Over 1 million tech questions and answers.

Infection - File: Plscd.exe

Q: Infection - File: Plscd.exe

Hi, I the other day I encountered some kind of unknown process trying to communicate through port: 2422 (TCP) (the process scans for open ports that are free e.g. 2422,2423,2424 etc.), the application itself is named "PLSCD.EXE" I have identified it on several websites to be malware but no solution to be found without tedious amounts of software to be installed etc.

My system is Windows XP Professional SP2, I run NOD32 AntiVirus, Spy Sweeper, Outpost Firewall and MJ Registry Watcher.

I would be aprreicate if anyone could tell me a simple process of removing this program.

Thank You in advance.

- Joe.

RELEVANCY SCORE 200
Preferred Solution: Infection - File: Plscd.exe

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infection - File: Plscd.exe

You have two of the top rated antimalware programs. Spy Sweeper and Nod32.Run both of these in safe mode if you haven't already.There is no key on your keyboard to push to get rid of your very dangerous backdoor infection.Two other programs you can try are Bit Defender online scan and Super Antispyware.Run Super Antispyware in safe mode. Allow both programs to quarantine or remove whatever they find. http://www.superantispyware.com/http://www.bitdefender.com/scan8/ie.htmlSuggest also, that you post a Hijack This log in the appropriate forum by following the instructions in the link below.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 6 answers
RELEVANCY SCORE 51.6

i am running windows 2000 prof

my prblem is some time unable to connect network compter using ip or system name and some machine automatically reboot while working

i found this is one malware or spyware prblem

when i connect network i get "A specified authentication package is unknown . some time i can connect some time only.

this problem is in my network computer arround 10 nos .but this is only windows 2000 proff. i scanned through trend ,kespersky ,microsoft anti spywer etcc...

but i couldn't solve this problem . i also searched internet using google.com .

try to use the word plscd.exe .we can get two links only

what can i do????

help me
 

A:plscd.exe problem

Hi tkmuthuvel

Click here to download Hijack This: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to C:\Program Files

Close out any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Copy & paste that log into this thread

Do not fix anything yet
 

Read other 1 answers
RELEVANCY SCORE 51.2

HI ALL I AM NEW TO THIS FORUM

the other day i turned on my computer and i got a windows error message saying that " plscd.exe was not able to run"" ? so i ignored it so i then had to restart and the same message came up? so i did a google on it and it came back that this was a vicious virus backdoor bot?? so i ran hijack this and stoped the processes. but can any of you guys take a look at the log report and tell me if there is anything else i should be concerned about?

the report:
Logfile of HijackThis v1.99.1
Scan saved at 21:52:32, on 15/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDO... Read more

A:Solved: PLSCD.EXE VIRUS help

Fix these

O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
==============

Looks like you got it but do this just in case

Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click... Read more

Read other 3 answers
RELEVANCY SCORE 50

W2K Pro, SP 4. I run MSAP, AntiVir XP, Avast Antivirus, Ad-aware SE, Spybot S & D, Bazooka, CCleaner, and HJT.

Whenever I start each day or restart during the day, avast! finds and deletes GVD.EXE. I keep getting PLSCD.EXE, too. I always get rid of TEMP files, empty Recycle Bin, clean all caches from IE6, Firefox, and Opera 8.02. I only keep IE6 because of Windows Update and my daughter's Yahoo Instant Messenger and Chat.

I feel comfortable using REGEDIT, if I know what to look for and get rid of the crap.
Logfile of HijackThis v1.99.1
Scan saved at 11:41:01 AM, on 8/30/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\plscd.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\So... Read more

A:Solved: Recurring GVD.EXE and PLSCD.EXE Problem. HJT Included.

Read other 10 answers
RELEVANCY SCORE 35.6

About every 15 minutes, I get an error message saying that there has been a crash with SVCHOST.EXE and it involves IEFRAME.DLL.
Also, my antivirus (avast!) routinely blocks Trojans that keep trying to spread on my computer.
However, when I run antivirus,anti-malware, and root-killer scans (with almost 10 different programs), everything shows up clean.
I am sure there is somethign bad on my PC (Vista x64). When I got to "Task Manager" and "Processes", there is an instance of SVCHOST that will not provide information when I select "Properties". Whereas the other instances of SVCHOST show me their location as "Windows/System32", this one doesn't even pop up a dialog box.
I believe there is something on my computer that is trying to load trojans. I believe the antivirus is keeping the trojans out, but I can't seem to find the root cause.

A:Infection or faulty file?

You already created new topic about this issue here: http://www.bleepingcomputer.com/forums/t/544150/possible-svchostexe-infection-but-nothing-showing-on-scans/
Do not create double topics.

Read other 3 answers
RELEVANCY SCORE 35.6

i belive i have the trojan zlob. also a big yellow triangle appeared on my desktop. i have tried removing it with mcafee,lavasoft,trojan hunter but nothing is working. i have posted before, you guys are the best & i know you get busy any help would be much appreciated. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:12 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1123283829\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.e... Read more

Read other answers
RELEVANCY SCORE 35.6

I'm looking @ a friend's Compaq Presario V3000. She started it over the weekend and a program called File Recovery started. The program opened windows until all the resources were used up and it froze.
I was able to get Malwarebytes loaded in Safe mode. After running it, it found 279 trojans and infections, most were PUP.MyWebSearch registry entries. Malware deleted all of them.
I rebooted and when Windows (XP Home) restarted, I get a blue screen of death witha Phys memory dump and it automatically reboots 2-3 more times and then the File Recovery program reappears.
I put in a Win OS install disk to do a repair and the install program said there is no hard drive installed. Ran Disk Check and there were no errors from that.
I reran Malware in Safemode and I got 39 new errors Pup.MyWebSearch or Pump.Fun Web Products, all files C:\System Volume Information\_restore{6D05...
Should I delete these files #1 and #2 even though I can see the hard drives, I fear everythng has been wiped from them.
Thanks in advance

Read other answers
RELEVANCY SCORE 35.6

I used autoruns and it lists the files explorer.exe and Explorer.exe.

The startup list indicates these could be possible infections.

One description could explain why my My Documents folder opens on its own why I start up my machine.

Thanks in advance

Hermez

A:Is this a legit file or infection?

Hi HermezDo you you know the files full path.. C;\ windows\ xxxxx\xxxxxor something like this.We should run a malware scan and see if they are still there after.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.45) and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click ... Read more

Read other 13 answers
RELEVANCY SCORE 35.6

Hello! This morning upon accessing the Internet my ZoneAlarm alerted me to a file called ORZ.EXE attempting to access the Internet. Never having heard this filename before, I immediately became concerned and I denied access to this file. ZoneAlarm reports in its Program Control screen that the file lives here:C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\Temp\orz.exeThis is a 62K file when viewed in Windows Explorer. I then told ZoneAlarm to block all further attempts at Internet access by ORZ.EXE. I also went to that path on my C:\ drive and renamed that file from ORZ.EXE to "orz.exe--evil.bad". The file's creation/modified date was today, 8/17/08 at 10:30am, which was approximately the same time ZoneAlarm first alerted me to its Internet access attempt.I then did a search of my C: and D: drives for any occurence of ORZ.EXE, and searched my entire registry (WinXP SP3). The only other occurence I found was here: C:\WINDOWS\PreFetch\ORZ.EXE-0C95AA72.pfWhen looking at Task Manager, ORZ.EXE was a running process that took about 5.8 MB of RAM. I then right-clicked on it and ended this process. I am running CrapCleaner so I ran it and cleaned out all the misc. temp files, etc. After shutting down and rebooting, I watched Task Manager, and so far ORZ.EXE has not started up.Which brings me to this post. After some google searches, I found other users questioning the validity of ORZ.EXE, specifically these two links:... Read more

A:Possible Infection?: File Orz.exe In Question

Hello and welcome to BCApologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.
Note: If you are using Windows Vista, right click at RSIT.exe and select 'Run as administrator'.

Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so be patient and le... Read more

Read other 2 answers
RELEVANCY SCORE 35.6

Original post http://www.bleepingcomputer.com/forums/ind...mp;#entry586060Log Logfile of HijackThis v1.99.1Scan saved at 9:58:30 PM, on 8/4/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\ATI Multimedia\main\ATIDtct.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\WDBtnMgr.exeC:\Program Files\WDC\CR\SetIcon.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\PROGRA... Read more

A:Log File, Hupigon.xta Infection

Hi stoopid2001, If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you. A new version of HijackThis has now been released, so before you repost your log please download and install the new version by following the instructions in Step 9 of the Preparation Guide For Use Before Posting A Hijackthis Log. Note that it is unnecessary to uninstall the old version because the new one will be copied to a different folder.Thanks for your patience!

Read other 1 answers
RELEVANCY SCORE 35.6

Hi, my computer was infected with Malware that installed a program called "Antivirus XP 2008" and also some app called AntiSpy or something. Oddly enough, my McAfee could detect the malware, but could not remove it or cleanse my PC. I installed Malware RemovalBot and that was able to remove all traces of the infection, I THINK. I am pasting my logfile and am hoping a pair of expert eyes can assure me that I am rid of this nuisance. I've been paranoid to use this PC ever since.... THANK YOU!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:54 PM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Pr... Read more

Read other answers
RELEVANCY SCORE 35.6

Here is the link to my previous posts that have brought me hereThe first MBR.exe failed to run properly here is the log.-Copied from file: "mbr.log"Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.netWindows 6.1.7601 device: opened successfullyuser: error reading MBR error: Read The handle is invalid.kernel: error reading MBR -End-Then I was instructed to run MBRCheck.exe instead and here are the results.-Copied from file "MBRCheck_09.09.11_23.49.45.txt"MBRCheck, version 1.2.3? 2010, ADCommand-line: Windows Version: Windows 7 Home Premium EditionWindows Information: Service Pack 1 (build 7601), 64-bitBase Board Manufacturer: Hewlett-PackardBIOS Manufacturer: Hewlett-PackardSystem Manufacturer: Hewlett-PackardSystem Product Name: HP Pavilion dv7 Notebook PCLogical Drives Mask: 0x0000003cKernel Drivers (total 182):0x02E12000 \SystemRoot\system32\ntoskrnl.exe0x033FB000 \SystemRoot\system32\hal.dll0x00BAB000 \SystemRoot\system32\kdcom.dll0x00C58000 \SystemRoot\system32\mcupdate_GenuineIntel.dll0x00CA7000 \SystemRoot\system32\PSHED.dll0x00CBB000 \SystemRoot\system32\CLFS.SYS0x00D19000 \SystemRoot\system32\CI.dll0x00DD9000 \SystemRoot\System32\drivers\SMR210.SYS0x00C00000 \SystemRoot\System32\drivers\FLTMGR.SYS0x00E51000 \SystemRoot\system32\drivers\Wdf01000.sys... Read more

A:Infection in my MBR, File: rikvm_C6F09094.sys

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your DDS log.We can check further.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and ... Read more

Read other 7 answers
RELEVANCY SCORE 35.6

Hi, I unzipped a file that I downloaded, Turbo Tax 2006. The file wasn't Turbo Tax, when it expanded, I got this (I appologize in advance for the title)"2 real teen girls(goth) nude in park very sexy- FKK PJK Nudist - free sex stories black movies gay pics teen scat virgin teen video nude girls porn young women big pedo rape incest girl taboo ggw cum mature anal pussy asian) civX.jpg"It says it's a JPEG image and it's 449KB. There's no image or program or anything. If I right click on the icon for it, it has no options to delete, cut, move it or do anything to it. I ran AVG and it said that the file(Turbo Tax 2006 had infected me and it couldn't delete or quarantine it. Does anyone have any ideas how I can get rid of this? Your help will be greatly appreciated.Thanks,DonHere is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 8:31:19 AM, on 2/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Executive Software\DiskeeperLite ... Read more

A:Unzipped File That Was An Infection

Hi and welcomeI need to know exactly where this file is located please.Full path to it.Next thing I need to know is if you have any other .jpg files in this folder that has that nasty one you just posted about.That file has a nasty case of turrettes ans windows can't handle it. Seriously....What has happened here is the file name is over 256 characters long (including path to file) and windows cant handle a file name that long. It dunno even how to delete it, read it, or what program to use to run the file.One more reason not to download from p2p. Yes we can remove it. I just need the path to it & we'll rip it out with a couple good ole "dos" commands. I don't see anything malicious in your HJT log but would like to double check with an online scan:Might hafta hold off on the scan if it freezes up on that file.Using Internet Explorer please do an online scan with Kaspersky Online Scanner Click on Kaspersky Online Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then start to download the latest definition files. Once the scanner is installed and the definitions downloaded, click Next. Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (If available otherwise Standard)Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan select My Computer The scan will take a while so b... Read more

Read other 1 answers
RELEVANCY SCORE 35.6

Hi everyone! One day while using my computer I noticed a suspicious process running that is usually not there. I deleted the file associated with the process and everything seemed fine. Soon enough, another file with a slightly different name took its place and was running again. No matter how times I delete the file it keeps coming back in the Temp folder. My computer seems to be running slower because of it and I think it might be a virus. Please help!

Logfile of HijackThis v1.99.1
Scan saved at 11:25:02 PM, on 12/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOW... Read more

A:Stubborn File, Possible Infection?

Read other 9 answers
RELEVANCY SCORE 35.6

Please diregard this post I have reposted in the right forum

Admin you can delete this

BP

A:Virtumonde File Infection

Hello Kentucky1986. I see the topic has been closed there. You will probably need to post a log here at BC if this doesn't work or for the HJT Team to determine if those are indeed a new form.I didn't see if VirtumundoBegone was run. You can try running it from this tutorial.How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo. It is below the Vundo Fix.You may also run theseDownload Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop .. DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to start Windows in Safe ModeDouble-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.NOW Scan with SUPEROpen from the desktop icon or t... Read more

Read other 1 answers
RELEVANCY SCORE 35.6

I was just recently infected via a downloader trojan and various others and have been unable to resolve my problem on my own and trying to avoid wiping the hard drive in it's entirety.Symptoms include:Unable to access Safe ModeNo more Administrator Privileges - I was able to unlock the ability to edit my registry on my own.Several Run DLL errorsFake software pop-upsMassive Computer Slow Down - Also attributed by my somewhat overheating CPUBrowser HijackingAs well as various others I cannot remember at the top of my head. I was only able to monitor this much before the system crashed on me after retrieving the necessary logs.DDS (Ver_09-12-01.01) - NTFSx86 Run by Yukai Makino at 6:11:42.23 on 2010.26.02Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1110 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeD:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeD:\Program Files\Sandboxie�... Read more

A:Mass Infection due to a bad EXE file

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 5 answers
RELEVANCY SCORE 35.6

Thanks in advance for helping me.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\windows\system32\uesqjbx.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Messenger\m... Read more

A:aurora infection, hjt log file

Hi and Welcome to TSF!

You left out the top header of the HijackThis log. We require the the info contained there. Please ensure that it is included in subsequent logs.

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted by our Team. Click the "Thread Tools" button located in the original thread line and select "Subscribe to this Thread".

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you have Notepad 'on'. If you should choose to do otherwise, it may lead to some confusion.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any open browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp! - Install.

KillBox v2.0.0.175

Nailfix - Unzip tp a new folder

FindIt's.zip

Process Explorer

Ewido Security Suite - Install & Update it's database but do not run it yet.

DSRFix

UNPLUG Y... Read more

Read other 1 answers
RELEVANCY SCORE 35.2

I've recently had a problem with my computer. what happened is first, I noticed my windows firewall was turned off. I turned it back on, and then I noticed that there is a system warning that says "virus warning! your system is infected." Unsuspecting, I clicked on it, but I think that because I turned off all popups it never loaded properly, but just kept on trying to load every few minutes. Then, my internet explorer started up by itself, and I heard some weird ads in the background even when i turned the explorer turned off. I then tried to run the trend housecall online and avg anti-virus, but for some reason they took forever to scan the windows files. I then tried to run a program called malewarebytes, which finished in about 2 hours and rebooted my computer to clean. I'm VERY scared that there may still be virus/spywares on my computer. Please tell me what to do as I am just a student with very limited computer experience and I'm TERRIFIED that my computer files may be hacked or something worse! So I have just ran hijack this and this is my log file. Please tell me what should I do with this as I don't know anything about what the logfile means!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:45:29 PM, on 02/08/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WIND... Read more

A:Hijack Log File - trojan infection (?) and others ~Please help

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

Read other 2 answers
RELEVANCY SCORE 35.2

Hi all,

This past week, I've been experiencing some computer issues. First, when I tried to start my laptop from hibernation, it would freeze during the resuming windows page. I have no idea if that is related to my IRP hook infection, but I figured I would mention it anyway. The issue that really caught my attention was that I was unable to access Google or my gmail account starting either Wednesday or Thursday even though I was able to access every other site. I believe my browser said, "Page cannot be found" or something like that. On Friday when I got home from work, I was able to access Google, but when I clicked on a link under the search results, I was redirected to another site. That's when I knew something was really wrong. Since then, I have run scans with Malwarebytes, TDSSKiller, Spybot Search & Destroy, and AVG Anti-Virus Free Edition 2012. Unfortunately, Malwarebytes and TDSSKiller didn't find any malware. On the other hand, my Spybot Search & Destroy scan found Fraud.Sysguard and Microsoft.WindowsSecurityCenter.AntiVirusOverride, which I had Spybot S&D fix. Finally, yesterday when I ran my AVG 2012 scan, it found, "IRP hook, \Driver\atapi DriverStartIo -> 0x8A52B2FB" but the file is unknown and the result said, "Object is inaccessible." After I clicked fix, it said that AVG removed and healed the infection, so I tried to do a Google search and everything was fine. However, I ran the... Read more

A:IRP Hook infection, file unknown

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462976 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 3 answers
RELEVANCY SCORE 35.2

I've fixed many peoples computers before and underwent some of the MWR university program, but this particular infection has me stumped. My uncle called me up and told me that he clicked an ad and now his "IE window is blank" so I went over there to check out his laptop. I immediatelly noticed the wallpaper was grey and the Red X in the taskbar telling him he had a virus, which I knew was antispyware 2009. His internet connection was blocked by the virus so IE was unavailable. His host file redirected zief.pl so I assumed that was the problem. After running combofix to help clear up the infection everything seemed to be working fine, I was even able to download several windows and AVG updates. IE was working but AVG was picking up HTML files all over. Several hours later the problem was back, a completely different icon and message appeared in the taskbar stating that he had a virus, i ran combofix again and it picked up even more exe's. After a reboot however, his internet connection was not working again. No sign of any viruses, but zief.pl was still sticking in the hosts file no matter how many times the line was removed. I can't burn the logfiles onto a CD because the drive says incorrect function, but im going to go pick up a flash drive now so I can paste them here. In the meantime, any suggestions?

Oh one more thing, hes running Windows XP on a toshiba laptop. Some of the files removed in combofix's last run were things like w.exe, rundll33.e... Read more

A:Zief.pl in hosts file, serious infection

If you do a google search for ComboFix you will find many reasons why the tool is NOT meant for use unsupervised and , I guess that , as you say you have been inside the MWR University you might appreciate the risks associated with running the tool ; Combofix'x guide on here caries the Dislaimer warning against using it unsupervised. http://www.bleepingcomputer.com/combofix/how-to-use-combofix That said, It appears you require the Malwarebytes tool for the XPantispyware 2009 Its guide on this site is here http://www.bleepingcomputer.com/malware-re...ntispyware-2009May one suggest you run the Malwarebytes program, and post its report for someone to check for you

Read other 4 answers
RELEVANCY SCORE 35.2

I downloaded and unzipped a file claiming to be flv to avi converter. The unzipped file includes an exe file & I believe 4 notepad files. When I tried to run the exe file to install what I believed was a video converter, nothing happened. Once my pc went through that process and there were no longer any tasks or processes being run, I tried to open my firefox browser and a error dialogue box popped up saying the program could not be accessed or that I was not authorized to access it. I can't remember the exact wording and as I am not at that pc, I am not able to go through the actions right now. Anytime I tried to run any program or access anything under the control panel (ie, add/remove programs) or help/support to try to do a system restore, I was blocked. I'm also unable to shutdown the computer properly. The only way to turn it off is to press the power button & interrupt the pc.

This file was download while trying to download the movie Iron Man in flv format at a streaming movie website. I think the website may be omegatube.com or themoviedownloads.org. I cannot access my browsing history since I the infection prevents me from opening anything so I am not sure where I got the file.

The only thing I did try was running the pc in the last good config, which did nothing.

When I get home, I will try to access the properties for the file b/c I think there was a name or some sort of other information that may help me trackdown the file's ori... Read more

A:Infection From Zip File Named 'flv To Avi Converter'

I doubt that a system restore would fix the infection, but if you go to safe mode command promptand type%systemroot%\system32\restore\rstrui.exethat should give you access to system rstore

Read other 7 answers
RELEVANCY SCORE 35.2

Hi,
I am running vista and have been having problems for about a week! Not sure if it infected, some sort of spyware or the host file has been corrupted! I have tried everything to fix it and have not had any luck. hijack this log reports it is unable to get the internet explorer version. I think maybe spybot may have infected me? I uninstalled spysweeper as I thought that may have been the problem....I may have done more harm than good at this point so I am now posting since at this point in time I am completely lost. One more bit of information...I never open emails unless I know the person but I was having difficulty deleting my emails on msn the would keep coming back...then all of the sudden all of my emails were gone.
Please Help
Thanks
 

A:spyware.host file infection?

Read other 16 answers
RELEVANCY SCORE 35.2

Hello,
Yesterday I received an e-mail from a friend that had only a link. Figuring this was a virus I googled the web address listed hoping to find some information. What I thought was a topics page was probably the exact same page that was linked in the e-mail (http:birken1011.birkenkrahe.com/wp-content/gnfkvgn.php?cw=irpzcd).I broke the link just in case you make the same boneheaded mistake I did. It looked like a charity page but I immediately received a pop-up asking to install software. Of course I hit cancel but it kept popping up over and over again. As you may have guessed I accidentally clicked OK and the problems began.

I immediately restarted my computer thinking I could interrupt the installation. No luck. I started receiving warnings about hard disc partition space and the File Recovery program began running. It also added an icon to my desktop and then later deleted all of my icons and startup items. I started my computer in safe mode and followed the directions on bleepingcomputer.com for removal of File Recovery. MBAM got rid of a number of hijackers and prompted me to restart. After restarting I ran TDSS killer. That program detected a root kit but could not cure it. I am not at home now but I received a message asking if I wanted to overwrite with a general boot script or something similar (I can post the exact language if needed in a few hours) but I was afraid I'd screw things up even more. So, I have a feeling that I did not rid myself ... Read more

A:Need help removing File Recovery infection

Welcome, there are likely a few steps you missed.Please follow our Removal Guide here File Recovery Removal Guide .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.

Read other 5 answers
RELEVANCY SCORE 35.2

Hi
I have already put a post on - but no replies - probably too long winded - anyway hope you can help with dis infecting my pc.

Logfile of HijackThis v1.99.1
Scan saved at 20:45:05, on 22/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Common Files\Symantec Shared\ccProxy.exe
E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
E:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
E:\WINNT\system32\MSTask.exe
E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
E:\WINNT\system32\stisvc.exe
E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
... Read more

A:Help with virus infection - HJT file included

Closing duplicate thread, please continue here: http://forums.techguy.org/security/511810-trojan-horse-dialer-28-win6ea.html
 

Read other 1 answers
RELEVANCY SCORE 35.2

Hi everyone. I'm running Windows XP that has slowed down significantly in recent days. I also receive the error "Another program is currently using this file" which doesn't make sense. Here is my hijackthis.log. Thanks so much!
Logfile of HijackThis v1.99.1
Scan saved at 09:06:04 p.m., on 25/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Adobe\Photoshop Album Starter E... Read more

A:Solved: Another infection with HijackThis file... :(

Read other 13 answers
RELEVANCY SCORE 35.2

Hey all, I did a ridiculously stupid thing and downloaded a file from Keygenguru thinking it was a serial number generator for final cut pro 7. It came as a .rar and I unzipped and for some stupid reason double clicked the application. It went to a blue screen immediately and restarted and then whenever I try and get into windows I get the same results. Safe mode seems to be okay but when I tried to delete the crack from my desktop it froze. I have found other tutorials on here that describe similar problems but they were from different files from the same site - keygenguru. My computer is currently un-usable (typing this on a friends PC) and I have lots of coursework to be getting on with ! If anyone would be so kind as to take me through the steps of fixing this I would be eternally grateful ! I'm using Windows Vista 64bit, Please help ! Regards Casshern edit: I got this fixed last night due to a friend helping me, Thanks anyway though!
 

Read other answers
RELEVANCY SCORE 35.2

Referred here from: http://www.bleepingcomputer.com/forums/t/226789/need-help-with-trojan-vundo/ ~ OBI have had an infection for a while. At first I tried Malwarebyte's Anti Malware, as well as SUPERAntiSpyware, which didn't seem to do anything. For a while whenever I started the computer, only the desktop picture appeared, and I had to use task manager to get the start bar and desktop icons. Now it doesn't do that anymore, after I got help from superbird on the "Am I infected? What do I do?" forum. I still get random popups and now something called "Malware Doctor" is on my computer, and I'm not sure how, and I don't know how to delete it. So superbird told me I might be dealing with a file infector and sent me here.Now Google doesn't work... I can only get to websites if I type them in or have them previously favourited. I also can't get into any emails on Hotmail.I've tried attaching the dds attach document several times, but it just stays as "uploading file" and won't say it's been fully uploaded, even when I wait an hour or so. I was going to copy and paste it just in the post, but it says in the file not to post the contents unless "specifically asked" to do so... so I won't post it yet. Sorry for this inconvenience.Hopefully someone will know what to do. I appreciate all help. My DDs log:DDS (Ver_09-05-14.01) - NTFSx86 Run by User at 19:38:08.98 on Wed 05/20/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.414 [GMT -4... Read more

A:Trojan infection/ file infector?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 35.2

I consider myself a savvy computer user, I pride myself on defeating malware instead of a reinstall so to begin with I wont reinstall this. I've come across a PC that has a new kind of tdss infection. I've read a few topics on this certain infection that targets the windows/systems32/drivers/atapi.sys file with a new version of tdss rootkit. So far on all the topics I've read of them none have been sucessfully removed yet. So without further delay I'll start with what I have done to get rid of this infection. First off kaspersky recognizes this as "rootkit.win32.tdss.d" kaspersky of course cant get rid of it so I download tdsskiller, it finds the rootkit says it is going to be deleted on restart but is still there on next run. So I then tried to manually replace the atapi.sys file (using bart pe and also mini xp trying 3 different times to be sure I was really replacing the file) from the directory with a clean file on a windows home ed disk. That also does not work as upon boot the atapi.sys file is still infected or should I say the new file is newly infected? Ive also used a combination of other spyware removal programs like combofix and others. So let me know with what to post to get this started.

A:Tdss infection of atapi.sys file

I thought maybe I should post some logs of what ive done so far to help get the ball rolling.
10:03:15:671 3688 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
10:03:15:671 3688 ================================================================================
10:03:15:671 3688 SystemInfo:

10:03:15:671 3688 OS Version: 5.1.2600 ServicePack: 2.0
10:03:15:671 3688 Product type: Workstation
10:03:15:671 3688 ComputerName: YOUR-631F5B18CA
10:03:15:671 3688 UserName: Owner
10:03:15:671 3688 Windows directory: C:\WINDOWS
10:03:15:671 3688 Processor architecture: Intel x86
10:03:15:671 3688 Number of processors: 1
10:03:15:671 3688 Page size: 0x1000
10:03:15:671 3688 Boot type: Normal boot
10:03:15:671 3688 ================================================================================
10:03:15:671 3688 UnloadDriverW: NtUnloadDriver error 2
10:03:15:671 3688 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
10:03:16:234 3688 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
10:03:16:234 3688 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:03:16:234 3688 wfopen_ex: Trying to KLMD file open
10:03:16:234 3688 wfopen_ex: File opened ok (Flags 2)
10:03:16:265 3688 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
10:03:16:265 3688 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
10:03:16:265 3688 wfopen_ex: Trying to KLMD file open
10:03:16:265 3688 wfopen_ex: File opened ok (Flags 2)
10:03:16:265 368... Read more

Read other 2 answers
RELEVANCY SCORE 35.2

I was recommended to come here because of a possibly infected file or files. Here is a link to the TSG thread:

http://forums.techguy.org/web-email/1118453-google-chrome-browser-has-disappeared.html

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:58 PM, on 1/29/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Users\Bill\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\CancelAutoplay2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera.exe
C:\Program Files (x86)\Opera\18.0.1284.68\opera_cr... Read more

A:Possible infection (random characters as file name)

Read other 16 answers
RELEVANCY SCORE 35.2

Trying to get rid of this infection. It has shut down a lot of programs . I have windows XP Home Edition 3pk. if that is any help. My malwarebyte won't open ,windows malicious spy removal update won't dl and Microsoft security essentials won't open.I ran HIjackthis. I am getting a security warning Navcandl ieframe.dll. Any suggestions would be greatly appreciated. Thanks

A:Data Recovery File infection

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 25 answers
RELEVANCY SCORE 35.2

I have a malware infection in file, c:\windows\system32\svchost.exe. Can you help me? My advast antivirus program keeps poping up this message Malicious url blocked. It does this many times
My computer would not allow me to download,TSG Sysinfo

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/12/2011 7:52:44 AM
System Uptime: 6/11/2012 8:28:50 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NAGAMI2
Processor: AMD Athlon(tm) 64 Processor 3800+ | Socket 939 | 984/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 125.088 GiB free.
D: is FIXED (FAT32) - 8 GiB total, 0.519 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 466 GiB total, 410.947 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B1&2#
Manufacturer: Generic
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#058F312D81B1&2#
Service: WUDFRd
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Descript... Read more

Read other answers
RELEVANCY SCORE 35.2

I have a nasty infection call Enterprise Edition. I've used Spybot and Malwarebytes both cleaned up stuff but haven't resolved the block on the hosts file. I have updated these by downloading their respective updates and transporting to the troubled computer. The problem computer can't connect to any website because the hosts file redirects everything. I can't even remove the "read only" property. Here is my HijackThisFileLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:07:32 PM, on 11/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\spoolsv.exeH:\WINDOWS\Explorer.EXEH:\Program Files\Java\jre6\bin\jqs.exeH:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeH:\WINDOWS\system32\wuauclt.exeH:\WINDOWS\ALCXMNTR.EXEH:\WINDOWS\AGRSMMSG.exeH:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeH:\Program Files\Java\jre6\bin\jusched.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Messenger\msmsgs... Read more

A:Can't Change Hosts File due to Infection

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 13 answers
RELEVANCY SCORE 35.2

I have tried just about everything to get rid of Virtumondo and it keeps coming back. I also get popups on my desktop even when I am not in a browser. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:55:31 AM, on 12/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\System32\CTsvcCDA.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files&#... Read more

A:Virtumondo Infection - Posted Hjt Log File

Hello mtnbay and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.I see that you are running two antivirus programs on your computer. It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. Please uninstall one of them, either AVG, or Norton.Please download VundoFix.exe to your desktopDouble-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has fin... Read more

Read other 6 answers
RELEVANCY SCORE 34.8

Hi, I am new to this forum and need help.

1) recently I started using MagicJack on my computer and seems like there was an update to the product.

2) I have Prevx 3.0 (free version) installed and it said it had found infections. Following is the message from the log file of Prevx 3.0 that identified the infection
"c:\documents and settings\$user\local settings\temp\nsv34.tmp\nssjphone.dll"

Please note that I have changed my user name to "$user"

3) I have Ad-aware and Microsoft Security Essentials installed on my computer. Ad-aware did not inform/identify any infections

4) Microsoft Security Essentials program requested that I submit the files for inspection - which I did

5) I have scanned my entire computer with Ad-aware and MS Sec Ess, but none of them found infections

6) Whenever the computer is started/re-started - while magicjack is loading and when I point the mouse to the Prevx3.0 icon in the tray, there is a msg like "infection found" --> when I click this message, Prevx 3.0 runs and after completing the scan it (Prevx 3.0) does not list any infections. Immediately I used MS Sec Ess and scanned the whole computer and it does not find any infections. Similarly the Ad-aware scan also does not find/list any infeections.

I am not sure if the Prevx 3.0 identification is genuine or not. But I wanted to be safe. Please help!!!!

A:PREVX 3.0 - MAGICJACK FILE - INFECTION FOUND - HELP!

PLEASE I NEED HELP !!!!!!

Read other 10 answers
RELEVANCY SCORE 34.8

Good EveningI did get some assistance on another forum and that person recomended a reformat. Before I go that route I would like a second opion.I have been hammered with a new Virtumonde File Infection. It has done the following- Caused crashes in Windows Explorer- Destroyed Norton AV (I have now installed AVG free addition which I think is better) - Killed WeatherWatcher.exe- Brought on multiple pop upsSince putting in AVG I seemed to have "contained" the issue for now... but before doing the reformat I wanted to see what other options I have..Below is my HJT log..... Thank You!!!! :-)=================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:04:32 AM, on 12/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Adobe\Ph... Read more

A:Virtumonde File Infection, Request Assistance

Hi Kentucky1986 sorry for the delay in answering your post.If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.Please let me know one way or another if help is still needed.ThanksStarbuck

Read other 3 answers
RELEVANCY SCORE 34.8

HiPlease could someone help with decrpting my files? How do I decrypt my file after infection  by CryptoLocker virus ? ThanksNelson

A:How do I decrypt my file after infection by CryptoLocker virus ?

The original Cryptolocker infection has been down for a while now and has not returned. There are several copycat and fake ransomware variants which use the CryptoLocker name but the infection is not the same.Are there any file extensions appended to your files...such as .ecc, .ezz, .exx, .xyz, .CTBL, .CTB2, .XTBL, .encrypted, .vault, .HA3, .toxcrypt or 6-7 length extension consisting of random characters?Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html, .txt, .png, .bmp, .url file.These are some examples.HELP_DECRYPT.TXT, HELP_DECRYPT.HTML, HELP_DECRYPT.URL, HELP_DECRYPT.PNGHELP_TO_DECRYPT_YOUR_FILES.bmp, HELP_TO_DECRYPT_YOUR_FILES.txt, HELP_RESTORE_FILES.txtHELP_TO_SAVE_FILES.txt, HELP_TO_SAVE_FILES.bmp, RECOVERY_KEY.txtDECRYPT_INSTRUCTION.TXT, DECRYPT_INSTRUCTION.HTML, DECRYPT_INSTRUCTION.URLAbout_FilesOnce you have identified which particular ransomware you are dealing with, I can direct you to the appropriate discussion topic for further assistance.

Read other 4 answers
RELEVANCY SCORE 34.8

Hi

I have just started to get a number of "trying to connect to internet" dialogue boxes popping up on my computer. I ran Spybot and it found the virtumonde.dll infections.
This infection is on my music workstation computer which is not connected up to the internet. I think that the infection came from some "free" software I downloaded onto my surfing the net computer. Feel like a fool now!
So after Googling around I found you guys and I am hoping that you can help me become clean again!

Thank you!

Dean
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:18:45, on 10/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk.Services.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk HF\Matrox.PowerDesk.Services.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\svchost.exe
C... Read more

Read other answers
RELEVANCY SCORE 34.8

My computer had it's hosts file hijacked recently. I managed to remove what had been added and locked it down with Spybots list.Since then my computer is randomly loosing it's internet connection- it's almost like the network card becomes disabled. It always shows up as numerous Perfdisk errors in Event Viewer around when it happens eg:Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0.For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.I'm also getting errors like these in Event Viewer:TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.It's also hanging sometimes when I shut the computer down...it starts shutting down then gets stuck on blue screen and just stays there. Have scanned with Malware Bytes, Vipre, Spybot etc but I'm just not sure if this is a virus or some hardware issue with the network cardMachine is running on XP

A:Possible infection, had hosts file hijacked recently

Ok have waited over a month on this, I still need help I think I am infected - should i post in the other forum or is someone still going to help me via this thread.

Read other 25 answers
RELEVANCY SCORE 34.8

Hello. I seem to have the Aurora/Nail infection. I was able to get rid of nail.exe but now there is a random .exe file that keeps renaming itself when I try to delete it. Help! Thanks!

[DSS main.txt]
Deckard's System Scanner v20071014.68
Run by Robert Buttle on 2008-06-04 18:04:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-04 22:04:44 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-04 13:57:44 UTC - RP3 - ComboFix created restore point
2: 2008-06-02 19:02:41 UTC - RP2 - Last known good configuration
1: 2008-06-02 19:02:25 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Robert Buttle.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:05, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDO... Read more

Read other answers
RELEVANCY SCORE 34.8

Hey all. I ran a routine scan the other day on avast and it gave me the error that C:\WINDOWS\winstart.bat file is offline and cannot be scanned. I had this happen before but never thought much of it, and never had any performance issues or anything. I decided to look that up on google and a couple places indicated this might be an issue. So I ran some other security scans. The full avast scan started finding a bunch of issues. And then yesterday I ran a scan on a-squared and although it usually just finds and quarantines a bunch of cookies, this time it found "Trojan.Win32.TDSS.axhq!A2" and quarantined it. And very suddenly the computer has started to freeze up and get a lot of page cannot be found messages on the internet. FYI, the source for the above trojan was in the installer for VLC Media player, which I updated the other day. Based on the avast findings the other day on a full scan, it seems like random .exe files are getting infected perhaps. I ran DDS but GMER would not complete-it froze after a few minutes each time. Can anyone help me still and direct me what to do next, or can this not be done until I get a successful GMER log?DDS (Ver_10-03-17.01) - NTFSx86 Run by Tom and Sarah at 2:39:23.40 on Tue 04/13/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2025 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B1... Read more

A:TDSS infection, I think. Also an offline-file in Avast

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 18 answers
RELEVANCY SCORE 34.8

im sure i am infected but cannot identify it.
symtoms;
i cannot install MBAM, i double click the install, hour glass comes but doesnt actually run.

i can and have installed Symantec Endpoint Protection 11.4. when attempting to run a full scan, it will scan the memory (active scan) but when it gets to actually doing a full scan on the Hard drive (C:) it stops and goes to "completed"

a check disk for my computer comes back with "check dissk was unable to start" but no option to schedule. same thing happens in safe mode
a check disk from the command prompt will not schedule.

i have removed the HDD and done a virus scan and a MBAM scan from another computer, that is with the hard drive connected to another computer but not booted from THAT hard drive. and have cleaned out many viuses this way but still something is in there

also SpybotSD will install, if you attempt to run it it shows in the Task manager/processes but does not appear
combofix will not install.

any ideas. is this a residual registry entry somewere.

i have also atered the registry to allow installs during save mode and still cannot install MBAM
and still no check disk will run or schedule even from safe mode

thanks

jon

A:some kind of infection/ file system lock?

If mbam won't installSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

Read other 3 answers
RELEVANCY SCORE 34.8

HiI'm having serious problems with my computer, to the point where when I start it up it just simply crashes everytime. I can only start it in safe mode, when it used to sort of work (probably when it was dying a slow death) it would usully say Dr watson debugger postmorterm error occured. I know think this uses normal windows prog to infect comp with acebot trojanAnyway I've run, spybot, spysweep, have killbox, but havn't used itHere's my hijack this log:Logfile of HijackThis v1.99.0Scan saved at 10:28:24 PM, on 9/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WISPTIS.EXEC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Telstra\Cable Login\bpcable.exeD:\HijackThis.exeC:\Documents and Settings\Simon\Desktop\HijackThis.exeO2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B... Read more

A:Hijack This Log File With Possible Acebot Trojan Infection

Hello Mr Grim and welcome to the BC HijackThis forum. Let's start by updating HijackThis.You are currently running an outdated version of HijackThis. Please click on the link below and download the most current version:HijackThis_sfx.exeDelete your current HijackThis.exe file and double-click on the file you just downloaded and then click on the Unzip button to install the newer version. It will be installed to the C:\Program Files\HijackThis\ directory by default.Also, it appears that this log was made while in Safe Mode. Since this can hide many of the running processes that might be causing problems I need you to do the following.Boot normally, start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.I will review your log when it comes in.DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTEROT

Read other 9 answers
RELEVANCY SCORE 34.8

Hi,
I've come home to visit family and have been conscripted into IT support duties.  My sisters computer was a total mess and I've done what I can to clean it up using various tools (cccleaner, malwarebytes, hitmanpro, eset antivirus, etc etc...) and there still seem to be some left overs that I can't handle -- so I'm here for help if you'd be so kind. 
 
I've attached a dds log for your review.
 
The single problem that remains (that i've noticed) is that the pc keeps trying to download a file and run it -- eset security always stops it and shows a warning message like this: http://i.imgur.com/tUnaQwo.png
 
excerpt from eset log;  
7/29/2014 12:08:21 PM HTTP filter file http://cdn.freetorrent.me/iris/DP1720.exe a variant of MSIL/Adware.Mrlmedia.A application connection terminated - quarantined Frucy-PC\Frank Threat was detected upon access to web by the application: C:\Users\Frank\AppData\Local\Temp\GPUpd53D7C6F12.exe.
 
i'm trying to figure out what's creating this exe file and causing it to run.
 
any help would be appreciated -- i come home once a year to visit and always get stuck doing family it services :/ 
 
Thanks!

A:unknown infection keeps triggering file download

update:
 
got on support with eset and they dug out some start up entries and registry entries that were triggering a file called "bp_upd".  this file was in a program folder called 'getprivate'.
 
now the problem seems to be fixed.

Read other 4 answers
RELEVANCY SCORE 34.8

Hi,Firstly to say that I'm running Windows XP SP2 with an up to date Norton Internet Security 2007.A couple of weeks ago I noticed in the Windows Task Manager that explorer.exe was using 99% of my CPU usage which was causing my computer to completely crash so I did a scan with Ad-Aware to see if I had some viruses or Trojans on my Desktop.It came back saying that I had Virtumonde and gave the file paths (included at the bottom of this post) which incidently were in the Explorer folder of the registry. Ad-Aware supposedly removed the infection but I continued to have problems so I did a full scan with Spybot, Spyware Terminator, Ad-Aware and Norton Anti Virus which all showed nothing.After finding this Forum I then used Vundo Fix which came back with 4 or 5 .dll files in the C:\Windows\System folder which it removed. I scanned the entire computer again with Vundo Fix to see if it was clean which it was and also scanned again with Norton, Ad-Aware, Spybot and Spyware Terminator. This came back clean with the exception of Spybot which said that Windows Security Centre was disabled so I clicked on "fix" to rectify that.So the computer came up clean and initially when using the Desktop for the first hour everything was fine but then explorer.exe starts using 99% of the CPU again. Scanned it all again as above and this time used the VirtumondeBeGone and it all came back clean again.Again for the first hour after all the scans everything is fine and then the expl... Read more

A:Virtumonde-vundo Infection-hijack This Log File

I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows:Logfile of Trend Micro HijackThis v2.0.2Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a ne... Read more

Read other 44 answers
RELEVANCY SCORE 34.8

Trend Micro threat analysts were alerted to the discovery of a not-so-common file infector. Unlike usual file infectors that only do simple modifications to the files they infect, PE_XPAJ.A does complex modifications to hide its malicious code...It uses a polymorphic-entry point obscuring (EPO)-cavity type of infection, which is capable of moving some of the host file?s codes to another location. The malware encrypts its signature in a different way every time it executes as well as the instructions for carrying...http://blog.trendmicro.com/file-infector-t...ion-up-a-notch/

Read other answers
RELEVANCY SCORE 34.4

First, hello to everyone, I'm new here. Hope you can help me. My problem started last night after watching an online movie stream (for hundredth time), at least I think so. Almost every directory I go to I can't access because it is "corrupted and unreadable", and every program that I try to run I get the same pop-up message in my right corner of the task bar. The message is:The file or directory ..... is corrupt and unreadable. Please run Chkdsk utility. (only difference between the messages is the directory shown in place where the dots stand in the last sentence). I can't use some of my programs any more (for example: Google Chrome and Reason) - I'm using Opera now and usually. Also I can't start my AVG antivirus program any more to try to scan for viruses. And the Chkdsk wont start in Run neither after the restart where it actually does start but can't do the scan because of a "software that i have installed recently" as it says on the screen.
Oh and i have left my computer on last night when I woke up today there was the blue screen on my monitor with an error message. I'm not completely sure but I think it said also something about Google Chromes corrupted file.

So I'm not sure but, maybe, i have collected some malicious program on the movie streaming sites in Chrome over the pop up shits. In Opera i have pop-ups disabled but since it has problems with flash and java sometimes i watch the online movies with Google Chrome where pop-ups pop up like... Read more

A:Infection: The file or directory ..... is corrupt and unreadable. Please run Chkdsk.

BUMP, please

Read other 1 answers