Computer Support Forum

Spyware Protect 2009 malware

Question: Spyware Protect 2009 malware

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
J:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\WINDOWS\system32\UTSCSI.EXE
J:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
j:\program files\aim toolbar\aimtbServer.exe
J:\WINDOWS\system32\wuauclt.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Outlook Express\msimn.exe
J:\Documents and Settings\Kim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uStart Page = hxxp://www.ask.com/
mSearch Page = hxxp://www.ask.com/
mStart Page = hxxp://www.ask.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - j:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - j:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - j:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - j:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - j:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - j:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - j:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - j:\program files\aim toolbar\aimtb.dll
TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\roboform.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - j:\program files\aim toolbar\aimtb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\googletoolbar1.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
EB: {6576EBAA-B570-4345-98E4-96153C77CF24} - No File
uRun: [Aim6] "j:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "j:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "j:\program files\messenger\msmsgs.exe" /background
uRun: [sysguard] j:\windows\sysguard.exe
mRun: [mcagent_exe] "j:\program files\mcafee.com\agent\mcagent.exe" /runkey
uExplorerRun: [svcho] j:\windows\svcho.exe
IE: &AIM Toolbar Search - j:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &D&ownload &with BitComet - j:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - j:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - j:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Customize Menu - file://j:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://j:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://j:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://j:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - j:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - j:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {78162A52-6823-4C38-BD97-676D28566169} - j:\program files\bsi\edocxl lite\TriggerIE.exe
IE: {B82C5879-1AAF-4CFF-8062-8F2EF22FED4C} - j:\program files\bsi\edocxl lite\TriggerIE.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://j:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - j:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - j:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - j:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: {F0B17515-3057-44C8-B066-26AD3C6907E7} = 24.151.8.211,24.251.8.210
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - j:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;j:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R2 aawservice;Lavasoft Ad-Aware Service;j:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 CmosTime;CmosTime;j:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 McProxy;McAfee Proxy Service;j:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-12 359952]
R2 McShield;McAfee Real-time Scanner;j:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-12 144704]
R3 McSysmon;McAfee SystemGuards;j:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;j:\windows\system32\drivers\mfeavfk.sys [2009-2-12 79304]
R3 mfebopk;McAfee Inc. mfebopk;j:\windows\system32\drivers\mfebopk.sys [2009-2-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;j:\windows\system32\drivers\mfesmfk.sys [2009-2-12 40552]
R3 TridVid;X10 VA12A Video Capture;j:\windows\system32\drivers\TridVid.sys [2008-10-28 156928]
S3 iscFlash;iscFlash;\??\j:\windows\system32\drivers\iscflash.sys --> j:\windows\system32\drivers\iscflash.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;j:\windows\system32\drivers\mferkdk.sys [2009-2-12 34216]
S3 SydexFDD;Sydex Diskette Driver;j:\windows\system32\drivers\SYDEXFDD.SYS [2007-11-6 13359]
S4 Viewpoint Manager Service;Viewpoint Manager Service;j:\program files\viewpoint\common\ViewpointService.exe [2009-1-6 24652]

=============== Created Last 30 ================

2009-02-18 13:56 1,152 a------- j:\windows\system32\windrv.sys
2009-02-18 13:55 <DIR> --d----- j:\program files\SpyNoMore
2009-02-18 13:55 <DIR> --d----- j:\program files\common files\Download Manager
2009-02-18 13:07 16,896 a------- j:\windows\svcho.exe
2009-02-18 13:07 16,896 a------- j:\windows\syssvc.exe
2009-02-18 12:30 364,040 a------- j:\windows\sysguard.exe
2009-02-18 12:30 12,288 a------- j:\windows\system32\~.exe
2009-02-12 14:00 40,552 a------- j:\windows\system32\drivers\mfesmfk.sys
2009-02-12 14:00 35,272 a------- j:\windows\system32\drivers\mfebopk.sys
2009-02-12 14:00 79,304 a------- j:\windows\system32\drivers\mfeavfk.sys
2009-02-12 14:00 120,136 a------- j:\windows\system32\drivers\Mpfp.sys
2009-02-12 13:59 <DIR> --d----- j:\program files\common files\McAfee
2009-02-12 13:59 <DIR> --d----- j:\program files\McAfee.com
2009-02-12 13:58 <DIR> --d----- j:\program files\McAfee
2009-02-12 13:58 34,216 a------- j:\windows\system32\drivers\mferkdk.sys
2009-02-07 16:56 <DIR> --d----- j:\program files\Microsoft
2009-02-07 16:53 <DIR> --d----- j:\program files\Windows Live SkyDrive
2009-02-07 16:44 <DIR> --d----- j:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-07 15:34 <DIR> --d----- j:\windows\system32\CatRoot_bak
2009-02-07 14:39 <DIR> --d----- j:\windows\system32\scripting
2009-02-07 14:39 <DIR> --d----- j:\windows\l2schemas
2009-02-07 14:37 <DIR> --d----- j:\windows\ServicePackFiles
2009-02-07 14:34 <DIR> --d----- j:\program files\AIM6
2009-02-07 14:18 <DIR> --d----- j:\windows\system32\XPSViewer
2009-02-07 14:13 <DIR> --d----- j:\program files\MSXML 6.0
2009-01-24 14:30 5,632 a------- j:\windows\system32\ptpusb.dll
2009-01-24 14:30 159,232 a------- j:\windows\system32\ptpusd.dll
2009-01-23 17:45 <DIR> --d----- j:\docume~1\kim\applic~1\FastStone
2009-01-23 17:45 <DIR> --d----- j:\program files\FastStone Capture
2009-01-21 15:43 208,744 a------- j:\windows\system32\muweb.dll
2009-01-21 15:43 268,648 a------- j:\windows\system32\mucltui.dll
2009-01-21 14:15 <DIR> --d----- j:\windows\network diagnostic
2009-01-21 14:14 2,455,488 -c------ j:\windows\system32\dllcache\ieapfltr.dat
2009-01-21 14:14 991,232 -c------ j:\windows\system32\dllcache\ieframe.dll.mui

==================== Find3M ====================

2009-02-07 14:41 76,487 a------- j:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-09 12:03 213,640 a------- j:\windows\system32\drivers\mfehidk.sys
2008-12-02 22:37 49,480 a------- j:\windows\system32\sirenacm.dll
2008-01-25 14:03 56,912 a------- j:\documents and settings\kim\g2mdlhlpx.exe
2008-01-25 11:14 846,504 a------- j:\documents and settings\kim\JNativeCpp.dll

============= FINISH: 10:55:18.64 ===============

Relevance 100%
Preferred Solution: Spyware Protect 2009 malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Spyware Protect 2009 malware

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

2 more replies
Relevance 102.5%

The volunteer helping me on the "Am I infected" forum recommended I move my problem over here to this part of the site. I'm not sure if I'm at the point where I should reformat my computer, hope someone can help.Here's my original problems and the logs and help I've received so far: http://www.bleepingcomputer.com/forums/t/208885/ms-antivirus-2009-which-turned-into-another-one-and-now-its-that-nfrdll-error-and-malarebytes-and-superantispy-got-their-butts-kicked/I assume that you'll probably get a better explanation from my problems there, but here's the quick and dirty:Dell Laptop, currently disconnected from the Internet. (It was unable to access the bleeping computer forum anyway--just this site specifically, sites like Google, blogs, those kinds of things worked fine.)The problems started with the MS Antivirus 2009 fake spyware stuff, than the browser hijacks (I shut off proxy servers before coming to the forums), and then I got the Spyware Protect 2009 version of malware, and was only able to get Malwarebyte's to run by changing the extension to .bat after reading it here. Since I started working on these forums with DaChew, I've only followed his instructions.Currently working off my wife's computer, a Mac. Using a USB flash drive that DaChew had me immunize so that I can download the programs on this Mac and transfer them over to the infected Dell. Than I copy the logs onto the flash and move them here.Here's my DDS file, i've changed my name on it to USER.DDS (Ver... Read more

Answer:Serious Malware Infection, started with MS Antivirus 2009, Spyware Protect 2009, nfr.dll

Hello Thefactualopinion and welcome to Bleeping Computer,1. Please download GooredFix and save it to your Desktop.Select "2. Fix Goored" by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.Double click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. If you have any questions along the way, STOP and ask them before proceeding !!Greetings,Thunder

6 more replies
Relevance 95.53%

My computer is infected with a malware program called "Spyware Protect 2009" how do I get rid of it? I followed instructions and have copied DDS and Attach files below. popup windows keep appearing saying my computer is infected with a virus and I need to install their software.
DDS (Ver_09-03-16.01) - NTFSx86
Run by John Schlatterer at 2:44:20.15 on Mon 03/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.96 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files&... Read more

Answer:remove malware, Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

2 more replies
Relevance 95.53%

Hello. My kid's PC -- an HP (Model M7567C, with 2, 260 GB hard disks and 2 GB RAM) is infected by "Spyware Protect 2009" malware. The malware repeatedly displays at least 3 different pop-ups saying there's a spyware infection and offers to sell a fix; the program also prevents Explorer from working properly. There are no obvious programs/processes to shut down from the control panel. The machine has Zone Alarm Security Suite installed - I'm not sure if my kids ignored a warning or if the software mistakenly let something in. Zone Alarm technical support said to try running Malwarebytes' Anti-Malware automated removal tool, but the program doesn't seem to run (nothing happens after the program is downloaded and launched). I tried running Zone Alarm virus and spyware scans, but the program runs slowly and eventually hangs (I think I ran the Zone Alarm scan in the Windows Safe mode). I can boot the PC in Windows Safe mode, but unfortunately there is no useful restore point. I can boot the PC in the normal Windows mode but it takes 2 or 3 cold starts. I can use Microsoft Explorer (through a wireless LAN connection), but in the normal Windows mode Spyware keeps hi-jacking Explorer and displaying its rouge messages.

Before I give up and reformat the hard disk and re-imaging the disk from the backup system disks, I would like to try a less time consuming solution. Any suggestions are welcome! Thanks!

I ran the DSS scan as instructed. Here are the res... Read more

Answer:"Spyware Protect 2009" malware problem

I wanted to add some new information to my original posting that seems to be related to my problem.

When my spyware infected PC boots, I get the following messages:

"The application or DLL c:\windows\system32\digeste.dll is not a valid windows image."

"View Manager has encountered a problem and needs to close."

"Error loading c:\windows\griwapaxim.dll. The specified module could not be found."

I noticed that there was a Windows update available today (the February update of Microsoft's anti-spyware program). I installed this application; after this, Zone Alarm Suite was then able to run (up to now, it just hung up), and 2 items were quarintined: WIN32.SYSGUARD adn WIN32.TROJAN.FAKEALERT.IEH

However, there are still problems with my PC. I still can't get Malwarebytes' program to run, even when I rename the *.exe file to *.bat. It seems like whatever is still injecting my PC interferes with any anti-spyware/malware program from running properly and interferes with the operation of Explorer.

Thanks.

4 more replies
Relevance 93.48%

Hi Guys,
Can I begin by saying a MASSIVE thank you to you all-I'd be totally lost without your help
Ok, down to business-I've done as the guide suggests, performed the XP clean up, ran the programs and I've got all the logs which are hopefully attached. The problems started a almost a week ago when the dreaded "spyware protect 2009" screen started popping up and the icon lodged itself in my system tray and I got suspicious when there was no option to get rid of it-it's disabled my windows firewall, is blocking/redirecting my IE browser with it's phony msgs etc. If you need any more info or if I've somehow left something out/attached the wrong logs just let me know-it's purely out of ignorance and not laziness if that's the case!!!:-o

Thanks again- Cheree :wave
 

Answer:vundo/spyware protect 2009 malware-logs attached

here's the last log
 

6 more replies
Relevance 92.25%

Hello,Please help!!! I only have a couple of days to fix this comp before I leave!!!I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.Here is my DDS Log file and attachment.Thanks!!!peace.b.DDS (Ver_09-03-16.01) - NTFSx86 Run by John at 9:11:09.81 on Sun 03/22/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\VTTimer.exeC:\WINDOWS\system32\VTtrayp.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\Nero\data\Xtras\... Read more

Answer:Unkown Malware/Rootkit security popups - Protect Spyware 2009

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

2 more replies
Relevance 81.18%

So somewhere I got the Spyware Protect 2009 virus/trojan. I have tried Malwarebytes, ComboFix, AVG 8.0, and tired to install Hijack This!!!! I did this all while in SafeMode and no luck. I click on the install, and the hourglass shows up, and then after awhile it disappears. I even renamed Malwarebytes etc. What do I do besides get the gasoline can ready?

Answer:Infected with Spyware Protect 2009...Can't install any spyware removal tools

Let's see if any of these help.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

11 more replies
Relevance 79.13%

I ran ComboFix.exe to erradicate Spyware Protect 2009. I think it is gone!

Answer:Spyware Protect 2009

Hello.Do you want us to check or something? What was the purpose of this topic? Combofix WarningComboFix is an extremely powerful tool and you should not be using Combofix unless instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.Try running MBAM and see if it finds anything else.Download and run MalwareBytes Anti-Malware(Full Scan)Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is... Read more

5 more replies
Relevance 79.13%

Dear Computer Professionals,I hope that I have come to the right forum and my problem will be solved with your help.Background:Recently my desktop computer (operating system: windows XP) was infected with Spyware Protect 2009. Antivirus (AVG 7.5, free edition) was already installed on my computer. I scanned my computer with AVG and found spyware protect 2009, after that it was deleted.Now:Even though spyware is deleted, but now I have three main problems in my computer.(1) My computer is running very slow.(2) IE always directs to this page, browser-security.microsoft.com/block.php?r=17.2, but nothing appears on this page. Firefox is fine, but internet is very slow.(3) I have dial-up internet connection, whenever I open Internet connection window, and click on Connect button, my computer restarts automatically, always. But if I close/cancel these processes (ServiceLayer, alg, SMAgent, MDM, SEPCSuite, SMax4, LaunchApplication, apdproxy, acrotray, VM303_STI) from task manager, then only I am able to connect to the internet.I think my computer is still infected with something. I also tried to install Spyware Doctor, SmitFraudFix, and Malwarebytes Anti-Malware, but all these programs are not running.Please help me, to fix my computer.Please also note that I am not a computer guy, so guide me step by step.Thank you.

Answer:Spyware Protect 2009

Hello and welcome please run these next. Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update i... Read more

13 more replies
Relevance 79.13%

I attempted to remove Spyware Protect 2009 from my niece's computer. I also attempted to remove MyWayWebSearch. After running Spybot S&D, I kept getting the registry change box popping up MANY times. The entry part said SpybotDeleting (with many different numbers behind it). Now I'm wondering if I should have denied those changes. I thought it was Spybot deleting them but now on booting up there is numerous command windows popping open. I'll post a HJT log and hopefully one of the wonderful helpers here will be able to point me in the right direction.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:32 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent... Read more

Answer:Spyware Protect 2009 & more

I don't know what happened but the above HJT log does not show the Spybot deleting lines that I need to know if I should have HJT 'fix' them. AND if so, after HJT fixes them do I allow the registry change in tea time or should I disable tea timer before fixing them?

Anywise here's an upated HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:15 AM, on 3/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
... Read more

1 more replies
Relevance 79.13%

Hello,I just joined your community today, and I am in need of some help.I have been infected with spyware protect 2009 also kown as antivirus 2009.I will will tell you what I have done so far.The first thing I did was went to task manager in the process tab and stopped it from running.Then next I went into msconfig and stopped it from starting up with the pc.Then I went into program files and deleted it from there, I also went into add/remove but there was nothing there.After that, the pop ups stopped and everything seemed fine until I try to use any type of browser.I pefer to use opera or safari and not IE7 very often.The problem I have now is safari and IE7 wont even connect and opera will only go to certain sites. If I try to go to any type of virus/malware removal site I get redirected to some fake garabage.I even tried a system restore but would not let me do it. I do have spybot and avast, malwarebytes but none of these programs will even open for me to sacan the pc.So I did a HJT log so you guys could take a look and hopefully help me figure out what is wrongLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:40:49 PM, on 1/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32�... Read more

Answer:spyware protect 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 79.13%

Having issues with IE and Spyware 2009.
DDS (Ver_09-03-16.01) - NTFSx86
Run by lcole at 9:36:00.70 on Wed 04/01/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3574.2717 [GMT -4:00]

AV: eTrust ITM *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\OmniBack\bin\omniinet.exe
C:\oracle\ora9i\bin\omtsreco.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

System is not responding very well, keeps hijacking internet and will not allow system restore nor have I been able to get COMBO FIX TO RUN see attatched log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\svcho.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Documents and Settings\rantoul2\Desktop\mbam-setup.exe
C:\Program Files\Tre... Read more

Answer:Spyware Protect 2009

bump has been two days really need some help
 

3 more replies
Relevance 79.13%

I recently got the Spyware Protect 2009 virus on my laptop. I am unable to access the internet now because of it. How do i remove this virus without being able to access the internet? I tried finding it in the add/remove programs but it is not there.
any help would be appreciated.
thank you

Answer:Spyware Protect 2009

If you cannot use the Internet or download any programs, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Please download Dr.Web CureIt and Malwarebytes Anti-Malware, save them to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then run the programs. If you cannot transfer to the infected machine, try running directly from the flash drive or CD.You will also need to, manually download the database updates for MBAM, save and transfer them as well. After installing MBAM, just double-click on mbam-rules.exe to install and update.Mbam-rules.exe is not updated daily. Another way to get the most current database definitions is to install MBAM on a clean computer, launch the program, update through MBAM's interface, copy the definitions (rules.ref) to a USB stick or CD and transfer that file to the infected machine. Copy rules.ref to the location indicated for your operating system.XP: C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-MalwareVista: C:\Documents and Settings\Users\All Users\Malwarebytes\Malwarebytes' Anti-MalwareIf you cannot see the folder, then you may have to Reconfigure Windows to show it.Print out and follow these Instructions for scanning with Dr.WebCureIt in "safe mode".If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Print o... Read more

1 more replies
Relevance 79.13%

I had thh same problem in my computer.

Your solution is perfect.

Thank you very much

Answer:Spyware Protect 2009

Hi IGOmichigan. I split your post to it's own topic, Thanks for that but this infection has probably left a few more footprints. So I would like you to do this MBAm scan and be sure.Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Th... Read more

1 more replies
Relevance 79.13%

I'm not sure if this is the correct place to post this, but I did not see another place that seemed to fit. My computer has seemed to have downloaded and installed Spyware Protect 2009.

I have tried to download the suggested application, Malwarebytes Anti-Malware, however, my computer will now not let me execute any files like this.

My computer also wont let me into my web browser. All attempts are greeted with a webpage from Spyware Protect stating that the site is unsafe and wont let me proceed.

It also seems to be shutting off my firewall.

Is there anything that I can do to clean this out? I've done searches on my computer for files and programs associated with Spyware Protect, but can't seem to find anything.

Answer:Spyware Protect 2009

Hello you are in the right place.Try these first...Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

4 more replies
Relevance 79.13%

My laptop just got that infection Spyware Protect 2009, well I came in and turned my computer on just now a few times and once the Windows screen comes on, it goes black and the mouse is in the middle of the page and it will not go past that, I cannot even get to the desktop. I need help, please. I keep AVG, Spybot, and Adaware up to date also.

Thanks.
 

More replies
Relevance 79.13%

This virus is killing my computer and my work efficiency. Can someone PLEASE tell me how to remove it FOREVER!!!

Thanks,

 

Answer:Spyware protect 2009

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

3 more replies
Relevance 79.13%

I just got a popup about sypware protect 2009 and a popup in the task tray on the right hand side. I closed the window with the task manager. I know it's a virus and I ran a mbam scan, which seems to have gotten rid of it, but still I would like to be sure that it's all gone and that it doesn't happen again. I have windows XP, sp3, and eset nod32 antivirus 4

thanks!

Answer:spyware protect 2009

Follow with these...Run ATF and SAS:From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or the program Files listOn the left, make su... Read more

35 more replies
Relevance 79.13%

My computer got infected with some kind of virus, mcaffee keeps telling me it removed whole bunch of trojans and viruses but doesnt look like it realy solves the problem. i ran combofix but the spyware alert keps showing up and asking me to buy a program clled spyware protect 2009. so i need help

Answer:spyware protect 2009

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

7 more replies
Relevance 79.13%

My desktop PC has been infected with the Spyware Protect 2009. I can't get online with the desktop, which means I also am unable to network to my printer I am using another laptop in the house at the moment, & am able to transfer info as needed via a thumb drive.

I have followed this thread: http://forums.techguy.org/malware-removal-hijackthis-logs/797462-spyware-protect-2009-help.html and so far have run Malwarebytes' Anti-Malware, then SUPERAntiSpyware, then HijackThis.

I am not sure what I need to do next other than I started my own thread. I have all the reports noted above ready to post. Can someone get me started on fixing this?

Thanks in advance for your help
 

More replies
Relevance 79.13%

Ok, help!

Friday afternoon my work laptop was infected with Spyware Protect 2009. I have followed the guide on this site and many others by removing registry keys, deleting files in the windows folder, programs folder, etc - stopping processes etc.

BUT I cannot run ANY anti-virus programs - or anti malware - most notably malwarebytes. I even created a boot disc with Avira to scan and it found nothing!

I know I have the spyware protect virus because I got the popups, found the corresponding files & registry keys (sysguard.exe, etc). They are all gone - but I'm getting increasingly worse performance with my laptop. I even tried to run the malwarebytes program from safe mode - same result. I also tried the suggestions by changing the file name AND extensions - no good.

This wonderful malware also prohibits me from visiting your site so I have to post from my personal laptop.

What am I missing - and what in the world can I do to at least get malwarebytes to run?

I'm getting random popups in firefox still, security and random other sites are blocked, can't run any anti-virus/anti-malware programs, and most recently this evening I can no longer connect via VPN to my work network, AND I couldn't login to Windows normally. When I tried to press "CTRL + ALT+ DEL" to login to normal windows it did nothing. I can log into safe mode w/ networking though.

Please, any help would be appreciated anything that can help would help me out!

I'... Read more

Answer:Spyware Protect 2009 - Tried EVERYTHING

Rename this file:C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeTo something else such as:abcde.batThen double click the file and see if Malwarebytes will run.

1 more replies
Relevance 79.13%

I keep getting popups in the bottom right hand corner of my screen with "INFILTRATION ALERT." from Spyware Protect 2009. I also get popups saying "Vulnerabilities found" ahd I have the option of Activate Spyware Protect 2009 or Stay unprotected, of which I choose the latter. The popups come every 30 seconds to a minute or so. Thanks in advance for all your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:55 PM, on 4/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CTPDPSRV.EXE
C:\WIND... Read more

Answer:Spyware Protect 2009

6 more replies
Relevance 79.13%

Hi,
I am having an issue getting rid of the above listed spyware. I downloaded Malware, but it will not open or run a scan. Any advice? Thank you Denese

Answer:Spyware Protect 2009

Hello and welcome. First I am moving this from the XP forum to Am I Infected for scans.Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ****If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a fla... Read more

1 more replies
Relevance 79.13%

This is a program that is trying to sell my anti-spyware protection and produces many annoying pop-ups, and any assistance in removing it would be appreciated!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:40 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\... Read more

Answer:Spyware Protect 2009

bump
 

2 more replies
Relevance 79.13%

Can someone please help me with this? This thing keeps poping up on my computer saying "Spyware Protect 2009" and it wants me to buy this thing. I can't get rid of it. I have malware bytes and ran a scan. It said I have virus and it would remove them when I rebooted. I did that and it's still all messed up. How do I fix this?

Thanks...
 

Answer:Please Help! Spyware Protect 2009

Here's a log... I tried to send as an attachment but I'm not sure if I did it right so I copied and pasted. It's nearly impossible to even post because my browswer keeps redirecting and closing. It's makeing me crazy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:59 PM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\eHome\ehSched.ex... Read more

3 more replies
Relevance 79.13%

DELL VOSTRO 1000 running Windows XP Problem 1 Have Spyware Protect 2009 pop-ups I was trying to get this removed but can't get access to any web pages other than home page (Yahoo). This appears in browser window : browser-security.microsoft.com/.blocked.php. Any suggestions? Thanks!
 

More replies
Relevance 79.13%

i think i got hit with spyware protect 2009. i could use some help to get it off my computer. i think i have some adware also. i am running windows xp and using firefox if that helps.

Answer:think i got hit with spyware protect 2009

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

8 more replies
Relevance 79.13%

Folks,

I'm on a Dell Inspiron 1520 with Windows XP Pro that has a corporate version of Symantec running with automatic updates.
I was out surfing the web last weekend when I clicked on an innocent looking link that behaved oddly. Before I knew what had happened I began getting Spyware Protect 2009 popups operating on my system.

I stopped what I was doing and try to let Symantec run a full scan and it found a few things, and I downloaded the spyware program from PCTools which seemed to get rid of the Spyware Protect popups, but I'm still having problems.

My disk defragmenter won't run, either through the program or using the defrag in RUN mode. Internet Explorer often won't open and when I can get it to open by going through Yahoo messagenger and opening mail, it often redirects my searches. I can't get my flash memory to open. It doesn't show up when I plug it into my computer when it's operating and if I startup my computer when it's already attached, it give a message about the number of secrets being exceeded.

I downloaded spybot search and destroy at the recommendation of a friend, but it won't open either.

I've also downloaded hijack this and have generated the following log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:04 PM, on 4/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WI... Read more

Answer:Spyware Protect 2009?

I'm learning somethings by following other thread in this forum. I don't have a lot of data on this computer, so last night I dug up my Windows XP CD and have moved my data off onto a CD. Tonight I'm going to re-install my system and then put the anti-malware software that's been suggested here back on, and finally try moving my data files back on to the computer.

Even though I haven't received direct help. I'm happy to have had access to thoughts and advice from the experts on this site via other threads.

Jerome
 

1 more replies
Relevance 79.13%

I recently had this problem which was resolved thanks to you guys, but am back. Same computer has been infected by"Spyware Protect 2009". I've looked around online and tried to delete it but it prevents some files from running it would appear. You just click an icon and it does nothing.Symptoms:-Cannot run MBAM, but can run ad aware for example (which finds nothing wrong). Tried to reinstall it and it does not run. -Tried to run Spyware Doctor, cannot even get it to install.Where can I even start on this issue??

Answer:Spyware Protect 2009

Hi here are some tips to try to MBAM to run so you can post a log.Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll regsvr32 vbalsgrid6.ocxregsvr32 zlib.dll ***If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.Manually Downloadi... Read more

1 more replies
Relevance 79.13%

System xp media ed.sp3Spyware protect 2009 pops up on my in-laws computer I have screen shoots of some of the pop ups It keeps changing saying that it is being attacked from the internet."Infltration Alert"Your computer is being attacked by an internet virus. It could be a password -stealing attack, a trojan - dropper or similar.

Answer:spyware Protect 2009

DDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 9:30:47.00 on Fri 04/03/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.81 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\McAfee\MSK\MskSrver.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program File... Read more

17 more replies
Relevance 79.13%

Hello,

Yesterday evening I found that I had gotten a rogue anti-spyware by the name of Spyware Protect 2009. I wasn&#8217;t too concerned at first, as I&#8217;d gotten it before a couple of weeks ago (although I have no idea how, as I read it was contracted by opening spam emails, which I hardly get, much less open). Last time, after reading up on it for several hours, I finally came across Malwarebytes&#8217; Anti-Malware, and it worked like a charm. It was gone. So, my first instinct this time was to open that up to get rid of it. Except I found that it wouldn&#8217;t load. I even tried to Run As&#8230;Administrator, only to find that I didn&#8217;t have access (which I should).

Last time, after reading all the manual ways of deleting it, I was quick to find all the program files and processes they were telling me to find and delete/end were either missing or hidden. That wasn&#8217;t an option. So I tried to get on IE to find alternatives. That&#8217;s when I discovered that this version of Spyware Protect 2009 was much more potent. It let me open my browser, but if I typed anything about Spyware Protect 2009 or getting rid of it into Google, IE would suddenly fail or I would be redirected to a site (along the lines of browser-security-windows.com, although I don&#8217;t remember exactly as hasn&#8217;t happen again in a bit).

My friend thought he could help and tosses several programs my way (over AIM, since I couldn&#8217;... Read more

Answer:Spyware Protect 2009 help!

Not meaning to be a bother, but it's been 5 days? Is that normal? XD
 

2 more replies
Relevance 79.13%

dds attached... thank you

Answer:spyware protect 2009

Hi,Please don't attach your logs.* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

5 more replies
Relevance 79.13%

Hi,
I have the spyware protect 2009 malware. I tried to follow the instructions in this website on installing malwarebytes anti malware - but it doesnt run. I disabled norton 360 and tried running in safe mode, it still does not seem to run
Please help....the spyware is now causing firefox and IE to close as well....

DDS (Ver_09-03-16.01) - NTFSx86
Run by Shaji at 0:50:03.25 on Wed 05/13/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.415 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svch... Read more

Answer:Spyware Protect 2009 - Please Help

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Please include the C:\ComboFix.txt in your next reply for further review.

4 more replies
Relevance 79.13%

Hello! My son called me at work yesterday from home to tell me that he was getting several popups on our home PC. He e-mailed me a screen shot and I saw that it was Spyware Protect 2009. While still at work I did some research (including this site) and printed out sheaves of instructions. I also downloaded several malware removers and Windows security updates, renamed them and burned them to a CD. I went home in the evening and spent several hours running malware removers and going through manual removal steps to make sure I got everything. (I used MBAM, HijackThis and SUPERAntiSpyware, and I went through a couple of different manual routines including Microsoft's. Microsoft's instructions included some suggestions for hardening my system, which I followed.) Then I ran a complete virus scan using my free Avira antivirus (last updated 4/27/09), which found nothing. I think the computer is clean.But I'm still having three problems (that I know of):1. No Internet access.2. The BITS service won't start.3. The Automatic Update service won't start. (error 0x80072772)The PC is a Dell XPS running Windows XP Media Center Edition. It's the only PC with Internet access, and it's hooked up by cable into a DSL connection.Logs from MBAM, HijackThis and SUPERAntiSpyware are listed below. I ran them in that order. I also have ComboFix on the CD, but I haven't run it. (I did see a post from bigjeff80, who was apparently having the same problem as me. He said ComboFix solved... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

2 more replies
Relevance 79.13%

Daughters PC infected with Spyware Protect 2009. I ran Malaware Bytes and McAffeee Virus scan with limited succes. Spyware Protect 2009 removed but PC wouldn't display desktop icons. Couldn't switch between users. I enabled explorer.exe and icons appeared but his was only a temporary fix. Did a little research and decided to run combofix. I know I shouldn't have rushed into it but I have a long week ahead of me and wouldn't be able to help the kids with this PC. Any way, combofix seems to have corrected the problem but I am not an expert and would greatly appreciate a review. Attached please find my DDS and attach logs.

Thanking you in advance for your time and effort.

Sincerely,
Dave

DDS (Ver_09-03-16.01) - NTFSx86
Run by Kathryn at 23:18:07.76 on Sun 05/03/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.64 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\m... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 79.13%

Usually I know how I got infected and that is that I did something stupid. This time I don't know how I got the infection. To make matters worse I had a hardware problem that I have resolved but now my PC crashes every ten minutes or so. Not sure if it is from the infection or a new hard ware issue. While firefox is working and allows me internet access IE is down and gives me an error message.

At the time I got infected I wasn't even using my computer I was in bed. Firefox was running with Star pirates up on it, but not IE.

Unfortunately I can not complete the GMER scan at this time.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kevin at 16:20:45.29 on Fri 01/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2537 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\... Read more

Answer:Spyware protect 2009

Hiya,


Quote:




Unfortunately I can not complete the GMER scan at this time.




Can you give more detail about this? Is it crashing? What happens when you try to run it?

1 more replies
Relevance 79.13%

I am running XP Home and have been infected by a fake hijack alert which is trying to make me download a program this I declined but it now flashes up om screen every minute telling me I am being hijacked giving me a windows security alert. I have scanned with my antivirus software which found a trojan horse and fake alarm, these were removed but I suspect the software for this is deep in the system. I have tried system restore but although I have restore points before the infection it will not restore. How do I get rid of Spware Protect 2009

Answer:Spyware Protect 2009

Have you tried Mbam click here and Superantispyware click here ?

4 more replies
Relevance 79.13%

Having some trouble....spyware protect 2009 pops up.. XP SP3.....here is my highjack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:32 AM, on 4/11/2009
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v8.00

(8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F22



7FCA9A08}\PIFSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.

exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcpr

oxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\ASUS\AASP\1.00.12\aaCenter.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe... Read more

Answer:Spyware Protect 2009

I need you to run malwarebytes and then combofix and post both of their logs and post a new hijackthis log.
The programs can be found in my guide below

The log you postes is heard to read

9 more replies
Relevance 79.13%

What an annoying bit of malware this thing is...

I've run the full XP cleaning procedure and am not having any issues currently. Figured I'd rather be safe than sorry and consult the experts!

Logs are attached!

All help appreciated,
Whitty
 

Answer:Spyware Protect 2009- I think I got it, but want to be sure...

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m
 

6 more replies
Relevance 79.13%

April Fool's Day hit me with a bunch of pop-ups from Spyware Protect 2009. Attached are my logs. Please let me know if there are further steps to take.
 

Answer:Spyware Protect 2009

Let's start with this:

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O1 - Hosts: 91.212.65.122 spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 www.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 secure.spyware-protector-2009.com
O1 - Hosts: 91.212.65.122 knockerClick to expand...

After clicking Fix, exit HJT.

Now Download HostsXpert and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

NOw use windows explorer to find and delete:
h:\windows\Tasks\At1.job
h:\windows\system32\udehgur.dll

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file.
 

3 more replies
Relevance 79.13%

So I've been trying to get rid of this thing for a few days now and haven't been very successful overall. I got rid of some of the stuff it brought but the fake virus scanner keeps popping up a long with a slough of fake error messages and the inability to run any other anti-virus/malware program. I've tried the malware removal guide but cant run any of the tools, and I've tried disabling TDSSserv.sys in the control panel but no such driver exists. I'm at my wits end here.:confused
 

Answer:Spyware Protect 2009

I know you indicated you have tried some of the below, but see the notes and additional info and try again. Also remember to try safe mode and also renaming files. You need to be very clear on explaining what you can and cannot do. For example, download the files, installing the programs, and running the actual scans are 3 distinct phases and you need to tell us exactly which pieces you can and cannot do for ALL of the tools we ask you to run.


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below i... Read more

15 more replies
Relevance 79.13%

So my other computer caught a virus called spyware protect 2009. I think you know what it is. It's a phony anti-virus program that gives fake results and what not. I managed to get rid of it by task manager. But when i reboot the computer, it comes back. I tried using this method: http://www.ehow.com/Printarticle.html?id=4751003 but when the program installed, it didn't give me a destination to put the program to and the folder it made didn't have anything in it.

The computer is running windows xp professional. Please help.
 

Answer:Spyware Protect 2009

Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
TDSSserv Non-Plug & Play Driver Disable

If something does not run, write down the info to explain to us later but keep on going.
Do not assume that because one step does not work that they all will not.
READ & RUN ME FIRST. Malware Removal Guide

After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:

If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a fla... Read more

1 more replies
Relevance 79.13%

I was infested with Spyware Protect 2009 yesterday. I have Windows Live OneCare and it gave me a warning but did not seem to remove everything.

I downloaded CounterSpy which seemed to delete everything but I got a warning a little bit ago that said:
16 bit ms-dos subsystem the ntvdm cpu has encountered an illegal instruction

I have a feeling something is still not correct with the system.


DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 8:58:44.17 on Wed 04/29/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1170 [GMT -4:00]

AV: *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning enabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
FW: *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files... Read more

Answer:Spyware Protect 2009

Please disregard now. I decided to reformat my hard drive and do a clean install.

2 more replies
Relevance 79.13%

I am receiving a pop up called Spyware Protect 2009. There is an item loaded in the sys tray which shows a balloon "windows security alert" and a pop up that displays a fake virus scan.

McAfee does not detect this virus with the latest DAT and engine updates.

I am running windows Xp, patch 3.


DDS (Ver_09-03-16.01) - NTFSx86
Run by hpadmin at 22:32:05.07 on Tue 04/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.392 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MBK\McAfeeDataB... Read more

Answer:Spyware Protect 2009

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware appli... Read more

11 more replies
Relevance 79.13%

I have mcafee and its seems to not be able to update to get rid of this spywareprotect thing. husband is even more computerdummy than me and probably authorized this thing. please help not sure if i got all the logs i was supposed to i was only able to save these two


DDS (Ver_09-03-16.01) - NTFSx86
Run by michelle at 17:41:05.12 on Fri 04/10/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.peoplepc.com/websearch
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://home.peoplepc.com/search
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://home.peoplepc.com/search
uURLSearchHooks: AGSearchHook Class: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - c:\program files\agi\common\_agcutils.pyd
mWinlogon: userinit=c:\windows\system32\sdra64.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6261\SiteAdv.dll
BHO: {21ECA600-72B5-4E66-BB2E-573C92CBD8D6} - No File
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\... Read more

Answer:help please with spyware protect 2009

Hello -

There should also have been another log created by DDS, attach.txt

If you did not save it, please run DDS once again, save attach.txt and attach it to your next reply.

19 more replies
Relevance 79.13%

Hey, thanks in advance for any help you can provide me. My computer recently started acting funny and I was recieving the message: The application or DLL C:\windows\system32\digeste.dll is not a valid windows image. Please check this againstyour installation diskette; when I booted up my computer and then sometimes when ever I opened certain programs. I didn't think much about it or that my computer was running slower. Then after a few weeks Spyware Protect 2009 began popping up. I updated my Norton (Norton 360) and ran a scan. It found and quartined (I guess) Bloodhound.sonar.1 and Hacktool.rootkit and prompted me to reboot. Things would run fine but I would still get the DLL message when I booted up and then Spyware Protect would come back. We would do the same thing all over again.Also my A drive light would come on about every 20 seconds and if you put a disk in there and formated it and left it in there, 20 seconds later it would put something it. My father-in law said it looked like it was created a boot disk. I disabled the A drive for now. I have done all the begginng steps and have my HijackThis log below. Thank you again and please feel free to contact me if you need more information. Sorry for being so wordy, trying to give you as much info as possible.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Peo Osornio at 13:58:37.42 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.1... Read more

Answer:Spyware Protect 2009 HELP!

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

2 more replies
Relevance 79.13%

Had the spyware protect 2009 on this computer and i think i have cleaned it off, could someone verify for me, and make any suggestions you see fitthanks in advanceCris-------------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:09:06 PM, on 3/3/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Acer\Empowering Technology\ePerformance\MemCheck.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

Answer:spyware protect 2009

There are still problems for sure, I cannot install malwarebytes, sdfix or combofix. internet explorer freezes and crashes. I found this removal guide and attempted to follow it.

--------------------------------------------------------------------------------

Spyware Protect 2009 manual removal:
Kill processes:
c:\\WINDOWS\\aazalirt.exe c:\\WINDOWS\\dkekkrkska.exe c:\\WINDOWS\\dkewiizkjdks.exe c:\\WINDOWS\\iddqdops.exe c:\\WINDOWS\\ienotas.exe c:\\WINDOWS\\iqmcnoeqz.exe c:\\WINDOWS\\irprokwks.exe c:\\WINDOWS\\jikglond.exe c:\\WINDOWS\\jiklagka.exe c:\\WINDOWS\\jrjakdsd.exe c:\\WINDOWS\\jungertab.exe c:\\WINDOWS\\kitiiwhaas.exe c:\\WINDOWS\\kkwknrbsggeg.exe c:\\WINDOWS\\klopnidret.exe c:\\WINDOWS\\krkdkdkee.exe c:\\WINDOWS\\krkmahejdk.exe c:\\WINDOWS\\krtawefg.exe c:\\WINDOWS\\krujmmwlrra.exe c:\\WINDOWS\\ktknamwerr.exe c:\\WINDOWS\\kuruhccdsdd.exe c:\\WINDOWS\\ooorjaas.exe c:\\WINDOWS\\oranerkka.exe c:\\WINDOWS\\oropbbsee.exe c:\\WINDOWS\\otnnbektre.exe c:\\WINDOWS\\otowjdseww.exe ... Read more

3 more replies
Relevance 79.13%

Hello, Is there anyway a relatively inexperienced PC user can get rid of the spyware protect 2009 nasty pop up? I am running windows xp. This is nothing I downloaded intentionally & it is interupting access to my e-mail and a lot of websites. I see several others have this same problem but some of their "fixes" look a bit beyond me! Many Thanks for any assistance!
 

Answer:spyware protect 2009... HELP!

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

3 more replies
Relevance 79.13%

I have no idea where it came from but all of a sudden I keep getting a baloon window that indicates a windows security alert and then says windows reports that computer is infected. Antivirus software helps to protect your computer against viruses....blah blah blah.. It also shows a Spyware Protect 2009 alert box that indicates a infiltration alert indicating my computer is being attacked. It has taken over my search engine so that each time I put in www.google.com in my search it gives me a faux internet explorer cannot display this page message.here is the dds.txt logDDS (Ver_09-03-16.01) - NTFSx86 Run by Jodi Tabicas at 22:37:19.01 on Wed 03/25/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.22 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\Program Files\McAfee\... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

My computer was infected and here is my Highjack This log.Any help would be appreciated. I cannot tell if PC Cillin removed it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:41:44 AM, on 4/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files&#... Read more

Answer:Spyware Protect 2009

Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfec... Read more

2 more replies
Relevance 79.13%

Hello,Short Background:I had a virus Spyware Protect 2009. After posting my problem in Am I infected? What do I do?, I was helped by boopme and was asked to run ATF Cleaner, Malwarebytes Anti-Malware, SUPERAntiSpyware Free, SmitfraudFix, and dds. I could not run SmitfraudFix, and dds. So, then I was asked to run RSIT, and now I am posting my log.txt file in this forum.(For complete background, please go to this link http://www.bleepingcomputer.com/forums/t/209360/spyware-protect-2009/)Scanning Results:Logfile of random's system information tool 1.05 (written by random/random)Run by kuwait at 2009-03-16 19:53:36Microsoft Windows XP Professional Service Pack 2System drive C: has 60 GB (51%) free of 117 GBTotal RAM: 511 MB (53% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:53:40 PM, on 3/16/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\VM303_STI.EXEC:\Program Files\Adobe\Acrobat... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scri... Read more

12 more replies
Relevance 79.13%

Well unfortunately I have came in contact with this issue. I have just got struck with spyware protect 2009 and I can't figure out how to get rid of it. I don't want to load any of the programs that suppose to get rid of them until I know they aren't "one of them". If you can tell me how to remove it myself or a program that will assist and is safe that would be great. These pop-ups are very annoying. Thanks for your ssistance in advance.

Answer:spyware protect 2009

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 79.13%

Hello, i've been infected by something which has installed Spyware Protect 2009 into my PC.

It won't allow me to access any webpage. Right now, im using the internet in Safe Mode. It also won't let me open several programs including SuperAntiSpyware and Malwarebytes.

I've managed to update Malwarebytes in Safe Mode and i'm running a Full System Scan in Safe Mode as well.

I would really appreciate some help in trying to rid my computer of this.

Thanks.

Answer:Spyware Protect 2009

Try running RKill.... then as quicka as you can run Mbam and / SASPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

1 more replies
Relevance 79.13%

Please instruct on how to remove Spyware protect 2009.

Answer:spyware protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 79.13%

This problem initially started as a Spyware Protect 2009. I don't see that popping up anymore, but the Malware Bytes won't work either. Ran the SAS and posted it, and was told to run these and post them.DDS (Ver_09-03-16.01) - NTFSx86 Run by Stephanie Smith at 18:57:31.65 on Tue 04/14/2009Internet Explorer: 7.0.5730.13============== Pseudo HJT Report ===============uStart Page = hxxp://www.comcast.net/uSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/ieuSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dllBHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01... Read more

Answer:Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 79.13%

Spyware Protect 2009 just popped up on my comp. How do I get rid of it?

Heres my MBAM Log:

5/13/2009 11:00:52 PM
mbam-log-2009-05-13 (23-00-52).txt

Scan type: Quick Scan
Objects scanned: 123538
Time elapsed: 14 minute(s), 28 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.Vundo.V) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted suc... Read more

Answer:How can I get rid of Spyware Protect 2009?

Please download and scan with Dr.Web CureIt - alternate download link.Follow these instructions for performing a scan in "safe mode" after running ATF-Cleaner.If you cannot boot into safe mode, then perform your scan in normal mode. Be aware, this scan could take a long time to complete.-- Post the log in your next reply.Rescan again with Malwarebytes Anti-Malware (Quick Scan) in normal mode and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.Please post a complete MBAM log to include the top portion which shows the program/database version, operating system, date of scan and scan type.

1 more replies
Relevance 78.72%

My laptop is infected with Spyware Protect 2009 - using Avast anit-virus; spybot and the spyware remains. Here is my hijack log... please advise.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:28 AM, on 2/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauc... Read more

Answer:Rogue Spyware - Spyware Protect 2009 - HELP!

Used Malwarebyte's Anti Malware - problem solved.
 

1 more replies
Relevance 78.72%

I seemed to have picked up the trojan/spyware called Spyware Protect 2009.It essentially installs a program that acts as a fake spyware checking program, frequently producing popups that say your computer is at risk. It also makes Internet Explorer and Firefox VERY slow; it takes around 1 - 2 mins just to load some websites. I am redirected to a Microsoft security site occasionaly when I try to open run a search using the Windows search feature.I've already removed the program from my start up list using msconfig, so I no longer get the annoying popups. I am unable to revert to a previous system restore point. Macafee anti-virus software does not detect anything. I can not open Spybot - Search and Destroy. CWShredder runs, and removed one file. I was only able to install Malwarebytes' Anti-Malware after renaming the install file, but I can not run it now that it's installed. Ad-Aware seems to work ok, but did not solve the problem.There are suggestions on other websites for files to search for and delete, but none of these files are showing up on my computer.Does anyone have any further steps I can take?(Moderator edit: thread moved to more appropriate forum. jgw)

Answer:Spyware Protect 2009 trojan/spyware

You have posted in the wrong forum, you should have posted in the Am I infected? What do I do? forum.This tutorial might be able to help How to remove Spyware Protect 2009Good Luck!

3 more replies
Relevance 78.31%

Hi I just signed up to your site saying that you read/help with Hijackthis logs. I am posting this because well..I'm not sure how to use Hijackthis properly and don't want to mess up my PC more than it already is. Okay now to the point. My computer has been running REALLY slow lately. It's laggy on videos now and when I run Firefox 3.0 It takes up 100% CPU usage. It's never been this slow before. About a week ago my computer had been infected with a virus/trojan/malware known as Spyware Protect 2009 and it was an absolute PAIN to remove. I haven't had any alerts on my PC since...but I feel like it still might be on here since my PC is still running so slow! I'm running Windows XP home edition, version 2002 service pack 3 and my computer is a Intel® Celeron® CPU 2.53GHz. 2.53 GHz, 512 MB of RAM. *Note that I've used Malware Bytes Anti-Malware, Spyware Terminator, Ad-Aware, Superantispyware free edition, Spybot S&D, Smitfraud Fix and Combofix to fix this problem. It's STILL running slow, and I have done Disk defrags, Registry cleanup/fix, and general computer cleaning (Ccleaner).This is much appreciated and thank you! =)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:59:01, on 2/24/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\... Read more

Answer:Spyware Protect 2009/Hijackthis log

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 78.31%

My son's computer is running Windows XP with Service pack 2. He has 1GB of RAM and a 1.5Ghz processor. He was watching videos today on Hulu and then went to search for one particular video. He found a site called something like parodies (dot) com and clicked the link. The computer froze and he shut down Firefox. At that point he started getting pop ups for "Spyware Protect 2009." He let me know and after I made sure he didn't click on any of the acceptance buttons I started running scans as per First Steps.

The DDS file is below and I am attaching the other files.

Christina in GA

_____________________________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by William at 16:27:46.87 on Wed 04/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.668 [GMT -4:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Office Keyboard\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.... Read more

Answer:Spyware Protect 2009 on son's computer

Hello -

I noticed you didn't complete your previous topic with chemist for your machine.


Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------


I see no AntiVirus application installed. An AntiVirus is a must have for machines connected to the internet today.

Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

There are excellent free AntiVirus applications available today, so there's no reason to be unprotected.

We will address that during the course of this fix. I will tell you when.

=========================================================
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your q... Read more

16 more replies
Relevance 78.31%

We seem to have gotten bombarded on one PC with all sorts of junk. Working this from separate Laptop. Following is HJT log, but seems I'll only be able to rename Malaware or other to run, or go into safe mode to find something to run>Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:13:23 PM, on 2/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DisplayLink Core Software\DisplayLinkService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:&#... Read more

Answer:digest.dll / Spyware Protect 2009

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

2 more replies
Relevance 78.31%

Well, my kid did it again. Last night while I was watching a ball game, my 11 year old was on a "kids" game site and click something that created this Spyware Alert. I am not able to get online with this computer so I am communicating with my laptop. Below is my dss file, and attached are the other two compressed files that the pre post instructions have called for. I am running XP. Thank you in advance.
John


DDS (Ver_09-03-16.01) - NTFSx86
Run by John at 7:00:10.90 on 2009-04-16
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1507 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\Goo... Read more

Answer:Spyware Protect 2009 Alert

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix to a USB drive on another computer and transfer it to your desktop.

------------------------------------------------------

Please download Comb... Read more

7 more replies
Relevance 78.31%

Recently I installed a free video conversion application which I believe infected my computer with this malware. Each time I boot up my PC I get warnings of a possible infection near the clock on my task bar, and then a Anti Spyware Protect 2009 window pops up which then appears constantly as if it's scanning my pc. I've been force quitting the process sysgaurd.exe to get rid of it.

Additionally, each reboot, I receive a critical error box titled "aolsoftware.exe - Bad Image." The box states "The application or DLL C:\WINDOWS\system32\mcenspc.dll is not a valid Windows image. Please check this against your installation diskette."

Attached are the logs:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Carlos Betancourt at 11:15:29.00 on Sun 04/05/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.215 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\P... Read more

Answer:Anti Spyware Protect 2009

Bump please...

16 more replies
Relevance 78.31%

While using Firefox, I suddenly started getting popups from Spyware Protect 2009. Spybot seemed to be stopping registry changes but it kept on having popups. I ran Hijackthis - log below - and downloaded Malwarebytes. However now, I can't get any site on the internet, Malwarebytes won't run, nor will spybot. I am having to use another computer to post this query.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:39, on 20/01/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Network Associat... Read more

Answer:Spyware protect 2009 complications

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 78.31%

Hello, my mother's computer is infected with Spyware Protect 2009. I am unable to use internet explorer from her computer at all but have been able to use the Google Chrome browser; however, it is incredibly slow. I attempted to use the DDS but that sat for about 20 minutes and no logs came up. I was able to use Hijack This and have attached a log from that. I hope that will work for your purposes.

There are two pop-ups that are coming up regularly - one is an 'infiltration alert' that has various "attacks listed" the other is similar to that and comes in the middle of the screen and has stay unprotected as an option.

I do not know what my mother clicked on to become infected with this.

Answer:Spyware Protect 2009 alert

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

2 more replies
Relevance 78.31%

I was infected with Spyware Protect 2009, and I ran MalwareBytes. It got rid of the fake antivirus program and popups, but my IE is still getting taken over by another fake site. The web address that comes up is <hxxp://browser-security.microsoft.com/block.php?r=17.1> Also, my computer restarts itself every once in a while. I have followed the instructions and what follows is my DDS report - the Attach.txt is attached as well. Thank you so much for your help!DDS (Ver_09-01-19.01) - NTFSx86Run by Kevin at 19:30:32.09 on Mon 01/26/2009Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.287 [GMT -5:00]AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated)FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\svchost -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\WLTRAY.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell\QuickSet\quickset.exe... Read more

Answer:Infected with Spyware Protect 2009, need help!

Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerThen, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.

10 more replies
Relevance 78.31%

Hello!

I have the Spyware Protect 2009 virus and I have tried downloading free antispyware (pcdoctor.com) but, after it scans and finds the virus I have to pay $30 to actually get the virus removed.

Is there a way to get rid of this virus without buying some type of antispyware? If so, what are the steps I need to take to get rid of it?

Thank you!
Aden

Answer:Spyware Protect 2009 is taking over!

Don't buy anything!Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully.... Read more

1 more replies
Relevance 78.31%

Hi. I have been infected with the Spyware Protect 2009 rouge spyware and have followed all the instructions on bleepingcomputer.com to attempt to remove with no luck. I am attaching my hijackthis logs for review by someone smarter than me! I appreciate any help.

Nancie
DDS (Ver_09-03-16.01) - NTFSx86
Run by Test at 11:42:43.84 on Fri 04/17/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.639.219 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Linksys Wireless-G USB Wireless Network Monito... Read more

Answer:Infected with Spyware Protect 2009

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

3 more replies
Relevance 78.31%

Hey, my girlfriends computer got that Spyware Protect 2009 virus. How do I get it off? Thanks!

Superman

Answer:Infected with Spyware Protect 2009

Follow this link to the instructions for removing Spyware Protect 2009 http://www.bleepingcomputer.com/malware-re...re-protect-2009

1 more replies
Relevance 78.31%

Dear Sir, After many hours, I finally was able to remove Spyware Protect 2009 from my computer, or so I thought. Ever since then, my computer has been running much slower, particularly on startup, so i checked my msconfig -> startup settings and noticed a new startup item named "2cfd402c1" with a command line of "rundll32.exe "C:\Documents and Settings\Administrator\Application Data\Macromedia\Common\2cfd402c1.dll". I have tried everything from removing the registry line via regedit (line keeps popping back up after restart), to deleting the file in the specified folder (comes back after restart), to disabling that command in msconfig (item comes back checked after each restart." Malwarebytes has found 8 infections related to this, but is unable to clean them...it says itll clean on reboot, but when i run malware again after the reboot, the same infections popped up. Super antispyware doesnt find anything. Here are the logs:Malwarebytes' Anti-Malware 1.34Database version: 1813Windows 5.1.2600 Service Pack 32/28/2009 8:47:35 PMmbam-log-2009-02-28 (20-47-35).txtScan type: Full Scan (C:\|E:\|)Objects scanned: 137476Time elapsed: 24 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 8Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(... Read more

Answer:Spyware Protect 2009 Residuals - Please Help!

Please print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

13 more replies
Relevance 78.31%

First thing, let me explain that i'm having to post this using my daughters computer, because after this attack, I can no longer connect to BleepingComputer web site with my PC.

Sunday evening I turned on my computer and found there was a Windows "Alert" on the right lower corner (click on the balloon) and it was listed as "Spyware Protect 2009 Alert" (looked original for a second), and when I clicked the ballon it started scanning my system. I noticed it wasn't from AVG, and after a few seconds I cancelled it a quick as I could. However, the pop-up screen could not be removed from the middle of my screen, and after several attemps, I just decided to reboot the PC. It rebooted, but this time it had the error box stating:
"Windows has encountered a problem with this program (WMI) and has closed it" (or something close to that). I noticed my PC was running very slow, but I could pull up an internet speed checking site (through my DSL provider), and the speed was actually showing good. The Spyware Protect 2009 Alert "windows" were still loaded in the middle of my screen.

I decided to run a virus scan, and it did find 4 trojans, and moved them to the vault (i guess). I then rebooted into safe mode, and ran another scan which didn't really seem to be working correctly. So, I rebooted back to normal Windows XP, and the Spyware protect alert was still there, along with the "WMI" problem.

I have since re-scanned the PC... Read more

Answer:Spyware Protect 2009 Alert!

Moved from HJT forum to the more appropriate.

6 more replies
Relevance 78.31%

A few days ago, my computer starting displaying alerts to buy SpywareProtect 2009. I did not purchase it and after reading on a different site some advice about getting rid of it, I ended the process from the taskbar and deleted one of it's executable files. That eliminated the pop ups but problems persisted. I attempted to run Malwarebytes but the system wouldn't let me do it. I read on the forums here about renaming mbam.exe to mbam.com and after doing so, it ran. Unfortunately I still have erratic computer behavior. I can't go to certain sites unless I type in the address in my browser and I still can't run mbam without renaming it. Also when visiting certain sites my Firefox browser just closes down by itself.

I just ran my Norton Antivirus and it can't find anything. Every time I now run Malwarebytes it finds something, I delete them, restart the computer and they come back. I believe I am using the latest version of Malwarebytes (version 1.34 from Feb 21).Here is the latest output from Malwarebytes. Please help.

Malwarebytes' Anti-Malware 1.34
Database version: 1793
Windows 5.1.2600 Service Pack 2

3/4/2009 6:27:45 PM
mbam-log-2009-03-04 (18-27-45).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201160
Time elapsed: 1 hour(s), 29 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 1

Memor... Read more

Answer:Spyware Protect 2009 infection

Update MBAM to the newest definitions, use the update tab in the program window, run another quick scan but run ATFCleaner firstPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".After a reboot if required to remove files, please run Smitfraudfix as a scanPlease download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious"... Read more

10 more replies
Relevance 78.31%

Hello. So I'm new to this deep of a level of anti-virus/trojan/etc. security. When I logged into my computer today my firewall (Default windows XP firewall) was turned off and Spyware Protect 2009 was on my computer, spraying popups and alerts at me. I looked here for help and got Malwarebytes' and that seems to have fixed it. I want to be sure though that there isn't anything obscene about my registry and such that is screwing with my computer. I followed the instructions in the sticky post and here is what I have (Thanks for any help in advance):
DDS (Ver_09-03-16.01) - NTFSx86
Run by RJ at 16:03:57.26 on Fri 04/24/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1333 [GMT -5:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS&#... Read more

Answer:Spyware Protect 2009 and other problems.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 78.31%

Lately, I've been having a bit of difficulty removing a rogue anti-virus program called Spyware protect 2009 that somehow installed itself on my computer without my consent. This was making me kind of scared since I'm not really computer-savy. I think I managed to remove most of it, but I have feeling it left some dangerous things/trojans on my computer that my anti virus/spyware/malware programs can't detect. The programs that I've used were...Zone Alarm Internet Suite: It wasn't able to get rid of Spyware protect 2009 making it useless.and...Malwarebytes Anti-malware: This program helped me a lot in getting rid of most of the trojans including Spyware protect 2009.However, I used Malwarebytes lately and it couldn't delete some of the trojans (usually two were left). It said it would delete them upon reboot, but it didnt. I did 3 scans from Malwarebytes; here is the log:Malwarebytes' Anti-Malware 1.35Database version: 1931Windows 5.1.2600 Service Pack 34/2/2009 12:18:55 AMmbam-log-2009-04-02 (00-18-55).txtScan type: Quick ScanObjects scanned: 70460Time elapsed: 15 minute(s), 13 second(s)Memory Processes Infected: 1Memory Modules Infected: 1Registry Keys Infected: 14Registry Values Infected: 2Registry Data Items Infected: 2Folders Infected: 22Files Infected: 68Memory Processes Infected:C:\WINDOWS\svcho.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot... Read more

Answer:Was infected with Spyware protect 2009; please I need help

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

23 more replies
Relevance 78.31%

Hi AllI am infected by Spyware Protect 2009I installed Combofix and run according to instruction.I got this in note pad belowwhat should I do next to remove thatthank youComboFix 09-02-02.04 - aytekim 2009-02-03 14:00:09.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1523 [GMT -5:00]Running from: c:\documents and settings\aytekim\Desktop\ComboFix.exeAV: Kaspersky Anti-Virus 6.0 *On-access scanning disabled* (Updated)AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) * Resident AV is active.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\404Fix.exec:\windows\system32\Agent.OMZ.Fix.exec:\windows\system32\dumphive.exec:\windows\system32\IEDFix.C.exec:\windows\system32\IEDFix.exec:\windows\system32\iehelper.dllc:\windows\system32\o4Patch.exec:\windows\system32\Process.exec:\windows\system32\SrchSTS.exec:\windows\system32\tmp.regc:\windows\system32\VACFix.exec:\windows\system32\VCCLSID.exec:\windows\system32\WS2Fix.exec:\windows\system32temp#01.exec:\windows\wiaserviv.log.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_WinDriver((... Read more

Answer:I am infected by Spyware Protect 2009

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

2 more replies
Relevance 78.31%

Referred here from: http://www.bleepingcomputer.com/forums/t/207118/spyware-protect-2009-spyware/ ~ OBI started receiving popups this afternoon about this program Spyware Protect 2009. I ran malwarebytes and it found the sysguard file and I deleted it. No more pop ups but my IE and Mozilla do not work. For some reason safari works. After this I posted in the Am I Infected section, now I can't run MBAM and they told me to post in here.DDS (Ver_09-02-01.01) - NTFSx86 NETWORK Run by Cody at 21:36:35.65 on Sat 02/28/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.536 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Safari\Safari.exeC:\Documents and Settings\Cody\Desktop\dds.scr============== Pseudo HJT Report ===============uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyOverride = 127.0.0.1uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {70DE7956-479D-4EB7-8641-2B45774C350E} - No FileTB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odluRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [AdobeUpdater]... Read more

Answer:Spyware Protect 2009 Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 78.31%

Hello,I was infected with the "Spyware Protect 2009." I followed the directions here on BleepingComputer to get rid of this malicious program. MBAM detected 40 infected objects and cleaned most of them. On the secone run through with MBAM it detected 5 infected objects. It could not remove "wbbetsgq.dll" on reboot.Browser IE trys to redirect me to <hxxp://69.31.80.181/rtc/?u=4d038be7+C420940D68404048A18250B4D80E27A7&g=00000000000000000000000000000000&src_id=88&v=1.04>Multiple trys with MBAM have been unsuccessful. I ran "dss.scr" and have attached DDS.txt and Attach.txt files.Please help me get rid of this. Thank you,Amy

Answer:Spyware Protect 2009 - MBAM did not get rid of it all

Hi,

Still having the same problem. My original post was April 26th and I have noticed that others who have posted after me have been getting help. Is there something else that is needed to get started? I was under the impression that help was assigned in the order received. I've attached the dss files. Do you need more info? Please help as this problem is with the Vundo trojan that MBAM can't seem to get rid of. Browser is redirecting.

I'm hoping to get this resolved as it is Mom's computer and since she is legally blind, she uses software on this computer to read for her. She is lost without it. Thank you,

Amy

21 more replies
Relevance 78.31%

I have been infected with spyware protect 2009 which is taking over my entire machine. Nothing can run. I have shut the machine down in order to prevent any damage (or further damage). I have the ability to take this hard drive out and install it on another computer as a secondary drive if that would help. At this time, nothing can be run on the computer as everything is immediately killed by the virus.Any help would be appreciated. Thanks!Edit: Due to logs not being present I have moved this topic from HijackThis Logs and Virus/Trojan/Spyware/Malware Removal to the more appropriate forum, to expedite assistance being rendered. ~ Animal

More replies
Relevance 78.31%

I recently had the program "Spyware Protect 2009" pop up on my screen and tell me I need to pay for their software to remove a bunch of malware from my PC. I tried to just exit the screen, but apparently it was too late.

I first ran my antivirus software AVG Free Edition and it found 3 items that it said it fixed, but I still had many problems with my PC. I've also noticed "iexplore.exe" showing up in my running processes when I don't use internet explorer, so I've been killing that process regularly (it keeps coming back after a few minutes).

Secondly I downloaded and ran Spyware Doctor with Anit Virus, but I was not willing to pay for them to remove what they found. I manually deleted all files they said were bad, and I used regedit to delete any bad keys or values. Spyware Doctor also said some registry values needed repaired, but since I didn't know what to change them to, I just left them alone.

Third, I downloaded malware bytes and tried to install it, but it would not install. I read in a forum to rename the file, so I changed the install filename to mba.exe and it finally began to install. After 15 minutes of the "Finish Installation" screen, I got a screen that let me chose to update malwarebytes and start the application, but I haven't seen anything from the application since.

I read a forum posting on malwarebytes.org where someone had used combofix at this point, but the guide to combofix said only use the application when told to... Read more

Answer:Help me remove Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

2 more replies
Relevance 78.31%

I recieved spyware protect 2009 one day as a present. I am so lucky. I removed it by deleting sysquard.exe , No more pop ups, but now I get a pop up that says NT authority system has encountered a problem and will shutdown in 1:00 minute. I run shutdown -a to keep the computer from shutting down. I also get a pop up that says Google installer has encountered a problem and needs to shut down. I also get redirected when doing a search on google or yahoo.
I tried to download malwarebytes but had several problems doing so. It appears to finally be loaded but it will not run.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Carlos Ybarra at 12:52:17.06 on Sat 03/14/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\ja... Read more

Answer:It started with spyware protect 2009

Hello gearheadtools,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

2 more replies
Relevance 78.31%

DDS (Ver_09-02-01.01) - NTFSx86
Run by HP_Administrator at 19:21:04.73 on Thu 02/26/2009
Internet Explorer: 8.0.6001.18372
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.230 [GMT -6:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated)
FW: Webroot AntiVirus with AntiSpyware *disabled*
FW: Webroot Desktop Firewall *disabled*

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\srvany.exe
C:\pvsw\bin\w3dbsmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Progra... Read more

Answer:Infected with Spyware Protect 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

2 more replies
Relevance 78.31%

Unable to load any search engines withouth "spyware protect 2009 " continually popping up. Unable to delete it. Hope you can help. The following is the log from "hijack this" . Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:23 PM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS... Read more

More replies
Relevance 78.31%

This just started yesterday and i dont know how to fix the problem.. I am getting a popup about every 1-2 minutes telling me i have an Infiltration alert from spyware protect 2009 alert. Is says " Infiltration alert.. your computer is being attacked by an internet virus. it could be a password-stealing attack, a trojan - dropper or similar. Details attack from: 215.94.47.1, port 14103 attacked port: 26770 threat win32/nuquel.e " then it ask do i want to block this attack? clicking no the box dissapears the come back, clicking yes it opens up a web page for spyware protect 2009 to buy it. i also get another pop up saying the exact same except the threat is bankerfox.a (btw the popup appears at the bottom right hand part of the screen by the time) Then in the middle of the screen i get a popup that says " Spyware alert! vulnerablities found your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended tha you disinfect your computer and activate realtime secure protection against future intrusions." it gives me an option to either activate spyware protect2009 or stay unprotected. I have Mcafee on my computer and i tried to run virus scan but it comes up with nothing? please help
Here is the dds report

DDS (Ver_09-03-16.01) - NTFSx86
Run by Nicole at 15:05:04.04 on Mon 03/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.263.1033.1... Read more

Answer:Receiving pop up for Spyware protect 2009

Hello Kittikat,Download Security Check by screen317 from here or here and save it to your Desktop. Unzip SecurityCheck.zip and a folder named Security Check should appear. Open the Security Check folder and double-click Security Check.bat Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinf... Read more

2 more replies
Relevance 78.31%

How do I get rid of it?

I have tried running Malwarebytes's Anti-Malware, but the virus has attacked it in a way that I cannot open it. I have even uninstalled and reinstalled it. I run Symantec Corporate edition, and I pick up Trojans, but no luck dropping this one. Anyone else able to kick this PITA?
 

More replies
Relevance 78.31%

Hello-
Thank you for any help you can provide -- I've been trying to fight this thing for a couple of weeks, and it's time I turn to someone far smarter than I am.

I've got, well, a lot of junk. I have the spyware protect 2009 virus -- I get a really big popover when I start up my computer -- it runs like it's doing a virus scan and then prompts me to try to download a fix because it claims there are viruses on my computer. I also get popups from the right hand tray, very misspelled, warning me that my system has a virus and I need to take action.

I have read through several forums -- thought I would be able to take it out by running Malwarebytes Anti-Malware -- but I can't even get the program to install on the infected computer. (I jumped the files from an uninfected computer.)

I can start the system in normal mode, but it doesn't stay stable for very long. McAfee virus scan has also reported the following viruses that it couldn't repair: spy-agent.bw!mem and Generic Dropper (Trojan).

I've got a Hijack This log below. Thank you again for any help you can provide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:04 PM, on 3/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C... Read more

Answer:Spyware Protect 2009/spy-agent.bw!mem

Hello -- I'd still greatly appreciate any help you can offer -- even if it's just the bad news that it's a lost cause. Thank you!
 

1 more replies
Relevance 78.31%

Computer has been noticeably slow and sluggish for the past month. I have AVG (free version) as my main anti-virus program and also frequently run Spybot, Malwarebytes and Ad-Aware.

Last week things started getting worse. I ran a remote scan from Bit Defender's website and it reported to find viruses on both my operating hard drive and my old hard drive (which I knew to be infected with a virus that I'm slaving off the main hard drive). Bit Defender reported to have removed the viruses off the main hard drive, but it also reported that it was unable to remove some of the viruses off the older slaved hard drive. I'm not necessarily concerned about the older infected slaved hard drive as I simply use it to pull off old files such as MS Word docs, Excel docs and pictures and music.

After running the Bit Defender remote scan and seeing the report, I thought everything would be good again but in fact things took a turn for the worst. Immediately after the Bit Defender scan I started getting the following pop up message in the lower right hand corner of my screen:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now." Note the poor grammar. Dead giveaway in my opinion that this is some type of bogus spyware.

Additionally, I'm unable to run any of my anti-virus/malware programs. When I try to... Read more

Answer:Need help with removal of Spyware Protect 2009

8 more replies
Relevance 78.31%

Hello,
I am getting pop ups saying INFILTRATION ALERT and Windows Security alert in the right hand corner, claiming my computer is being attacked by an internet virus. It says it could be a password-stealing attack, a trojan-dropper or similar.

Attack From: ,port:
Attacked port:
Threat:

Now there is a pop-up that is stuck in the middle of the screen saying:
Spyware Alert! Your computer is infected by spyware- 34 serious threats have been found while scanning your files and regisrty.

Any help is appricated
Thank you

Answer:Spyware protect 2009 Alert

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

11 more replies
Relevance 78.31%

I've been working on this thing since Saturday afternoon and have yet to get rid of this nasty bug.

Basically, it's a false spy-ware program which consists of an annoying pop-up telling me I need to buy their program to get rid of "detected spyware" on my computer. Program is "Spyware Protect 2009."

Steps I've already taken.

Malwarebytes scan (both in regular and safe modes). Did not pick it up.
Spybot S&D unable to update.
Can't open "regedit" to manually delete files.
I've re-booted in safe-mode, searched for "sysguard" in "files and folders" and deleted it. Also deleted "iehelper.dll". Computer runs fine after reboot and then 15 minutes later the program seems to re-install.

Any help? I'm desperate!

This is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:39 PM, on 4/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Updat... Read more

More replies
Relevance 78.31%

A red 'Spyware Protect 2009 Alert!' box appears lower right corner of screen telling me I'm under attack, and 'Do you want to block this attack?' (I didn't). Also, occassional similar pop-up box appears center of screen, telling me a scan has found 34 viruses, etc. on my machine and 'Do I want to protect my machine?' (I didn't).

Internet Explorer now blocks/won't show websites; address always defaults to something like 'http://browser-security.microsoft.com/blocked...'. Only site that I could visit was McAfee. Occassionally, Internet Explorer tries to open on its own. I made sure my McAfee updates were current (they appear to be) and ran scan, but problem still there. Last website visited prior to the problem was a kid's game site, I think (nitrome.com).

Specs: Windows 2002 Home, Service Pack 2. Pentium 4, 2.66GHz, 504 MB of RAM. McAfee Security Center and Virusscan.

Thank you for your time and help! Log files follow, and as attached.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 12:40:16.15 on Tue 04/21/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.159 [GMT -4:00]

AV: AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
sv... Read more

Answer:Spyware Protect 2009 alert

Hello and welcome to TSF.

You appear to be running two antivirus applications, i.e. Avira's Antivir and McAfee. While this may seem like greater protection, it can actually cause problems including slowdowns, system hangs and even crashes. Choose one to keep and uninstall the other.

Any antivirus program must be removed via add/remove program.
For any program that doesn't have an add/remove entry, you will have to do this:
re-install the program -> reboot -> uninstall

As stated in our pre-posting sticky...

Quote:




3. Uninstall the following via Add or Remove Programs in Control Panel:
" If you have more than one antivirus software installed, leave only ONE and uninstall the others.
" p2p programs like uTorrent, Bittorrent, LimeWire, Morpheus, etc., as they are a major conduit for malware and a likely source of your current issues. See this link




===================

Next, please visit this webpage for download links, and instructions for running Combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is s... Read more

16 more replies
Relevance 78.31%

Yesterday my computer was infected with spyware protect 2009, I shut the computer down and when I turned it on the next day the desk top won't come up. I can see the desktop screen but there are no icons or menu bar nothing but the picture. After it sits for a few minutes the screen saver will start runing which is the pictures I have saved on the comuter. Do you know what I can do to fix this problem? Please help. I have XP ProfessionalEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:Spyware Protect 2009 Virus

Take a look here: How to remove Spyware Protect 2009 (Uninstall Instructions)

4 more replies