Over 1 million tech questions and answers.

Some type of worm using psexec and mimikatz?

Q: Some type of worm using psexec and mimikatz?

Has anyone experienced this or similar recently? We've seen multiple unrelated clients get hit with something that resembles a worm. It appears to use mimikatz to steal passwords for the currently logged on user (Active Directory) and then reaches out to other PCs on the network and uses psexec to run something. I assume it's trying to steal the next computer's username/password and so on. Processes can be seen in Task Manager running under other user accounts that are NOT logged into the PC. The users (which have never otherwise logged into the PC) then have profiles in C:\users. This process leaves the PSEXECSVC Windows service (visible in services.msc) and saves mimikatz.exe and other random KB_______.exe and ms_______.exe files in C:\ProgramData and C:\users\username\appdata\roaming and \appdata\local\temp. It seems to disable the Windows Firewall and Windows Update services, and it breaks Show Hidden Files so it can't be turned on or off.
 
Users have complained of audio/music playing in the background, and we've found .mp3 files in c:\users\username\appdata\roaming. It's hard to recover from this because cleaning the PCs one by one is great until an infected one is turned back on with network connectivity and hits all the cleaned/rebuilt ones again.
 
The thing that's most worrying to me is that I can't find much about this online. This appears to be the closest thing: http://blog.cylance.com/operation-cleaver-net-crawler
 
Any ideas what this could be? It seems to be getting more popular last week and this week, as I've never seen anything like it before and now have multiple cases.
 
Edited to add: It seems that Hitman Pro finds a dro[1].exe file on many of the infected PCs. It's in a Temporary Internet Files folder.

RELEVANCY SCORE 200
Preferred Solution: Some type of worm using psexec and mimikatz?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Some type of worm using psexec and mimikatz?

First thing first, it would have to eb running at domain adminlevel to execute through psexec, so change the administrators password pronto.
Also setup a group policy to disallow psexec.exce from running on C:\*
Thirdly make sure no user account has admin rights, ecspecially global admin rights or local admin rights.
If its conencting to each amchine IPC$ then im assuming it has the Domain\Administrator account token/password.

Read other 7 answers
RELEVANCY SCORE 49.6

I'm working on my friends XP machine (haven't worked on computers in a long time) I have used HJT before but I didnt have much luck with it....

Heres what I know so far...
I ran a spyware/malware utility that I downloaded form the internet and it found multiple problems which it was able to remove... but when the PC rebooted they come back so I know this is a registry problem... but I haven't found the culprit...

Also it loads multiple instances of a file that causes the CPU usage to be constantly at 100% and makes the machine impossible to use....

If I can get a HJT log here do you think you guys can help me?

A:Bad worm type problem

Please post your HJT log so we can have a look at it.

Read other 19 answers
RELEVANCY SCORE 49.6

Hello.. I have a Toshiba Satellite laptop with Intel Celeron 1.50 GB of RAM if it matters.. I'm running Windows XP Home edition 2002 Service Pack 3.. I thought that I had the Google Redirect virus, but I have followed many steps to remove the problem and nothing seems to be working. So far I have done the basics like running Spybot, super Anti Spyware and Ad-Aware as well as my Norton's software.. I also downloaded Hitman Pro which always found things, but it never fixed the problem.. none of these scans (which were all run in safe mode) turned up anything so I formatted my computer and reinstalled Windows.. the problem was still there so I went to some forums and it was suggested that I didn't completely wipe the drive, I followed some steps and reinstalled Windows again, but it didn't work. So I went back to some forums and followed some instructions like checking my LAN settings to make sure that the proxy settings box is not checked off and the automatic configuration box is checked for settings.. everything was fine there. I also checked internet protocol properties and made sure that the IP address and DNS settings are set for automatic.. Finally, I went into my C drive, into the Windows folder, into system 32 and the drivers folder and then etc folder and right clicked on hosts.. everything looked proper there as well. So my next step was to run the TDSS Killer.. it didn't find anything so I ran Malwarebytes, found nothing, ran Emisisoft Anti-Malwar... Read more

A:HAVE SOME TYPE OF VIRUS OR WORM

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 25 answers
RELEVANCY SCORE 48.8

All,I have a Dell Vostro 200 running Win XP w/2GB of RAM, and Intel Core 2 Duo E6550 @2.33GHz.I have followed your instructions to the best of my ablilty but I still have something in my computer that is causing problems. I have downloaded the following programs and ran their scans: Spybot, Ad-Aware 2007, CCleaner, Bit Defender, and Avast. I have restarted my computer and ran Avast in the safemode twice. I am using Avast 4.7, but I am getting lots of pop ups from sys-cleaner.com, systemerrorfixer.com, and porn sites are popping up everywhere. Also, my wallpaper has been hijacked by a blue screen with large red and white letters. It reads:Warning!YOUR'RE IN DANGER!YOUR COMPUTER IS INFECTED WITH SPYWARE!ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.WHEN YOU VISIT WEBSITES, SEND EMAILS...(this is in white letters, and I have typed it verbatim with all the bad spelling and grammar)I think you get the idea. Here is my Hijack This logfile:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:05:53 PM, on 3/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Awar... Read more

A:Infected With Worm/virus, But I Don't Know What Type.

Thanks for all who replied to my post, but I have solved my problem. No other help will be needed on this post.

Read other 2 answers
RELEVANCY SCORE 48.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:12:46 PM, on 4/30/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpyEraser\SpyEraser.exeC:\Program Files\IObit\Advanced SystemCare 3\AWC.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple... Read more

A:Infected with type of worm/trojans/viruses

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTListIt2 ReportPlease download OTListIt2 from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 6 answers
RELEVANCY SCORE 48.4

Sir,

I was using active virus shield provided by AOL, and when AOL stopped getting kaspersky, I switched over to Macafe 1 yr. Reccently when I went on on line escan , i got a message that my system is having invection. the copy of this is given below:

Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "aureate/radiate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object clea" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "browseraid Spyware/Adware" found in File System! Act... Read more

Read other answers
RELEVANCY SCORE 44.8

Hello Team,
Please I want to ask if it is possible for ATA to detect when an attacker launch remote code execution (psexec) against a server on the network. I know ATA detects when such attack is launched against domain controllers, but what if the targeted machine
is a member server or workstation, will ATA still detect it?
Thanks.

BR, David Sunday

Read other answers
RELEVANCY SCORE 44.4

am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?
Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs
I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.
 

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy update.vbs
copy update.vbs \\%%i\C$\update... Read more

Read other 1 answers
RELEVANCY SCORE 44.4

I am in the process of putting a batch file together to detect and force microsoft updates to a machine or a group of machines using PSEXEC.exe and a VBS script created by Rob Dunn and posted over at the forums at www.wsus.info.

I have listed below the steps needed to complete this task and would like it put together (if possible) in a batch file, UPDATE.VBS is the name of the script that I copy over to the machine and the PSTOOLS dir is the directory that PSEXEC resides in.

If I run these commands one at a time everything runs well, I would just like to know if it is possible to make this a "one step process"?


Ok here are all the cmds I need in order to run the script

1. net use \\TARGETMACHINE\C$ /user:"DOMAIN\DOMAIN USER"

2. copy update.vbs \\TARGETMACHINE\C$\update.vbs

3. exit back into PSTOOLS directory

3. psexec.exe \\TARGETMACHINE -u "DOMAIN\DOMAIN USER" -p PASSWORD -e -i cmd.exe /c cscript.exe //B C:\UPDATE.vbs


I have tested this on multiple machines and everything is running well. Any suggestions on how to set this up in one batch file? Of course I will eventually setup the PSTOOLS dir on a network drive instead of my local machine.

A:Using PSEXEC and VBS script with WSUS

Ok after a few weeks of playing around with the script and lots of help from Karlchen over at http://forum.sysinternals.com/default.asp I got it running, it goes a little something like this:

@echo off
:: Programme: remoteupd.bat
:: Function : copy update.vbs to \\target
:: launch update.vbs on \\target using psexec
:: &nbs p; will read computerlist.txt and launch update.vbs on each
:: &nbs p; of the hostnames\IPs inside the file
:: Status : third draft, arguments given on commandline, uses a listfile
:: Note : we will assume "computerlist.txt" is located in F:\Work Applications\WSUS Force Update, too.
:: Usage : remoteupd.bat adminuser password
::
:: Check that 2 arguments have been given on the commandline
if "%2"=="" (
echo usage: remoteupd.bat adminuser password
echo Try again.
exit /b 1
)
set ADMUSER="ADMIN USER\DOMAIN"
set ADMPASS="PASSWORD"
set LISTFILE=computerlist.txt

:: go to the source folder
f:
cd \Work Applications\WSUS Force Update

:: check that the listfile is there
if not exist %LISTFILE% (
echo Listfile %LISTFILE% not found. Create it and try again.
exit /b 1
)

:: Finally, all checks done, let us do our work in a for loop
for /F %%i in (%LISTFILE%) do (
REM 1. net use if ADMPASS has got no space character the
REM double quotes may be removed
net use \\%%i\C$ /user:"ADMIN USER\DOMAIN" "PASSWORD"

REM 2. copy updat... Read more

Read other 1 answers
RELEVANCY SCORE 44.4

Hello all, I have a question about setting up Remote Desktop on PCs in our company. For most of the PCs on our network Remote Desktop is disabled by decree of the management. When I do need access to a machine I'll use psexec to enable the service then I'll disable it when I'm done. Some of the PCs are accessed by normal (non-admin) users on the network using Remote Desktop - we're looking for a way to remotely edit the list of users that can access the PCs that way - it'll be one specific user allowed per machine so a group policy doesn't seem to be the right way to go... Basically I'm looking for a way to remotely edit a machine's local secpol, specifically the "Allow logon through terminal services" setting.
I found this MS article http://technet.microsoft.com/en-us/library/bb457125.aspx that mentions the SeNetworkLogonRight but I don't see that in the registry... I must be missing something stupid here - there has to be an easy way to do what I'm trying to do... Does anyone know what that easy way is?
This is the command I use to enable remote desktop - it seems like something similar could be used to edit the userlist? Argh!
psexec \\machine reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

-Oh, it's an Active Directory Domain, all the PCs are WinXP - Thanks!
 

Read other answers
RELEVANCY SCORE 44.4

Hi Guys I know there's probably a lot of these on these forums but when i type in the command

psexec \\computername cmd it says access is denied

I am running cmd as admin and havn't tried anything else,
i'm not very good with cmd so would someone please help?

Thank you

A:psexec access is denied

You need to supply username and password.

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Read other 9 answers
RELEVANCY SCORE 44.4

Hello Fangzhou CHEN,

Per your instructions below.  Is the U/P my admin info or the users?  Please advise.

We could use the PsExec tool to conduct the remote control.
1. Download the tool and copy to file to C:\Windows\System32

2. Run cmd as administrator
3. We could run the command psexec  \\ <computername >
-u <username> -p <password> <command>to run command in remote computer.

Read other answers
RELEVANCY SCORE 44.4

Hi,
I have a question regarding psexec or an alternative perhaps? Basically, I have a batch file I made, that I want to allow a friend from a remote machine to exec. However, I want him ONLY to be able to exec this file, and not mess around anywhere else on the machine. Psexec gives too much privilege and he could open other things, etc. I did come across the program RemoteExec, but after the 15 day trial that won't be of much value to me(not paying 400$ for this singular occurrence). Any ideas or help would be GREATLY appreciated!!!

Thanks
 

A:Psexec related question

Why do you want to give remote access to this file? This kind of sounds like a classroom project you are trying to get help with.

At any rate, what about installing Apache web server and having the file access granted through the webserver?
 

Read other 1 answers
RELEVANCY SCORE 44.4

Hi there,
I am facing difficulty in using pcexec , i am simply trying to use an ipconfig command and remote pc.
both PCs are win Xps
psexec \\10.10.xx.xx -u XXX -p XXX ipconfig
but all am getting is
PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich

Could not start PsExec service on 10.10.XX.XX:
Access is denied.      HELP PLEASE

A:Could not start PsExec service

it should be something like this
psexec \\marklap cmd
ipconfig
after you connect to the remote cmd then you issue "ipconfig"

Read other 10 answers
RELEVANCY SCORE 44

I am trying to determine why IE7 installer fails to work when using PSEXEC to remotely install it?
I have the IE7 installer in c:\temp
This does not work (The switches are valid)
 
psexec \\new_computer c:\temp\ie7.exe /quiet /update-no /norestart /log:c:\temp
 
 
 
It installs fine with the same switches if I manually run it locally but I *MUST* remotely install it as I have multiple PCs to manage and don't need to bother the users 
Below is the log it generates yet it's not making any sense.

00:00.000: ====================================================================
00:00.218: Started: 2011/05/21 (Y/M/D) 21:11:52.900 (local)
00:00.468: Time Format in this log: MM:ss.mmm (minutes:seconds.milliseconds)
00:00.609: Command line: c:\ba1df32f992674d86f0534\update\iesetup.exe /quiet /update-no /norestart /log:c:\temp
00:00.890: INFO: Acquired Package Installer Mutex
00:01.125: INFO: Operating System: Windows Workstation: 5.2.3790 (Service Pack 2)
00:01.656: INFO: Checking version for C:\Program Files\Internet Explorer\iexplore.exe: 6.0.3790.1830
00:01.765: INFO: C:\Program Files\Internet Explorer\iexplore.exe version: 6.0.3790.1830
00:01.781: INFO: Checking if iexplore.exe's current version is between 7.0.0.0...
00:01.812: INFO: ...and 7.1.0.0...
00:01.890: INFO: Maximum version on which to run IEAK branding is: 7.1.0.0...
00:01.906: INFO: iexplore.exe version check success. Install can proceed.
00:01.922: INFO: EULA not shown in passive or... Read more

A:Unable to remotely install IE7 using PSEXEC

Hi,

 

Regarding the issue, I’m just wondering that if you can collect the IE7 log (%windir%\ie7.log)for me, then we can try to find the cause.


 

Please understand, we need more detail information to troubleshooting the issue.You may upload the file via SkyDrive and post a link here.

 

Also please refer:

 

http://support.microsoft.com/kb/917925

 

Also if you want remote install IE7, you may use the .msi file to do. Please refer:

 

http://support.microsoft.com/kb/942812

 

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e41d8800-d134-4356-a2e7-c01bee790908&displaylang=en
Please remember to click ?Mark as Answer? on the post that helps you, and to click ?Unmark as Answer? if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ?

Read other 7 answers
RELEVANCY SCORE 44

Hi Tech Support,
I got below error when using psexec on remote computer (india). user123 is admin at india. Admin$ and IPC$ can access without error. Please help....
psexec \\india -u india\user123 -p [email protected] -h cmd
Error establishing communication with PsExec service on india:
Access is denied.

Read other answers
RELEVANCY SCORE 44

I am looking psexec commands to fulfil below requirements
1) copy file into C:\temp on remote machines including bat file and source files
2) Install using batch files (EXE file using batch file)

looking sample psexec commands to install EXE, MSI, WSU, bat, cmd etc

Read other answers
RELEVANCY SCORE 43.6

Hi,

After migrating on Windows 10 from Windows 8 when using psexec I've started to recieve an error message when enumerating domain. Error is "A system error has occurred: 53". On other machine where still Windows 8 is installed everything works fine. 
When I use psexec \\pcname command is executed without problems, but when I use psexec \\* I've get  "A system error has occurred: 53"

Sorry for bad english :)

Thanks.

Read other answers
RELEVANCY SCORE 43.6

I have created a couple batch files to easily update firefox on users computers. See the scripts below.

This executes a batch file on all computers listed in the firefoxusers.txt file.
Code:
psexec @firefoxusers.txt -u [I]AdminUsername[/I] -p [I]password[/I] c:\installers\firefox.bat
This is the file that is executed from the one above to install the file silently from a shared drive.
Code:
pushd \\server\applications\firefox

firefoxsetup.exe -ms

popd
My problem is that when I run this script I have no idea if the software was installed correctly or not. I am looking for a way to just output what was run so I can go through and see if anything failed.

Any help would be appreciated.

Thanks
 

A:Solved: Output log file from PSExec batch

Not sure if Redirection will work or not.
http://www.robvanderwoude.com/redirection.php

You could try this.
psexec @firefoxusers.txt -u AdminUsername -p password c:\installers\firefox.bat 2> errorlog.txt

or inside your batch file. Not sure if this one witll work or not.
firefoxsetup.exe -ms 2> \\server\applications\firefox\errorlog.txt
 

Read other 2 answers
RELEVANCY SCORE 43.6

Ok imma give a full rundown of the situation. Currently on the network we are on because of the way it is setup wake on lan doesn't work, so SCCM has at best a 70 success rate for patching. So I am currently spending a couple days a week remoting into computers and running a batch file to manually update computers. I need a way, that isn't psexec to execute a batch file on a remote computer. If anyone has any ideas they would be greatly appreciated.

Additional Notes
- Batch file is on share drive atm.

A:Run Batch File On Remote Computer Without PsExec

So, you are using RDP and remotely logging into the computer? If that's the case, you should be able to put the batch file on a network share, and then execute it while you are in the RDP session.

Read other 9 answers
RELEVANCY SCORE 43.6

I am looking psexec commands to install exe
scenario:
I had copied source folders \\server1\test  into  designation (C:\windows\test) via PowerShell
now I am looking psxec complete command to run exe on remote machines (remote machines will take from txt file)
PSEXEC syntax or command  to run exe on multiple machines 

Read other answers
RELEVANCY SCORE 42.8

Hello.I have a Windows XP Pro SP3 with several problems:* I cannot accede to http: // es.mcafee.com from Firefox or Internet Explorer.* I cannot update the antivirus Mcafee. In addition, before its icon appears close to the clock on the task bar and now it does not appear.* On having looked for something in google in the Firefox, some links open windows with porn and mobiles. In Internet Explorer it works well.* The Firefox crushes when you sail with it (version 3.0.8).* Emulate also crushes on having executed.* Spyboot Search and destroy does not find anything.* Mcafee has not found anything (one week ago had the virus of the double tilde that it could erease).* SuperAntiSpyware does not find anything.* Malwarebytes ' Anti-Malware does not find anything either.* WebRoot finds a HackTool App/Psexec-Gen and Bullet Proof Software Spyware but since I do not have a subscription cannot eliminate them.I can't open Mcafee's page from the fail-safe mode with network's funtions either.HitJack log is this:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:50:35, on 02/04/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Archivos de programa\Webroot\WebrootSecurity\WRConsumerService .exeC:\WINDOWS�... Read more

A:HackTool App/Psexec-Gen and Bullet Proof Software Spyware

I see you have Quadruple posted http://forum.securitycadets.com/index.php?showtopic=10287http://www.security-forums.com/viewtopic.p...48934e99b8d813fhttp://www.bleepingcomputer.com/forums/lof...hp/t216359.htmlhttp://forums.techguy.org/malware-removal-...mcafee-web.htmlAll Malware Removal/Hijackthis forums greatly frown on anyone that double, triple or quadrupile posts, as it creates back logs and wastes our time! Since you are receiving help Katana at Security Cadets I am closing this thread.

Read other 1 answers
RELEVANCY SCORE 42.8

Hi there,
As described in the following link on how to run a disk defragment using Disk Defragmenter via PsExec http://www.winhelponline.com/blog/how-to-run-disk-defragmenter-on-a-remote-computer/,
would you say that all parameters mentioned by the author in the blog are applicable? If not, please could you specify which parameters aren't needed in order for me achieve this task efficiently, I've been trying to understand all the parameters for PsExec
and from what I can understand I don't think parameters -s and -f are applicable as mentioned in
http://technet.microsoft.com/en-gb/sysinternals/bb897553.aspx. Reason why I say this is that when you when specify parameter -s (using system account) in the command and log on as a
user of that remote computer in which I've been using Remote Desktop to achieve this as well as Command Prompt, the prompt comes up with "Disk Defragmenter exited with error code 0" straightaway when logging on and logging off as that user on the
remote computer, the same also applies when logging off as that user on the remote computer when running the command when being logged on as that user whereas if you don't specify parameter -s the message is delayed for longer which is what I would expect,
I'm assuming error code 0 means that the task has completed successfully as mentioned in the following link
http://aumha.org/a/defragerr.htm. Another reason as to why I don't think parameter -f is needed is that the program (Disk Def... Read more

A:Clarification of running Disk Defragmenter remotely using PsExec

Case closed, managed to solve issue.

Read other 1 answers
RELEVANCY SCORE 42.4

I recently scanned my computer with Malwarebytes Anti-Malware, Spybot Search & Destroy, and Avira AntiVir personal.MBAM and SB S&D came up with nothing but Avira did. This is the 2nd time this month that Avira detected "appl/psexec.e" found in "C:\System Volume Information". There are 3 different instances in the Quarantine.Please look through my HJT log to help stop this recurrence.Also, users on this computer use Firefox Portable from portableapps.com run from 2 different USB drives. Both equppied with the add-ons NoScript, AdBlock Plus, and Web of Trust (WOT) to better protect us from viruses & etc.Thank you for your time.- - - - -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:17:23 AM, on 5/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:&... Read more

A:Avira detects appl/psexec.e reoccured 2nd time this month

Hi PixelPlay,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 18 answers
RELEVANCY SCORE 42.4

Hi,
I am trying to execute psexec command to remote machine.
My command is
psexec -u domain\user -p password \\machineName -c abc.bat
I am trying from windows 7(64 bit)  machine. The remote machines are xp and windows 7(32 and 64 bit).
In XP machines, it is working and also in some windows 7 machines. But in some windows 7 machines it give message-
"Could not start PsExec service on target machine.
Access is denied."
 
If I try to execute psexec command from XP machines, it works to all machines.
Suddenly what happen I do not know but one of the windows 7 machine( where psexec was not starting) , psexec started. but not in other machines.
Now I am very much confuse here exactly what happen. and what is the issue.
Please help. It urgent.
Thanks.

A:Could not start PsExec service on target machine. Access is denied.

Hi,

 

When opening the Command Prompt, please right click it and run as Administrator. Meanwhile, make sure the user has administrator privileges on target PC. If the issue
persists, try to disable UAC on both sides.

 

As far as I know the Security Level on Windows 7 is higher than the level on Windows XP.  Therefore, 'psexec' works to all machines.

 

Best Regards,

Niki
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Read other 20 answers
RELEVANCY SCORE 42

Hi,
We are unable to take backup of "Favorites","Desktop" folders in a user profile when scanstate is run remotely using "Psexec \\computername -s scanstate.exe /ue:*\* /ui:domain\user /i:miguser.xml /config:config.xml /c" command.
These folders are redirected to a shared folder on a server and when we try to see the folders by using UNC path(\\computername\c$\users\username) on the user's machine they dont appear under user profile. Even though "Documents" are redirected,
we are able to take backup of the "Documents" folder.
However, when scanstate is run locally on the system, all folders are backedup to usmt.mig file. We are using "miguser.xml" and "Config.xml" for scanstate, since we need backup of "Documents","Desktop" and "Favorites"
only. After searching over internet, we doubt that, this behavior has got something to do with "Shell Folders" and "User Shell Folders" in the registry under "HKCU\Software\Microsoft\Windows\Currentversion\explorer\shell folders",
where paths to all user profile related folders information is stored. We dont find "Documents" folder there, may be thats the reason why we are able to take backup of only "My Documents" and not the rest of the folders (Favorites,Desktop).
When scanstate is run locally, the backup of "Favorites","Desktop" and "Documents" is... Read more

Read other answers
RELEVANCY SCORE 38

I uninstalled Trend Micro this morning and installed the free Avira Antivirus. It detected "psexec.cfexe" which has something to do with the "APPL/PsExec.E application". I have included a copy of the scan results as well as a HJT log.

Avira AntiVir Personal
Report file date: Sunday, 9 August 2009 11:26

Scanning for 1618860 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : A-PC

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 05:06:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 02:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 03:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 02:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 04:00:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 00:51:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 3/08/2009 01:54:52
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 7/08/2009 01:55:08
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 05:01:50
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 9/08/2009 01:55:50
AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 01:29:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 01:29:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 05:01:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 01:29:39
AEHEUR.DLL : ... Read more

A:Avira detected "psexec.cfexe"?

Read other 6 answers
RELEVANCY SCORE 36.8

I haven't figured out how to get rid of it.. i don't see anything I set in ease of access.  it's making like s a squish sound every few letter i type.  it doesn't do it like for every letter.  it's not when i touch the mouse pad either.  please give me some ideas on how this happened..??

A:Inspiron. I don't know what settings I screw up on but when i type I hear like a squishing sound on every so many letters i type.

Always include your model name and number as well as the operating system when posting a question. Also include a clearer explanation of the problem.

Read other 3 answers
RELEVANCY SCORE 36.8

Hi all, I got today Lenovo S510 model: 10KW005NAX I want to get a cable or adapter to connect Displayport to HDMI 1080p LCD I have from before There seem to be passive and active converters, what I understood from online is that if I have DP++ PC I can get a passive converter or else I need an active converter. I don't know if cables can be active and passive too?For example: Amazon linkSo the description says source can be DP or DP++, so it has a chip inside it? so it's active? So... can anyone tell me what is my displayport type (Lenovo S510) ? and maybe shed some light on what I need to get clear picture to HDMI in? Appreciate your help   

Read other answers
RELEVANCY SCORE 36.8

To Whom It May Concern (or anyone willing to help):
About 6-8weeks ago (guesstimate) I started getting a random window popup at various times while browsing online. The semi-odd thing about it is #1-same type of popup on both ie & my Chrome browsers; #2- I hadn't downloaded/installed anything around then; #3 I havenot been able to find their source; #4- Have not found any scan (malwarebytes, Panda, pcpitstop, etc) that seems to locate it, nor does my Winpatrol. The popup windows vary in advertisers, but most frequent is for the game "Big Farm". They are always fullsized page & open in a new window (not just a new tab), without my regular menu/toolbar, etc on top. I did notice a little icon right before the url it shows at very top, clicked it & got a menu-thing showing the permissions of the settings, etc & I could click to view cookie data (in which I was thinking "yippee I got it", lol)... I can "remove" & "block", however each time I can make sure I do all of the however it doesn't seem to help because in a little bit "poof" it comes up just as before! Of course it can get irritating!
Now, as of 2days ago I've suddenly gotten a new & BIGGER annoyance... Quite often, especially when I open my browser & go to do anything (such as switch sites/pages, open history, etc), I get a blackish popup come down about 3/4 over my page, and has a video box (which seldom starts & if it does p... Read more

Read other answers
RELEVANCY SCORE 36.8

so, a few years back i read a magazine that said to change the type of computer in device manager to standard pc because it made the computer run a little better or faster.

so now i've got my laptop and i've noticed it getting slower and thought that i would do this... VERY BAD MOVE!!!

i can still boot windows and everything - it meant that i had to let the computer reinstall all of the drivers for my hardware - but i have noticed in the device manager now that there are two instances of 'standard pc', there is also a new section titled 'other devices' with about 15 devices that seem to have no driver for them - some mention 'ISA' so i am guessing that changing to standard pc means that windows thinks my laptop is now a desktop pc with ISA slots???

i find that when i put my laptop lid down the thing shuts down, when i press the power button it turns off straight away (doesn't even shut down!). i had had the laptop configured for ages to do nothing when i closed the lid and give me shut down options when i pressed the power button. i look in power options and i can only cinfigure the monitor screen and hard disk power off options - every other option is not available. when i do bring up the shut down options i can no longer choose standby.

i have also realised that i can not turn on my wireless connection - i've tried all sorts to get it to work with no avail! the laptop is an acer ferrari and when i call up the manager app... Read more

A:can't change computer type back to original type in device manager!

Read other 9 answers
RELEVANCY SCORE 36.8

About 6-8weeks ago (guesstimate) I started getting a random window popup at various times while browsing online. The semi-odd thing about it is #1-same type of popup on both ie & my Chrome browsers; #2- I hadn't downloaded/installed anything around then; #3 I havenot been able to find their source; #4- Have not found any scan (malwarebytes, Panda, pcpitstop, etc) that seems to locate it, nor does my Winpatrol. The popup windows vary in advertisers, but most frequent is for the game "Big Farm". They are always fullsized page & open in a new window (not just a new tab), with no toolbar, etc on top. Of course it can get irritating!
Now, as of 2days ago I've suddenly gotten a new & BIGGER annoyance... Quite often, especially when I open my browser & go to do anything (such as switch sites/pages, open history, etc), I get a blackish popup come down about 3/4 over my page, and has a video box (which seldom starts to play for at least 10seconds) & below video has a button that says "SKIP AD in 15 seconds" & then counts down to 0, then I can hit the skip button, & it goes away. It also happens just the same nomatter if I'm using Chrome or ie.
Any clue??? If I had an idea of their name or source, I should be able to find some sign of their existence in regedit, but I don't seem to find any indication anywhere including at top or bottom of screen when they open. The two types of popups do not look or act anyway similar/related,

P.S.... Read more

A:Unable to find source of adware-type popup on both chrome & ie, now a new type!

cginn73,

Hi and welcome to TSF.

I am currently reviewing your logs. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Read other 3 answers
RELEVANCY SCORE 36.8

So lately i found this nifty lil Twitter app that comes with Windows 10 But when i click a tweet with a vine retweet or such it gives me an error saying "Unsupported Video Type Invalid File Type" Has anyone been using the twitter app lately and are getting the same error?
-Cheetha

Read other answers
RELEVANCY SCORE 36.8

  About 6-8weeks ago (guesstimate) I started getting a random window popup at various times while browsing online. The semi-odd thing about it is #1-same type of popup on both ie & my Chrome browsers; #2- I hadn't downloaded/installed anything around then; #3 I havenot been able to find their source; #4- Have not found any scan (malwarebytes, Panda, pcpitstop, etc) that seems to locate it, nor does my Winpatrol. The popup windows vary in advertisers, but most frequent is for the game "Big Farm". They are always fullsized page & open in a new window (not just a new tab), with no toolbar, etc on top. Of course it can get irritating!
  Now, as of 2days ago I've suddenly gotten a new & BIGGER annoyance... Quite often, especially when I open my browser & go to do anything (such as switch sites/pages, open history, etc), I get a blackish popup come down about 3/4 over my page, and has a video box (which seldom starts to play for at least 10seconds) & below video has a button that says "SKIP AD in 15 seconds" & then counts down to 0, then I can hit the skip button, & it goes away. It also happens just the same nomatter if I'm using Chrome or ie.
  Any clue??? If I had an idea of their name or source, I should be able to find some sign of their existence in regedit, but I don't seem to find any indication anywhere including at top or bottom of screen when they open. The two types of popups do not look or act anyway similar/related,... Read more

A:Unable to find source of adware-type popup on both chrome & ie, now a new type!

Hello angelgabbby I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sa... Read more

Read other 8 answers
RELEVANCY SCORE 36.8

I set up an Outlook account on a new-to-me laptop. I had been unable to download email for several months, since I didn't have a computer. I had been saving the emails I wanted to keep and had planned on downloading them into my new computer. After setting up the account, it appeared the system automatically downloaded all of my email from the server. I know this is default behavior which I turn off. So I went through that process, double-checked to see that all the email was downloaded, and went out to my server.

I discovered that what I thought were copies of the emails were left on the servier. I didn't want that to happen. I dug around to find the location that I have used many times to do this, and couldn't remember or find the location to make this change. So I came to Seven Forums. I saw the step-by-step instructions...go to the account, select it, click change, click advanced and uncheck the box that says "Leave a copy of email on server". When I went to the advanced dialog box for changing accounts, I discovered there wasn't any such box. I dug around some more, decided to subscribe here and ask why mine was different.

In the mean time, since all the email was downloaded to my computer, I went back out to my server, deleted all the email, and purged the trash. Then I went back to my Oullook and discovered all the email that I had "downloaded" was gone. After digging some more and callling my ISP service desk, I discovered that ... Read more

A:Is default email account type deteremined by type of device?

Hello Hagridore and Welcome to Seven Forums!

No, I don't believe the problem is because it is a Laptop.
Email can be very confusing to setup with the different protocols such as POP3, IMAP, and MAPI.

Referring to "Outlook" can be confusing, as it can mean different things.
Outlook may mean the MS Office Outlook client email program, or an Outlook.com email address.
MS has created confusion here imho.
When you say "Outlook accounts" do you mean email accounts in the Outlook client program, or Outlook.com email address's, or both ?
What email client program are you using, such as MS Office Outlook, MS Windows Live Mail, Mozilla Thunderbird, ... ?
Also fwiw, for WEB (online) access, Hotmail accounts are being converted to the outlook "WEB format" now...just to make it more fun

From what I know, setting up an Outlook.com (or Hotmail) email address with IMAP does not work without a 3rd party paid solution.
MS uses their own proprietary MAPI protocol (or POP3) for hotmail/outlook email address's accessed in a client program.
If it is possible to use an Outlook(Hotmail) email account with IMAP in a client email program, I would like to know how!

When I delete a POP account (Windows Live Mail) I get a warning about messages that might be lost...
Did you get a warning message when you deleted the POP account?

edit:
I just looked at this again, and see it's in the Office forum.
So, can I assume you are using MS Office Outlook on all the PC's?
If so, w... Read more

Read other 2 answers
RELEVANCY SCORE 36.4

Hi
Windows 8 hypervisor hyper v is bare metal hypervisor. And vmware workstation is not. So will the new any difference between these two in terms of performance on a Windows 8 machine?
Is there any article document contrasting these scenarios?

A:Performance comparison of type 2 hypervisor vs type 1 hype

A simple web search should give you plenty of information.

Read other 2 answers
RELEVANCY SCORE 36.4

Hello! 1 simple question.Can I connect the laptop in question - 320S-15IKB (Type 81BQ), to external display via displayport through USB Type-C?Thanks

Read other answers
RELEVANCY SCORE 36.4

How do I search a directory for a file type, and have it only show files that aren't that file type.
For example, searching a directory for only .jpg, and have the search only show files that are not .jpg, such as .txt, .png, etc.
 

A:Searching by file type, showing files that are not that type?

Read other 6 answers
RELEVANCY SCORE 36

Hello.
I like to run a program like "explorer.exe" via "PsExec" but when I did "psexec.exe \\remote IP explorer.exe" then never happened. Why?

Thank you.

Read other answers
RELEVANCY SCORE 36

My operating system is now Windows XP SP3 - updated recently.

Infection problem. Background: yesterday I did a Secunia scan and found 2 programs that were listed as insecure. Adobe was one - I removed the old program and updated to Adobe 9. It also said that an older version of Java was insecure - I already had the newest version, so I removed the older one. I then did another Secunia scan and everything came out as OK.

When I turned my computer on this a.m. and tried to access internet via IE 7, nothing would happen. I was able to go on line via AT&T Yahoo. I went to the "add or remove programs" to see about uninstalling IE 7 and reinstalling from microsoft's website. IE 7 shows in the populated list, but there is no tab that allows removal. So, I went to mircrosoft's site and downloaded IE 7 again. When I try to open IE 7, I'll get the "welcome" screen but when I try to proceed, I get the message from AVG saying I'm infected and when I say "OK" to quarantine, IE 7 closes and it asks me to restart my computer. When I do, the same thing happens all over again. I have saved pics of the screens. I have done a HJT scan and done a AVG scan. I am posting the pics of the report section of AVG, the HJT scan, and the pics I got when trying to open IE 7.
 

A:Worm.Lover.a; Worm.Brontok.cu; Tracking Cookies.Webtrends

Read other 16 answers
RELEVANCY SCORE 36

I have just removed the blackmal worm from my Vaio laptop using Symantec's worm removal tool but can't reinstall / repair Norton AntiVirus as it came with my Vaio system software and I would have to do a complete wipe-and-reinstall of my hard drive to get it back on again. So I downloaded Anti-Vir which verifies that my system is now virus free but it is still running so SLOWLY that I can't do anything. Menus, taskbar, explorer, loading programs, everything takes 5-10 minutes just to pop up or start. Can I undo this damage ostensibly done by the worm without doing a complete system reinstall ?
Only one other dumb thing I did was try to run the Norton Rescue disks using floppies made on another PC running Win 98 - when I booted with floppy 1 it warned that the disks were made for another PC and could do damage to my files but I ignored the message and continued as I was so desperate (rescue disks didn't work anyway as they didn't have currentvirus definitions).
Any suggestions?
 

A:blackmal worm cleanup (kama sumtra worm, killAV.GR)

Hi, Most systems that use the Recovery type of CD also have a way to reinstall individual programs....are you absolutely sure yours does not have a way to reinstall one selected program?

Post the exact model of the PC please and I will check on some things.

Using two active antivirus programs can cause slowness and other performance problems, can you turn off one of the programs from starting when the computer does?

With Norton programs, a reinstall may not take place if it sees another installed antivirus program> when and if a reinstall can take place, you will need to disable Antivir or, uninstall it, to allow the Norton install.

Personally, I think I would just remove Norton using their removal tool> I have seen some systems completely crash though in just about your same situation, and a full recovery was needed. (The kind where you lose all files, and are back to factory settings).
Are there any files you must keep....I'm not talking music, I mean documents or personal files that you cannot replace? If so, I would consider backing them up somehow before you proceed any further. Since you have a laptop, it would be difficult to take your hard drive to another computer and simply copy files....
If there is nothing important on the system, and you do have a way to do a full recovery, you could try the Norton removal tool that assists when the program is damaged, it removes everything from the Norton Internet Security suite or a standalone version....but we... Read more

Read other 3 answers
RELEVANCY SCORE 36

I just found this result from my virus scan (Inoculate PE):
c:\unzipped\shareing\kazaa lite\my shared folder\muppetpt.zip>funny muppet.exe - Win32.Choke.45056 worm.

I have no idea what to do with it

I'd love some please
 

A:[Resolved] Help with worm virus (win32.choke.45056.worm)

Read other 7 answers
RELEVANCY SCORE 36

This is a worm written in VB with the following characteristics:1. The worm attempts to lure victims to follow a URL link, in so doing downloading a copy of it, and infecting themselves. It monitors Internet Explorer windows in order to detect when a new message is being created within MSN Hotmail. 2. The worm monitors browser window to detect when MSN hotmail is being used for sending new mail, and inserts text to such messages, which contains a URL from where the worm is downloaded if the recipient clicks on the link. 3. It deletes files on the root of C: and A:, and copies itself there in place of those files, appending a .EXE file extensionHotmatom Worm - New MSN Hotmail based worm deletes files http://secunia.com/virus_information/27456/hotmatom/http://vil.nai.com/vil/content/v_138829.htmhttp://www.sarc.com/avcenter/venc/data/w32.hotmatom.html

Read other answers
RELEVANCY SCORE 35.6

Hi. I've been getting frequent notifications from ESET NOD32 Antivirus 4, about some IP addresses being blocked by it. Because of this I scanned my PC with it. It detected some viruses but I still get the same notifications. To be more specific, I'll attach the scan logs.

***********************************
ESET NOD32 Antivirus 4 scan logs
***********************************

12/8/2011 2:43:15 PM HTTP filter file http://112.205.70.205:4852/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:40:50 PM HTTP filter file http://112.207.137.162:14676/x Win32/AutoRun.Delf.AG worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:30:44 PM HTTP filter file http://112.207.9.179:11992/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:26:48 PM HTTP filter file http://112.207.9.179:11248/x Win32/Virut.NBP virus connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:19:23 PM Real-time file system protection file C:\... Read more

A:Virut.NBP Virus, AutoRun.Delf.AI worm, AutoRun.Delf.AG worm, AutoRun.Agent.DO worm, Injector.LTG trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431705 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 5 answers
RELEVANCY SCORE 35.6

What is the difference between type NR and NS?  I am considering replacement and I don't know the difference.













Solved!

Go to Solution.

A:M910Z - Type 10NR vs Type 10NS

NR has a touch screen:    PSREF - ThinkCentre_M910z_AIO
 

Read other 1 answers
RELEVANCY SCORE 35.6

I am using Chrome 51.0.2704106 m (64-bit). 
Windows 7 Home Premium Service Pack 1.
 
I haven't done a thing to my computer and now I can't type into Google Chrome Omni Box, Incognito or any other part of Chrome. Even this message had to be done in a word document and cut & paste here. I tried my backup browser, Firefox and it also has the same problem.  Yet when I go to my last resort, IE it works fine? I turned off all my extensions and add on and it still didn't work. I reset Google Chrome by using Reset Settings and nothing.  I downloaded a new Google Chrome and still the same problem. I tried to go back on my Windows 7 using System Restore yet this didn't work as the 2 possible earlier dates said the files were bad. I tried to add another search engine under settings yet I can't type into any of the Chrome boxes.
 
I ran Malwarebytes, AVG, Sypbot, Kasperay home scan and nothing was found. I ran the Google Clean Up Tool and nothing.  I can access Word Pad. I have msftedit.dll on my system.C:\Windows\System32  I use AVG for my anti-virus, Windows Firewall and OIbit Malaware fighter.  I went to Google conflicts and it said no conflicts. See the results at the bottom of the page.
 I am using Chrome 51.0.2704106 m (64-bit). 
Windows 7 Home Premium Service Pack 1.
 
I haven't done a thing to my computer and now I can't type into Google Chrome Omni Box, Incognito or any other part of... Read more

A:Can't type anything in Google Chrome, Firefox yet can type in I.E. HELP PLEASE!

I bet it has something to do with this:
 
Zemana AntiLogger Free Zemana Ltd. 1.8.2.320 c:\program files (x86)\keycryptsdk\keycrypt64(1).dll 
 
Try disabling/uninstalling it.

Read other 1 answers