Over 1 million tech questions and answers.

Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Q: Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Camera Wizard not poping up after removing Total Security/Antivirus Pro_2010 I have a PC with Windows XP SP3 with Avast, SuperAnti-Spyware and MBAM while browsing I got a yellow virus warning (something win32 I believe) from Avast pop up near the bottom tray and within seconds the Total Security pop-ups started. My PC slowed to a stop so I rebooted and saw that Antivirus Pro_2010 had installed itself on my PC. All my Anti Virus programs would not start (ie MBAM) so I ended up following forums to end some processes, delete some .dll files that were known to be malicious and rename the .exe's to get Anti Virus programs to run. I installed and used AVG which found a couple things. Then I used ComboFix, and finally I got MBAM to run which found a good 40+ trojans etc. I believe I got the virus off but I tried to restore to before I got the virus but was unable to. I have since run scans with MBAM and SuperAnti-Spyware which have found nothing. Avast also finds nothing but it has a list of 44 files (mostly in WINDOWS\ folder with the last path part of file doubled) that it is unable to scan: because "The system cannot find the specified path". When I look on my C: drive and follow the file path, the second to last part is always missing (ie. WINDOWS\addins\addins) addins is not there. When I plug in my camera, the camera wizard does not pop up anymore as it use to before I had and removed the virus. I also saw on the unscanable list that there was a WINDOWS\Connection Wizard\Connection Wizard file that I'm assuming may be related? In the control panel there is nothing in the camera and scanners folder either. Please advise me on what actions I should take to fix these windows files and to make sure this rogue anti-virus is gone. Any help would be appreciated. Here is the full list of unscannable files below.

C:\\WINDOWS\$hf_mig$\KB947864\KB947864
C:\\WINDOWS\addins\addins
C:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15B.tmp\ZAP15B.tmp
C:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP238.tmp\ZAP238.tmp
C:\\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP263.tmp\ZAP263.tmp
C:\\WINDOWS\assembly\temp\temp
C:\\WINDOWS\assembly\tmp\tmp
C:\\WINDOWS\Config\Config
C:\\WINDOWS\Connection Wizard\Connection Wizard
C:\\WINDOWS\CSC\d1\d1
C:\\WINDOWS\CSC\d2\d2
C:\\WINDOWS\CSC\d3\d3
C:\\WINDOWS\CSC\d4\d4
C:\\WINDOWS\CSC\d5\d5
C:\\WINDOWS\CSC\d6\d6
C:\\WINDOWS\CSC\d7\d7
C:\\WINDOWS\CSC\d8\d8
C:\\WINDOWS\ime\imeip\applets\applets
C:\\WINDOWS\ime\imeip98\imeip98
C:\\WINDOWS\ime\imkr6_1\dicts\dicts
C:\\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C \3.2.30729\3.2.30729
C:\\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D176270F3\ 2.2.30729\2.2.30729
C:\\WINDOWS\java\classes\classes
C:\\WINDOWS\java\trustlib\trustlib
C:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\TemporaryASP.NET Files\Bind Logs\Bind Logs
C:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\TemporaryASP.NET Files\Temporary ASP.NET Files
C:\\WINDOWS\msapps\msinfo\msinfo
C:\\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
C:\\WINDOWS\pchealth\helpctr\BATCH\BATCH
C:\\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
C:\\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
C:\\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
C:\\WINDOWS\pchealth\helpctr\System\DFS\DFS
C:\\WINDOWS\pchealth\helpctr\System_OEM\System_OEM
C:\\WINDOWS\pchealth\helpctr\Temp\Temp
C:\\WINDOWS\Registration\CRMLog\CRMLog
C:\\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
C:\\WINDOWS\SoftwareDistribution\Download\355f788b6de8a3ec79e9aa172e6317f1\ backup\backup
C:\\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
C:\\WINDOWS\Sun\Java\Deployment\Deployment
C:\\WINDOWS\Temp\_avast4_\_avast4_
C:\\WINDOWS\WinSxS\InstallTemp\InstallTemp

RELEVANCY SCORE 200
Preferred Solution: Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Can someone please help me?

Read other 1 answers
RELEVANCY SCORE 129.2

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 124.8

So i tried to remove digital protection with malwarebyte, while I also had total vista security rogue anti virus as well. The problem was that total vista messed up some of my legit files so i deleted them such as a win32 file. After mawarebyte scan, I deleted some files, but then when i restarted my computer, I got some window saying i lost some data or something like that and windows will attempt to restore last date that my computer worked. So i let my computer restore my computer settings to an earlier date and then when I log back in, total vista and digital protection was removed?

I don't know if they are removed just from a system recovery, so i need some advice. After the recovery, I tried the instructions on deleting total vista, but when I renamed process explorer to iexplorer.exe, it doesn't open up, because my computer recognized it as illegal instructions.

EDIT:

So far i am having no pop ups of the rogue anti virus software, but are they hiding??

A:total vista rogue anti virus removed after windows recovery??!!!

Hi Vay,I would suspect that the malware is still there, but hasn't had a chance to run yet. Unfortunately, it will probably pop up some time in the near future. However, if you aren't currently having any symptoms, that makes it easier to do the common scans that will probably remove the rogue for you.Start off by using TFC by Old Timer which will clean out any temp files that might be left over from the pre-restore infection.Follow this guide here on how to remove Digital Protection.Then:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" t... Read more

Read other 7 answers
RELEVANCY SCORE 119.2

While running vista I had my pc taken over by a couple rogue anti-virus programs...so i finally made the jump to windows 7 and had been clean for a good 3 months. However yesterday i got hit with "anti-spyware soft." I cleaned it up today but I'm wondering whats the best way to prevent my pc from being hit with these rogue programs... I keep auto-update on, Adobe Reader & Java are both up-to-date (i think they seem to exploit Adobe somehow to infect pc's), I use AVG's free version & just added MalwareBytes too

In short, I was wondering if un-installing Internet Explorer would help since once the programs do find a way in they use IE to connect to the internet...

Any suggestions??????????? Thanks in advance.

A:How to Prevent Rogue Anti-Virus/Spyware Programs???

There's an add on for firefox 'Noscript' which can stop drive-by downloads, click jackings etchttps://addons.mozilla.org/en-US/firefox/addon/722/There's Host file protection, blocks access to dodgy sites http://www.mvps.org/winhelp2002/hosts.htmAnd also Web of trust, which gives an indication about the quality of the site you're about to visithttp://www.mywot.com/You say you have AVG anti virus, but do you have a firewall?

Read other 2 answers
RELEVANCY SCORE 118.4

Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean

A:Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windo... Read more

Read other 1 answers
RELEVANCY SCORE 118

i tried to follow the instructions you have for uninstalling "total security", but not only can i not use the task manager, but it willnot let me install the mcrosoft program process explorer that you recommend. this spyware lets me download, but not install. it says anything i try to install is infected. i have tried spybot search and destroy, but it will not let me even open the program. it says application cannot be executed the file SpybotSD.exe is infected please activate your antivirus software. Of course the spyware they want me to actiate is theirs. (fraudulent)

A:total security, rogue anti spyware program

Moving to the Am I Infected forum for you.

Read other 1 answers
RELEVANCY SCORE 117.6

I used malewarebytes to remove rogue antivirus and even upgraded to the full version to have monitoring. Seemed to remove rogue antivirus but am still having problems. Internet explorer will not open. I can connect to the internet thru Firefox but my guess is that I still have something to get rid of and need to fix explorer. Malewarebytes monitoring continues to block threats, for example:

23:37:48 Thomas IP-BLOCK 62.122.75.136 (Type: outgoing, Port: 49413, Process: svchost.exe)
23:37:48 Thomas IP-BLOCK 62.122.75.138 (Type: outgoing, Port: 49414, Process: svchost.exe)
23:47:01 Thomas IP-BLOCK 91.212.226.6 (Type: outgoing, Port: 49502, Process: svchost.exe)

Any help would be appreciated.

A:Used Malewarebytes to remove Rogue Anti virus - explorer will not open now

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 2 answers
RELEVANCY SCORE 116.8

Total Anti Malware Protection is a rogue security software which will report that malware has been detected on your computer in an attempt to scare you into buying this malicious software.
In reality, none of the reported issues are real, and are only used to scare you into buying Total Anti Malware Protection and stealing your personal financial information.

As part of its self-defense mechanism, Total Anti Malware Protection has installed a rootkit on your computer,which will disable the Windows Task Manager and will block you from running any program that could lead to its removal.

Total Anti Malware Protection is a scam and you should ignore any alerts that this malicious software might generate.
Under no circumstance should you buy this rogue security software as this could lead to identity theft,and if you have, you should contact your credit card company and dispute the charge stating that the program is a scam and a computer virus.
Removal instructions for Total Anti Malware Protection virus​This is a self-help guide, use at your own risk.
If you experience problems completing this guide, or the problem persists after following the instructions below or would like to have one of our staff members guide you through the process, please start a new thread in our Malware Removal Assistance forum.
STEP 1 : Start your computer in Safe Mode with Networking

Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.

Press and hold t... Read more

Read other answers
RELEVANCY SCORE 108.8

Over the last few days my pc has become unresponsive and has started messing about with progs (eg not allowing them to start up etc) and has been disabling my security programs.I must have downloaded a torrent or something with a virus in it but I am not very pc savvy ,your help is greatly appreciated.Many thanks-here is my hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 01:10:51, on 22/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE... Read more

A:PC messing with anti virus and security programs help please

Please close this post as I am receiving help on another site Thank you
 

Read other 1 answers
RELEVANCY SCORE 108.8

Hello, I consider myself a fairly advanced computer user, but I'm having an issue I'm 99% sure is MalWare related. My laptop freezes CONSTANTLY, sometimes out of nowhere, and sometimes when I walk away for 5 minutes. I have tried numerous times to run AVG, Ad-Aware SE, and both freeze shortly after the scan starts (also tried in SAFE MODE). Now sometimes I can browse the we for hours, but as soon as a start a scan, install, or update, these issues are more common. I am fairly confident that this is not a hardware issue, since I've ran advanced diagnostics on them all, including BIOS. I have a HiJack This Log, and help would be greatly appreciated!

HiJackThis.log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:22 AM, on 9/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDO... Read more

A:Unable to Run ANY Anti-Virus or Anti-Spyware programs, Comp freezes every 5 minutes.

BUMP!

--sorry, I'm desperate.
 

Read other 3 answers
RELEVANCY SCORE 108.8

My subscription for Macafee ran out and I never got around to downloading AVG or some other antivirus freeware on my netbook. I experienced some obvious signs of a virus/malware not long after (I would do a google search on Chrome and would get redirected to some very odd sites when I clicked on something safe-looking). So I attempted to download AVG and others with no luck. I then restored my system to an earlier date hoping this would be good enough to remove whatever virus/malware was affecting it. No such luck as I am still unable to download said freeware (although now I am able to surf the net with no issues). So, I happened across your lovely website and am crossing my fingers that you may be able to save the day!

Thanks so much for your time!

Here is the following info you request with each new post...
From Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:14 AM, on 11/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe... Read more

A:I cannot download anti-virus or anti-malware programs...(logs included)

I solved it.

Used ninite.com in safe mode to download AVG and Spybot. Rebooted. Ran both of them. Still couldn't download Malwarebytes. Ran online scanner from Microsoft. Rebooted. Was able to install Malwarebytes. Ran it. System is clean now.
 

Read other 1 answers
RELEVANCY SCORE 108.8

I recently downloaded PC Security Shield (supposedly a good anti virus program) and Spyware Terminator (antispyware) and noticed that their icons sometimes, do not show up in my system tray when I boot up. And it stays like that. I've had no icons for three days now...huh?

I've looked up this problem in the accompanying (Security Shield) help menu and it wasn't any help....but it basically states no icon = no protection....so what the bejeepers can I do to fix this problem?
 

A:Anti virus/anti spyware programs missing from system tray

Just a quick thought, go to start-up options and see if they are listed as due to run on start-up, if you have no suitable programme to view your start-up programmes go to run and type msconfig and check the start-up tab
 

Read other 2 answers
RELEVANCY SCORE 108.8

Please help. I am working on a network and need a corporate anti-virus program and anti-spyware programs? I know McAfee and Symantec offer something, but I know the personal editions I have had a less than nice experience. Any suggestions?

A:Need A Corporate Anti-virus Program And Anti-spyware Programs? Any Suggestions

Take a look at this Spysweeperhttp://www.webroot.com/enterprise/products/

Read other 4 answers
RELEVANCY SCORE 108.8

Good morning everyone,
Frequent visitor, first time poster of this forum. I want to thank anyone in advance for committing any amount of time to my problem. I'm hoping someone has some experience with this issue. Allow me to explain:

Yesterday, I woke-up my computer and opened up my browser (I use Google Chrome). As soon as I clicked to open the browser, I noticed a Windows Explorer Pop-up. I have attached a picture of what this box looks like, but to describe it for those who are not able to open the attachment: The windows header said "Mod Info" and the Content said "BC LOADED" the only available options for me to click were "OK" or the "Close" button at the top right. Without clicking anything the box then disappeared and Google Chrome opened as usual. This behavior was unexpected, I've never seen this before. Worrying I had some kind of Spyware or Malware, I decided to try running my AV program. I use Avast Free.

I went to look for the process in the hidden icons list on my taskbar, where it usually resides. I didn't see it there, which was concerning. I tried running the program from the start menu, but after clicking it, nothing opened. This was also a red flag that something must be wrong. So I decided to try and run Malwarebytes Anti-Malware. This program would also not open when prompted.

I decided to scan google for my symptoms to look for recommended fixes. Several tech support forums suggested to those who presented simil... Read more

Read other answers
RELEVANCY SCORE 108.8

Good morning everyone,
Frequent visitor, first time poster of this forum. I want to thank anyone in advance for committing any amount of time to my problem. I'm hoping someone has some experience with this issue. Allow me to explain:

Yesterday, I woke-up my computer and opened up my browser (I use Google Chrome). As soon as I clicked to open the browser, I noticed a Windows Explorer Pop-up. I have attached a picture of what this box looks like, but to describe it for those who are not able to open the attachment: The windows header said "Mod Info" and the Content said "BC LOADED" the only available options for me to click were "OK" or the "Close" button at the top right. Without clicking anything the box then disappeared and Google Chrome opened as usual. This behavior was unexpected, I've never seen this before. Worrying I had some kind of Spyware or Malware, I decided to try running my AV program. I use Avast Free.

I went to look for the process in the hidden icons list on my taskbar, where it usually resides. I didn't see it there, which was concerning. I tried running the program from the start menu, but after clicking it, nothing opened. This was also a red flag that something must be wrong. So I decided to try and run Malwarebytes Anti-Malware. This program would also not open when prompted.

I decided to scan google for my symptoms to look for recommended fixes. Several tech support forums suggested to those who presented simil... Read more

A:Anti-Virus/Anti-Malware Programs Blocked Even in Safe Mode

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

%temp%\dds.txt

A text file should open. Please copy/paste the contents of that file in your next reply.

------------------------------------------------------

Read other 14 answers
RELEVANCY SCORE 108.4

More specifically, the Awola virus, as it could be called. Simply put, it's a rogue anti-spyware program that managed to install itself (Imagine that), but the problem is, despite numerous attempts, I can not seem to get rid of it. I am getting a warning window in the lower-right hand side of my screen saying "Your computer is infected! Windows has detected spware infection. It is recommended to use special antispyware tools to prevent data loss..." and so on, yet the thing will never seem to go away, no matter how many times I close the window. Along with it, that boots itself is the actual rogue anti-virus program, Awola, providing false positives for viruses, and prompting me to buy the full version. On top of this, I believe this program may also be downloading other malware on to my computer, as well as hijacking my desktop background into a cheesy (and almost cute) little window, informing me my system is infected.

Anyway, here are my logs:




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
Percentage of Memory in Use: 44%
Phys... Read more

A:Can't remove malware via any reputable anti-virus programs.

Hi Darkmuffin,

Not a problem. This is going to take a few rounds to cleanup, so please stick with me until I say your system is clean.

--------------------------------------------------------------

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com...Fixwareout.exeSave it to your desktop and run it.
Click "Next", then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin: Please follow the prompts.
You will be asked to reboot your computer: Please do so.
Your system may take longer than usual to load and this is normal.
Once the desktop loads post the text that will open (report.txt)

--------------------------------------------------------------

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix
IMPORTANT: Make sure you install the Recovery Console before running ComboFix.

--------------------------------------------------------------

Please reply back with the following:

C:\fixwareout\report.txt
C:\ComboFix.txt

Read other 5 answers
RELEVANCY SCORE 108.4

i have uninstalled norton anti-virus 2008 from my computer however it is still coming up in the start menu and loading on startup. i am wondering how i can remove this and other things from my startup? i can not install any other anti-virus until this is removed.

note: i tried removing them from startup once and it keeps telling me i have put it in a specific startup mode. but when i change the mode it still does not work.

i also removed a instance of windows xp from the boot.ini section that i did not need and when i change the mode the other instace comes back up on reboot.
 

A:Solved: help! norton anti-virus 2008 cant remove wont let me install another anti-vir

Read other 9 answers
RELEVANCY SCORE 108.4

How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)





Quote:
If your PC is infected with the Win 7 Anti-Spyware 2011 malware or something similar, you?ve come to the right place, because we?re going to show you how to get rid of it, and free your PC from the awful clutches of this insidious malware (and many others)
Win 7 Anti-Spyware 2011 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, Security Tool, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.
This particular virus goes by a lot of names, including XP Antispyware, Win 7 Antispyware, Win 7 Internet Security 2011, Win 7 Guard, Win 7 Security, Vista Internet Security 2011, and many, many others. It?s all the same virus, but renames itself depending on your system and which strain you get infected with.


Source ...

A:How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)

Thanks for the information. I hope I never have to use it.

Read other 2 answers
RELEVANCY SCORE 108.4

Hello,

Firstly thank you for your help - I really do appreciate it.

My HpCompaq laptop is infected with a virus that is blocking multiple anti-spyware software, Vista updates, and even my Kaspersky anti-virus.

1) The virus does not allow me to access websites to download anti-spyware nor access the windows update site.

2) I have downloaded the following programs on another computer, burned on CD and run on my laptop:
- Malwarebytes Anti-Malware - Installed but does not run
- Spybot - Cannot install as access to the website is blocked during installation
- AVG Anti-Virus trial version - Cannot install due to 0x8007013d - Action failed for file avgmfx86.sys

3) I have managed to run CCleaner and clear out all the temp internet files

4) The HiJack This log reads:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:59, on 14/09/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 108

Sometime back I came across a list of recommended free Firewalls, Anti-Virus and Anti Spyware Programs in one of the BC forums, but I do not remember where I found it.  Would someone point me in the right direction? 
 
Thank you, I appreciate it.

A:List of Firewalls, Anti-Virus and Anti Spyware Programs

Greetings,
 
If this is what you're talking about...
 
Antivirus, Antimalware, And Antispyware Resources
 
Hope this helps!!!

Read other 5 answers
RELEVANCY SCORE 108

While attempting to install counterspy on a friends computer I got the message that says the system administrator has set policies that prevent this installation.I also tried malwarebytes and it refused to install.I'm logged in as the administrator.I also attempted to do a scan with AVG and it disabled itself.I tried an online scan at Trend Micro but I could not reach the website.The browser redirected me to some strange search engine.How should I go about stomping this thing out.

A:unable to install or run anti-virus anti-malware programs

Hi Defraggerman I suggest you post a HijackThis log for examination.A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.Read the Preparation Guide before posting a HijackThis Log.Please read, and follow, all directions carefullyRun a log, and post it in the HijackThis Logs and Analysis forum.Do not, post it in this topic.Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Read other 1 answers
RELEVANCY SCORE 108

I need some help with recent problems I've been having with my PC. There're pop-ups that keep coming back, and I don't know how to remove it. I've tried scanning with Ad-aware 2007, and I even used my CA anti-spyware and anti-virus but to no avail. So I tried manually removing it. I searched my PC for suspicious files. So I tried removing a bunch of files that may be malicious software like winctl.exe, and boat32. I found the instructions on removing them in this forums after searching for it in google. So I did that, but the pop-ups keep coming back. I tried using hijackthis, but I'm not sure which files to delete. I've tried fixing some files that I think are harmful, but it doesn't seem to help. Can you show me what to fix in my hijackthis log? The pop-ups are an advertisement on CiD something.

Oh, and I don't know why, but I when I check my task manager it says I have 2 iexplore.exe running when I don't coz I usually use firefox. When I end the processes they just come back. Can you help me? Thanks.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:55 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavas... Read more

A:Solved: Need help, pop-ups, Ad-aware, and CA anti virus/anti-spyware can't remove it.

Read other 16 answers
RELEVANCY SCORE 108

ok, i've got like an anti-virus, anti-malware, anti-spyware, and a hijack this. Should i like remove some of these programs? Cause i need the laptop to speed up. any suggestions?? thanks.
 

A:Anti-virus, antispyware,anti-malware, hijack this! should i remove some of them?

There is excellent support here on TechSpot for major infestations.
In the meantime, if you need free software, I would download Avira Antivir, SuperAntiSpyware, MalwareBytes, and the free Microsoft Security Essentials. Run full scans with each. If they find evil infestations, remove them, then reboot and rerun the scans one more time.
 

Read other 7 answers
RELEVANCY SCORE 107.6

Survey: What Anti-Virus, Anti-Malware, Web-Protection, Fully-Featured Suite would you consider to be the best when assessing it from a price per "quality/quantity of features" perspective?

(Consider that the user will be using it for a Windows 10 laptop and desktop, & a Windows 7 desktop -- more Win 7 and 10 systems if possible!)

Read other answers
RELEVANCY SCORE 107.6

i got a major problem....some what....my pc is a compaq desktop...with xp home on it...ok i downloaded the versions of various anti virus programs...Mcafee...trend Micro...AVG ..,,,etc..expecting good software...but in the end i uninstalled all of the above..or so i thought and installed ..just today...Symantec...which is doing its job.(all were subscribed to)
Here is the problem i went in to the security Center...and looked to see if i was protected...and saw this......."Windows found more than one antivirus program on this computer and at least one reports it is currently up-to-date and virus scanning is on..."Ok when i first installed the last program my firewall cut off and showed a message saying ur AVG firewall is not on ..click this ballon to turn it back on.....guessing the language but u get the gist.... u saw the message above....,now
My question is this..
1... none of the antivirus programs are listed in add/remove programs
2.. none are listed in documents....
3...none are listed in my C: programs folder nor are they in common files...i have searched with search ..by clicking "all files and folders" nope aint there either...
where are they and how do i get rid of these antivirus programs....i have downloaded various programs to locate them none have so far...
HELP
 

A:Solved: too many anti virus programs...security center....

Read other 9 answers
RELEVANCY SCORE 107.2

Hi Sevenforums members.
I think that many problems can arise with the removal of anti-virus on their computers. Here is a selection of programs and instructions to uninstall antivirus software. I would be very glad if you add new links.
Agnitum Outpost Сlean
Cleaner32
Cleaner64
Manual
Avira Uninstall Tools
Utility to clean the registry after uninstalling Avira products/ WARNING! Is not the main tool for removal.
Avira AntiVir RegistryCleaner
Avira Software manual
Manual
avast! - Alwil Software Uninstall Utility
aswClear5
aswClear
Manual
AVG Software Remover Utility
AVG Remover x32
AVG Remover x64
AVG Identity Protection Remover
BitDefender Uninstall Tool
Uninstall Tool
Manual
Comodo Uninstall Tool
CIS Clean-up Tool
CIS Clean-up Tool (Mirror)
Manual
Dr.Web Anti-virus Remover
Emergency tool designed to remove the "remnants" of incorrect / damaged installations of software Dr.Web for Windows versions 4.33, 4.44, 5.0, 6.0 and client-side Dr.Web Enterprise Suite versions of the same in those cases where the application of established means of disposal is not available or does not work. Utility is not intended to be used as the primary means of standard uninstall software Dr.Web
DRW Remover.exe
F-Secure Uninstallation Tool
Remover
Manual
Kaspersky Lab products
Remover
How to uninstall Kaspersky Internet Security 2010
How to uninstall Kaspersky Internet Security 2011
McAfee Cleanup
Remover
Manual
Symantec: Norton Removal Tool
Down... Read more

A:Instructions and tools to remove residual anti-virus programs

AV Uninstallers

Read other 2 answers
RELEVANCY SCORE 105.6

Hi everyone,

I have a friend wanting me to help with her computer. She runs an old Windows 98 machine that has become infested with spyware and viruses.

Webpages keep being redirected to bizrate and bizoffers and any attempt to download software such as Ad-Aware or Spybot are being denied by Bad Gateway errors.

She can't download Hijack This or do any online virus scans because she's blocked from doing so by the spyware.

Would installing the MVPS Hosts file prevent the spyware from blocking access to these sites so that we can help her?

Please help.

Thanks.

A:Can't download anti-spyware programs or anti-virus programs

It would definately be a start. Also try this:

Right click on this link http://www.greyknight17.com/spy/DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Next thing to try, is go into Add/Remove and check for the following programs. If you struggle removing, you can reboot to Safe Mode and try again.

180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
Internet Optimizer
ISTbar
ISTSvc
MaxiFiles
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
SurfSideKick
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows AdStatus
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update... Read more

Read other 15 answers
RELEVANCY SCORE 103.6

I am using Windows 7 64-bit Home.

Ok so today AVG 9 popped up telling me that it had detected some trojans in my temp internet files, I used AVG to remove them. After a few minutes an rogue anti virus program that looked similar to AntiVirus Live popped up telling me i had infections.

These viruses had disabled my internet, closed any exes I tried to run and closed down task manager. I was unable to use AVG to remove it so I booted into Safe-Mode with Networking and scanned with Malwarebytes' Anti-Malware.

This is it's log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4500

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

29/08/2010 5:35:13 PM
mbam-log-2010-08-29 (17-35-13).txt

Scan type: Full scan (C:\|I:\|)
Objects scanned: 327696
Time elapsed: 39 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fcuje (Trojan.Hiloti.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsacazobifuyiwo (Trojan.Hiloti) -> No action taken.
HKEY_CURRENT_USE... Read more

A:Rogue Anti-Virus Help

Open HijackThis by right clicking on it, and selecting Run As Administrator.

Click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Close HijackThis now.

---------------------------------------------------------------------------------------------

Check for malicious proxies


*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and "Bypass proxy server for local addresses" or reconfigure the Proxy server again in case you have set it previously.

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.


---------------------------------------------------------------------------------------------

Download OTL to your desktop.

Right click on the icon and select Run As Administrator to start the tool.Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created, OTL.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Read other 14 answers
RELEVANCY SCORE 103.6

i have a PC with a rogue anti-virus. keeps running a bogus scan titled "anti-virus scan protecting every second" and i can't run any programs, it claims they're all infected. the PC is running Avast anti-virus & Spybot S&D only, neither of which will run. booting in safe mode i was able to run DDS.scr which i was not able to run in normal windows mode whereas i couldn't run the GMER rootkit scanner in safe mode because i could not save the ark.txt file because the resolution in safe mode which i can't change it seems wouldn't allow me to access the save button on the GMER rootkit scanner program, which was off the screen. Booting the PC in normal windows mode i was able to run the GMER rootkit scanner immediately on startup of the windows desktop before the rogue anti-virus could start up its scan & numerous warnings and security alerts. these are my logs, i hope they're what you need, your help is greatly appreciated

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Owner at 23:19:18.70 on 03/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.589 [GMT 0:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fi... Read more

A:rogue anti-virus

Hello and welcome to TSF. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------


Refer to the ComboFix User's Guide

Download ComboFix from one of these locations, but do not run it yet.

Link 1
Link 2

Disable your AntiVirus and AntiSpyware applica... Read more

Read other 19 answers
RELEVANCY SCORE 103.2

Hello all! I am posting on the site, I am sure this topic will be bumped to another location. I have been hit by the XP TOTAL SECURIRTY 2011 rogue virus. I have gone between safemode with networking, to normal boot. Have run Malwarebytes multiple times, each time it finds 9 infected files. i quarantine them, go to reboot in normal operation - now my executables won't load. I then go back in to safemode, and safemode is infected now. attempting to run combifix from reading a post from m0le. any other suggestions?
@10:45pm, attempting to disable AVG so I can attempt to run combifix.. but no luck.

@11:30 pm, followed the prep guide. will post tomorrow my logs.

A:XP Total Security/ Rogue virus

Hi,
I may not be an expert as the others but I can give you some suggestions.
I'm assuming you have Windows XP.
Did you follow this step here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
As for the .exe issue you had, you may try to download this fix found here: http://www.dougknox.com/xp/file_assoc.htm

Read other 2 answers
RELEVANCY SCORE 102.4

Somehow an antivirus company Called "Anti Virus Protection" uninvitingly downloaded its antivirus program on my computer. Since then I haven't been able to do anything on my computer. I can't get on the internet, I can't open up my antivirus program to erase it.I can't open up anything. When I try to this rogue antivrus pops up saying the file is infected and it wants me to purchase its' antivirus software. I've tried to use system restore to cancel it out but this thing won't allow it to run. Is there any help available with removing this virus from my computer. I sure would appreciate it.
Thanks James

A:Rogue Anti virus Protection

Hi ja0612, to BleepingComputer.Sorry for the delay. If you're still having problems, try following the Remove Antivirus Protection Uninstall instructions.

Read other 1 answers
RELEVANCY SCORE 102.4

hello

A program called personal antivirus found its way onto my laptop and I can not remove it, I actually can not find the program which leads me to believe it is evil in some way

I ran malwarebyets and it removed some bits bu it is still on and shwoing annoying pop ups

any help would be great thanks

Read other answers
RELEVANCY SCORE 102.4

I have been battling a rogue Anti-Virus app problem for a couple of days. If I attempt to run an anti-spyware application, Malwarebytes, SuperAntiSpyware, etc., I can see something being identified, but before the scan can complete, the application is closed. Usually, if I try to re-run the application, I get the message that "Windows cannot access the specified device, path, or file, You may not have sufficient permissions to access the item." I have tried booting to safe mode, safe mode with command prompt, even removed the drive from the machine, put in another machine and scanned, with little success. I no longer get the Anti Virus 2010 application popping up (or the associated desktop links it so nicely put for me to porntube and other porn sites), but still cannot scan my machine.

I tried to run the GMER app, but after it tells me that a rootkit has been found, and I try to run the subsequent scan with all results, it gets shut down. I run Trend Micro OfficeScan and did an unload prior to running the scan, but see it still is listed as enabled.

Any help would be greatly appreciated!

Brian

Here is the content of the dds.txt file:


DDS (Ver_10-10-10.03) - NTFSx86
Run by administrator at 13:30:37.12 on Mon 10/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.997 [GMT -5:00]
AV: Smart Security *On-access scanning enabled* (Updated) {05BA319B-A905-4E39-8A4A-DFECB6759CB4}
AV: Trend Micro OfficeScan... Read more

A:Rogue Anti-Virus App problem

Hello, and Welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 14 answers
RELEVANCY SCORE 102.4

My main computer has been taken over by viruses and spyware. My main concern right now is a rogue antivirus program which cannot be uninstalled. It is called "System Security" Some screen shots of it are available here... http://www.bleepingcomputer.com/malware-removal/remove-system-security This is a log of how to remove it but it did not work.

Here is a HJL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:07 AM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo... Read more

Read other answers
RELEVANCY SCORE 102.4

...And I'm infected. What do I do? :-)

Dell Inspiron 5150 (I believe), Windows XP
Don't have computer on me, but can check on Service Pack, updates, etc. if needed
As far as I remember, here's what happened:

This whole thing began with a few warnings from Avast of a virus. I chose. to "Delete" them. ...Wasn't too concerned.

A rogue anti-virus program and popups began taking over my computer

I tried to kill some processes but they kept coming back. One of them was ave.exe

Initially had trouble running anti-virus software.

Was eventually able to Run Malware Bytes. It found quite a few viruses, said the problem would be fixed after restart - not the case
Ran Malware Bytes AGAIN (twice) in Safe Mode without Networking - again said the problems would be fixed after restart - did not work

Ran avast which found them and eventually ran a scan prior to boot - this seemed to have worked, but the viruses came back
Spouse did the same thing - viruses seemed to disappear for a time, but came back after periods of internet use.

Cleaned Temp files, etc.

Prior to the latest "removals," you would click on a link in Google and be sent to a completely different (but legitimate LOOKING) page from what you clicked on.

Now the computer takes at least 15 mins to even boot up, constantly freezes, won't load programs, and programs disappear from the start bar upon minimizing. And our sound has been killed.

Malware Bytes and Avast both continue to ... Read more

A:Rootkit? Rogue Anti-Virus

Hi,Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.-- If you encounter any problems, try running GMER in safe mode.-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side ... Read more

Read other 1 answers
RELEVANCY SCORE 102.4

Red Cross Anti-Virus is the program that comes on at startup in place of explorer.exe.

It disables:
Task Manager
and
Explorer.exe

in both windows and Safe mode.

Cannot access the registry to reset the startup shell to explorer. Cannot get into msconfig to remove red cross or cannot install ccleaner to edit startup items either.

Tried Running ERD Commander but it wont pick up the c:\ drive to edit it.


I would prefer not to reformat anyone got any ideas.

would pulling the drive and running it in another pc as a slave and running malwarebytes fix it?

A:Rogue Anti-virus removal help

Hi

Try the following:

First > reboot > tap F8 upon start up repeatedly until an options menu appears > arrow up to "Last Known Good Configuration" > OK

can you now run the diagnostic tools?

If not work your way through the following,

if one step doesn't work > move on to the next.



Open a run box (windows key + R) > copy/paste the following command into the run box > OK


Code:
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t Reg_dword /d 0 /f
This should enable your Task Manager.

Re-run this command as often as you need to if the malware disables it again.

This should enable your task manager for you:

Next go into task manger and end process on any of the following processes if you find them:

smss32.exe
winlogon32.exe
winupdate86.exe
msa.exe
a.exe
b.exe
c.exe
notepad.exe
41.exe
logon.exe
critical_warning.html
lsm32.sys
opeia.exe
IS2010.exe
xxxsysguard.exe
uberewstssd

Let me know if there are other strangely named pocesses running

then run the following:

Click Start >Run type notepad into the run box click OK
Click Format and make certain that Word Wrap is NOT checked.

Copy the text inside of the code box, Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Now paste the copied text into the open notepad, press CTRL+V (or right click and choose 'paste')

Note: There must be NO blan... Read more

Read other 6 answers
RELEVANCY SCORE 102.4

I am continually receiving the message "Your computer is infected. Windows has detected spyware and will now downloadand and install the most up-to-date antispyware for you. Click here to protect your computer from spyware".

Please help! I have no idea how to remove the icon (red circle with white x) in notification or how to remove/correct the problem. Any help is greatly appreciated.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Mom at 17:39:40.43 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.319 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Wizet\MapleStory\npkcmsvc.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Pro... Read more

A:Removing Rogue Anti-Virus

hi Lakota,

Sorry for delay, no shortage of posters. Your log is several days old. If you still need help reply to my post.

Read other 1 answers
RELEVANCY SCORE 101.2

A while ago I had a virus but got rid of it with malwarebytes. However ever since iexplore.exe opens in my task manager but IE never shows up (I always use Firefox). So anyway I also get the BSOD with the message "IRQL is less than or equal". So in trying to find out if I still had a virus I ended up downloaded some other malware fix that contained viruses. I have run several legit programs like Mbam and Norman malware cleaner and they find a bunch of different worms, trojans, and rogue anti-virus files and delete them but when I reboot they are back again. Just not sure what else I can do so I'm here for help! Here's the DDS text and I've attached the other file. Thanks!
DDS (Ver_09-06-26.01) - NTFSx86
Run by John at 18:34:07.43 on Tue 07/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1982.1352 [GMT -4:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\P... Read more

A:worms, trojans, rogue anti-virus - oh my!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 101.2

As I am writing this I am fending off repeated warnings about spyware and viruses on my computer. There is a program calling itself Digital Protection, which I don't think is legitimate. I am being constantly told that I must sign up today for the program, as it is just a trial version. Also I constantly get messages popping up, such as:

- a warning about being infected with PDM.Keylogger
- Danger, I am infected with harmful viruses
- system files are damaged-please restart as soon as possible
- Windows Security Center says virus protection not found
- Warning-network attack detected
- Network intrusion detected-your computer is being attacked from a remote computer

I have Windows XP. I have run scans both with Stopzilla and Spybot S&D. Stopzilla initially found a couple of bad actors, which it removed. It now only finds cookies, but problems still exist. I also have Symantec AV, but Windows Security Center keeps telling me I have no AV coverage.

Any help sorting out this mess would be most welcome.

Thanks. The DDS.txt scan is below and the attach.txt and ark.txt has been uploaded as requested.


DDS (Ver_10-03-17.01) - NTFSx86
Run by QUINN at 1548.03 on Sun 04/11/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1024.168 [GMT -4:00]

AV: Digital Protection *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============
... Read more

A:Possible Rogue Anti-Virus/Malware Program

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 19 answers
RELEVANCY SCORE 101.2

Hello.

I'm running XP SP2 and I have a problem very similar to the July 18 post by Dit but have been able to make even less progress than he.

It started when Firefox issued a message that it needed to download a new codec and I was foolish enough to do so.

Immediately, I received a slew of pop-ups warning me of infection and providing access to a fix along with a red desktop warning of privacy being compromised with a button promising protection.

Adware Away seems to have cleaned up these sypmtoms, at least superficially.

Remaining symptoms:

A) VIRUS ALERT! displays next to my system time in the status bar and in the properties windows next to created/modified dates there.

My C drive doesn't display in folder view unless I specifically key it into the address bar. My control panel doesn't display in folder view either.

C) My Start menu doesn't have a Run entry or anything on the right half of the split screen except Set Program Access & Defaults and Printers and Faxes.

D) Limited Internet: Can't launch Firefox or IE but can connect with Yahoo Messenger. Bought McCafee thinking it would fix this but can't install it since it needs the internet. Using a flash drive to move downloads to my infected computer from another.

E) Window-E key combo is being intercepted and instead of opening a directory window displays a msg saying "This operation has been cancelled due to restrictions in effect on this computer."

F) After a ... Read more

A:Rogue Anti-virus Malware & Something Else Crippling My Xp

Try renaming mbam-setup.exe to something else, such as abcde.bat.

Read other 4 answers
RELEVANCY SCORE 101.2

I got hit with Windows 7 recovery virus yesterday morning. I used mbam.exe to remove most of it and then followed some instructions to manually remove entries left behind in registry.I was able to get to my desktop and view my icons however my programs in my All Programs list appear to say "empty" when i click on the folder associated with the program. I ran unhide.exe several times to no avail. So now Im here hoping that someone here can help out. I read someone elses post that was similar and I saw that they had him run and post his log for systemlook. I will post it here, I also ran the defogger.exe, I will post that as well.Win7 Professional 64 bitdefogger_disable by jpshortstuff (23.02.10.1)Log created at 20:17 on 01/06/2011 (gcooper)Checking for autostart values...HKCU\~\Run values retrieved.HKLM\~\Run values retrieved.Checking for services/drivers...SPTD -> Disabled (Service running -> reboot required)-=E.O.F=-SystemLook 04.09.10 by jpshortstuffLog created at 19:51 on 01/06/2011 by gcooperAdministrator - Elevation successful========== dir ==========C:\Users\gcooper\AppData\Local\Temp\smtmp - Parameters: "/s"---Files---None found.C:\Users\gcooper\AppData\Local\Temp\smtmp\1 d------ [16:49 31/05/2011]C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs d------ [16:49 31/05/2011]C:\Users\gcooper\AppData\L... Read more

A:rogue anti-virus Windows 7 Recovery

just a test

Read other 1 answers
RELEVANCY SCORE 101.2

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at ... Read more

A:XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 17 answers
RELEVANCY SCORE 100.4

I won't provide the links for you, because "Unwitting folks will click on the links."-by Orange Blossom. A new rogue anti-virus called VirusMelt has infected my gf's computer! Please do a study on it! If you want me to provide the link (you admins,) I will do. Its obvious.

{repair title~~boopme}

A:Warning. New rogue anti-virus! Admin read this!

Batch virus "MeLT" * Creates the hidden file "MELT_2A" in the temp directory * Infects files in the current, parent and all path directories * Infects one batch per run if less than ten infected files encountered * After detecting ten infected files it displays a graphics screen effect * Adds one line before the host batch and appends the rest * Will not run if attached to AUTOEXEC.BAT (but infects it)This batch virus is much more advanced. It takes control from the host immediately, runs the virus then runs the host batch. The host is run in such a way as to disable the virus until the host is completely finished to avoid slowing down batch files that call themselves in a loop. Simple appenders are very obvious when on such files, but this one causes no significant speed loss except at startup. This virus carries a harmless payload which is assembled with the debug command - it 'melts' the screen in a flash of color then returns it to normal before running the host.vx.netlux.org

Read other 4 answers
RELEVANCY SCORE 100.4

Hello,
 
Windows XP3 running slow and programs loading including net slow.
 
I was trying to run MWB with chameleon. Chameleon was able to update the definitions but after update showed error that file corrupt and need to download/reinstall. I tried again, and same message.
 
I then ran the RogueKiller V8.5.2. I know the version looks to be a bit out of date, but this is all I had at the time. Needing to use another system for now.
 
The RogueKiller V8.5.2 found items in the registy and many items in the drivers section. Funny that the entire list in the drivers section did not populate. I remember seeing at least 20 listed.
 
For good measure I also include a OTL Report below. I should point out that I did not remove any items in the RogueKiller log. I will wait for your help.
 
Ah, the ESET online scanner you will see in the log was from a long ago scan - nothing that has been used in a very long time. We now use the Avast but did not run. Looks to be disabled.
 
I thank you for taking time to help.
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 03/08/2014 14:23:19
| ARK || FAK || MBR |
¤&... Read more

A:Items in Registry Entries - [ ROGUE ST] - can not run MWB, Anti-virus,

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 43 answers
RELEVANCY SCORE 100.4

My operating system is Windows XP Home and Professional. I accessed the wireless internet wirelessly, using Verizon's wireless. I got a message on my computer stating that I was being infected and asking me if I wanted some free software to remove it. I clicked Yes. Then it said the infected files were too bad and I needed to purchase a program, to which I declined. Then soft porn started popping up on the computer. After the porn evolved into hardcore porn, I tried three different times to shut the computer off. Finally it shut down. Now when I returned to the computer, it will turn on and that rogue offer to sell me software is still there, but I cannot log on wirelessly anymore as I keep getting the message that my Verizon Access software is infected. I am sending this message from a computer at the public library where I can recieve email at removed to protect from spambots i AM AFRAID TO TURN MY COMPUTER BACK ON BECAUSE i AM AFRAID IT WILL MAKE THE PROBLEM WORSE. Please send me an email to tell me what to do next. I will be checking my email at the public library for your messages. If you are willing to call me, please do so. I live in the Removed and my telephone number is removed to protect member.Thank you very much, Mary Rose Anderson

A:Infected due to acceptance of Rogue Anti-Virus Software

Hello and welcome Mary Rose. I n the future you should not post email or home addresses,telephone numbers etc.... on forums. There are many automatic tools roving the web (Bots)searhing for just those things to harvest and send you Spam.I think you have one of these type of infections "Rouge Malware"Please follow our Removal Guide here Remove Data Protection (Uninstall Guide) You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 100.4

Hi, machine got infected by Windows PC Defender a couple of days ago. I have run super antispyware, Malwarebytes and spybot S&D. All fo whcih found infections and cleaned them but my system is still not running correctly. Taskmanager will not run however i try to launch it and ctrl - alt - del does not work. Write access has been denied to my host file according to Hijack this and when I browse to it the only file in that location is called "newhosts" Below is my Hijack this logfile, any help with this would be gratefully recieved.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:46, on 05/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\... Read more

Read other answers