Computer Support Forum

Vundo virus coming back?

Question: Vundo virus coming back?

Hi I had my securtiy program AVG pickup a vundo trojan 2 days ago. I used combo fix to try an eliminate the problem and it deleted about 12 files and the computer is back at normal speed for now.When my AVG software ran again today it pickup 2 new threats. One .sys file, and one .dll file:Win32/cryptorGeneric10.allgThey are showing up as _restore enteries. Did I not have the virus completely removed and it is trying to reproduce itself?Thanks,Here is my hijack this log. How do things look?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:29, on 2009-01-22Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\WINDOWS\system32\lexpps.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\palmOne\Hotsync.exeC:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.datC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.ca/mywayO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dllO4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startupO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorunO4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exeO4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exeO4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exeO4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: PUFLITE - http://michaelpavone.point2agent.com/Colpa...rol/PUFLITE.CABO16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://abmls.mlxchange.com/Control/FileCruiser.cabO16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://abmls.mlxchange.com/Control/Specfile.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cabO16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://abmls.mlxchange.com/Control/MultiSelectComboBox.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120459789584O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://abmls.mlxchange.com/Control/MLXClientUtils.cabO16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://abmls.mlxchange.com/Control/LiteGrid.cabO16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://abmls.mlxchange.com/5.0.02.16/Control/IRCSharc.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {9AD9B5EB-F9E0-47D4-B20F-C29D58C6F5E1} (IndeXMap Class) - http://alta.registries.gov.ab.ca/SpinII/cabs/WayToIndex.CABO16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://abmls.mlxchange.com/Control/AspCustomCtrls.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXEO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/PAVONE~1.PRO/LOCALS~1/Temp/msoclip1/01/clip_image002.jpg--End of file - 10861 bytes

Relevance 100%
Preferred Solution: Vundo virus coming back?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Vundo virus coming back?

The problem is that the infection is in your system restore files. Its not trying to get back in, but if you have to use system restore it would be. Here is how to get rid of that,Disable and Enable System Restore. If you are using Windows Vista or XP, then I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.Here are some good tutorials for that. Windows XP System Restore Guide Reboot Re-enable system restore with instructions from tutorial aboveCreate a System Restore PointGo to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.After you do that, do a complete scan with your tools that you have and see what they say. If they show anything other than tracking cookies, post up the logs.

2 more replies
Relevance 86.51%

Hi, new here. I'm posting because my computer started getting hit with random pop-ups, again, mostly whenever I'd run Mozilla Firefox. I ran Malwarebytes and found about 13 infections of the Trojan.Vundo.h virus. I was able to remove most of the files after the scan and some files after rebooting, however, I'm still concerned there might be some trace of the virus left getting through a backdoor of some sort.
DDS (Ver_09-09-29.01) - NTFSx86
Run by Marc Ravelo at 12:36:15.10 on Fri 10/09/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.218 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! antivirus 4.8.1356 [VPS 091009-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin... Read more

Answer:Trojan.Vundo virus - keeps coming back

Hello JSpayde,I (as well as MicroSoft, McAfee and Symantec) recommend that you DO NOT have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.Therefore please go to add/remove in the control panel and remove one of these. AVG Anti-Virus Free or avast! antivirus. ******************Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. ****************** Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at ... Read more

2 more replies
Relevance 72.98%

Hello,

I've been trying now for 3 days to remove this (and other) trojans, etc. from my system and although it can be detected and allegedly removed using Spybot or Malwarebytes' Anti-Malware, it reappears each time my computer is rebooted. I'm running XP.

I'm starting to have problems with my passwords...don't know if it's related, but some of my online billing sites are suddenly not accepting my passwords and also Outlook is asking for a pw for my email and when I enter it, it's not accepted. HMMMMMmmmmm....

Any help will be tremedously appreciated. I need to get my taxes done!

Here is my HJT log from today:

~~~~~~~~~~~~~~~~~~~~~~~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:21 PM, on 4/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\W... Read more

Answer:Vundo.H keeps coming back

I see that you're advertising STOPZilla. I've been reading that it's malware. What gives?
 

2 more replies
Relevance 72.98%

Vundo Keeps coming back

OS:Windows XP, SP3

Hi,
I was forwarded from "http://www.bleepingcomputer.com/forums/t/203107/after-windows-update-multiple-program-errors-pc-restarting-on-its-own/" to post here.... That thread kinda died... anyway...

Over the past month I've found multiple instances of Vundo, and things seem to be getting worse.
Every time I try to clean my system, Vundo keeps coming back - even if I dont do any browsing.
Most recently, i've been experiencing applications freezing (Firefox, McAfee, Warcraft3)
The system has also crashed mid-scan using McAfee several times, but not lately.
I'm unsure if these problems are related to the Virus or other system issues - I figure get rid of the virus first and troubleshoot the rest later.
My system is fairly new (Dec 08), it came with McAfee Enterprise installed. I also installed the free version of Spyware Doctor on my computer.
Neither of which seem to be able to remove the Virus, and at times can not even detect it.

I've started to notice that sometimes McAfee is disabled after restarting the computer; I hadn't changed any settings for that to occur.

I've tried using Malwarebytes Anti-Malware as well as SUPER Anti-Spyware, both of which are doing a better job of finding and clearing traces of the virus (compared to McAfee). Also tried VirtumundoBeGone and in haste, ComboFix.

VirtumundoBeGone found no traces, and Combofix didnt do anything noticable.

Please help!
Let me know if there are any logs or reports you ... Read more

Answer:Vundo Keeps coming back, not sure what to do

Well the best we can do is get an MBAM and perhaps a SUPER Anti-Spyware log to start with.Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

3 more replies
Relevance 72.98%

Hello. I first found Vundo on Saturday, April 11. I left my email client (Thunderbird) open for a few hours and came back to loads of popups. I tried calling Microsoft, and they assisted me with removal - or so I thought. Afterwards, I installed every Windows update, bought and installed Trend Micro's Internet Security Pro, and started scanning with Malwarebyte's Anti-Malware twice a day, at least. Every day since then I have found instances of Vundo (depending on which I use first, my Antivirus or MBAM). Each day it has a different name, too. It started out with Vundo.H, then Vundo.HGO, and today, I have Vundo.V. Finally, last night I ran a Kaspersky scan, and it found two files that I had never seen mentioned before - a trojan-downloader.Win32.fraudload.edj and packed.win32.Mondera.c. I can't locate these files, and neither can any of the other programs. Here are the requested files: DDS.txt and my Kaspersky log (041609KOS.txt), and the Attach.txt file. Thank you so much for your help.DDS (Ver_09-03-16.01) - NTFSx86 Run by Jen at 12:33:38.40 on Thu 04/16/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.443 [GMT -4:00]AV: Trend Micro Internet Security Pro *On-access scanning enabled* (Updated)FW: Trend Micro Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC... Read more

Answer:Vundo Keeps Coming Back

Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfec... Read more

21 more replies
Relevance 72.98%

Hi,

I keep removing Vundo virus infection with different tools but it keeps coming back.

The computer is so slow at this point it makes it hard to do any troubleshooting.

Any suggestions would be appreciated.

Thanks,
-Lite
 

Answer:Vundo Keeps Coming Back

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 72.98%

I have a computer which keeps getting Vundo, and other viruses such as win32/TrojanDropper.Agent.DGO,win32/PoebotTrojanProxy.RankyQhost.AEII have Nod32 installed which detects all these and says its removed.I have ewido/AVG Anti Spyware installed.I have also disabled system restore, made sure nothing in msconfig is running on startup and also cleaned all the ones out of HijackThis.I have other computers on the network which i have scanned for variances of these viruses but none have any.I have also ran VundoFix, ComboFix etc on this computer, Which cleans it, then works ok for a few hours and then they return again - (while doing this) making sure the network connection is unplugged.Router is secure, has all firewalls on no ports unblocked etc.These viruses also disable my Spyware/Anti-Virus so i have to reinstall.Any help would be appreciated.Here is my Current HijackThis Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:11:59, on 15/01/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC: ... Read more

Answer:Vundo And Many Others Coming Back - Please Help

Hello and welcome to BC.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Thanks for your patience.

2 more replies
Relevance 72.57%

I have tried everything including Spyware doctor, mwam, spybot, sas ...

But there are 4 entries in mwam keep coming back
3 of Trojan.Vundo.H
1 of Disabled.securityCenter

Really appreciate your help... ...

DDS (Ver_09-03-16.01) - NTFSx86
Run by projectx at 15:03:44.95 on Wed 04/01/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2470 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Cobian Backup 7\cbs.exe
C:\Program Files\Cisco systems\VPN Client\cvpnd.exe
C:\Java\jre1.6.0_11\bin\jqs.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenSSH\bin\cygrunsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\OpenSSH\usr\sbin\sshd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Visu... Read more

Answer:Infected with Vundo, tried everything, kept coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

3 more replies
Relevance 72.57%

I have been reading post on here for two days and have saw that everyone needed to run these....HiJackThis, Vundofix, and Combofix. I tried running the Super Antispyware but it says that it cannot be verified and will not let me run it. I ran these and have the logs and would greatly appreciate it if someone could tell me what to delete off the logs. I ran the Vundofix yesterday and had some files that needed to be removed and it did. I didnt have a problem with McAfee security warnings all evening. So I get on the computer this morning and McAfee said I had Vundo again. I believe I understood this correct when it says only one problem per new thread. If not I appologize as I know there is a bunch of Vundo threads going on. Thanks for your help!!!
Logfile of HijackThis v1.99.1
Scan saved at 8:42:14 AM, on 6/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.... Read more

Answer:Solved: Vundo.dll keeps coming back

16 more replies
Relevance 72.57%

I have been battling pop ups for two weeks now. Even as I am posting to this forum I geta few ads about Antivirus programs, nice scam.Norton Antivirus generates pop ups telling me a Downloader Trojan was quaranteened.Sometimes it tells me about Vundo being quarantinded, sometimes just a Trojan.The files it quarantines are: valera, lkjh and bixurst.dll.I scanned the disk and it never finds anything. It has the definition updates from 9/19/07.I read your preparation guide and followed it to the letter. Most of the programs found andremoved Vundo and a whole bunch of registry items.However, when I reboot after running one of these scans, the virus comes back.I think I have a virus that keeps retrieving new ones. If I could kill that virus, then I wouldknow how to fix the rest.Please help. I'd like to avoid reformatting and reloading the disk.Thank you!Here is a HighjackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:09:16 AM, on 9/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Installed\Lavasoft\aawservice.exeC:\... Read more

Answer:Downloader And Vundo Keep Coming Back

Welcome to the BleepingComputer HijackThis Logs and Analysis forum bower My name is Richie and i'll be helping you to fix your problems.Please move HijackThis.exe to its own permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help with the above,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htm*NOTE*If you have previously downloaded ComboFix,please delete that version and download it again from below. Download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on Combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Now go to: C:\HJT\HijackThis.exeRight click on Hijack... Read more

16 more replies
Relevance 72.57%

OS is Win XP Home with SP3 and McAfee identifies and quarantines Vundo!grb but it keeps coming back. McAfee shows original locations as C:\WINDOWS\system32. File names are random with .dll or .tmp extentions. I'm experiencing pop ups that usually advertise some type of virus scan software and have had the computer freeze a couple of times in the last three days. I use Carbonite for backup and to my knowledge do not have any P2P software installed. My son has downloaded music off of a friend's CD -- could that have been it?
Here is the DDS.txt copy:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Bob Swanson at 9:14:21.45 on Fri 03/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2884 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmo... Read more

Answer:Vundo!grb trojan keeps coming back

Hello and welcome to TSF

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

-------------------------------------


Quote:




I use Carbonite for backup and to my knowledge do not have any P2P software installed. My son has downloaded music off of a friend's CD -- could that have been it




That can always be a possibility but there are many different ways you can get infected now a days. P2P is just one of many different ways sadly

---------------------------------------

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
See this link for instructions on how to do this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Please include the C:\ComboFix.txt in your next reply for further review.

19 more replies
Relevance 72.57%

Trojan.winfixer AND adware.vundo keeps coming back on my computer. I've deleted so many files its not even funny. I ran safe mode, put all hidden folders to "unhidden" and ran SUPERAntiSpyware Professional, I deleted the vundo files and restarted my computer normally. BUT...SUPERAntiSpyware detected it AGAIN for some reason. I've also tried VundoFix, Symantec FixVundo, Ad-Aware 2007, The new Spybot Search and Destroy...
Everything is up-to-date...
I've been up since 4 am trying to fix this problem and I am really frustrated. Please Help!!!
I posted my HiJackThis Log below

Logfile of HijackThis v1.99.1
Scan saved at 5:35:27 PM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.e... Read more

More replies
Relevance 72.57%

Okay so a few days ago I accidently clicked a link on a website and starting right then, viruses started showing up on my computer (windows xp operating system). I have McAfee security and it has been constantly detecting and quarantining them. Even the time between subsequent scans is enough for more of the viruses to be detected. This problem is really bothering me and I would really like it to be fixed. I ran that hijackthis program that you suggested and here are the results:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:16 PM, on 1/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Pr... Read more

More replies
Relevance 72.57%

My computer has encountered some malware problems that just won't go away. It became infected with the vundo trojan, and I have tried using several programs to clean it numerous times. I have used Superspyware, Malwarebyte's Anti-Malware, and Avast antivirus, but the trojan keeps coming back (particularly the MS Juan-can't delete it from the registry). Initially I had popups when I was using firefox and then my computer would open the IE window. Currently I can't connect to the internet except in safe mode with networking so I haven't seen the popups although I am sure they are still there. Any help in getting rid of this pariah would be greatly appreciated! Below is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:51 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sys... Read more

More replies
Relevance 72.57%

Hi,

I have norton anti-virus installed on my machine and it keeps on saying that I have trojan.vundo, trojan.vundo.b, downloader, and trojan.Metajuan. It says that it is deleted and needs to reboot but after I reboot my machine, those viruses keep coming back again. I already tried Symantec removal tool FixVundo.exe, VundoFix.exe, VirtumundoBeGone.exe. I also followed the instruction on turning off the system restore, boot in safe mode, and all other stuff. This is very annoying and I have been dealing with this for several days already. And I think my machine is getting worse. I keep on getting pop up windows, buffer overrun which closes other application like windows explorer, and now when my machine starts, it stays blank until I hit ctrl+alt+del to go to task manager and run the process explorer to display my desktop. But I'm afraid that it is doing something serious on my computer. I hope someone can help me asap. Please. Please find the texts from main.txt below and I also attach the extra.txt.


Deckard's System Scanner v20071014.68
Run by sherwin.cua on 2008-02-29 10:59:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-02-29 15:59:23 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-02-29 01:... Read more

Answer:Trojan.Vundo keeps coming back

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

If you already have HijackThis installed, please skip this step.

Download HJTInstall.exe to your desktop.
Doubleclick HJTInstall.exe to install HijackThis.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in Notepad. Save it to a convenient location.

Don't use the AnalyseThis button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Step 2

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
Click on the Run Cleaner button at the bottom right hand corner.
When the cleaner has completed, click Tools in the Left Pane.
Verify that Uninstall is highlighted in color, or click on it.
In the lower right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt.
Click Save, then exit Ccleaner.

Step 3

Please visit this webpa... Read more

9 more replies
Relevance 72.57%

I have tried running malwarebytes, in safemode and normal mode. MB sees it and removes it and request a reboot. However, it keeps coming back. I will post a hj report in the morning
 

More replies
Relevance 72.57%

My son picked up vundo about 10 days ago. After first using spypot s&d, repeatedly and various vundo removal tools, found the post on this site and followed all procs at http://forums.majorgeeks.com/showthread.php?t=35407.
Within a few days problems had resurfaced so I went through the recommended sequence again and am attaching logs. Hope that I am using correct protocol. Instructions made it slightly unclear if I should create new thread or post to one with comparable name. Programs were run in recommended order. Thanks.
 

Answer:Vundo keeps coming back; tried all MG recs

Welcome to Major Geeks!

First you must disable Spybot's Teatimer. See this: How to disable Spybot's TeaTimer

Now put your PC into Normal Startup mode using MSconfig as requested in step 1 of the READ & RUN ME.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 4


Now we need to use ComboFix

Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
Open Notepad and copy/paste the text in the below quote box into it:




KILLALL::

NetSvc::
ojjpxzer

Driver::
ojjpxzer
jgameenp

FileLook::
C:\WINDOWS\twain_32.dll

File::
c:\windows\Tasks\At1.job
c:\windows\system32\ukrehgh.dll
C:\WINDOWS\agatifigorey.dll
C:\WINDOWS\ibagawopik.dll
C:\WINDOWS\wedlgp.dll
c:\docume~1\TREVOR~1\LOCALS~1\Temp\jgameenp.sys
C:\Documents and Settings\Trevor Jackson\Local Settings\Application Data\33522309-CA17-4AFC-A5BC-E4421AAAFFDF.txt
C:\Documents and Settings\Trevor Jackson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Folder::
C:\Document... Read more

3 more replies
Relevance 71.75%

I don't go on questionable sites per se, I go on Facebook, Youtube, meebo, etc. and I'm not sure what triggers Vundo to come back. I've removed it several times with Malwarebytes, and I don't get annoying pop-ups or anything while I'm browsing. However, this has happened probably twice after I removed Vundo, I got a pop-up and had to remove Vundo via Malwarebytes. What are sites that trigger Vundo? Would it be sites with Java or Flash or something? Just not a fan of Vundo at all. Thanks :D

Answer:Vundo keeps coming back when I visit certain sites...

Hackers, malware writers and attackers have a variety of motives for installing malevolent software and use various methods and techniques to spread their malicious programs: Who Writes Malicious Programs and Why?Rogue security programs are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware and is often seen with SmitFraud and Vundo infections. SmitFraud is a generic description for a family of rogue applications/trojans such as Win32.Zlob which comes disguised as a fake codec that installs other malware or rogue security products like SpySheriff. Vundo is a Trojan that infects a system with malicious Browser Helper Objects and .dll (Dynamic Link Library) modules attached to system files like Winlogon and Explorer.exe. These infections are responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Many variants typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a malicious security application to fix it. The alerts can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files s... Read more

1 more replies
Relevance 71.75%

Logfile of HijackThis v1.99.1Scan saved at 9:40:57 AM, on 4/12/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PRISMSVR.EXEC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\DELL\Dell Laser MFP 1600n\NetworkScan\DNSCS... Read more

Answer:Ssttr.dll, Ddayv.dll, Vundo Keeps Coming Back

Hello Merriwell and Welcome to the Forum Please download vundofix.exe to your desktop. Double-click VundoFix.exe to run it. ? Click the Scan for Vundo button. ? Once it's done scanning, click the Remove Vundo button. ? You will receive a prompt asking if you want to remove the files, click YES ? Once you click yes, your desktop will go blank as it starts removing Vundo. ? When completed, it will prompt that it will shutdown your computer, click OK. ? Turn your computer back on. ? Please post the contents of C:\vundofix.txt and a new HiJackThis log

24 more replies
Relevance 71.75%

Im newbie here. Found this site after a tiring search.

Here it is:

my desktop icons and taskbar are gone. i tried using the task manager's "ctrl-alt-del" but the desktop and taskbar would just appear for several seconds and then gone again.

SUPER ANTISPYWARE can detect and even remove them in safe mode (did this several times) but my pc will just run normally in only a matter of minutes.

My desktop and taskbar will disappear again immediately after windows defender pops up a notice that it detected changes in the settings.
I have nod32 installed but it cannot detect them. I have hijackthis.

what should i do? please help

Answer:Vundo Variant/resident Keeps Coming Back!

All kinds of unpredictable behavior happens when you are running 2 antivirus programs at the same time, and then an infection.Try going into safe modeand running a scan with nod from there, I would uninstall defender myself or totally disable it in vistapost the logs from nod and SAS pleasehttp://www.bleepingcomputer.com/forums/ind...mp;#entry811062also from this scan

7 more replies
Relevance 71.75%

Who knows how or when, but my computer is infected with Vundo.
I run XP Home w/SP2.
Kasperskey Internet Security 2010 (30 day trial) seems to be woefully unaware of this (beyond blocking some attempted popup windows) , but Malwarebytes finds it and cleans out the "randomletters.dll" files every time.
The thing is, it keeps coming back!! The first time it was Vundo.H but now it just comes up as Vundo in Malwarebytes. I read a few threads others posted here about Vundo issues, but those were very system specific fixes.
So. Help?
I already went through a 6 hour process of backing up all of my data (photos, music and documents), but I would reaaaaally rather not have to run the Recovery console if I can avoid it. (this is an old HP and I don't have recovery disks and can't afford to buy them)
I've also become aware that it looks like a *bunch* of Windows security updates (from 2004 and 2005) were never installed and I don't know how to go back and install them. They were downloaded but then failed to install, so I can't get Windows Updater to show them to me again through the "Restore hidden updates" option. (This was someone else's computer they gave to me, and I had no idea that the updates were never installed)
I'm wondering if Vundo is getting in because of this?
I don't want to install SP3, I'm afraid of it causing problems that I've read about.
 

Answer:Vundo keeps coming back after Malwarebytes removes it

11 more replies
Relevance 71.75%

Hi - a few days ago I downloaded a file which I scanned first with AVG before opening. It showed as vius free, after opening all hell let loose. I had Spybot on the PC and it identified Smitfraud and Smitfraud C. I used the information on this forum to clean them. I still had problems which AVG could not fix so I downloaded Norton AV (free with BT broadband) unfortunately it forces you into removing Spybot.Since then the PC has improved but Nortons is still finding and repairing viruses but they keep coming back.I've attached a hijack this log for info. Any help would be much appreciatedThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:40:42, on 12/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Prog... Read more

Answer:Vundo, Metajuan, Zlobgen Keep Coming Back

Hello Brian Fantana, and welcome to Bleeping Computer. I will be handling your log to help you get cleaned up.Please take note of the following:1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.5. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,htv8

15 more replies
Relevance 71.75%

I'm on a Windows XP computer with SP3. I had a more serious case of Vundo a few months ago, which I thought I was able to get rid of through a combination of MalwareBytes and VundoFix, but apparently vestiges, or just other similar viruses are taking its place. I get periodic IE popups about SpywareRemover2009. Each time, I scan with MalwareBytes to get rid of it-- there is almost always a Trojan.Vundo.H (and sometimes there are Trojan.BHO, Trojan.Agent, and Disabled.SecurityCenter, as in my most recent scan). It will be fine for the rest of the evening or day, and then the next morning the whole cycle starts again with more IE popups.

Lately my computer also bluescreens sometimes (bad_pool_caller) although I haven't done anything in terms of new hardware or software, so I wonder if it has to do with the malware. When that happens, I am unable to boot in regular or safe modes, and Last Known Good Configuration is corrupt, so I have to use the XP CD and Recovery Console to manually do a System Restore, which can usually get me back going... but, again, the viruses are still there.

In my HijackThis logs I definitely see things that shouldn't be there, but I just don't know how to get rid of it. I tried picking them and doing the "Fix Selected," but this usually ends up with my computer bluescreening the next time I start up, so I thought perhaps I should get some guidance on how it's supposed to be done.

Thank you in advance!

My DDS log is here:
DDS (Ver_09... Read more

Answer:Vundo/IE popups about SpywareRemover2009 keeps coming back

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

3 more replies
Relevance 70.93%

Hi Jack,

I have Windows XP Professional SP2 and I keep getting popups in IE7 for ADs. They open in full new IE7 windows. Then when I go into safe mode it keeps restarting safe mode every 6 seconds or so.

I installed Kasperksy and it keeps blocking this

detected: Trojan program Trojan.Win32.Agent.bck URL: http://82.98.235.78/netob/valera.exe?uid=C3EF090E71EF11DCAD13F67908FAFFFF&guid=101E

I ran adaware and can't run spybot anymore.

When I run "VundoFix.exe" it usually finds about 3 dll files which names seem to constantly be changing. For example you can see one in this log called "cmulnmik.dll"

I delete these then these files usually come back with different names. I cleaned all my temp items. I did find mdengine.dll in my local files temp and I removed because I think I read that is a bad file, I am not sure if that's related.

Any help would be appreciated. Thanks
Heres is my Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 1:03:16 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe... Read more

Answer:Solved: Can't remove possible Vundo or valera dll's keep coming back

8 more replies
Relevance 70.93%

adware.vundo keeps coming back + windows keep shuting down
not a clue can someone help please i think removed adware.vundo
but still windows keep shuting down

here is my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:20:16, on 07/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\alg.exe
C:\W... Read more

Answer:adware.vundo keeps coming back + windows keep shuting down

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

1 more replies
Relevance 70.11%

last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart. although there are no more popus like their were last night. any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!! here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.H) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{b4ea9b44-78f3-4bcf-b55d-51c... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello belezaj16.What antimalware programs are installed on this computer, please? Do you have an antivirus, or other program that provides realtime protection?I suspect you are being reinfected because you lack these.With Regards,The Panda

22 more replies
Relevance 70.11%

Greetings folks,

I'm at the end on the line for my attempts to fix my PC, so I logged into here to find some help.

Ive run vundofix - states that its successful in removal after reboot (new scan doesn't show it)

MS Mal Software removal tool to pull the trojan, but they both keep returning after I launch Explorer 7. Running XP Pro - the following is my log, anybody see something that could be an issue?

Thanks in advance for any help!!
 

Answer:Solved: Hijackthis log - Win32/Rbot.gen!A and Vundo keep coming back

6 more replies
Relevance 70.11%

I accidentally posted this in "am I infected, what do I do".. but am new to this.. so I posted this one here.last night I encountered some popup problems, (I use firefox now) on my xp computer..so I ran both mbam and suprerantispyware.. both coming up with vundo files, and trojans, after deleting and rebooting twice, it seemed like everything was alright. until I opend up the computer this morning... and I did a rescan of everything and it seems like it keeps coming back and returning upon restart.although there are no more popus like their were last night.any help?! please! I hear vundo is hard to delete. I'd appreciate any quick responses on how to remove completely.thanks!!!here is the last mbam full scan from last night:Malwarebytes' Anti-Malware 1.31Database version: 1607Windows 5.1.2600 Service Pack 21/4/2009 1:15:34 AMmbam-log-2009-01-04 (01-15-34).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 196740Time elapsed: 1 hour(s), 0 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 5Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4ea9b44-78f3-4bcf-b55d-51cdfc05fed7} (Trojan.Vundo.... Read more

Answer:vundo, trojans, adware, rogue installers. keeps coming back.. please help!

Hello.I have replied to your topic in the Am I Infected Forum here. Please continue the discussions in the topic above. If we are unable to resolve your problem there, you will be asked to post in this forum.This topic is now closed.With Regards,The Panda

1 more replies
Relevance 66.83%

So I am another victim of the evil Vundo virus. My Avast found it, then I did a number of virus removals, checks, etc. using ad-aware, spybot, avast, and vundofix (which I have run 3 times and it does not detect any files...). However, two things keep happening that bother me. First, every time I start my computer, I get the notifications of 'registry changes' via the spybot. Only when I allow it does it stop happening. Then avast keeps alerting me to new vundo virus alerts, all with differerent dll extensions, which I have 'moved to chest'. I think I've had to do this about 20+ times now...
The computer also seems to be running more sluggishly than normal as well.
I think something is still wrong and from reading other postings on this site, I think there must be something still going on in the registry. So I have run hijack this and am posting this to see if there is something here (or elsewhere) that I need to do to fix this once and for all (grr...). Hijack this also keeps popping up a window that says my 'system is denying access..." Thanks to anyone who can help with this one!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:49 PM, on 5/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAno... Read more

Answer:vundo virus keeps on coming around....

Hi Welcome to TSG!!
Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply with a new Hijackthis log.
Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
 

3 more replies
Relevance 64.78%

Here's the Hijack This! Log and Malewarebytes following it:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:57 PM, on 11/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Edit by chaslang: Inline HJT & MBAM logs removed. READ & RUN ME sticky not followed.
 

Answer:Trojan.Vundo.H, Trojan.Vundo, and Trojan.Agent keep coming back

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions.
READ & RUN ME FIRST. Malware Removal Guide

If something does not run, write down the info to explain to us later but keep on going.

Do not assume that because one step does not work that they all will not.
Notes:
If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.

 

1 more replies
Relevance 64.78%

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

Answer:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

9 more replies
Relevance 64.78%

Hello I've been battling with this fake AV for a while now and I just discovered that Windows Firewall is putting out this error code when I try to restore it, 0x80070424. I am using AVG 2012 as a anti-virus program and running Windows 7 Home Premium SP1 64-bit. If anyone can help me with this I would be forever grateful.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Cole at 12:53:54 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6062.2980 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k Loc... Read more

Answer:Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434544 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

9 more replies
Relevance 63.96%

Hello,
I have a problem ,which ive tried to fix serveral times but it keeps coming back.
This virus is located in Systems 32 folder, Pc Cilling 2005 identified it as TROJ_ROOTKIN.N . Ive gone
to safe mode, deleted it, returned to windows and the virus reapeared, wats more it clogs up Pc Cillin, so now under quarantine i have 100+ instances of this virus, and its increasing.
The virus is labelled hpr34k8

Im sure my Hijack Log is fairly clean... -------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:27:53 PM, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin... Read more

Answer:Virus that keeps coming back and back and back, so on

bump, hopefully someone takes notice

19 more replies
Relevance 63.96%

So my computer got a virus from a game that I tried downloading. Avast! did a boot scan and got rid of it, but a day or two later, I got messages from Chrome that said I had a virus again, but of course those are usually scams. I did another scan, just to be safe, and Avast! found two items, got rid of them, and ran another boot scan, just to be safe.

Next day, I figured it had to be from Chrome because of the fact that I attempted to download the game from Chrome and was getting odd popups and such but IE wasn't doing that. So I deleted it. My friend suggested downloading Malwarebytes so I did that as well. It found two more Trojans and so did Avast! after a full system scan. Got rid of those as well and found they were gone afterwards.

I can't tell if my computer is infected again but earlier Malwarebytes apparently blocked a couple malicious websites, and since Avast! usually did that when the virus would come back, I ran another scan and found one thing, a YouTubeAdBlocker, I don't know if I wanted to get rid of that because an AdBlocker sounds like something I would want to keep and I heard that sometimes, Malwarebytes finds things that aren't really dangerous, but idk I am not an expert. I tried not to worry about it after that but I just want to be safe.

I am running two full system scans as we speak with Malwarebytes and Avast! to see if they will find anything that way since quick scans didn't find anything (except the AdBlocker again) and... Read more

Answer:Virus that keeps coming back?

Hi,
In order to help you, we need reports generated on your system. Please follow this topic and attach requested reports: http://malwaretips.com/threads/malware-removal-assistance-how-to-get-help.20334/
 

1 more replies
Relevance 63.96%

Hi - I recently got infected with a virus that added options to my toolbar (Fresh Search) which I managed to fix thanks to the help I saw posted here, but I still keep getting pop-ups and infections - SearchToolbar, Spyware.Msnagent and DownLoader.Trojan being the most recent. None of the anti-spyware, pop-up blockers or anti virus programs I have can stop the reinfections.

I have gone into safe made, used CWShredder, CClean, Kill2Me, HSRemove and Stinger. Also RAVAntivirus online scan, Bitdefender online scan, AdAware SEplus and Norton Antivrus. I used Silent Runners and found some suspect entries, which I edited out of the registry using Registrar Lite, and I used Hijack This to find and fix some other suspicious entries.

But they all keep coming back, in one form or another. Not crippling like before, but really annoying!

Below is a recent Silent Runners report, followed by a HiJack This report:


"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"internat.exe" = "internat.exe" [MS]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit" [MS]
"NBJ" = ""D:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead So... Read more

Answer:Virus Keeps Coming Back

16 more replies
Relevance 63.96%

There's a virus named wlzxha.exe in C:\WINDOWS\system32\ that keeps coming back after I delete it. The virus is "Downloader" according to Norton. It deletes fine (I've done it in safe mode) but it seems to come back after each restart.

I have already run a virus scan and spyware scan multiple times.
 

Answer:Virus keeps coming back

13 more replies
Relevance 63.96%

For the fourth time in the past few months, I have been experiencing strange pop-ups blocking my use of various programs. Twice, my IT dept. attempted removal of the virus, which looks like a virus warning from McAfee but will not allow removal or the use of the programs it is blocking. This time around it was blocking my use of Internet Explorer and Outlook.

A screen popped up and each time I tried to open the programs it would log a warning in the screen. The screen showed options for removing the items logged, however it would not respond to clicking any of the options and would only go away if I closed it out completely. If I did close it, as soon as I attempted to open those programs again, the warning would reappear. This is nearly identical to the last two or three times I have experienced this, with a couple weeks in between occurences.

I rebooted several times and recieved a pop-up message from Windows saying "Windows has recovered from a serious error." The third time I rebooted, it actually allowed me to open these programs without the warning. The first two times it would not go away. This has happened a couple of times prior, where that message seemed to temporarily fix my issue.

Is this a real virus that is hidden in my computer? What can I do to remove it completely?

Answer:Virus that keeps coming back

Hello can you run an MBAm scan and post a log back .. Let's see what it may show.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top... Read more

7 more replies
Relevance 63.96%

Hi,Norton found the virus called Back door greybird.k on C:\windows\G_server_hook.dll.I logged on to the safe mode and deleted the G server. exe and dll file.But Norton keeps finding this virus. How can I clean the virus?Thanks very much. (Moderator edit: moved post to more appropriate forum. jgweed)

Answer:Virus coming back again and again

Symantec Security ResponseI'd recommend submitting a hijackthis log here.How to submit a hijackthis logDownload HijackthisTry running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.ziporDrWeb CureITIf your good with the command line also try Sophos Command Line scannerAlso try installing and running A2 Free and EwidoI'd also run Spybot and AdawareIf your using Win2K/XP run adaware/spybot from "safe mode with command prompt"At the C:\ prompt type the following:-cd\C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofixcd\C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

2 more replies
Relevance 63.96%

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Michael at 19:00:59.98 on Sun 09/06/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.765.240 [GMT -7:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\System32\vds.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\ag... Read more

Answer:virus keeps coming back help!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.96%

It all started last week when my computer contracted Trojan.Nebuler. My copy of Norton could'nt get rid of it so I downloaded various so called fixes. In the end I had to manually delete the trojan following the instructions on symantics web site - but that was when the fun really began. All sorts of pop up software has been appearing e.g. SysProtect, Drivecleaner and adult sites. Plus the computer has slowed down to a crawl. I have scanned my machine using Norton and AVG and Trend Housecall. And although they find new viruses, and remove them, they keep on coming back. I also downloaded and installed a Registry cleaner - to see if this would speed the thing up a bit, hope i havent deleted anything important (although it says I can recover the lines I have deleted). Can anyone help - here is the hjt log.


Logfile of HijackThis v1.99.1
Scan saved at 10:05:18, on 19/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program F... Read more

Answer:Virus keeps coming back!

16 more replies
Relevance 63.96%

Hi all,

Looking for a little help here. I have removed a virus now with ESET and malwarebytes and it keeps coming back. See the log below.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Carrie Ann at 19:38:56 on 2012-04-03
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3963.1965 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agr64svc.exe ... Read more

Answer:Virus Keeps coming Back

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop. Double-click aswMBR.exe to run it.
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.
There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then ... Read more

10 more replies
Relevance 63.96%

Hello, a few weeks ago I had alerts from ThreatFire saying that "c:\2F2FE1D9C8463A4E6C7466B1CF9E03AD\MPSIGSTUB.EXE"was trying to modify another program, copy itself to multiple locations, I clicked ignore to these after looking it up, and finding out that mpsigstub.exe was related to windows malicious software remover. When I  tried to look inside the folders, they renamed themselves. I started to panic when I found out that its normally in the system32 folder, so my friend came round to help me delete it and remove the registry changes it had made. I know that was a virus, but I'm not sure about these: Not so long ago a very similar directory had been created again, this time with stub.exe in it. I deleted them, and ran an anti virus scan. C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report09186521\WER11A7.tmp.hdmp and C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report11188777 were infected and quarantined . stub.exe was also trying to modify other programs etc. Just today I found two more directories with similar names, such as 70d953ce1268e4d3b8, with eventlog.txt in them. I haven't got any warnings as far as I know, so I want to know if this is the same virus, or even if its actually a virus at all, and I'm just being paranoid. Thanks in advance  PS. I also had a process called conime.exe, I looked it up, and its to do with using an Asian language. Apparently, if this is running while you aren't using an Asian language... Read more

More replies
Relevance 63.96%

hello

I have a virus Worm_RBOT.BCQ found on file C:\windows\system32\micront.exe

I have followed to the letter the removal instruction by Trend

I have deleted the file, deleted all Registry reference to this file, deleted all temp files and Bin , all in safe mode..

The virus seems to have been deleted. but when I connect to the net, after a while , virus is detected and all is back to square one..

Please Help!! how can I get rid of this Virus forever....

Thanx
Jadan
 

Answer:virus keeps coming back

10 more replies
Relevance 63.96%

Logfile of HijackThis v1.99.1Scan saved at 9:56:14 PM, on 3/4/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\SAVScan.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\System32\wsys.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_06\bin\jusched.exeC:\Program Files\ScanSoft\PaperPort\pptd40nt.exeC:\WINDOWS\system32\wsxsvc\wsxsvc.exeC:\WINDOWS\system32\vmss\vmss.exeC:\WINDOWS\system32\ykyogu.exeC:\WINDOWS\system32\lodbksuj.exeC:\WINDOWS\system32\xmsiaybg.exeC:\WINDOWS\system32&#... Read more

Answer:How do I get rid of my virus, cause it keeps coming back....

Now please Download LSPFix from:LSP-FixDisconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" Button and place all listings of c:\windows\system32\aklsp.dll and c:\windows\system32\dolsp.dll into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.Then Reboot.To see a tutorial on how to use this program click the link below:Using LSP-Fix to remove LSP Spyware & HijackersPrint out these instructions and then close all windows including Internet Explorer.Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tagteamgirls.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blankR0 - HKCU\Software\Microsoft\Internet Explo... Read more

1 more replies
Relevance 63.96%

Hello,

I have been using Kaspersky and it has been finding this. Even after deleting it, it still seems to come back. Below are pictures which may help.






I didn't download AVG since I had those pics posted above. Hopefully this is okay. I appreciate very much in advance any help that may be given.

I am interested in knowing what in the world this thing is!

-MDB
 

Answer:Possible virus...keeps coming back!

Welcome to MG's!

Something didn't go right, let's run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Before running the above, you MUST shut down ALL antivirus and antispy programs you have running.
 

1 more replies
Relevance 63.96%

Hello,

I am using a 64 bit version of windows vista. I have a virus on my computer that keeps coming back. Usually I am able to remove viruses on my computer using a combination or rkill, malwarebytes, and super anti spyware, but this specific virus keeps coming back, even after I clear it with malwarebytes. Also the virus wont let me update my malwarebytes software. I have tried to do a sytem restore, but everytime I click on the icon, i am asked to select a program to open system restore with, and I am not sure which program to pick. On my desktop there is a suspicious icon named system restore. Any help would be greatly appreciated.
Thanks

Answer:Virus keeps coming back

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

1 more replies
Relevance 63.96%

I'm not sure whether it's a virus, trojan, spyware etc but I have something running on processes which takes up around 180k memory. Everytime I close the process it re-appears but as a different name... For example, as of now the process is called 'xsggsz.exe' but now I've closed it and it's re-appeared as 'vzdfme.exe'

I've used spysweeper, McAfee, Ad-Aware and system mechanic to try and get rid of it but it just won't budge.

I'd appreciate any help regarding this.

Thanks!
 

Answer:Virus That Keeps Coming Back!

go to http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm and click on



scan your pcClick to expand...

Panda has the most upto date scanner I've seen

also if you do not have a firewall - you really need one.
I've used the free version of zonealarm for a number of years, and never had a problem, except a couple of times when I turned it off to access a site (that was real dumb)
 

1 more replies
Relevance 63.96%

Running Malwarebyte's Anti-Malware and i get the same results everyday. I also get redirected when using google. My Malwarebytes results are:

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

5/11/2009 6:25:05 PM
mbam-log-2009-05-11 (18-25-05).txt

Scan type: Quick Scan
Objects scanned: 134478
Time elapsed: 4 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\roger.spiller\protect.dll (Worm.Autorun) ->... Read more

Answer:Virus Keeps coming back

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Relevance 63.96%

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WinFast\W\WFTVFM\WFWIZ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program File... Read more

Answer:Virus keeps on coming back

Anyone?

4 more replies
Relevance 63.96%

http://www.bleepingcomputer.com/forums/topic433509.html/page__p__2516707__fromsearch__1#entry2516707

Answer:Virus keeps coming back

Please follow the guidance in post number 2 in that topic.

1 more replies
Relevance 63.96%

I have a Toshiba laptop that back in March I had a virus and went to to a local PC store and had the virus removed.  A few months later the virus came back and I had a friend remove that virus and all was well for about a week when the virus came back once again and was removed and seems to be removed right now.  I am afraid this is going to happen again and want to know if you can check the HiJack This log here to tell me if there is something seen that I am not able to identify as a virus.  I did use the self help scan tool but I dont really know what I am looking at.  The scan is here http://www.computerhope.com/cgi-bin/process.pl?o=20192628.I run McAffee AV on this laptop along with MalWareBytes and MS Windows Defender.  I did updates and scans to each one of them 2 nights ago both in normal mode and in safe mode and none of them are returning any bad files, however, I am reluctant as this has happened three times now.  I am wondering if there is a hidden rootkit file that the softwares are not picking.I run the following system:OS Name   Microsoft? Windows Vista? Home PremiumVersion   6.0.6002 Service Pack 2 Build 6002Other OS Description    Not AvailableOS Manufacturer   Microsoft CorporationSystem Name   CHARLENE-PCSystem Manufacturer   TOSHIBASystem Model   Satellite A305System Type   X86-based PCProcessor  &nb... Read more

Answer:Virus Keeps Coming Back

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. 1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.2. The fixes are specific to your problem and should only be used for this issue on this machine.3. If you don't know or understand something, please don't hesitate to ask.4. Please DO NOT run any other tools or scans while I am helping you.5. It is important that you reply to this thread. Do not start a new topic.6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.7. Absence of symptoms does not mean that everything is clear.If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. *************************************************************************SUPERAntiSpywareIf you already have SUPERAntiSpyware be sure to check for updates before scanning!Download SuperAntispywa... Read more

12 more replies
Relevance 63.96%

Hopefully I've included enough information and made this topic correctly...
 
Basically I had an issue where my microphone would mute itself, figured it was a virus, and ran malwarebytes. It found stuff, removed it, and everything worked fine... for about a few hours. A few hours later the same thing occurred, ran malwarebytes again and found the same thing: "dnsl64.exe" detected, along with other things that it appears to be downloading. No matter how many times I remove it it seems to come back, and googling dnsl64.exe popped up no results that I could find and then each scan (after a few hours) pops up a bunch of junk, even if I leave the computer idle. It also downloaded something that appeared to change my browser homepage to "search.snapdo.c*m" if that helps diagnose anything.
 
I've attached the MWB and FRST logs, hopefully they help diagnose what the problem is! Thank you in advance for any help, would really appreciate getting rid of this nasty thing.

More replies
Relevance 63.96%

I really need help. Whenever I scan with avast, it tells me there's a virus. I can't delete because it's being used by another program. So I got into safe mode and try to remove it. A while later after I deleted it and back into Windows, I scan again and it's back. It's always in the same place too:

C:\.....\Temporary Internet Files\Content.IE5\ZTNTM02A\movie[1]
HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:08 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet ... Read more

Answer:Virus keeps coming back

Anyone?
 

1 more replies
Relevance 63.96%

Combofix just restarts my computer and won't run and nothing can find the virus but it's there. It started as a fake antivirus, then when I deleted it it created win 7 antivirus 2011. I think I got rid of that one too, but now everytime I click any link it takes me to some random add page instead. I've already did a system restore from days ago and even that didn't work, but it stopped my problem with running .exe's from the win antivirus.

Answer:Virus just keeps coming back!

Hello having run ComboFix we need to see that and a DDS log.As you now see Combofix is not to be run like a commmon tool. It's why we post this above the malware forums.ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you posted earlier.Let me know if that went well.

3 more replies
Relevance 63.96%

i just wanted to noe if i was clean or not..
 

Answer:virus kept coming back

No you are not clean yet. I need the C:\MGLogs.zip --> from running the C:\MGTools.exe.
 

11 more replies
Relevance 63.96%

My computer has been acting up and now a virus keeps appearing even though my virus scan deletes it when it appears. Now my desktop icons are changing and folders are missing. Please help. Thanks in advance to all who reply! Logfile of HijackThis v1.99.1Scan saved at 4:39:20 AM, on 8/31/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exeC:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exeC: ... Read more

Answer:Virus keeps coming back

Hi noobie_comp_geek,

Sorry for keeping you waiting.

If you still need help, please answer these questions:

- What's the name of the virus?
- Where (in wich file and/or folder) is the virus found?
Jan

1 more replies
Relevance 63.96%

Hello, ago 2-3 weeks I got some viruses, i tried to delete them but they come back everytime..
The viruses are in 3 drivers (D,E,C) and also i got another virus named Backdoor.Agent
By the way I use Windows XP
Can somebody help me?

Answer:ms-dos virus keeps coming back

Hey?

7 more replies
Relevance 63.96%

Hiwould like some help please, avg removes virus, but next day it is backRegardsDerekLogfile of Trend Micro HijackThis v2.0.2Scan saved at 18:24:19, on 02/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\sttray.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Canon\MyPrinter\BJMyPrt.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files&#... Read more

Answer:virus keeps on coming back

Hello ziggyzig Welcome to the BC HijackThis Log and Analysis forum. I apologize for the delay however we are all volunteers and it gets very busy around here. I will be assisting you from here on out.I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please perform the following:Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXT
Now click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)
Scan Options:Scan Archives
Scan Mail BasesClick OKNow under select a target to scan:Select My Com... Read more

9 more replies
Relevance 63.55%

EDIT:Moved to appropriate forum,Virus, Trojan, Spyware, and Malware Removal Logs ~~boopmeLogfile of Trend Micro HijackThis v2.0.4Scan saved at 10:25:51 AM, on 10/2/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exeC:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Winamp... Read more

Answer:Browser redirecting virus///Virus keeps coming back//Thank You

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

2 more replies
Relevance 63.55%

Sure enough, I was disappointed when after running Kaspersky online scanner, Malwarebytes, and ComboFix I noted recurring hicjacked webpages and popups and inability to start Auto Update in Services, etc. but at a reduced rate.

I decided to run Malwarebytes a second time which detected several residual entries not eliminated on the first pass.

I then reexamined System 32 and saw that a number of the infected dlls WERE STILL THERE and were not deleted as promised after rebooting.

I decided to PRINT OUT ALL THE LOG FILES from the initial Kaspersky, Malwarebytes, and ComboFix scans and then tediously went LINE-BY-LINE identifying, deleting, and in cases of the System 32 dlls, using McAfee's more secure recycle bin shredder to remove them (inviting McAFee back for short term use as it is free via my comcast.net subscription--see my last post about this).

It was time-consuming and tedious, but it worked. Much more helpful to refer to a printed page than to squint at the screen swiveling from txt files and the Registry trees...

I also took advantage of a Microsoft "836941 Windows Update guided tool" (self extracting cabinet type) which I downloaded to the desktop. It "automatically" peformed the tasks of placing the update sites in the trusted sites of IE (which I had already done), purging the DNS cache or something like that (which I could not do from other Knowledge Base articles) and probably helped solve the
frustrating 0x80070422, 0x80072ee2, e... Read more

More replies
Relevance 63.14%

The computer is running Xp service pack 2.
When I first tried to fix a popup problem with symantec, the user (my daughter) couldn't log on anymore.
Safemode would begin to load and then rebooted.

I fixed several registry entries using knoppix under
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
and copied over a copy of userinit.exe, and ntldr from another Xp installation.

Now the user can logon, but the web pages are redirected to advertisements for removal tools and other things.
A file called str.sys was removed by several malware and antivirus programs and kept coming back.

I still can't boot into safemode. I see a list of drivers loading and then the computer reboots. I would be grateful for any help, thanks.

Here is the report from Rootrepeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/27 22:32
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: 00002984
Image Path: 00002984
Address: 0xB2A8F000 Size: 71424 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2BC3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Lock... Read more

Answer:rootkit virus keeps coming back str.sys

Hi jobarb,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.I see you have Combofix. Please post the log(s) it has produced. If you have run it more than once Please attach all of them.The latest log is located at: c:\Combofix.txtThe earlier logs are located at C:\Qoobox\combofixX.txt where X is a number.

24 more replies
Relevance 63.14%

Unfortunately I keep getting my isp suspended due to trojans, initially it was something different but now they are telling me it's Torpig. I thought I had removed a few trojans, and they seem still gone on repeated scans with programs such as Panda, Malbytes and SuperAntispyware but again on April 9th my account got suspended. Here's my Hijack This log, can someone please talk me through what might be the issues and how to remove them? It would be much appreciated.Hijack This log(updated after removing some things):Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exeC:\WINDOWS\system32\svchos... Read more

Answer:Torpig virus keeps coming back

I removed Panda since it seemed to cause havoc with my browsers. Also removed a couple other things that popped up as trojans:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\stsystra.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exec:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\A... Read more

12 more replies
Relevance 63.14%

Hi,

My pc seem was affected by virus, after i'm reformated it the virus still coming back..
Any help will be appreciated
Thank alot

Here is my logs files
Logfile of HijackThis v1.99.1
Scan saved at 7:53:35 PM, on 7/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Temp\system1.exe
C:\WINDOWS\system32\k11833762731.exe
C:\Program Files\Common Files\System\commond.pif
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgemc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\LC\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [Microsoft Autorun1] C:\WINDOWS\system32\nwizdh.exe
O4 - HKLM\..\Run: [Microsoft Autorun9] C:\WINDOWS\system32\Ravasktao.exe
O4 - HKLM\..\Run: [ryy]... Read more

More replies
Relevance 63.14%

my pc was infected several days ago, i have eliminated it but, once in awhile it comes back. i dont know what else to do. please help. maybe im just paranoid but my pc runs slower than usual. specially the explorer. i have pasted a hjt log, just in case you need it.
any advise is very much appreciated.
thanks
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:36:19 AM, on 10/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\VIA\RAID\raid_too... Read more

More replies
Relevance 63.14%

I am looking for some help.  I am running Windows 7 and IE8 and have started to get constant redirects.  Malware found two viruses Rootkit.0Access and Trojan.Dropper.ED.  Malware now shows no problems but the redirects keep comin back.  At least I can still use the the computer for now.  Any help is certainly appreciated.  
 
Bryan  

Answer:Redirect virus keeps coming back

Hello Bryan I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

32 more replies
Relevance 63.14%

hi, i use windows xp and i recently encountered a virus. my antivirus software, avast!, called it Win32:Trojano-207 [Trj]. i tried to delete it but a few seconds later the warning message for the same virus popped back up. i tried to do a startup scan but that also didnt work. i used adaware and also spybot but nothing worked. can someone please help me here! thanks in advance!

Logfile of HijackThis v1.98.0
Scan saved at 12:34:15 AM, on 7/4/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\HijackThis.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll

i really appreciate any help!
 

Answer:trojan virus keeps coming back!

7 more replies
Relevance 63.14%

Hi, I got a virus that keeps coming back in my Temp folder, "WindowsUpdateKB12695__7428_il31477.exe" , "tmp4191.tmp.exe" , "tmp9E32.tmp.exe" it appears once a day and I can remove it by running malawarebytes, but it keeps coming back after a few hours. It tries to install a program as soon as it appears in my Temp folderI have a feeling I might be infected with a Rootkit... I tried running Malawarebytes anti-malaware, malawarebytes anti-rootkit, tdsskiller and combofix with no luck, it still comes back every few hours or everyday.I think this virus appeared when I got some new drivers for my AMD graphics card, but I am not certain... I cannot do a system restore because I didnt have any restore points before I downloaded the drivers... ... .I would like to know if one of you more experienced user could help me with my issue. Thx in advance!Edit: Moved topic from Windows 7 to the more appropriate forum, due to member having already run ComboFix. ~ Animal

Answer:Virus keeps coming back in Temp

I found an "$RECYCLE.BIN" in my second harddrive, I think Im infected with Zero Access, but its on another internal harddrive which is not the one my operating system is on, I feel like all the scanners are only scanning my main harddrive where my operating system is located, so they cant find the virus!
​ How do you delete a Zero acces rootkit in a second internal hard drive?

20 more replies
Relevance 63.14%

Hi,

I have an amazingly annoying problem which keeps coming back (even after windows format), I keep getting errors which wont allow me to start,open,delete,install files. Just messes up the whole system.
The errors are:
When I want to install program - Nothing happens OR Internal Error: Failed to expand shell folder constant "userappdata"
When I want to start program - Nothing happens OR mpr.dll is missing OR netutils.dll is missing
If I want to delete a program - "An error occurred while trying to uninstall program. It may have already been uninstalled"
Startup programs won't start - netutils.dll is missing OR mpr.dll is missing

I did a fresh install on my SSD, everything was working great but after couple of days it came back.
What's going on here?

Answer:Virus/Trojan keeps coming back?

Sounds like a bad installation. Where did you get your Windows 7 installation media from?

7 more replies
Relevance 63.14%

i've alreadys started discussing this in a different thread, but due to new and disturbing occurences, i felt the need to start a whole separate thread on the matter, i hope that's ok.

ok, as a background: i did a Panda virus scan yesterday and it found VBS/TheThing in my pc. it was located in the Temporary Internet Files folder. Panda got rid of it. so, fine.

Today, i decided to do another virus scan just to be thorough, so i run the Panda scanner again. and again it found VBS/TheThing !!!
location: Temporary internet files\content.IE5 folder.
don't know how i could've been exposed to it, since the last scan i haven't been to any sites other than here at TSG and Norton, nor have i done any downloading of anything that could be suspect whatsoever. i don't know how i got it again!! and this is what disturbs me further, Panda didn't get rid of it this time; i checked the scan report, and the action taken just said "infected". not deleted or renamed, just 'infected'
(last scan Panda "renamed" it). why could this be??

since it was found in the Temp internet files folder, naturally i deleted everything in it. but what i'm wondering is why it keeps coming back?

and does anyone know exactly about this VBS\TheThing virus?
 

Answer:VBS/TheThing virus keeps coming back!!

9 more replies
Relevance 63.14%

I have installed malware software, even there is a QUICK HEAL ANTI SOFTWARE installed in my computer. System got stuck and applications are running slowly due to virus problem, I want to remove virus and wants to improve system performance. I want to know how to fragment(don't know) the system or reboot.

Answer:How to remove a virus that keeps coming back?

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Spyware 1st Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 63.14%

I use Avast 4.8 to check my system and try first a "move to virus chest" when I was notified I had a virus. When I "move the virus to the chest" it just keeps coming back as a new virus almost immediately wit the virus warning. Then I tried the "repair" option in Avast, but it always said an error has occured... File name was: C:\System Volume Information\ _restore{7F7BE6F8-0D6A-488B-ABD ... Note Malware name: Win32: Trojan-gen(other)... I ran HijackThis and here is the log....



Please walk me through as I'm a novice on this computer stuff,,, thanks in advance...



Geof



Logfile of HijackThis v1.99.1

Scan saved at 8:38:24 PM, on 11/30/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Multimedia Card Reader\shwicon2k.exe

C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

C:\WINDOWS\LTMSG.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps... Read more

Answer:Trojan virus keeps coming back!

11 more replies
Relevance 63.14%

I've ran malwarebytes,SuperAntiSpyware, and Sophos is running now. The Virus won't come off and when I run a scan in safe mode it says it's gone but in regular it says it's there. The virus redirects every link I click on in google go to some other ad. Please help. I'll update if Sophos removes it.

Oh By the way Malwarebytes says
Trojan.dropper.bcminer
Rootkit.0Access
Rootkit.0Access

Edit: Ran Sophos...did nothing...

Answer:Horrible Virus, Keeps coming back.

Please do not run any tools unless instructedDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

15 more replies
Relevance 63.14%

Working on a friends computer that had some viruses. I ran malwarebytes and that cleaned out about 15 problems. Gave her back her computer and the next day she had the same problem. Not sure what is going on but when the virus kicks in, it also changes the proxy setting so that she cant use the internet. Any ideas?

Thank you.

Answer:Virus problem keeps coming back---help

Some infections will alter the Proxy settings in Internet Explorer which can affect your ability to browse, update or download tools required for disinfection. Check/reset the Proxy Settings as follows:Press the WINKEY + R keys on your keyboard or go to > Run..., and in the Open dialog box, type: inetcpl.cplClick OK or press Enter.Click the LAN Settings... button and uncheck Use a proxy server for your LAN
or change the settings to the proxy you normally use if you previously reconfigured it.Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.Click Ok and then click Ok again.Close Internet Explorer and restart the computer.If using Firefox do this:Open Firefox, click Tools > Options > Advanced and click the Network Tab.Under the Connection section click on the Settings... button.Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.Click Ok and then click OK again.Close Firefox and restart the computer.For other browsers, please refer to How to configure browser proxy settings.Please download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itsel... Read more

7 more replies
Relevance 63.14%

Somebody please help! I've tried everything I know of...
The other day while my little sister was researching something for a project on our home computer, she clicked on a link and a window popped up saying, "Congratualtions.! Your our winner for today blah blah blah". =( When I saw it, I knew it was a virus attempt because I came across this once before when my brother was caught looking at porn smh
Anyways, I ran three different Virus Scanners, Mcafee, Threatfire and AVG, and all three said there was no infected file on my computer. Yet, every twenty (20) minutes, Threatfire virus alert would pop up with the location and name of the infected file. Each time, I selected 'Kill and Quarentine', and each time, the application disappears only to reappear later in the next twenty (20) minute time frame. Oh, and whenever anyone tries to use a search engine, youtube or any website where you have to enter data into a search field, a separate window pops up like ex: randomtext.jempca.randomtext. And it always redirects to some kind of online 'shop', 'search engine' or another 'Congralations.!' message pops up.
I went online to research what I could about manually removing a virus using the computers CMD. I tried it a few times to get rid of the folder the viruses would constantly pop up in, but the virus would still pop up. The location is always C:/Windows/Temp/ which I found wierd because I thought most viruses would pop up... Read more

Answer:Infected? Virus keeps coming back.!

This time when it Threatfire alerted me, i located the Temp folder and there was five (5) different hki****.exe files!

8 more replies
Relevance 63.14%

Hello,
I seem to have gotten some viruses-worms,trojans that I can't seem to get rid of. My internet pages started to redirect, mainly to various advertising sites and of course adult sites and fake virus scanners. I scanned with Microsoft security essentials and got rid of everything but it kept on happening so I got Malwarebytes and scanned again. It cames up I had win32.autorun.tmp so I got rid of it restarted and scanned again but it was there again. I tryed again but this time the scan was almost done and I got the BSOD which happens everytime now. I then tried Spybot S&D and it scans fully but can't get rid of all infections because some of the files are in use. My computer wont boot in safe mode. I have no idea how to fix this Please help.

Answer:Virus/ worm keeps coming back

I'm not trying to bump my post I promise but I just realised that I left out some crucial information in my original post. When I start up my computer Spyhunter pops up to say that my Hosts file has been changed and that I should restore it, which is what I do. Should I be doing that? Also whenever I run a virus scan I disable the other anti-virus progams that are installed to stop anything conflicting. I can't update windows, I get an error that says "Windows could not search for new updates an error occurred while checking for new updates for your computer. code 80072EFE" I hope this extra information helps. Merry Christmas everyone.

2 more replies
Relevance 63.14%

Hey guys I have scanned with Malwarebytes, Superanti Spyware, and Hitman they all have said none except Malwarebytes and I know its right because my computer will randomly shut off some times.

Answer:Virus. keeps coming back.Winsvcs.exe

Hello please post that MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Is it Winsvcs.exe or winsvc.exePlease Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>>>ESET ONLINEI'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings fr... Read more

9 more replies
Relevance 63.14%

Can anyone help me remove the "not-a-virus"? Zone ALarm finds it and removes it, but it keeps coming back. Computer is SLOOOOW. NOt sure how to proceed. HELP!?
 

More replies
Relevance 63.14%

DDS (Ver_09-07-30.01) - NTFSx86
Run by Logan at 1:02:41.45 on Sun 08/09/2009
Internet Explorer: 7.0.5730.13

============== Running Processes ===============
============== Pseudo HJT Report ===============

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [braviax]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ms18_word] c:\documents and settings\logan\ms18_word.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /F... Read more

Answer:need help been using my virus software but they keep coming back

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 62.32%

The problem being as of now is that the viruses wont go away. Every time when a virus would pop up i would always Google it and try to fix it myself. Everything seems fine after finishing all the steps to the guide on how to get rid of said virus but it kept coming back after a day! At first it was the AV Protection 2011 virus and now it's the Win 7 Antivirus 2012. It's exhausting to have to do a scan everyday. Much help would be appreciated.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Admin at 12:46:11 on 2011-11-27
Microsoft Windows 7 Ultimate 6.1.7600.0.1258.84.1033.18.1016.307 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Wi... Read more

Answer:The virus keep coming back!: Win 7 Antivirus 2012

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

15 more replies
Relevance 62.32%

Hello! My computer got infected with XP Security 2010. Ran Malwarebytes and it seemed to fix it for a few days. Got the XP Security 2010 virus again. Ran Malwarebytes again and it seemed to clear up. Now AVG Resident Shield shows "Virus identified Win32/Patched.CG C:\Windows\system32\drivers\atapi.sys. Object is white-listed (critical/system file that should not be removed). Can anyone help me with this? Also, my computer won't let me access the Microsoft Windows Update site. Any help would be greatly appreciated!

Answer:XP Security 2010 virus keeps coming back!

I tried using Malwarebytes to remove the Vista Security virus to no avail. I used Hitman Pro 3.5 (free 30 day trial) and that cleared the problem. Run the update after installing, and be sure to uncheck the option to run a check on your computer when you start up otherwise you'll get stuck in a full ChkDsk run every time you boot up. The file it will find will be something like av.exe or ave.exe. Delete that file.
You may need to install Hitman Pro from a thumb drive if you can't get online due to the virus.

6 more replies
Relevance 62.32%

I got this consumer input virus about a week ago.. I've done a malware scan with malwarebytes and it quarantined it about 3 times.. and each time it keeps coming back.. The virus itself just has a bunch of annoying popups and just keeps changing my chrome settings. Operating System is Windows 8.1 64 bit.. Can someone help?

Answer:Consumer Input virus keeps coming back

Welcome to BC !
The programs below have a good track record of finding and removing most adware and a lot of malware.
Malwarebytes' log of what it removed can be found under the history tab. Please post the results of the scan that you refer to. Also check MBAM's 
settings and be sure that scans for PUPS and Rootkits are enabled. If they weren't, run a new scan with those enabled.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
download AdwCleaner by Xplode and save to your Desktop.
Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Cop... Read more

3 more replies
Relevance 62.32%

Basically I follow the method where i restore my PC and then scan my computer with both Malwarebytes and HitmanPro. They both always detect a ton of objects that i delete immediately but a day or two later the virus always comes back.

What i THINK is happening, is i've used a restore point that was set by the virus (I had no others) and so the file remains on my PC maybe in my registry? I've tried everything i know and this is really fustrating me any help would be appreciated.

Another thing i observed (and maybe it means nothing) is that when the virus was about to come into affect my avira detected it in my recycle bin. My recycle bin was empty so does that mean it's being restored from deletion or something?
 

Answer:Ukash Virus Scam keeps coming back

Hi and welcome to the MalwareTips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to nece... Read more

1 more replies
Relevance 62.32%

I ended up with some spyware and virus of some sort and got this SafetyBar program and a few others. I've managed to clean up that aspect of it but i get pop-up ads and spyware and viruses continue to show up when i do scans from time to time. Also when I use my IE7 now, if i open up a new tab, it closes itself.PS:I had the virusbusters thing (I believe that is what it was called). I followed the tutorial and still have leftovers.Logfile of HijackThis v1.99.1Scan saved at 11:10:50 AM, on 12/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Symantec\Norton Ghost 2003 ... Read more

Answer:Infected With Virus/spyware - Keeps Coming Back

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions:This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. A print out of the instructions would be a good reference to make sure you don't yet lost.Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!If you have any queries about the process or just general questions, just ask.Step #1I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to create "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause false alarms - When the anti virus software tells you that your PC has a virus when it actually doesn't. Also it can cause system performance problems; your system may lock up due to both softwar... Read more

9 more replies
Relevance 62.32%

Hello I am new to your forum, computers and the internet so please bear with me

Here is my problem, the other day while I was on msn messenger live I had clicked on to a link that was actually some sort of trojan/virus that was hidden in a file.

My Msn box started to dance all around my screen, and to my suprise, this trojan/virus started to send out the same file to others that where my contacts and had there Msn Live messenger box on at the same time I had, posing it self off as me sending it

Next I did a full scan with my Norton IS 2007 and it picked something up called serviser.exe & [email protected] being as a virus, then it proceeded to clean it out of my system

I then used my Spysweeper and it came up stating I was Infected with W32/IRCBot-xx, I Quarantine such, cleaned out my Quarantine and then proceeded to do more scans how ever after each additional Spysweeper scan was done, this W32/IRCBot-xx would show back up again

Now there after seeing that, I was more then a little upset, so I made a few phone call's to my Grandsons friends, whom are more knowledgeable with computers than I am, they all suggested to me that I should do such scans in safe mode so I did

That did not help either because this darn W32/IRCBot-xx keps coming back and showing up In my Spysweeper

I would like to know if some one here can give a Old Man a tad of a little guidance please with regard to my problem

I have done many scans and cleaning with Norton IS 2007, Spy Swee... Read more

Answer:Trojan/Virus W32/IRCBot-xx Keeps Coming Back

6 more replies
Relevance 62.32%

Hi,

I have an acer aspire 5670 running windows XP professional. I've had it for over 3 years now and never had 1 problem or one spyware...out of nowhere...its infected and I cant get it fixed. I have hijackthis, combofix, malwarebytes, spybot s&d, spywareblaser, superantispyware, atf cleaner, and antivir antivirus on my computer. Ive cleaned out the pc countless times, including deleting all cache and prefetch and temp data...ive cleared out all suspicious keys and paths in the registry. Also, there are multiple hidden objects on my computer (26 to be exact) that I cannot find, view or delete...but I did block them with the group policy editor. Everything I've done only seems to be a temporary fix.

There have been multiple issues with things such as antivirus pro 2007/2009, etc (other fake spyware programs). My google links or other search engine links are all redirected to other sites. After I clean the pc...it fixes the issue but only for a short while. Also, most of my processes in my task manager are UPPERCASE...after i clean the pc...again, they go back to lowercase but only for a short while. Ive deleted spyware with names such as svchast, and multiple other trojans. I'm pretty computer savvy and fix computers in my spare time....so I'm able to stop the issue, but it seems I cannot find the source of my problem and it just keeps coming back. I am going to include a log from hijackthis and anything you can do to help would be greatly appreciated... Read more

More replies
Relevance 62.32%

I have read many posts and have tried many of the suggestions that you guys have giving. I have run ewido security, spyware removal, and anti-virus. They all take things off my computer. I can run of the programs remove stuff and re-run the program 2 minutes later and have the same and new things to remove. My internet is slow because of pop ups opening and trying to open. I have pop up blocker but that stops none of thing. The pop that seems to come up every two seconds has the title THE BEST OFFERS. I ran HIJACK THIS and here is the file.
Logfile of HijackThis v1.99.1
Scan saved at 2:57:48 PM, on 10/11/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.d... Read more

Answer:Slow Computer, virus keep coming back

http://www.noidea.us/easyfile/index.php?folder=2

download Nailfix.zip
Unzip it to the desktop but do NOT run it yet.

Restart in safe mode

Now in Safe Mode:
Double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
==================

Boot

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log If the Ewido log is too large attach it.
 

2 more replies
Relevance 62.32%

Hi everyone,A few days ago I got infected with the Win 7 2012 virus and followed the instructions on this pageto remove it. Everything seemed fine for a day or so but after that an AVG window pops up saying that it found a problem with consrv.dll. When I try to quarantine consrv.dll the Win 7 2012 virus immediately returns and starts closing my windows and sending pop-ups. I have since followed the instructions on the above page twice and the Win 7 2012 virus seems like it's gone each time -- AVG, Malwarebytes, and Spybot Search and Destroy all come up clean -- but like clockwork, AVG will alert me to consrv.dll and then the virus re-appears. I also ran TDSSkiller which removed 1 thing from my computer.I'm not sure how these issues are related exactly and google was not too helpful so I'm requesting some help here. Thanks in advance!

Answer:Win 7 2012 virus keeps coming back/consrv.dll

Hello, lets get a bit of info and do an online scan.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, push Push ,... Read more

5 more replies
Relevance 62.32%

please help,i have dell d620 running on windows xp, i noticed around 2 weeks ago it was acting a bit strange, running slow etc and sending dodgy emails, i had avast installed and it never oicked up anythin, i could nt system restore , so i reinstalled windows to see if that would clear it,but it never, i new it was a virus so i downloaded emsisoft anti malware and it found virus.win32nimnul!ik i have done several scans and each time i have put it in quarantine but it gets removed from quaranteen,ive also deleted it several times but it keeps coming back, im by no means an expert with computers so any help would be greatly appriecated ,many thanks

More replies
Relevance 62.32%

I ran Norton Antivirus and it keeps telling me that it has fixed the problem and to restart the computer. I do that and then I run Norton again and it the same thing. I have tried to read through some of the similar questions, but did not really understand them, I am not sure what a hijack log is and such. With step by step directions, I might be able to do it myself. I am running windows xp. I keep getting a pop up saying that "this link does not exist" but it comes up when I am not trying to click on anything. Any help would be GREATLY appreciated!!
 

More replies
Relevance 62.32%

Per the request in my thread here, I am posting this log:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Run by Matt at 9:57:07 on 2012-01-13Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1979.852 [GMT -5:00].AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG10\avgchsva.exeC:\PROGRA~2\AVG\AVG10\avgrsa.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG10\avgwdsvc.exeC:\Program Files (x86)\Bonjo... Read more

Answer:Win 7 2012 virus keeps coming back/consrv.dll

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

11 more replies
Relevance 62.32%

Hey guys I got a virus that haunts me, I think it is sality going by results from mbam.
I started a topic in the virus section but got redirected here, link below to prev topichttp://www.bleepingcomputer.com/forums/t/528024/sality-is-making-me-violent/
Also if possible I will need advice for Xp, vista as this thing has infected many systems :/
Thanks in advance

Answer:Virus keeps coming back after formatting and reinstalling

You have previously been told...several times...that you need to format and do a clean install due to the nature of your system infections.
 
What is there that you cannot do...on any system, for any version of Windows?
 
Not sure why you posted in this forum.
 
Louis

4 more replies