunction. Spyware activity has been detected" (which is not something any program that should be running would display", Task Manager is blocked from opening and a fake piece of anti-spyware has taken up residence (don't have the name off hand).Looking at the log, I found a couple of things that I'm not a fan of - batmeter16.dll, for starters. There's a couple others I don't recognize, but I am not sure if they are bad or not.Unfortunately, my attempts to fix it have been thwarted - an AVG scan said it cleared it up, but more pop ups came. I tried to run Malware Bytes, but when I download the latest update through the program, I get a nice warning message saying "The database you are using is not supported by this version of Malwarebytes' Anti-Malware. Download the latest version of the program."Additionally, this came about because I tried to start into Safe Mode to get this cleaned up. I couldn't get my keyboard to register keystrokes before Windows started, which kept me from accessing the dialogue allowing Safe Mode to be entered, so I modified boot.ini to force a safe mode boot. Unfortunately, this brought about a blue sc... Read more

Answer:Malware blocking MalwareBytes (post-update), fake anti-malware program

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..NEXTPlease download OTL by OldTimer and save it to your desktop.Under the Custom Scans/Fixes box paste this innetsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINTDon't change any setting... Just click on the Run Scan button.. Let it scan till finish..Then a log will pop-up at your Desktop. Post the content of the log hereNEXTWe need to scan for Rootkits with GMERPlease download GMER from one of the following locations, and save it to your desktop:Main Mirror
This version will download a randomly named file (Recomm... Read more

3 more replies
Relevance 98.81%

The malware affecting my computer sometime prevents me from viewing a web page I want to look at. For instance, I might type a search in google. When I click on one of the web pages in the search results, I will instead be directed to another page, often times an advertisement or other search page featuring words similar to the ones I typed in the google search. I'm not always redirected; sometimes I get to look at the actual page I clicked on. It's probably one out of two times that I'm redirected.

The malware appears to be blocking spyware removal programs like ad-aware.

Here are my logs:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft? Windows Vista? Business
Boot Device: \Device\HarddiskVolume3
Install Date: 11/7/2008 9:39:36 PM
System Uptime: 6/12/2009 8:42:11 AM (28 hours ago)

Motherboard: Dell Inc. | | 0D500F
Processor: Intel® Core™2 Duo CPU T8100 @ 2.10GHz | Microprocessor | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 90.288 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.332 GiB free.
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP129: 3/25/2009 - Scheduled Checkpoint
RP130: 3/27/2009 12:13:05 AM - Windows Update
RP131: 3/27/2009 2:56:04 PM - Scheduled Checkpoint
RP132: 3/29/2009 3:01:05 PM - Scheduled Checkpoin... Read more

Answer:Malware is redirecting my internet searches to different web pages/The program is blocking ad-aware and other removal programs

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

2 more replies
Relevance 98.4%

Tnx in advance. This is my first post. I had been observing following weird behaviors: 1. When connected to ADSL it keeps downloading things which I do not see at all. It happens only at my office IP address. 2. It reboots as soon as I try to install IE7. 3. It reboots at times when I run MRT.exe (Microsoft Malware Removal Tool) I am currently using: XP PRO sp 2 Kaspersky AV 6 Trying to install: IE7 from Microsoft Website So far: I had downloaded rootkitrevealer and renamed it to nailsetter.exe. Ran it and following is the txt output:
HKU\S-1-5-21-1960408961-287218729-839522115-500\RemoteAccess\InternetProfile 11/19/2006 12:20 AM 9 bytes Data mismatch between Windows API and raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 8/31/2006 1:13 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 8/31/2006 1:13 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg 12/8/2006 11:58 AM 0 bytes Access is denied.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxgbkhh6.default\Cache\1C18D5C1d01 3/18/2007 4:50 PM 16.46 KB Hidden from Windows API.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\fxgbkhh6.def... Read more

Answer:Bosd: Lzx32.sys While Installing Ie7 & Microsoft Malware Removal Tool

Download RustBFix from one of the following locations...http://www.uploads.ejvindh.net/rustbfix.exehttp://uploads.ejvindh.andymanchesta.com/Rustbfix.exe...and save it to your desktop.Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (C:\avenger.txt & C:\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.

17 more replies
Relevance 96.76%

Got some sort of trojan virus. Downloaded an anti virus program which caught the virus and quarantined it. Then deleted the anti virus program because it was a process hogger.

The reason I downloaded the anti virus program was because spybot was not updating and I was getting weird internet activity such as redirects to verizon.net search page, 404 errors when I tried to install spybot (after de-installing it).

I believe the virus is still in the computer. BECAUSE i cannot even download antimalware programs from major geeks and any web site i go to related to spybot downloading get 404 error or "Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information"

SO THIS IS MY PROBLEM. I have run cc cleaner, but am out of luck with spyware programs running, because either cannot download them, or once they are downloaded, they wont update. It seems the virus knows spybot and refuses to even let me go to spybots web site.
 

Answer:cannot update spybot or download major geeks malware removal programs - virus trojan

Re: cannot update spybot or download major geeks malware removal programs - virus tro

Welcome to Major Geeks!





mpurchases said:





Then deleted the anti virus program because it was a process hogger.Click to expand...

Very bad idea!


Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.
After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip ge... Read more

1 more replies
Relevance 95.94%

Hi Guys

hope you can help me. I have a windows Vista sony laptop where I tried to install a mcafee software from someone and i saw a strange pop up , when I closed it, i started to notice few strange things on my machine:

1. spyboy doesnt open anymore and unistalling it then trying to install it give me an error message
2. Malwarebyte anti-malware doesnt open as well.
3. Firefox google homepage doesn't load anymore
4. installing mcafee security software (clean version) doesnt load

I hope the log of hijackthis will shed some light on what's going on
thanks a lot

Karim
 

Answer:malware infection stopping spybot and anti-malware!

just want to update that the first 3 issues still in place but point 4 isn't a problem anymore. I successfully managed to install the mcafee 2008 security centre and I will be making a full scan, while waiting for any suggestion for points 1 to 3

thanks

Karim
 

2 more replies
Relevance 95.94%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

10 more replies
Relevance 95.94%

Hi all!
Recently while searching for new Anti-Malware tools to try subsequently in order to clean my computer for malware, I came across EMCO Malware Destroyer.
And hence, now I am wondering;What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?
Thank you very much in advance!
Regards,
midimusicman79

Answer:What is your opinion on the Anti-Malware tool EMCO Malware Destroyer?

I have seen it advertised on Major Geeks and other third-party hosting sites but write ups and reviews never impressed me.EMCO Malware Destroyer by Softpedia...To start with, you should note that it does not provide active protection, heuristic scans or an active shield of some sort. This utility will only search for baddies currently loaded in the memory or running processes that are infected...Malware Destroyer is designed for manual virus checks and the fast scans recommend it, but bear in mind that it is mainly aimed at non-techy users and will only provide an occasional supplemental layer of protection.

0 more replies
Relevance 95.12%

I've heard that this does remove Malicious Software, but loads a bunch of spyware onto your computer. Any truth to this?

I'm thinking about installing this, but the rumours have me kinda iffy


**EDIT** Sorry, this should be in the Security and Web Forum
 

Answer:Microsoft Malicious Software Removal Tool

no. Anything by microsoft is legit, but may or may not be useful.
 

3 more replies
Relevance 95.12%

I run this kind of regularly, but I do not know if it is worth it. Does anybody else use it?

Download Malicious Software Removal Tool from Official Microsoft Download Center

Answer:Does Anybody Use Microsoft Malicious Software Removal Tool

Every month and to check downloads(using custom scan to downloaded folder) as a 3rd opinion, after Malwarebytes and Defender.

7 more replies
Relevance 95.12%

HI:

I'm using XP Pro, the CPU is only a few months old. Lots of memory, etc.

I have attempted to use this program but I'm having some problems with it. Here is what is happening.

If I use the "fast" check, it runs fine and does not take very long to complete. No malware is identified.

But if I choose to run "full scan", it starts off fine, runs for about 11 minutes and during this time, the files being checked are displayed. Then it just freezes. Nothing is happening. The time interval and number of files checked, etc., is frozen.

I tried to shut it down by hitting the "Cancel" button at the bottom of the program and also the "shutdown" button at the top, but neither one has any effect. I cannot close the program. I gave it lots of time for the program to complete it's work. I had let it run for over an hour, but this problem persists. The only way to get rid of the program is to re-boot the computer.

Can someone help me please?
 

More replies
Relevance 95.12%

for Windows XP, Windows 2000, and Windows Server 2003 ONLY is downloadable from click hereThis tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found.Microsoft will release an updated version of this tool on the second Tuesday of each month. New versions will be made available through this Web page, Windows Update, and the Microsoft Download Center. An online version of this tool can be used atclick here Probably most WinXP and Win2000 users already know about the tool, but some newcomers to the forum may not, of course. TC.

Answer:Microsoft's malicious software removal tool

Cheers

2 more replies
Relevance 95.12%

Hi,
I have been running Windows 8 for about 10 months now on a new laptop. For the past week or so The user account control has started popping up on start up asking if Microsoft Malicious software removal tool can make changes to my computer. This is new so i have denied it while i look into it. I discovered that there is a virus version of it, although the description of that is different from my scenario.
Anyway, I ran the removal tool manually via run (mrt) thinking if it was a ligit request then running manually myself would satisfy the request but on restart the user account request popped up again.
It seems it will do it every time but before i agree to allow it make changes but i am apprehensive.
Can anyone confirm if it is a legitimate request or should i be taking some other action?
Thanks for any help you can offer!!

Answer:Microsoft Malicious software removal tool

That doesn't sound right at all. The legitimate removal tool usually runs when Windows Updates are being installed and doesn't normally display a UAC message.
I recommend you scan your PC with the free version of Malwarebytes Anti-Malware - you can get it from here. Note: towards the end of the installation of MBAM make sure you untick the option to start the free trial of the professional (paid-for) version.

5 more replies
Relevance 95.12%

Hi I downloaded the Malicious Software tool and now want to remove it. This thing will not let me look at my email. I continually pops up and wants to run and does so without me doing a thing. I cannot find it anywhere on my computer so that I can remove it. Could someone please help me out? I cannot read my email because of this confound thing and it is driving me nuts. I am not very computer savvy but I know to look in the add remove software in control panel to remove software on the computer but this darn thing does not show up anywhere on my computer!!! When I downloaded it I thought that it would put an icon on my desktop but it did not so I don't know where the darn thing is. I sure would appreciate any help I could get with this darn thing. I do not need it as I have the new AVG anitvirus so can someone help me out? Thanks in advance

Brenda
 

Answer:Microsoft Malicious Software Removal Tool

This article should help you, paramedicmom.

http://support.microsoft.com/kb/890830/
 

3 more replies
Relevance 95.12%

downloaded it and another security fix for xp home but i cant see where the security tool is!nowehere on the start menu.any ideas (or am i being dense?)thanks

Answer:microsoft malicious software removal tool

click here

2 more replies
Relevance 95.12%

For months each time I boot up my system ( XP ) I have to click on a small icon in my toolbar below where a deleted program info still appears. All I had to do is click on it and a small menu appears with the word "Exit". I click on that and it disappears. It was one of those tv usb plug ins that did not work so I got rid of it. Apparently some 'left overs' is somewhere on my system, result that icon shows up. It has not been a big deal just to click on "Exit'. I did a search on regedit to see if it appears anywhere and I couldn't find anything on it. NOW, today, going through the same process after clicking on "Exit", I get a box message that says "Microsoft's Malicious Window Removal Tool Software'. I click on it to check it out. Does anyone know anything about this message?
 

Answer:Microsoft Malicious windows removal tool

14 more replies
Relevance 95.12%

I download this update every month and install it but have no idea how to use it, if, that is, the user has any control over it. Does it run in the background or do I have to do something to execute it

Answer:Microsoft Malicious Software removal tool

click here

3 more replies
Relevance 95.12%

I run this kind of regularly, and I was wondering does anybody else have this installed and do you like it?http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

Answer:Does Anybody Use Microsoft Malicious Software Removal Tool?

Since it's part of Windows Update I think everyone pretty much have it installed, and I'm no exception. However I tend to trust my *other* defenses more

8 more replies
Relevance 95.12%

After downloading and installing this tool from the Windows updates site, I could not find anywhere in the Start menu where it could be manually activated and run.

I did a "search" for MRT.EXE and MRT.LOG and was only able to find the log file. This is its contents:

----------------------------------------------------------------

Microsoft Malicious Software Removal Tool v1.0, January 2005
Started On Wed Jan 12 06:12:15 2005

Removal Tool Results:
No infection found.

Microsoft Malicious Software Removal Tool Finished On Wed Jan 12 06:12:18 2005

----------------------------------------------------------------

Does the MRT.EXE file automatically delete itself after it runs?
 

Answer:A Question About The Microsoft Malicious Removal Tool

6 more replies
Relevance 95.12%

I went to the link shown by Microchip and clicked on the link for pcwebtools' Spyware Doctor. I downloaded the software, ran the scan and saw that most of the spyware on my computer were from cookies - I just deleted the cookies. I uninstalled the program via "add/remove programs" and have now run into this problem....
My browser (internet explorer) has been hijacked to:

http://www.pcwebtools.support.hp.com/goto/?Platform=hpaddon&ObjectType=us&Name=Buttonwww

I've gone into tools> Internet Options> General & changed my webpage back to what it was before, closed the window and restarted Internet Explorer only to find that my homepage was changed back to the pcwebtools.support page. I've used Microsoft's malicious software removal tool, Ad-Aware SE Personal, & SpyBot Search & Destroy - but nothing detects any spyware or other malicious software in my computer.

Does anyone have any suggestions???

Thanks in advance-
 

Answer:Re: Microsoft Malicious Software Removal Tool

Were you having Malware related issues before going to the link? If so, how long and what problems?

Please see the below thread, then attach a current HJT log.
Downloading, Installing, and Running HijackThis
 

9 more replies
Relevance 95.12%

Hi all,

A few days back i came across this program(well not really a program):
http://www.microsoft.com/security/malwareremove/default.mspx

It says that it doesnt really installs the program on the computer. I used it on my computer and it was fine. However, when i used it on my friends Fujitsu laptop(not sure of model), problems cropped up. My friend does not have a firewall and it has pop-ups and other stuffs, thats why i tried it on his laptop in hope of removing it.

I havent seen the problem after using the tool but he told me over the phone that when he turns on his laptop, after loading to windows, a black command prompt window pops up.

Is there anyway of rectifying this? I've thought of doing a system restore the next time i get to use his laptop. Plz advice.
 

Answer:microsoft malicious software removal tool

This program by Microsoft is not rated to be the best.

Why don't you try another one to see the results?

Good luck
 

2 more replies
Relevance 94.3%

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

Answer:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

7 more replies
Relevance 93.89%

I just dl'd this up-date and shortly afterward I got a message stating that it had found and removed Trojan Downloader:Win32/Zlob. I can't understand how this could have got in considering all the protections I have in place. I have Avast, Windows firewall, Windows Defender, Threatfire, Spybot S&D and Spywareblaster and Ad-Aware. Could this be a case of false positives?

Answer:MicroSoft Windows Malicious Software Removal tool

Possible. Don't clean anything....Print these instructions out.1. Download SUPERAntiSpyware Free for Home Users:http://www.superantispyware.com/    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.    * An icon will be created on your desktop. Double-click that icon to launch the program.    * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)    * Close SUPERAntiSpyware.Restart computer in Safe Mode.To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen    * Open SUPERAntiSpyware.    * Under "Configuration and Preferences", click the Preferences button.    * Click the Scanning Control tab.    * Under Scanner Options make sure the following are checked (leave all others unchecked):          o Close browsers before scanning.          o Scan for tracking cookies.          o Terminate memory threats before quarantining.    * Click the "Close" button to leave the control center screen.... Read more

11 more replies
Relevance 93.89%

you may or may not know, that MS put out a "tool" to remove "crap" from you PC.... It was part of MS Update for me...

however, after looking/searching/reading....

**
How do you run Microsoft Windows Malicious Software Removal Tool
**

I don't get it... nothing is really installed on your computer, but it edits some registry entries?

There is a place on MS site to click to begin the process... But what does it do, exactly.

I don't want a tool deleting files OFF MY PC unless I know what it is or AT least have a chance to say yes or no.

Thanks

Answer:Microsoft Windows Malicious Software Removal Tool

Larry, you don't have to download it:


Quote:




After the tool has been executed and the End-User License Agreement (EULA) is accepted, the tool automatically checks for infection by specific, prevalent malicious software and removes any found.




But I downloaded it yesterday and haven't seen anything running differently about my system. Liz

5 more replies
Relevance 93.89%

Something just doesn't sound right . . .

"Note The version of this tool delivered by Windows Update runs in the background and then deletes itself. To determine if the tool removed any malicious software, please review the log file."


http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en
 

Answer:Microsoft Windows Malicious Software Removal Tool - huh??

What doesn't sound right about it?

Its a stinger-like sasser/msblast a few other baddies removal tool.
 

2 more replies
Relevance 93.89%

I just got this installed on my computer today with the latest round of security updates. I've searched the web a bit and can't find how to actually launch and use this thing. I can't find any shortcuts in the Start Menu, but I did find some EXE's in the SYSTEM32 folder.

This has got to be really easy, and I appreciate any help you guys have for me.
 

Answer:Microsoft Windows Malicious Software Removal Tool

Microsoft bundles the MSRT with its monthly update package. It runs by itself when you restart after updating, removes specific malware if it finds any, and then disappears. On the 15th of next month, you will probably get September's version. On your Automatic Updates dialog, there should be a small window at the bottom with a brief description of the update and a link to the appropriate Microsoft Web page. Clicking on this link will open a page with more detailed information.

If you want to download and run the MSRT yourself, go into Control Panel--->Security Center and click "Get the latest security information..." It will take you here:
http://www.microsoft.com/security/malwareremove/default.mspx
You can download and run the tool from this page anytime.
 

1 more replies
Relevance 93.89%

I recently restored my PC and got an update for Microsoft Malicious Software Removal Tool, but I can't find it. I tried:

Start menu search box
aWindows Explorer Search box
View Update History
and installed updates

I don't know if I should manually download the tool or wait until tomorrow for Windows Update.

Answer:I can't find Microsoft Malicious Software Removal Tool!

Hello Advice Pro,

If you like, it will not hurt anything to manually download and install MSRT. The tutorial below can help show you more on this.

Malicious Software Removal Tool

Hope this helps,
Shawn

2 more replies
Relevance 93.89%

I ran the MRT and got following:
======
Microsoft Windows Malicious Software Removal Tool v3.9, July 2010
Started On Tue Jul 13 18:32:22 2010
WARNING: Security policy doesn't allow for all actions MSRT may require.
->Scan ERROR: resource process://pid:1204 (code 0x00000005 (5))
-> Sysclean ERROR: Internal error, code = 80508015
Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jul 13 18:34:35 2010

Return code: 0 (0x0)
=======

Does anyone know what the second 'error' entry - "-> Sysclean ERROR: Internal error, code = 80508015 " - refers to and if it is something I should be worried about?

This is a new Win 7 (64-Bit) computer and I am hoping there is nothing wrong with it.
Someone said to just make sure that No Infections are Found, and do not pay too much attention to the other 'notices.'

Can anyone help please? I couldn't find anything for the 80508015.
I am worried about this.
Please advise and thank you.
Alice
 

Answer:Microsoft Windows Malicious Software Removal Tool

7 more replies
Relevance 93.89%

First, I'm not very Computer literate... So, here is my problem:
I turn on my laptop.. (XP) In the Taskbar I have an icon that begins to pop up a message stating that My MalwareRemoval tool will begin in 10 sec. more or less. It opens up whether you want it to or not. It doesn't give you an option to Exit out it only shows Scan, Finish, Cancel. Once the scan is complete it shows this:

Microsoft Windows Malicious Software REmoval tool (at top)

System scan complete
Malicous Software was detected and partially removed
Detailed results of the scan and removal operation

JS.Qspace Not Removed

Then it advises me to click finish and it pulls up a window to purchase Norton360.
I already have Norton360

I can't figure out how to get this thing Permanetly REMOVED. I am tired of seeing it everytime I turn on my computer.

----- I have to right click on the tab at the bottom and hit close to get it to go away. This is no guarantee that it will go away. Eventually, My shield icon shows up and my Windows Security Center advises me that I have no antivirus protection and that it is disabled. When I click on recommendations it just takes me online to purchase some. I have Norton 360.. I just want these two annoyances to go away. Any suggestions???
 

Answer:Microsoft Windows Malicious Software Removal tool

Welcome to Major Geeks!

I assume you are saying that your copy of Norton is fully registered and not a trial version?

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide


Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
[*]Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but... Read more

1 more replies
Relevance 93.89%

Hello everyone!
I need help. I downloaded the Microsoft Malicious Software Removal Tool from the Microsoft website and everytime I run the program is stalls when it gets to the location and file C:\Windows\Mirosoft.Net\Framework\v4.0.30319\system.directoryservices.accountmanagement.dll. Then when I try to close the program because it's "not responding" my whole computer freezes.

I like using this program and it's very useful for scanning, detecting and removing malicious software. Not that I have constant virus problem but I use it for maintenance purposes one a month to make sure my computer is virus-free. For some reason all the sudden I started experiencing this problem of the program stalling. Can anyone tell me what this problem may be?

Another thing, when I go to the location of the file system.directoryservices.accountmanagement.dll my computer freezes when I click on the file. I downloaded a similar file to replace the existing one but it won't let me because it freezes when I try to delete the file.

Any help would be greatly appreciated!

Answer:Microsoft Malicious Software Removal Tool Problem

I would uninstall NET Framework 4.0, using Add/Remove Programs.

I have Net Framework 4, Clent Profile installed on this system, with no problems.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e5ad0459-cbcc-4b4f-97b6-fb17111cf544

There is also a download of NET Framework 4.0, Web Installer at http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9cfb2d51-5ff4-4491-b0e5-b386f32c0992&displaylang=en .

From what I see, either should work properly on your system, http://social.msdn.microsoft.com/Forums/en-NZ/netfxsetup/thread/2f0db54d-d609-4f66-b9ec-2b6b2f01425c , so I suspect that your installed version is damaged and needs to be replaced.

Louis

3 more replies
Relevance 93.89%

Hi,do i need this update for XP SP2 if i'm running an up to date virus scanner (Norton 2004)Thanks, Chris.

Answer:Microsoft Windows Malicious Software Removal Tool

Probably not it you run some spyware checkers such as click hereAdAware click hereSB click herecws click hereA²

4 more replies
Relevance 93.89%

what is Microsoft Windows Malicious Software Removal Tool and when dose it run or do i have to run it to scan my pc

Answer:Microsoft Windows Malicious Software Removal Tool

See this: http://www.microsoft.com/security/ma...e/default.aspx

9 more replies
Relevance 93.89%

Ok so everytime I run malewarebytes it will freeze on framework v4.0.30319. I try to repair framework but the computer freezes. I try to uninstall framework but the computer freezes. I have v4.0.30319 client. What do I do???

Answer:Microsoft Malicious Software Removal Tool Problem

I would use Dotnetfix Cleanup Tools - http://cid-27e6a35d1a492af7.skydrive.live.com/self.aspx/Blog_Tools/dotnetfx_cleanup_tool.zip to uninstall...then I would install the 3.5, SP1 version.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ab99342f-5d1a-413d-8319-81da479ab0d7

Louis

1 more replies
Relevance 93.89%

I have a Dell windows 6.1 Pro 11" tablet where the Microsoft Windows Malicious Software Removal Tool crashes every day. It usually happens in the middle of the night when the machine is docked and snoozing. I am getting close to removing it, but before I do that has anyone got any idea why?

Answer:Microsoft Windows Malicious Software Removal Tool keeps cr

Other people are having issue with this also. You can see the actions taken so far here.

Windows malicious software stopped working

1 more replies
Relevance 93.89%

Windows XP Home

When I try to run Microsoft Windows Software Removal Tool I get the error: Sysclean error: Internal error, code = 8050800C. This error appears in the mrt.log.

The Red X Box says an error has occured, Please visit the Malicious software removal tool help page for more details. No help there.

Here is the log file. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:58 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\WINDOWS\PROGRA~1\VCOM\Fix-It\mxtask.exe
c:\WINDOWS\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Program Files\Bret Taylor\Stickies\Stickies.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\... Read more

Answer:Microsoft Windows Malicious Software Removal Tool

16 more replies
Relevance 93.89%

click hereNew from Microsoft

Answer:Microsoft Windows Malicious Software Removal Tool

Sorry, it's not new.It's at least 2 months old and there have been several threads about it already in this Forum.

2 more replies
Relevance 93.89%

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

Answer:Malware - blocking removal by malware antimalwarebytes

16 more replies
Relevance 93.07%

It didn't say it was installed anywhere...can't find it...how do you use it?
 

Answer:Where is the Microsoft Windows Malicious Software Removal Tool located?

nevermind...got it
 

1 more replies
Relevance 93.07%

I've been trying desperately to either completely remove this from my system or prevent it from scanning. It got installed when I wasn't carefully looking through the updates being installed. I'm on Windows XP Home, SP2.

Anyone have any ideas? Thanks!

Answer:[SOLVED] Microsoft Windows Malicious Software Removal Tool

This should help explain the Microsoft Windows Malicious Software Removal Tool
http://support.microsoft.com/kb/836528/en-us.

4 more replies
Relevance 93.07%

Microsoft Windows Malicious Software Removal Tool (KB890830) 17-8-05

--------------------------------------------------------------------------------

Microsoft on Wednesday made available a free software tool to help victims of the worms that hit Windows computers in the past days clean their systems.

The Zotob worm started spreading on Sunday. Since then it along with many of its variants and other worms that take advantage of the same Windows security flaw have hit Windows 2000 users in particular. Systems at CNN, ABC and The New York Times were among those infected.

The cleaning program is an updated version of Microsoft's Windows Malicious Software Removal Tool, Debby Fry Wilson, a director in Microsoft's Security Response Center, said in an interview.

"You click on it and it will tell you if you are infected," she said. "And if you are, it will clean the worm off your PC."

The Windows Malicious Software Removal Tool detects and removes malicious code placed on computers. Microsoft typically releases a new version of the tool every month with its security patches. The tool can be run online through Microsoft's Web site or downloaded from the Microsoft Download Center.

The updated cleaning program checks for and removes infections from Zotob.A through Zotob.E as well as Bobax.O, Esbot.A, Rbot.MA, Rbot.MB and Rbot.MC, according to Microsoft. The list represents all known variants based on Microsoft's investigatio... Read more

More replies
Relevance 93.07%

The Microsoft Malicious Software Removal Tool does not replace an antivirus product. It is strictly a post-infection removal tool.
The Microsoft Malicious Software Removal Tool differs from an antivirus product in three key ways:
•The tool removes malicious software from an already-infected computer. Antivirus products block malicious software from running on a computer. It is significantly more desirable to block malicious software from running on a computer than to remove it after infection.
•The tool removes only specific prevalent malicious software. Specific prevalent malicious software is a small subset of all the malicious software that exists today.
•The tool focuses on the detection and removal of active malicious software. Active malicious software is malicious software that is currently running on the computer. The tool cannot remove malicious software that is not running. However, an antivirus product can perform this task.
Read more at KB890830.

Answer:Difference between Microsoft Malicious Software Removal Tool and an antivirus

Hi HappyAndyK...I'm not sure does MRT always run in the background????

3 more replies
Relevance 93.07%

hi , i'm new here so i may missed this if it has been posted before. But has anyone else used the tool available before ... what were your experiances with it ? so it has been effective for me.. but i would like some more information on it. Seems it was released on the 14 of June 2005Microsoft? Windows? Malicious Software Removal Tool (KB890830)http://www.microsoft.com/downloads/details...&displaylang=enthanks in advance.regardsNigel Mod Edit: I have edited the title of this topic. Removing the registered trademark symbols. When symbols are used in a topic title that is in fact a link. It causes a broken link.

Answer:Microsoft Windows Malicious Software Removal Tool (KB89083

I have not used this one, but most of the removal tools from MS seem to work well.
Cheers,
John

4 more replies
Relevance 93.07%

Malware bytes starts is continually blocking malicious websites but will not correct the issue.
 

Answer:malware bytes continually blocking malicious websites

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

5 more replies
Relevance 93.07%

I am new here but wanted to contribute what I feel is a big help with bad hosts, adware, spyware, malicious software, and bad servers.

I added the code below to my routers "Startup" and "DNSMasq" entries. It uses the hosts file from Welcome to the MVPs.org home page! to block these bad hosts (servers). It is basically doing the same thing as adding the hosts file to your system locally but this way, you only have to maintain the list on the router.

The way the code is written, it automatically refreshes the file from mvps.org each time you boot your router. I have my router on a scheduled boot each night to refresh the list for any updates added by mvps.org. I have been using this since last August and am very hapy with the results.

The code:

"Startup"
---------
_rogue=0.0.0.0
echo -e "#!/bin/sh\nn=1\nwhile sleep 60\ndo\n\twget -q -O - http://www.mvps.org/winhelp2002/hosts.txt | grep \"^127.0.0.1\" | grep -v localhost | awk '{print \"$_rogue\\\t\"\$2}' | tr -d '\\\015' >/tmp/dlhosts\n" >/tmp/write_dlhosts
echo -e "\t[ \`grep -il doubleclick /tmp/dlhosts\` ] && break\n\t[ \$n -gt 5 ] && break\n\tlet n+=1\ndone\n[ -e /jffs/hosts ] && cat /jffs/hosts >>/tmp/dlhosts\n[ -e /opt/etc/hosts ] && cat /opt/etc/hosts >>/tmp/dlhosts\nkillall -HUP dnsmasq" >>/tmp/write_dlhosts
chmod +x /tmp/write_dlhosts
/tmp/write_dlhosts &

"DNSMasq"
... Read more

Answer:Blocking Bad Ad/Malware/Malicious Code/Servers at the Router

I thought I would post a screen-shot of the AdServer program running on my server to show the number of intercepts. These numbers have been collecting for about two weeks (since I reset them). I am astounded at the counts

2 more replies
Relevance 92.66%

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

More replies
Relevance 92.25%

I can not do the prework because my browsers are incapacitated, so I can't download anything.The PC indicates that my web connection - DSL - is functioning properly. I don't know if it is safe to insert a flashdrive in order to bring the required programs to my pc, and post the results using my relative's pc. Is there a way to prevent malware from infecting the flashdrive?
 
I am using a relative's desktop PC in order to communicate here. I still have windows XP SP3 on my desktop pc and I finally got a virus despite what I thought was safe surfing, using a limited account. I have Avast free but it did not detect anything. My superantispyware is "locked" and my malwarebytes free stops responding.  So I don't know what infection I have. I use Online Armor firewall, but it did not prompt me about any new program. It is set to always notify me, even when running something I have allowed in the past. Whatever it is, also got passed K-9 web protection which filters all of my PC use. I am putting a lot of disjointed information that may be helpful into this post, simply because of my need to go back and forth between two houses in my particular situation. (About a 5 minute walk). I normally would not put all of this into one initial post. I understand that the system works better when one detail at a time is presented upon your request. Please understand that I won't be able to provide bits of information without returning home for each request!
 
My last action befor... Read more

Answer:unknown malware disabled my browsers, locked anti-malware programs

DON'T READ MY POST!
system restore worked!
how do I close this thread as solved??

2 more replies
Relevance 92.25%

Windows Antivirus Pro, also known as Windows Police Pro or ASC Antivirus, is the latest piece of rogue antivirus products that Microsoft has started tackling with its free Malicious Software Removal Tool security solution. Identified as TrojanDownloader:Win32/FakeScanti, the malicious code is an example of a fake antivirus, an application masquerading as a security solution. Just as other rogue antivirus programs, FakeScanti turns to a range of social engineering tricks in order to fool victims into paying for a license for a piece of software with no real functionality.



Windows Antivirus Pro Tackled by the Microsoft Malicious Software Removal Tool - TrojanDownloader:Win32/FakeScanti - Softpedia

More replies
Relevance 92.25%

I think this is a virus but can't seem to get rid of it. I have just ignored it but I have several people using my computer so it may have been acknowledged. I have a laptop running Windows 7. I have run Malwarebytes Anti-Malware and my Norton Security but the message still pops up. At one point my browser was being redirected and that issue is resolved but that may have been something else. Any suggestions?

Answer:Microsoft Windows Malicious Software Removal Tool is Requesting Your Permission

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

9 more replies
Relevance 91.84%

My Windows 8 computer has been infected with malware/adware. When I browse the internet there are ads displayed by edeals. I've followed many guides to removing it, but none have worked. I've scanned my pc with malwarebytes, adwcleaner, and junkware remover.
Here is the result of the scan with Adwcleaner: 
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Jed - JEDPC
# Running from : C:\Users\Jed\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*origin.com;*ea.com;*akamaihd.net
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:12289
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2109 bytes] - [24/05/2015 11:15:26]
AdwCleaner[R1].txt - ... Read more

More replies
Relevance 91.84%

Hi, I been trying to remove the searchinterneat-a.akamaihd.net malware for months. I looked over at least 10 different guides on how to remove the malware. I tried multiple antimalware programs to HitmanPro to Anti-Malware and it seems like none of them can detect the malware. Looking for help!

More replies
Relevance 91.43%

i cant access certain antivirus sites, microsoft, any .gov sites or update any kind of virus software unless im in safe mode. i think my hosts or dns may be hijacked. i ran mb anti maleware,super anti spyware, combofix, sd fix, smitfraud fix. it removed a few things but it still having the problem here is my hjt log. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:22 AM, on 2/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files&#... Read more

Answer:cannot acess microsoft, any anti virus sites, cant update maleware programs unless in safe mode

Hello,My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download GMER from one of the following locations, and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zip MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs, as this process may crash your computer.Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.Double click on Gmer to run it.Allow the gmer.sys driver to load if asked.You may see a rootkit warning window, If you do, click No.Untick the following boxes on the right side of the Gmer sc... Read more

2 more replies
Relevance 90.2%

i had antivir the anti virus programe but on start up it would come up with an error of i think a file missing possible cause by an already existing virus so i removed it using Your Uninstaller! 2010 as it would not be removed. at the same time i was getting blue screen of death errors at random times which have seemed to become less frequent but more random i/e watching youtube or playing command and conquer campaing with nothing else running each time except itunes. i scaned my computer using Microsoft Windows Malicious Software Removal Tool and it found Virus:win32/alureon.G (Win32/Alureon.G) it was only partialy removed -so i found this fourm and have posted here. I also had to run gmer in safe mode (i dont know if this is a problem) because while running it i was getting blue screen of death in the first 10-20 sec. The BSOD code was 0x0000008e (0xc0000005_0x8bc41p1b_0x8fc23a10_0x00000000 ; i have been receiving another code consistanly all the other times it has apeared which i do not have a copy of. I bought this laptop with windows 7 already installed and do not have a disc although my manager friend from harvey norman may be able to suply one. It is the legit version of windows



DDS (Ver_10-03-17.01) - NTFSx86
Run by sperson at 17:49:35.86 on Thu 24/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3056.2282 [GMT 8:00]


============== Running Processes ===============

C:\windows\system32\wininit.e... Read more

Answer:virus:win32/Alureon.G found in Microsoft Windows Malicious Software Removal tool

Simple solution: (for Toshiba Users)
WOW guys it apears to be a TOSHIBA FAULT perhaps bought on by antivir anti virus ( thats my guess) the problem is a power setting and not a harddrive fail or anything else like a virus what you need to do is
1) start > controll pannel
2)search mobile pc
3)open power options ( this can be done alternatively by right clicking your desktop and going to personalize then screen saver)
4) chose balance or eco which ever you are using currenlty
5) click change plan settings
6)click change advance power settings
7) find processor power management
8)set all of the values on both minimum and maximum to 100%
9) reboot your pc
0) ADDITIONAL: if you go from blue screen of death to either reboot or fan working but no response from screen or anything else take out battery then power cord. replugg the cord and not the battery confirm the settings are at 100% then shut down and reconnect battery (possible remove power cord before replugging both)
Worked for me :)

11 more replies
Relevance 89.79%

Which Internet Security Suites or Anti-Malware will you prefer is the best in terms of "Web Browsing Protection" and why???
Thank you guys for participating and sharing your opinions
 

Answer:Malicious Web URL Blocking (Malware, Trojan, Rootkit, Phishing, Adware, Worm, Spyware, ... etc)

Kaspersky and Eset have very fast and great web shield.
 

35 more replies
Relevance 89.38%

Friday I visited a client with a problem as described below. Next Monday I will run the anti malware check-list posted on this forum but I think I've already done the major steps. My question here is therefore, see below: could malware prevent 4 anti malware programs to run while everything looks ok (running processes, normal XP system with Norton on it, etc).

I will post the outcome too.

Dick

One PC shows odd behaviour (not really specified) and seems to block websites (except a few which show, including the banking website....). DNS was rerouted to 93.188.162.244,93.188.160.54. This may have had to do with a parental control program (recently installed and uninstalled again) but Hijackthis log shows this:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.244,93.188.160.54
and that is connected with Zlob.DnsChanger on some places e.g. http://www.exterminate-it.com/malpedia/remove-zlob-dns-changer. Everything works again after setting DNS to auto. I checked all running processes and there seem to be no suspect processes; I disabled several which were not needed.

To be sure I installed Malwarebytes. This program did not run however. It shows briefly in the task list and then disappeared. The system runs Norton Utitities and no further anti virus or firewall but another PC with the same configuration ran Malwarebytes without problem. I have tried the following programs, all with the same result: they do not start:

ATF-Cleaner.exe
mbam-setup.e... Read more

Answer:Can malware prevent 4 anti malware programs to run?

Yes, malware can do that. Please follow the instructions here:
READ & RUN ME FIRST. Malware Removal Guide

Attach the logs that will run.
 

3 more replies
Relevance 89.38%

I am running a Windows Xp 32 bit system. I clicked on what i thought was a legitimate install file, but turned out to have some extra baggage.
 
At first, the task manager showed a bunch of svchosts and a process called Microsoft.com, and it was using 90 to 100 percent of cpu and memory.
 
I also found that not only were my anti spyware and anti malware programs not functioning, but when I tried to access the program directories, i get an error that says access denied.
 
I normally wait to be told to run combofix, but I am shutting this system down in another month or two so no harm done, plus I have been playing with combifix for a few years an I kind of got the hang of it for the most part.
 
combofix deleted a bunch of stuff, so i rebooted and ran rkill and tdsskiller. both of these programs found nothing, but I was able to re-install malwarebytes and run it. it found and quarentined a bunch of stuff also.
 
i rebooted, and installed avast anti virus and ran that as well. it also found and quarentined stuff, but i was unable to run anything else while it was installed so I uninstalled it. I tried to disable it first but it still interfered with too many things.
 
i was also able to run a stand alone version of hijack this, and I removed all startup entries.
 
i have the combofix log and the malwarebytes log. Let me know if you want to me to post them.
 
The avast log seems to have been deleted with the uninstall. i should have know t... Read more

Answer:Malware Has Locked Out My Anti-Malware Programs

Please follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html .  IF you have the CF log, you may also attach that or paste the content into this topic.
 
Louis

8 more replies
Relevance 88.97%

dont know if this counts as a double post or not but i had infection and now its been "cleaned"okay i had a rootkit.boot.phar.b infection with trogan.*32 agent on svchost.exe original posts link: trogan infectioni still have network limited conectivity issues and java update sheduler keeps crashing (this started post cleanup of malware.for conectivity issue it will come and go for ~1hr-24hrs with no internet acess while error is occuring. i have all new cables connecting modem to computer. tried cables on another computer on same network. (that computer has internet acess) and internet settings i believe are all set up correctly.i may still have an infection somewhere.thanks in advanced.

Answer:network limit conectivity with no internet acess post malware removal

Welcome aboard Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.

16 more replies
Relevance 88.97%

Hello. I run Windows XP, and I think I got infected when I unwittingly allowed a [possibly] bogus update to Firefox to proceed.

Spybot is completely unable to run.

Every time I click on a Google or other search engine results link I get redirected to an ad site (that has nothing to do with what I searched for), and certain other pages don't open at ALL (getting stuck on Google analytics showing on status line, then nothing else happens).

Have tried several methods shown here (Malwarebytes, SuperAntiSpyware, Rkill, etc.) and nothing has gotten rid of it.

I also use AVG antivirus (free version) but this has no effect.

Sound board is not running... eralier I was able to reload the driver, but it kept going out and now nothing works.

Sometimes the internal wifi device does not run and requires a system reset (nothing else will get it started).

I DO NOT have an XP startup CD; never bothered to make one, and I bought the computer with XP installed; a CD was $100 extra, if I recall correctly.

Last day or two, system says it's run short of RAM and needs to start paging to disk... I recently upgraded RAM and so this is probably the malware at work.

Girlfriend's computer class teacher was going to help me., but his friend with an XP CD is unable to be reached, so that avenue is indefinitely postponed... I'm tired of having a sick computer, and want to learn how to deal with this myself, but I'm a little out of my depth here, and could use a little he... Read more

More replies
Relevance 88.56%

Hello computer experts!

My laptop appears to be infected with a plethora of virus/ torjans etc and i have tried all scans etc but things just keep reapprearing.

The problems are:

1) something reconfigured my internet settings

2) continutal blocking by anti malware of 'potentially malicious websites', e.g. 208.87.33.151

3) trojan horses are continally being found by avira anti-vir, e.g tr/kazy.35735.1 (which is flagged as a torjan horse generic 24.bkkc

Please advise guys, i would greatly apprehciate it as i have no idea what else to do.

sam

Answer:potentially malicious website keeps being blocked by anti-malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

50 more replies
Relevance 88.56%

malwarebytes Anti-Malware giving malicious web message on email outgoing server when i try to send email. -it shows my outgoing server as the malicious site
 
on inbound giving me same message showing the following:
 
57504
inbound
C:\\windows/system32/svchost.exe
also refers to an i.p. address 
ingoing & outgoing email all of a sudden.giving me malicious website message pop-ups. the trail is getting ready to run out.
 
running trial version malwarebytes Anti-Malware and use microsoft security essentials
anyone know what this could be?
 
Malicious Website Blocked
Domain - (references my outbound email server)
I.P. address they give just takes you to Malwarebytes for information
Port: references a port number
Type:Outbound
C://ProgramFiles(*86)MicrosoftOffice\Office\14OUTLOOK.EXE
 
CAN SOMEONE HELP?
tHANK YOU!
DO I HAVE A VIRUS
????
 

Answer:malwarebytes Anti-Malware giving malicious web message

Hello LuAnne123 and  Yes - the severely limited information you provided does likely point to a malware infection. I recommend following the advice from the topic: Available Assistance for Possibly Infected Computers and have one of the Malware Removal Experts assist you with your issue.If you would like to get off to a very fast start, the Malware Removal Experts would appreciate it if you would also attach (not copy/paste) both the FRST.txt and the Addition.txt output diagnostic reports from only Log Set 1 into your new topic. Please do not tick, nor untick, any pre-configured FRST categories. If you wish to remain in the BleepingComputer community, please carefully read the 3rd pinned topic in this "Security" section, and then post the required information within the 1st pinned topic in this section.Thank you.

1 more replies
Relevance 88.15%

Hi all!
 
We all agree that having real-time running anti-virus, anti-malware, anti-exploit/ransomware as well as backup- and disk imaging software are essential components in a comprehensive security setup, including Windows Firewall.
 
Also, it is equally important to use add-ons like i.e. Web Of Trust, µBlock Origin and Ghostery in the web browser(s) for additional security.
 
However, now I wonder: Would an Anti-Executable Tool provide an extra layer of anti-malware protection (in addition to UAC and SmartScreen)?
 
Thank you very much in advance!
 
Regards,
midimusicman79

Answer:Would an Anti-Executable Tool provide an extra layer of anti-malware protection?

Are you referring to something like Faronics Anti-Executable which uses application "Whitelisting"...blocking files based on hash value, digital signatures and publishers?

9 more replies
Relevance 87.33%

Note the detections, other than the PUP there are temp avast files which are malicious. I hope this is a false positive
 

Answer:Avast files detected as malicious by Malwarebytes Anti-Malware

Malwarebytes used to detect itself as malicious, so this isn't as surprising.
 

4 more replies
Relevance 87.33%

When I start my computer I get this message from Malwarebytes. I quarantine the item then delete it and it reappears next start up. I also have not been able to make any changes to my firewall and think this RootKit is the reason for that. This is the exact message received from Malwarebytes.
Malwarebytes Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt. Please select an option below.

C:\WINDOWS\INSTALLER\{4DA8019A-0AB2-4866-0C91-F465CAC06285}\U\[email protected]
I appreciate your help thank you!

Answer:Anti-Malware has detected a malicious process attempting to start

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Team Spencer at 21:17:50 on 2012-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10238.8091 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Fi... Read more

33 more replies
Relevance 87.33%

Hi, there seems to be a malicious software on my laptop which has messed up my whole system. For the last one week, Google Chrome was acting strange as in it wasn't letting me view sites opened in other tabs and was hogging up a lot of memory. I simply ignored it, thinking it was a problem related to it being an outdated version.
 
Now since the last couple of days, I realized that almost all the programs and games have uninstalled itself, leaving most of the shortcuts broken. The application's folder have vanished and the game folders contain few MBs of data. Any application that I try to open gives me an error, saying that it doesn't exist. I believe some 100GB+ games/apps got wiped in the process.
 
Anyway, so I then tried restoring the system to an earlier point (2 weeks) to see if that helped. Most applications were restored but still there was problem running them as many were broken in most cases and the laptop felt very buggy. I then again restored to an older restore point (January) to see if it'd solve it but to no avail. I then restored it back to its original point (basically undo whatever I had done). I was then suggested by a friend to install MalwayreByte and scan the laptop and restore back to an earlier point (January), yet the problem of broken program links and system lag still persists. There were quite a few Trojan Horses that were detected/removed from D drive using MalwareByte. Here they are:

Trojan horse Exploit_c.VOX
Trojan horse Exploit_c.... Read more

Answer:Malicious malware uninstalled all the programs

I have seen few instances of this and if system restore doesnt fix the broken icons then there is no other way.

1 more replies
Relevance 87.33%

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

Answer:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

23 more replies
Relevance 86.92%

Hi. I am running Windows XP. I had no problems until today after I disabled adblock on a website. This led me to be redirected to some security thing. I enabled Malwarebyes Anti-Malware real time protection and since then I have been having constant pop ups telling me its blocked outgoing/ingoing IPs.
Some of them are from China such as 222.186.13.71 I also received an incoming one from Doha 178.152.15.122. I'm not sure if this might be caused by my uTorrent as I always have it on and seeding. Malwarebyes Anti-Malware full scan came up with threats but those are just trainers for games installed on the computer and do not do anything. I have had those trainers installed for a while. What do I do? I have not been redirected recently only that one time.
 
 

Answer:Malwarebyes Anti-Malware keeps blocking IPs

Update: I just shut down uTorrent and so far no pop ups about blocking IPs. I'll keep uTorrent off for a while and see if any pop ups happen. I'm still a bit worried as I was redirected that one time.

3 more replies
Relevance 86.1%

Hello,

I just got infected with two nasty programs that want me to disable or uninstall Avast and keep pestering me to do alot of different things. I tried to run a scan with Avast and managed to put in quarantine one infection from the Temprary Internet File, but it did not seem to fix the problem. I would take a picture to show how the virus icons look like, but I can't do that anymore since I have been infected. help.

More replies
Relevance 86.1%

All,

First, thank you in advance for your assistance.

Second, I am trying to fix my dad's computer remotely via LogMeIn. I'm not sure if this will show up as something odd in the logs. Also, some steps may be challenging and will take extra time.

So on to the problem.

1) My dad had a serious malware issue. Whatever was on his system was doing the usual blocking of his anti-virus and re-routing. However, I am also sure there were multiple infestations.

2) I logged in and tried a few different scans (MBAM, Spybot, etc). Found several baddies including "whitesmoke" and a few rootkits. I managed to get his system to allow windows updates again, but still had issues. Of note, google search results, when clicked, would redirect to entirely other sites.

3) I uninstalled all anti-malware on his system, and turned off windows system restore. I then ran CCleaner, Revo Uninstall, Norton removal tool, AVG removal tool. Basically I made sure I was starting from scratch. Strangely, windows security still though that anti-virus was functional even though there was nothing on the system.

4) I then started working through your Malware Removal Guide, first doing all the cleanup steps. I even installed all available windows updates and update his java to most recent version.

5) I then ran the (5) suggested scans in order. The only challenge was ComboFix. It kept freezing right after it show "combofix is preparing to run" even after giving it... Read more

Answer:Blocking Anti-Malware / Search Redirect

Welcome to Major Geeks!





ThePaladinGuild said:





3)and turned off windows system restore.Click to expand...

Bad idea! You should never do this until malware has been removed. If you mess up during the malware cleaning, a restore point is your fall back even if infected. Now you have no fall back. See our cleaning process and you will see that we do not have you disable System Restore until malware has been verified to be gone.



Download TDSSKiller from Kaspersky to your directly onto your Desktop

Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123tdk.com).
If you do not see the file extension, please refer to: How to view hidden, system files & folders!

Allow the application to run if prompted by Windows or any security programs you have installed
It will start the scan and run rather quickly and will notify you of whether anything is found or not.
Follow the instructions to delete/quarantine if asks you what to do when if finds something.
Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.tx... Read more

7 more replies
Relevance 86.1%

I believe I have a malware problem but I can't work out how to fix it. Help would be much appreciated.
I can't open or run AVG 2014 (free) - the following error message just comes up whenever I try to open the program:
"This program is blocked by group policy. For more information, contact your system administrator."
 
I had installed updates, though I'm unsure whether AVG was among them, 5 days before the problem started.  The reason I noticed was that my access to a TV streaming subscription kept failing for an undeterminable reason (password got me in but the stream failed), so I tried to run a virus scan (after checking everything else I could think of) and this message came up.
 
I'm running Windows 7 (64-bit) and have already tried the following:
- Restart in safe mode and run Rkill, followed by Malwarebytes
- Uninstalled Malwarebytes due to AVG compatibility concerns
- Restarted again in safe mode, ran Rkill followed by AVG 2014
- Uninstalled and re-installed AVG 2014 (free)
- Installed and ran FARBAR
- Burned the AVG Rescue CD (as an .iso image) and tried to boot from the CD (I just get a message saying "isolinux disk error 04..." so have not been able to use the tool)
 
Even after these attempts, when I start up normally (i.e. not in safe mode) I still have the same message when trying to open and run AVG.
 
Malwarebytes found and quarantined two files but (stupidly) I no longer have the log because I uninstalled Malwarebytes. Otherwise, I ca... Read more

Answer:Possible malware blocking anti-virus program

Use AVG Remover to uninstall AVG: http://www.avg.com/us-en/utilities
Then try to reinstall it again.

22 more replies
Relevance 85.28%

I am having an issue with, what I believe is, the google redirect virus or whatever it may be called now. It all started last week when I was working on my accounting homework for school and was working between Microsoft Word 2007 and various websites in IE9 (running Windows 7). I was working on my homework when suddenly all of the windows closed without warning (internet, word, and windows explorer) and my computer restarted. When Windows reloaded, my desktop background had changed to solid black and half of my desktop icons went missing. The more I did to try to fix it, the worse it got and the more icons disappeared. I found a thread on this forum that described the fix and followed it step by step. I downloaded and ran Malwarebytes, the unhide program (i dont recall the proper name but the icon is a white briefcase with a red cross on it), and another program that I renamed to iexplore.com per the instructions. I was able to restore the desktop icons and full functionality of the computer after doing that process. Although I was never able to run TDSSKiller (even with the disguised version) or Kapersky...couldn't even install them.

Now I am living with the issue of the redirected search links. I can get to Google (or any other search engine) and search normally, but when I click the link that I want, it will take me to some other random website having nothing to do with my search (for example, i search for Bleeping Computer and click the link for www.bleepin... Read more

Answer:Malware or virus is redirecting search links but is not detectable with anti-virus/malware programs

Do not run any tools unless instructedDownload Listparts from hereFor 32 bitList parts 32For 64 bitList parts 64Launch it,click on SCAN,post the log

22 more replies
Relevance 85.28%

are these two programs similar? do they do the same thing? which one is better?
 

Answer:MalwareBytes' Anti-Malware or spybot?

16 more replies
Relevance 85.28%

What would you recommend based on your experience?

Answer:MalwareBytes anti malware or spybot?

Originally Posted by dinesh


What would you recommend based on your experience?



spybot search and destroy and super anti spyware free edition ...get them both

they the 2 best free ones IMO

13 more replies
Relevance 85.28%

Your opinion please. An upper level Dell tech person advised a re-install of Win 7 ultimate to not put Mcafee back. All you need is malware bytes & spybot. Your impression, pls. Tthankyou
 

Answer:Malware & Spybot vs Anti-virus

I wouldn't run a machine without an updated AV program, but the choice of which one is open to debate. Some discussion of these is here: http://forums.majorgeeks.com/search.php?searchid=1393843 A search of the forums will no doubt turn up some other animated debates on which one is the best...

In addition to an AV program, I also run the real time (paid) version of Malwarebytes and a few other passive scanners.

To advise against running Mcafee is one thing, tastes and experiences being what they are, but to advise not running an AV at all is dangerously stupid, particularly when done under the color of authority...
 

10 more replies
Relevance 85.28%

I know FRST says it ran from another location other than desktop, it is now located on a file on my desktop.
 

Answer:COM Surrogate, dllhost.exe, Malwarebytes Anti-Malware blocking

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

1 more replies
Relevance 85.28%

I am not able to acess symantec.com, or mcafee.com. It seems like they are being blocked, possibly by malware. Any thoughts on how I fix this? I am running windows xp.
 

Answer:Malware blocking access to anti-virus website

follow advice here and post the logs those programs make
 

1 more replies
Relevance 84.46%

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:22:13 PM, on 11/23/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe C:\WINDOWS\stsystra.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Claire\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Commo... Read more

Answer:Tried Spybot, anti-malware, superantispyware, & more! Help! HJT log is posted

16 more replies
Relevance 84.46%

I just got my computer back from the local computer shop. I had the MB,CPU, Ram and after-market cpu cooler installed and so far everything seems to work perfectly. The tech installed Avast anti-virus (free version),Malwarebytes' anti-malware and spybot. My question is do I really need all of this. I have Vipre anti-virus and anti-malware that I would like to install but I'm not sure if that will cause any conflicts with Spybot. Norton also came on the CD that I got with my MB but the tech didn't install it. I would really like some advice on where to go from here. Thank you in advance.
 

More replies
Relevance 84.46%

Tried running spybot and some other programs which temporarily fix the problem. Here is my log:Here is the log:

Answer:Popups after several Spybot & Anti-malware scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 84.46%

A family member's computer recently started displaying the standard "Antivirus 200x" symptoms, including lower-right corner tray "warning" popups, browser redirects when trying to access anti-malware websites, and blocking the execution of anti-malware programs. Spybot and Malwarebytes refused to load at all at first, and then later after trying renaming the executable as well as installing SUPERAntiSpyware (which ran once but was not able to sufficiently clean out the infection), Vista started denying permissions to use all three programs. I was also able to run hijackthis once, but it crashed when i tried to save a log file and I lost permissions with it like the others.

I tried disabling UAC as well as going into the properties of the executables to restore permissions, neither of which yielded results. Unfortunately I am unable to provide a DDS log because, although the tool will run, it hangs for upwards of an hour without producing any logs. Switching to safe mode fails to resolve any of these roadblocks to disinfection. Strangely, I haven't seen any popups since a few days ago even though I've been working on the machine. Any help would be greatly appreciated.

Answer:Antivirus popup ad followed by persistent anti-malware blocking [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

5 more replies
Relevance 84.46%

Background and what I've done so far...
 
This sucker is just annoying.  I got a call from a client today that his PC was acting funny, sluggish, downloads were incredibly slow, etc.  So I stopped in and went to download Malwarebytes as usual.  The download was coming in from Bleeping at like 50k/s which is aweful.  I rebooted their router which seemed to fix it for all of a minute.  But after it finished I was unable to make it install.  Literally nothing happened when I clicked on it.  Odd.  I went to grab TDSSKiller, and again, nothing won't even execute.  I open some programs on the PC, notepad, paint, etc no problems lickety split.  I plop in my trusty thumbdrive which holds pretty much every anti malware program available here on this site (updated weekly ) and low and behold, NONE of them shy of FRST will run.  I was dumbfounded.  I even tried Malwarebytes camelion.  I tried safe mode, safe mode with networking.  I can see lots of rogue exe's running like msiexec.exe, iexplore.exe etc, stuff that shouldn't be because it's not actually open.  So I thought, ok you clever little turd, Ill pull the drive out and scan through my hard drive dock.  No sooner did I do that then my boss comes in with another PC and says I think this one has the same damn thing!  And...it appears to.  Nothing will run.  Two customers on opposite sides of the city.  Pretty crazy stuff and both... Read more

Answer:Trojan blocking almost all anti malware products from installing/running!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573374 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 84.05%

Hi, I've been working with boopme on this in the "Am I infected forum" Mod. edit: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/183098/infected-with-something-cant-download/ ~ OBHe determined that a driver was blocking the removal of the malware affecting my computer and said I should post here.Some background info. My desktop computer is infected. It uses Window Vista home premium. The computer is very slow when trying to browse the net and stops responding often. I can sign on with IE but am very limited to what sites I can get to. I can't get to this site. Firefox won't start at all. I am unable to download anything and I can't updated my antispyware programs. Other programs on the computer, like photoshop, seem to work fine.I have been using my laptop to download and update programs and transfer them to the desktop with a flash drive. I am posting this from my laptop.Here are the RIST logsLogfile of random's system information tool 1.04 (written by random/random)Run by Owner at 2008-12-04 21:36:01Microsoft? Windows Vista? Home Premium Service Pack 1System drive C: has 148 GB (64%) free of 231 GBTotal RAM: 2942 MB (69% free)HijackThis download failed======Scheduled tasks folder======C:\Windows\tasks\Check Updates for Windows Live Toolbar.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Ac... Read more

Answer:Driver or service blocking malware removal

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part... Read more

14 more replies
Relevance 84.05%

Good morning everyone,
Frequent visitor, first time poster of this forum. I want to thank anyone in advance for committing any amount of time to my problem. I'm hoping someone has some experience with this issue. Allow me to explain:

Yesterday, I woke-up my computer and opened up my browser (I use Google Chrome). As soon as I clicked to open the browser, I noticed a Windows Explorer Pop-up. I have attached a picture of what this box looks like, but to describe it for those who are not able to open the attachment: The windows header said "Mod Info" and the Content said "BC LOADED" the only available options for me to click were "OK" or the "Close" button at the top right. Without clicking anything the box then disappeared and Google Chrome opened as usual. This behavior was unexpected, I've never seen this before. Worrying I had some kind of Spyware or Malware, I decided to try running my AV program. I use Avast Free.

I went to look for the process in the hidden icons list on my taskbar, where it usually resides. I didn't see it there, which was concerning. I tried running the program from the start menu, but after clicking it, nothing opened. This was also a red flag that something must be wrong. So I decided to try and run Malwarebytes Anti-Malware. This program would also not open when prompted.

I decided to scan google for my symptoms to look for recommended fixes. Several tech support forums suggested to those who presented simil... Read more

More replies