Over 1 million tech questions and answers.

my computer got infected by anti zionitic worm + picture inside

Q: my computer got infected by anti zionitic worm + picture inside

Hello
while i was browsing through my files i seen this appeared in the full screen
http://www.imagehousing.com/image/832006
how can i clean my pc , my antivirus also was messed up

RELEVANCY SCORE 200
Preferred Solution: my computer got infected by anti zionitic worm + picture inside

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: my computer got infected by anti zionitic worm + picture inside

Read other 12 answers
RELEVANCY SCORE 66.8

I think I may be infected with a worm. Ewido detects Worm.Spacehero.a but no other program (ad-aware or Norton Internet Security) detects it. Here is a hijackthis log. Can someone tell me what is up and if possible, how to fix it. Thanks.
 

A:Solved: Infected with Worm.spacehero.a -- HJThis Log Inside

Read other 11 answers
RELEVANCY SCORE 64

Hey guys, I've never posted here but I was directed here and hopefully you guys could help me out. Long story short, I got a like 300 emails pertaining to the sobig virii and a couple days later my computer couldn't start up without safe mode (I would get a the blue screen). Somehow I finally got it to start up normally and i got one of the cd drives to work, but my internet still barely works. I am unable to download anything, that means I cannot update my Norton. However, I ran the sobig worm remover from a CD but it crashes during the process. I managed to run Hijack though and here is the log:

Logfile of HijackThis v1.96.4
Scan saved at 8:58:22 PM, on 9/3/2003
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\PackethSvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\devldr32.exe
C:\PROGRA~1\Navnt\alertsvc.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\sobighijack\HijackThis... Read more

A:Computer problems, possible worm, HJT log inside.

Read other 16 answers
RELEVANCY SCORE 57.2

My computer was recently infected with some sort of trojan/virus. I ran SuperantiSpyware and it appears to have worked. I'm posting my HJT log to see if you guys noticed any threats that may have been overlooked by Superantispyware.

Any help will be greatly appreciated.
Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:12 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common F... Read more

A:Computer infected- HJT log inside

Welcome to TSG

Looks like you still may be infected.
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt in your next r... Read more

Read other 1 answers
RELEVANCY SCORE 56.4

When I log onto my computer my background says
"Your Computer Is infected with Spyware you need to install and antivirus or spyware program"
or something like that.
and theres a yellow triangle with my icons on the bottom right part of the screen saying my computer is infected.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:16 PM, on 5/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\1143895874\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Google\GoogleToolbarNotifier\G... Read more

Read other answers
RELEVANCY SCORE 56

hi i have a problem with my computer , there are popups everywhere and when i open a new web page i sometimes get this messege in it :

Warning: Invalid argument supplied for foreach() in /usr/local/www/data-dist/trafc-2/advdb/lmts.php on line 142

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/data-dist/trafc-2/advdb/lmts.php:142) in /usr/local/www/data-dist/trafc-2/utl.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /usr/local/www/data-dist/trafc-2/advdb/lmts.php:142) in /usr/local/www/data-dist/trafc-2/utl.php on line 147

so i did scan with hijack this and this is my log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:19:36 PM, on 5/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program F... Read more

A:my computer is badly infected !!!!!! *hijack log inside*

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
 

Read other 1 answers
RELEVANCY SCORE 56

Recently got the poka poka virus...i ran several scans, and bleieve i got it and several other spyware thingys out of my registry...i still see some possible files that arent good, plz lend me some ideas since my PC seems to run a bit glitchy espeically with games/programs that prior ran better. I'm not sure if it matters but this file was not taken while in safe mode...rather in normal windows mode....

Logfile of HijackThis v1.99.1
Scan saved at 9:50:00 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WLService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dual-Band Wireless A+G PCI Adapter\WMP55AGV2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\XoftSpy\XoftSpy.exe
C:\DOCUME~1\RAPHAE~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\HijackThis.exe
C:\Documents and Settings\Raphael Kosmicki\Desktop\h\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = ... Read more

A:Computer Possibly Infected (Log File inside)

Welcome to TSG

Please download LQfix.exe and save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will now reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.

Post a new Hijack This log.
 

Read other 1 answers
RELEVANCY SCORE 54

I have an older model Gateway laptop and I noticed some familiar "bugs" on the hard drive and need to know how to remove them;also, I cannot figure out why I cannot download activex or javascript. Everything I've tried doesn't work....
here's my log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by ALC BRELAND at 17:24:18.51 on Tue 06/16/2009
Internet Explorer: 6.0.2600.0000

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Microsoft Internet Explorer provided by TecInfo
mSearch Bar = hxxp://websearch.shopnav.com/sidesearch.cgi?uid=10887537&id=1.00
uSearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} - c:\program files\tv media\TvmBho.dll
mURLSearchHooks: {20ec3d2d-33c1-4c9d-bc37-c2d500688da2} - c:\program files\tv media\TvmBho.dll
mWinlogon: Userinit=c:\winnt\system32\Userinit.exe
TB: searchforit: {c109664b-ceb1-420b-b353-d55a561536dd} -
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: &EliteBar: {825cf5bd-8862-4430-b771-0c15c5ca8def} - c:\winnt\elitetoolbar\EliteToolBar version 60.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\winnt\system32\Shdocvw.dll
EB: Media Band: {32683183-48a0-441b-a342-... Read more

A:Computer Infected with possible worm...

update: I tried to add a Windows XP to my computer,now it just loops and won't download of upgrade.....it keeps telling my I don't have ebnough space on my partition. Please help.===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask t... Read more

Read other 3 answers
RELEVANCY SCORE 54

i seem to have picked up a worm from the peer to peer file sharing program Limewire. It detects on my virus scan program but it doesnt delete it. That file is skipped. Its path is C:\Program files\outlook\p.zip but i cant find that file on my computer. Please help me remove this worm from my pc. Here is my hijackthis log.Logfile of HijackThis v1.99.1Scan saved at 1:00:41 AM, on 2/23/2007Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeC:\PROGRA~1\CATCOM~1\QUICKH~1\EMLPROXY.EXEC:\PROGRA~1\CATCOM~1\QUICKH~1\scanwscs.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exeC... Read more

A:My Computer Seems To Be Infected With Worm.vb.dw

Welcome rushie82 Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.****************************Please make sure all hidden files are showing: * Click 'Start'. * Open 'My Computer'. * Select the 'Tools' menu and click 'Folder Options'. * Select the 'View' tab. * Under the 'Hidden files and folders' heading select 'Show hidden files and folders'. * Uncheck the 'Hide file extensions for known types' option. * Uncheck the 'Hide protected operating system files (recommended)' option. * Click Yes to confirm. * Click OK.*****************************Download/install AVG Anti-Spyware 7.5.Please follow these instructions carefully.Launch/start up AVG Anti-Spyware.On the main page click the 'Update' tab,and then 'Start Update'.Once the updates have been installed,do the following:Select the 'Scanner' icon at the top o... Read more

Read other 5 answers
RELEVANCY SCORE 53.2

Hello, I have followed the instructions for help of removing the worm/alcra in my computer . it is in an archive file and i recently acquired it from limewire.I greatly appreciate the help thanks here is the log frm hijackthis:Logfile of HijackThis v1.99.1Scan saved at 9:16:50 AM, on 1/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\AVPersonal... Read more

A:My Computer Infected With Worm/alcra.b

Hi ceddy and welcome to the forum. I don't see that worm, but I do see some junk that should not be on your computer. Since a week has gone by, if you still need help, post a new HJT log.

Thanks...pskelley
BleepingComputer

Read other 4 answers
RELEVANCY SCORE 53.2

Can someone please help me? thank you so much

Logfile of HijackThis v1.96.0
Scan saved at 12:15:41 PM, on 8/12/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Verizon Online\Dial 4.0\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\Dial 4.0\VisualIPInsight\IPMon32.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Sylvia\Local Settings\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe
C:\Documents and Settings\Sylvia\Local Settings\Temp\Temporary Directory 3 for hijackthis[1].zip\HijackThis.exe

O1 - Hosts: 66.230.146.42 gator.com #cooklop
O1 - Hosts: 66.... Read more

A:w32.spybot.worm... my computer keeps getting infected! please help

Read other 6 answers
RELEVANCY SCORE 53.2
A:My computer has been infected with ''Worm:VBS/Jenxcus!Ink''

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530625 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

hmmm ***. Suddenly a lot of my files Randomly turn to being displayed in BLUE color

to see what I mean look bellow

[IMG]http://snakelove.homestead.com/files/***.JPG[/IMG]

A:Help, *** is this, Weird Problem. (Picture inside)

Ok got it fixed from another board. This board is barely alive I guess...o well

Read other 7 answers
RELEVANCY SCORE 52.8

Hi!

I am using windows vista on my computer and it has been infected with win32 blaster worm. Please find attached the Hijackthis log as well as DDS.txt and Attach.txt.

I am trying to run TSG SysInfo on my computer but it has been stuck on 6% since the last 30 mins. so am aborting it.

Please help me get rid of this virus from my computer.

Thank you for all your help!
 

A:Computer infected by win32 blaster worm. Please help!

Read other 16 answers
RELEVANCY SCORE 52.8

As advised in the Malware preparation guide:

1-loaded and ran DDS
2- loaded rootrepeal but it would not run - had errors and stopped[/color][/color]

DDS.txt as follows
DDS (Ver_09-10-26.01) - NTFSx86
Run by Andrew at 22:37:14.54 on Tue 11/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.174 [GMT -5:00]

AV: Bell Internet Security Services Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Bell Internet Security Services Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Bell\Bell Internet Security Services\Fws.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.ex... Read more

A:Infected computer - not sure virus / trojan / worm???

not sure if this was missed or is just pending an answer?

Read other 23 answers
RELEVANCY SCORE 52.8

I keep receiving the following message each time I reboot my computer or open Outlook.

C:\System Volume Information\_Restore(FD8ED35-E35B-46EA-82BA-3904A04B83A7)\RP8\A0000247.exe. At the bottom of the message it says “to get rid of this Virus run AVG which I have done a few times but nothing happens. There doesn’t seem to be anything affecting my computer but it is very annoying each time I try to sign in to have this message appear as many as 5 times before it disappears. Any Ideas?
Tks
 

A:[Resolved] Worm / Spybot Computer Not Infected

Read other 16 answers
RELEVANCY SCORE 52.8

Hi, I'm new here. I would really appreciate some help with my computer.
My computer is a Sony Vaio notebook running Windows Vista Home Premium. I can't get the exact specs at the moment because the computer is almost in an unusable state.
Last month, my USB mouse stopped working while my sister was using it. She went online to fix it. The mouse started working again. She then clicked on an ad. All of a sudden, the laptop keyboard and trackpad stopped working. The computer started going nuts and then the screen went black (the screen was not off, just a glowing black). She shut off the computer.
I went to take a look at it. When I turned it on, it was only a black screen. I took out the battery and plugged the computer in. That got it to start. The keyboard and trackpad still weren't working, but the USB mouse was fully functional. I used the ease if acess button to use the on screen keyboard so I could log in. As soon as I got to the desktop, a bunch of fake antivirus programs popped up and then i got an alert stating that I was infected with worm.NSIL/necast.D.
After 10 minutes, I got a 0xa BSOD. I was sick and tired of dealing with it so I did a factory reset.
During the factory reset I got another 0xa BSOD. After the computer was done with the factory reset was finished, the keyboard and trackpad still didn't work. So I'm still stuck with the USB mouse/on screen keyboard combo. I still keep getting the BSODs.
The BSODs I usually get are:
0xa
0xc00000e9
I have Avast instal... Read more

A:computer still infected with worm.NSIL/necast.D

This can indicate a hard drive problem. If you have any important data on the computer I would back it up immediately to an external drive. Do you still get BSOD's in Safe Mode?
 
If you used Grimefighter in avast to detect 15 registry issues, do not use it or clean the registry. BC does not recommend registry cleaners.

Read other 29 answers
RELEVANCY SCORE 52.8

Dear All,

This is my first post here on the bleeping computer forums.

My problem started this morning. While surfing the net fraudulent error messages started appearing on my screen interupting my reading. Also I have noticed shortcuts appearing on my desktop for access to porn sites. This is very undesirable.

I have been looking all day at a way of solving this. my virus scanner (AVG) finds allsorts of trojans and so forth, it deletes them but they just keep comming back.

I have now found out about Hijackthis and this forum. Attached is a copy of my logfile... Could someone help me with this as I am unable to make serious sense of the log.. YET.

I will understand it in time with some more research I'm sure..

Regards,

Mark Dyke

A:My Computer Is Infected With An Unknown Virus/worm

I will be away from my computer for 15-16 hours.

Read other 4 answers
RELEVANCY SCORE 52.8

HELP!! My computer is infected with what appears to be numerous viruses.
I have Norton Antivirus, Adaware and Spybot installed and run them regularly.

Yesterday, turned on the computer, a window popped up saying NAV found and repaired:
Trojan.Alemod (C:\WINDOWS\System32\oleext32.dll)

But... a new icon was showing in the bottom bar (a red exclamation mark) supposedly from Windows, notifying me that the computer was infected. I clicked on the message, brought me to a website to download antivirus software. I had a feeling it was itself a virus, so closed the window.

I was getting nervous, so I ran an adaware scan and a spybot scan. both produced some results, and the objects were successfully deleted. I tried to run live update on my NAV because it said my definitions were out of date. One of the updates failed in the welcome text phase (this is nothing new, this update had failed before and I had been ignoring it). To attempt to manually get this update, NAV suggested a more direct update through the website, but it required ActiveX control installation, which I could not complete.

Then another notice from NAV -- found and repaired:
Backdoor Tofger

But... now I have TWO icons in the bottom bar-- the same exclamation one and a new one with a red X, same message. My NAV autoprotect became disabled. So now I see I am in big trouble.

A weird green screen appears behind my desktop with the notice: Spyware threat detected! System error #1752. Then t... Read more

A:Infected Computer-- Trojan Horse With Worm And Other

Sorry about not attaching my HijackThis Logfile. I really do have one now...I made progress last night, when running NAV in safemode, it told me that the:winlogon.exe Trojan Horse was quarantinedsrwhost.exe W32.spybot.worm was deletedsrshost.exe Hacktool.Notifier was deletedOne of the balloons is gone, the other remains, and things still don't seem right.Can you help? Here is my logfile. Logfile of HijackThis v1.99.1Scan saved at 6:47:59 AM, on 4/25/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\FrontierNet\FrontierNet DSL Attendant\app\TangoService.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\Pro... Read more

Read other 3 answers
RELEVANCY SCORE 52.8

I would appreciate a look at my Hijack this log and suggestions please. I really don't understand how this could happen when I run Norton updates and virus scan every 2-3 days, Adaware the same way , Spybot the same way, and have spyware blaster as well. I tried removing spybot from my computer and installed and ran xoftspy instead with no help.
TY for your time and efforts!

Logfile of HijackThis v1.99.1
Scan saved at 12:00:24 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft... Read more

A:Spybotw.32.worm virus has infected my computer!- HELP

hi, welcome to TSG.

well your log is clean and no sign of a bad entry. Where does it say the worm is?

Run these tools.

Run ActiveScan online virus scan here

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it.
Make a note of the file location of anything that cannot be deleted so you
can delete it yourself.
- Save the results from the scan!

* Download the trial version of Ewido Security Suite here
http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install
background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the
main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know
how.
How to boot to safe mode

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.
* Restart your computer into safe mode now. Perform the following steps in
safe mode:
* Now run Ewido:

* Click on scanner
* Put a check by the following before you scan:
o Binder
o Crypter
o Archives
* Click the Start Scan button to start the ... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Everytime i go ONline, it says LSASS a file process started by the system, has unpectedly encountered an error and has shutdown, shortly after that, it says, LSASS was closed, thus NT sys authorized a emergency shutdown, and it counts down from 59 seconds to 0, and restarts my computer.

Here is my HiJack This log, pls help me. i do not know which worm it is, thus i cannot fix my problem. please tell me what to do.

Logfile of HijackThis v1.98.1
Scan saved at 4:28:11 PM, on 8/8/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
D:\WINDOWS\System32\mnmsrvc.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ScanSoft\OmniPageSE\opware32.exe
D:\Program Files\Common Files\Dpi\dpi.exe
D:\Program Files\Common files\Updater\wupdater.exe
D:\WINDOWS\kdx\KHost.exe
D:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
D:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
D:\Program Files\Messenger\msmsgs.exe
D:\QUICKENW\QWDLLS.EXE
D:\Program Files\Sony\VAIO Action Setup\VAServ.exe
D:\Program Files\Ad... Read more

A:infected with worm: computer countdown shutdown

Well, you've a got whole buncha problems there, my friend. First and foremost is the Sasser worm.

Go here to get a removal tool and follow the instructions on the site:

http://securityresponse.symantec.com...oval.tool.html

Read other 9 answers
RELEVANCY SCORE 52.8

My friend sent me something online, turns out it was some trojan horse virus or something. I've got a good virus protector thing with avast on access scanner, so I terminated the connection, then the little thing that said it was infected popped up again and I aborted the conneciton again. A program for a casino came up and I deleted it and deleted it from my recycle bin to.So I turn off my computer, restart it, and the thing pops up twice again. My question is, can any of you give me a step by step run through of how to permanently get rid of the trojan horse/see if its still in my computer? I'm worried, please help.BTW, it says the virus(or 'last infected') is called: http://95.255.155.187/users/fill/web/images/idownload.exeThe numbers must be my IP address, I changed it a bit obviously. OMG it just did it again. HELP.Update: it says its in my web shield. Should I just delete my web shield and download a new one or something?

A:Help, I Think My Computer Is Infected With A Worm/trojan Horse

Please help! I'm screwed!!

Read other 2 answers
RELEVANCY SCORE 52.4

Picture My problem is that all my google searches get sent to some random site. I've ran so many scans and none of them fixed my problem. Then I got Hijack this and I didn't know what the hell to do so I come to you for help. Here is my log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:27 PM, on 12/28/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Bell\Security Manager\Fws.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Lexmark 2200 Series\lxbvbmgr.exeC:\Program Files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPCli... Read more

A:My Google Searches are being redirected (picture inside)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that you have regarding the fix(es... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hello there,I was recommended to come here via another forum. I have been infected with malware on my computer and possibly within my email account as well as it has been doing some strange things which are included in this post. I would like to tell you that a while ago I let BT twice know about an issue where I signed in to view email from the "mail icon" on the BT homepage and instead of seeing the "emails" page there was a notice that said "this is a phishing website" that Internet Explorer 7 said. I think it might be a pharming website as the BT home page downloaded again without me doing anything. It did this on bebo as well on the "videos" page - refeshed itself again this is and on my bebo page there was supposed to be 6 comments in a box but there were only 5 dispalyed and then a few months later it went up to 6. I'm thinking I might have picked up malware/spyware on there perhaps. I had a fake security check once flashed when I visited a website and when I clicked on the no thanks button - the windows installer box came up and I clicked on the cancel button but something might have got installed that day - I don't know properly. Around this time my firewall program "Zone Alarm" kept going off when I switched my computer on. They were supposed to have investigated this and I never heard anything about this apart from the "help person" that said they would pass it on. The 2nd time the help people suggested I install the BT dial-up software again but since then a ... Read more

A:Infected With Malware On Computer/emails And Helkern Worm

Hello Liam162 and welcome to BleepingComputer!Apollogies for the delay. The forum has been very busy lately and. If you are still having problems, then please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. When posting your log, please make sure you post the HijackThis log as a reply and not as an attachment. If we do not hear back from you within a couple of days we will need to close your topic.Thanks,Johannes

Read other 1 answers
RELEVANCY SCORE 52

So my sister's boyfriend has just had his account in World of Warcraft hacked via her computer. His password was changed with his character stripped clean of everything. He never gave his account info out to anyone. Furthermore, I have found a Worm by the name of Win32WormAutoRun earlier today, which Ad-Aware destroyed. Even prior to that, I found a Trojan which I took out with Comcast's spyware sweeper. Haven't found anything else since, but various tracking cookies (often identified as spyware) like AtlasDMT (atdmt.com), Doubleclick, 2o7, and others I'm not prepared to name off, but those are the main threats. It's hard to say where this originated from, but it spread throughout our home network fast and infected all computers (my computer, sister's computer, laptop and parents' computer).

Can keyloggers exist through spyware/tracking cookies alone, or is a trojan/worm required for that to work?

I have used the following programs in order to attempt to fully clean out my system.

1. AVG Anti-Virus Free
Detected around 20 appliances of the atdmt, Doubleclick, 2o7. First scan.
2. Comcast Toolbar's Spyware Sweep (Temporary)
Detected several atdmt's as well as a Trojan.
3. ATF Cleaner
4. Ad-Aware
Found Win32WormAutoRun twice in one scan as well as various spyware like atdmt and Doubleclick. I constantly have a Ad-Aware scan going on, but somehow the Spyware keep coming back! I haven't seen the Trojan or Worm since I... Read more

Read other answers
RELEVANCY SCORE 52

Hello,

I recently became infected with a a virus of some sort and it is causing problems. I currently have Norton Internet Security 2009 installed but for some reason it has stopped working and i'm wondering if it is because of this virus.

Including the name given in the title, a Security Center Alert continuously (about every 3-5 minutes) pops up stating suspicious software such as:
Trojan.win.agent.dcc, Email-Work.Win32.NetSky.q, Trojan-Downloader.JS.Multi.ca, Virus.Win32.Gpcode.ak and so on

It asks me to enable Malware Protection. However it says it windows defender is turned off and wont let me turn it back on. Also, on start up I get a "Windows Defender User Interface has stopped working" and I have the option to shut it down.

Also, every time I start up my computer I get icons to various porn websites. My children use this computer so I definitely can't be having that happen. This is also why I am unable to provide insight as to what was going on when the virus infected my computer.

Upon reading a few posts i noticed you ask them to run a Win32kDiag program and provide the log. I have run this, but a problem has occured, here is the log

Running from: C:\Users\Randy\Desktop\Win32kDiag (1).exe

Log file at : C:\Users\Randy\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...

Cannot access: C:\Windows\System32\LogFiles\WMI ... Read more

A:Net-Worm.win32.mytob.t (among many other names) has infected my computer

Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will... Read more

Read other 1 answers
RELEVANCY SCORE 52

It appear to be like this 3/4 of the time when i restart my computer.
i have tried resizing the resolution and closing languae bar. sometimes it works but all of the time. how do i get rid of this.
 

A:Solved: Why does my programs appear in both side of my taskbar? (picture inside)

Read other 9 answers
RELEVANCY SCORE 51.2

Please let me know what i can do, its soo annoying and i can only get online from task manager!

Logfile of HijackThis v1.99.1
Scan saved at 1:37:37 PM, on 8/6/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\svchoct.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\m?iexec.exe
c:\program files\dboo\shot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hu\My Documents\nwlondonthug\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zpecialoffer.com/indexie.html
R1... Read more

A:NO Icons, NO Startup Menu, just my desktop picture! HELP! Log file inside

Read other 16 answers
RELEVANCY SCORE 51.2

Hello,

Hijack This Log- Can download to computer but it will not run. Even with a force run it will not run.

Problem 1- My wife's computer is getting a pop up every 3 seconds that is saying the same 2 things over and over. (Your Computer is Infected! Windows has detected spyware infection! It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.) The other pop up is for the same thing and it states (Trojan Detected!) with the repeated bold above.

Problem 2- Internet explorer is getting redirected to the XP Anti-spyware site to pay for the product. Otherwise it will not let you away from that page. No matter what you are redirected to that site. Firefox is working which is how I can post here. I can download to this computer but once installed nothing will run. Not even HJT.

I have tried to restore to a previous point to see if that would help but it doesn't. I have tried a few other things with no prevail. I am really stuck and could definately use your expertise. Thanks for your help.
 

A:XP Anti Spyware 2009 (Your Computer is Infected)

Read other 16 answers
RELEVANCY SCORE 51.2

A couple days ago I was infected with a virus. Pop-up windows opened advertising various "programs" to get rid of viruses, and my desktop changed to a large picture telling me that I had spyware and it was going to wreck my life. I ran combofix, then ran malwarebytes, and the virus seemed to have disappeared. today, I noticed that occasionally when I was using the internet when I clicked on a page result from google, I would be sent to the home page of the advertising company MIVA. I tried to run combofix again, and it did not open. I tried to run Malwarebytes and it did not open. I downloaded and installed Superantispyware and that will bring up a window saying that it encountered a problem and needs to close. My only antivirus that works is Symantec Corporate edition, and the always picks up three counts of Packed.Generic.200, with the filename: uacesshqwmqntmogxy.dll. Symantec tells me it takes acction on these files, but my computer's behavior is not changed, and if i run the search again it picks up the same thing.I run Windows XP Media Center, please let me know if you need any more info so I can fix my computer! I am currently using an alternate, clean computer.>>UPDATE: I am currently running RootRepeal in efforts to find and erase a potential CLB Rootkit infection aka WinNT-Alureon. I am following these instructions: http://www.malwarebytes.org/forums/index.php?showtopic=12709>>>UPDATE: The above routine was successful in t... Read more

A:Computer infected, won't run anti-malware programs

I can now successfully run my anti-spyware programs. Each time i run one it finds spyware, deletes it and i restart my computer. however, everytime the computer restarts the spyware seems to be bringing itself back. help please?

Read other 2 answers
RELEVANCY SCORE 51.2

Tried to install Trend micro 08 and could not succeed in it and now unistalled it and it's still here. tried spyware programs. Can't access internet all the time on and off tried to install kaspersky says it can't be installed web pages pop up at random Computer shuts off at Random Please Help!

A:Seriously Infected computer can't install anti-virus

Hi, welcome to tsf!

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here.

Read other 1 answers
RELEVANCY SCORE 51.2

Referred here from: http://www.bleepingcomputer.com/forums/t/242382/computer-is-really-infected-anti-virus-scans-wont-work/ ~ OBHi my computer has alot of trojans / malware on it and i cant open hijackthis nor most of the anti virus scans.Searching in google and firefox wont work , but safari is fine.I do have access to the internet on my computer.i tried dr web but i can only perform a quick scan because my computer restarts itself halfway during a complete scan.I cant post the log of those because it freezes/restarts if i go to file - save log.mbam also wont start.I ren hjt/dds and here is my log.Thanks in advance!DDS (Ver_09-06-26.01) - NTFSx86 Run by johnny at 17:00:29,62 on za 18-07-2009Internet Explorer: 7.0.6000.16851 BrowserJavaVersion: 1.6.0_05AV: F-Secure Anti-Virus 2009 9.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: F-Secure Anti-Virus 2009 9.00 *disabled* (Updated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://www.google.nl/BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dllBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d... Read more

A:Computer infected and cant run any anti virus scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

Please help. I have used various antivirus software programs and have found that I have an infected computer which was listed as C:\\windows\system32\mipamip.dll and could not delete it. I have tried to get rid of it on bit defender, ad aware, and house call. I have also used Kaspersky anti virus and have found that I have detected: riskware Mass-mailer software Running process: C:\WINDOWS\Explorer.EXE. and could not get rid of this one either

Please let me know what I should do to get my computer clean again.
Thanks

A:Help Infected Computer Anti-virus Does Not Work

Hi jaf3100, first welcome to BC.I'd suggest one more scan with this SuperAntiSpyware run from safe mode,after installing and update.How to start Windows in Safe ModeIf no joy then please post a HiJackThis log.Follow these instructions >> Preparation Guide for use before posting a HijackThis Log and post that log HERE by clicking New Topic

Read other 2 answers
RELEVANCY SCORE 51.2

here is my log, i have tons of popups and don't know what to do!!!!
Logfile of HijackThis v1.99.1
Scan saved at 12:24:42 AM, on 4/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\NEtpZHNFbnQ\command.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\bocwdnt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\mousepad8.exe
C:\WINNT\SYSC00.exe
C:\WINNT\sys01928459825-.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\bocwdntA.exe
C:\WINNT\system32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Sof... Read more

A:I have the Black Worm Virus...need help! my hijack this log inside, please look!!!

Read other 16 answers
RELEVANCY SCORE 50.8

Hey guys,

One of our employee's computer the whole systems fonts has been changed. I dont know how it happened but heres a picture below

How do i change back to normal?

I can't navigate properly due to the weird characters...

Thanks
 

A:Solved: VERY WEIRD Windows Characters, Changed Fonts? Picture Inside...

Read other 10 answers
RELEVANCY SCORE 50.4

I'm not sure how to remove this Zero Access Virus. It appeared after downloading an infected copy of Freerecorder 6 and even after uninstalling I can't seem to shake it from the system.

Really appreciate your help!
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Ifiok Jr at 10:52:53 on 2012-09-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3037.911 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.ex... Read more

A:My Computer is Infected with Zero-Access - Anti-Virus can't delete

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 22 answers
RELEVANCY SCORE 50.4

SO MY COMPUTER GOT INFECTED WITH SOME VIRUS THAT WILL NOT ALLOW ME TO INSTALL ANY ANIT-VIRUS SOFTWARE..ITS REALLY BECOMING A PAIN. I DONT KNOW WHAT TO REALLY DO...IM USING THIS FORUM THING AS HIJACKTHIS SAYS HOPE IM DOING IT RIGHT...I NEED HELP. HERE IS THE REGISTRY LOG SO I GUESS I NEED TO KNOW WHAT TO DELETE OFF OF IT??Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:08:50 AM, on 11/30/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 SP2 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\zHotkey.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Qwest\Quickcare\bin\sprtcmd.exeC:\Program Files\Yahoo!\Search Protection\SearchProtection.exeC:\Program Files\... Read more

A:computer infected? cant install anti-virus software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 50.4

earlier i received a file from a friend on msn saying "new pictures of me!!" which i opened and unzipped (foolishly) and now somestrange worm is sending similar messages to every one of my online contacts.i haverun my anti virus software (AVG) but the test results keep coming up as no threats,but forthe files C:\WINDOWS\system32\kernel32.dll, C:\WINDOWS\system32\user32.dll, C:\WINDOWS\system32\shell32.dll and C:\WINDOWS\system32\ntoskrnl.exe the result/infection part says "change".
but obviously i dont want to go poking around in my system files without knowing what im doing.....any advice on how i can get rid of this annoying thing?
 

A:Solved: msn picture worm

Read other 13 answers
RELEVANCY SCORE 50

Processor:  AMD A4-6210 APU with Radeon R3 Graphics 1.80 GHz
Installed RAM  4.00 GB (3.46 GB usable)
System type 64-bit operating system, x64-based processor
Pen and touch No pen or touch input is available for this display
Edition:  Windows 8.1
Manufacturer   Acer    Aspire E5-721
Canon MX452 all in one printer
Emsisoft is my main anti malware program.
 
Infected with W32/Mytob-EW worm and W32/Sdbot-BN backdoor worm
 
Bleeping brought this to my attention  while I was researching strange behaviour on my pc.  Several drive wipes with a factory install performed over the last four weeks.  Four wipes.  One done by my college computer technician.  Frustration over what was going on triggered the slow one by one process analysis using Task Manager.  When I selected the end task on these (so called worm in disguise) processes, they immediately started up again.  Using the right-click feature on the entries, to search online what they were, brought me directly to the Bleeping Computer description.  Upon further investigation it was unanimous that Bleepings information was correct.
 
My emsisoft was consistently detecting and quarantining two registry keys, over and over even after I deleted them.  I am no different than anyone else and have saved logs of other scans from JRT, adware, rogue killer, rkill, etc etc.  They usually don't help that much, but if you are curious I have ... Read more

A:Infected: W32/Mytob-EW worm & W32/Sdbot-BN backdoor worm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Cindy (administrator) on PERFECTPC on 26-04-2015 18:46:01
Running from C:\Users\Cindy\Desktop
Loaded Profiles: Cindy (Available profiles: Cindy & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Micro... Read more

Read other 84 answers
RELEVANCY SCORE 50

Hi

Im not quite sure if this is the same problem as the others. Im using Windows XP. Everytime I ran a anti-virus full scan of my computer it stops on a different files. I downloaded SUPERAntispyware last night. It found 40 threats and quarantine and removed the threats. I also tried to run MALWAREBytes (anti-malware) but it would also hang on certain files. After SUPERAntispyware quarantined and removed the threats I tried to do another full scan but it would still freeze but on a different file this time.

Please help...
 

Read other answers
RELEVANCY SCORE 50

I am not real knowledgable but I see many strange error messages in my event viewer. Loads of audits and special privledges in windows logs in security ... My anti virus and firewall shut down periodically, they resize and I cant see the whole window. When I tried to type netstat into my msdos window yesterday it said I dont have the level of privledges to run it. I did a complete factory reset just 2 days ago to try and kill off whatever has seemed to take over my laptop. DDS (Ver_10-11-08.01) - NTFSx86 Run by Meredith at 10:11:46.75 on Tue 11/09/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3000.1778 [GMT 3:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.ex... Read more

A:Infected! Computer making changes to firewall, anti virus shuts off.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 2 answers
RELEVANCY SCORE 50

Hi everyone , im new on this forum however my computer got infected lately with really bad trojans and what not.I cant run hijack this nor any other anti virus scans.Google and firefox are both not working either so im using safari right now.I got on this site because when i searched a trojan that i had , it showed this topic on this forum here with the exact same problems as me. http://www.bleepingcomputer.com/forums/lof...hp/t196642.htmlHowever my computer restarts itself halfway during the dr web complete scan.Also it freezes / restarts itself when i try to click on save log after a quick scan.Therefore i cant post the log after a quick scan and a full scan wont work because my comp restarts halfway through.Also mbam setup wont install because the virus / trojans still block almost everything.Does anyone have any ideas how i can still fix my computer without reformatting?I appreciate it alot.Thanks!Johnny

A:Computer is really infected , anti virus scans wont work

Hello are you running drweb from safe mode? It may complte.. Or try running MBAM.If you cannot use the Internet,you will need access to another computer that has a connection.From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.***Manually Downloading Updates: Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click o... Read more

Read other 8 answers
RELEVANCY SCORE 50

The BSOD says memory management problems or STOP and a whole string of numbers. My computer is extremely slow and avast keeps on saying that there is an AUTORUN.IBN worm spreading itself all over my system files. HELP! here is my HJT log Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:45:17 AM, on 2009/06/30Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exeC:\WINDOWS\Mixer.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\PR... Read more

A:Avast! claims that my PC is infected with an AUTORUN.IBN Worm and a msmsngr.exe trojan. Computer keeps giving me the BSOD...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Can anyone see why i can't get into any anti-virus sites? Something is blocking just those sites from IE. (mcafee, nai, hijackthis, avg, lavasoft, etc).Thanks for the help.JohnLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:10:14 PM, on 9/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\system32\cidaemon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Real\RealPlayer\RealPlay.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\ScanSoft\PaperPort\pptd40... Read more

A:Can't Get To Any Anti-virus Sites. Hijack Log Inside

Hello and welcome to BCApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and le... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

Hello,

Just yesterday I began to recieve these windows popping up telling me that my computer is infected, and I need to buy XP Guardian. It seems to be preventing me from running AVG free anti-virus. I've found out that when I actually end the process in my task manager called "av.exe", the little icon in the bottom right for XP Defender goes away, but it still puts up fake windows, doing fake virus scans that find 20 viruses and then ask me to buy the full version to remove them, etc.

Here is my HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:19:11 PM, on 2/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROG... Read more

Read other answers
RELEVANCY SCORE 47.6

Help! I had a malware program that insalled itself called Anti Virus XP 2008...now I have a blue desktop with an image that says "Warning! Spyware Detected on your computer, install an Antivirus or Spyware remover to clean your computer." it won't go away! I can't customize my desktop back the way it was I used Super Anti Virus and it got rid of some, but when I reboot my Avast always finds a couple of viruses in my temp files! here is my Hack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:03 PM, on 7/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\inetsrv\inetinfo.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS2\Syst... Read more

A:Help! I have the Anti Virus XP 2008 and a picture on my desktop that won't go away!

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

Read other 1 answers