Over 1 million tech questions and answers.

Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

Q: Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

The System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64.

ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:

The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7!

1. System Fix Virus (the first virus that affected my Windows system, 2 days ago.)
2. Privacy Protection Virus (behaves almost exactly like the aforementioned virus)
3. Google-Redirect Malware (redirects all my searches to this site: 63.209.69.107)

Thanks in advance to ANY users for helping me and others with this malware/virus problem: I understand and read the previous pinned-thread about the revelant malware/virus issue that Windows-users solved with the programs I've been unable to install on my system. The aforementioned malware/viruses began to infect my PC on December 14, 2011 (since that day, I haven't found a single anti-virus program that can detect the Google-redirect malware/virus on my system).

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 190.4

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\sy... Read more

A:"Your System Is Infected" Background + "Internet Security 2010" virus/malware problem

Hi and welcome to TSF.

I'm afraid HijackThis no longer provides the information we require.

We want all our members to perform the steps outlined in the link given below, as far as they possibly can, before posting for assistance.

http://www.techsupportforum.com/f50/...lp-305963.html

If you have problems with any of the steps, simply move on to the next one and make a note of the problem in your reply.

Please note that the Security Forum is always busy, so I would ask for your patience while waiting for a reply - it may take a few days.

This thread will now be closed.

Read other 1 answers
RELEVANCY SCORE 190.4

Got my computer back today (Windows XP), and my background is now all green with a black box in the middle saying "Your System Is Infected...etc"

Also a red circle with a white X in the task bar

I can't open the task manager

Can Anyone Help???...

Downloaded HiJackThis

My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:51 AM, on 12/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\i... Read more

Read other answers
RELEVANCY SCORE 173.2

I think I am infected with Malware, Spyware, or some type of virus. My desktop background has become a bright red screen with a toxic symbol on it and underneath it, it says "Your Privacy Is In Danger!" On the bottom right, in the taskbar, right next to the time and date, it says "Virus Alert!" My computer is also attempting to run anti-Spyware programs all by itself, opening browsers with websites to Spy programs and pop-ups warning me of possible hackers. Below is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36: VIRUS ALERT!, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched... Read more

Read other answers
RELEVANCY SCORE 169.2

my computer was hijacked by "support tool" a so called virus protection hijacker. i'm in safe mode with networking now & attached you see my hjt log file. help please. THanks!

actually, i'm on a different computer. it has windows xp home ed. & its a dell inspiron 530S

also, in trying to fix the problem initially, my wife deleted the file "rundll32" beacause the virus stated that had a virus error. so this file may be missing as well & we may need to replace it.
 

A:Computer Hijacked by "Support Tool" "Virus Protection" Prog

I posted this yesterday to get help for a "Support Tool" hijack on a computer. Please help. Log file attached. Thanks.
 

Read other 3 answers
RELEVANCY SCORE 167.6

I am infected with this crap and have used the following tools to try to get rid of it:
Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor.

Not sure if it's related, but my DISPLAY is locked at 640 X 480.

Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files.

Here's my extra.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB
Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled... Read more

A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

Read other 14 answers
RELEVANCY SCORE 165.2

Hey everyone,
        I am trying to get the REST queries to work with the sharepoint end points instead of graph end points. I first created an app with relevant permissions and have given it the admin consent. Then I am hitting the https://login.microsoftonline.com/<tenant>.onmicrosoft.com/oauth2/token?Content-Type=application/x-www-form-urlencoded end
point with https://<tenant>.sharepoint.com as resource. I am then using the access token retrieved to give the rest call to https://<tenant>.sharepoint.com/_api/v2.0/drives/b!3indYSbqZ0-hVSPnCgIZy-2xDMh7jH9AuQnEzJMc6TEfQoSJvJT-R6tT0lFBQiPr/root/delta
but it is failing with "error":{"code":"generalException","message":"General exception while processing"}}. The REST response code is 401 Unauthorized. I have filed a Microsoft support ticket but they
have asked me to post on these forms. Can someone please help me with this? I am not able to move forward because the error is pretty generic and doesn't give any additional details.
Thanks,
Sai Kiran Katuri.

Read other answers
RELEVANCY SCORE 163.6

virus.. popup "Malware Wipe" "the spy guard" and alot of commercials like porn poker and more crap..
this is what I get when I start internetexplorer
Recommended Anti-Spyware Software: Pest Trap, Malware Wipe, Spy Guard Internet Security

TOP RATED
Pest Trap
Most popular spyware/adware cleaner software all over the world. Cleans all known viruses and worms.

Visit Website Free Scan
Malware Wipe
Became one of the most popular programs very fast. It`s really easy to use and at the same time very effective.

Visit Website Free Scan
The Spy Guard
Developed as the most efficient spyware cleaner with realtime protection.

Visit Website Free Scan
Brave Sentry
Award-winning spyware removal utility that will help you fighting all kinds of spyware including keyloggers, trojans and password thieves.

Visit Website Free Scan
AD Protect
World's leading software application that checks, protects and re-checks spyware and spam vulnerability in your home computer.

Visit Website Free Scan

WARNING! YOUR SYSTEM IS VULNERABLE TO HACKERS' ATTACKS AND BREAKDOWNS!
Attention! Your system is currently exposed. Any remote computer can easily browse following folders and files on your computer:
- \Windows\System32
- \Program Files\Internet Explorer
- \My Documents
- Drive C:\ files
Click here to download official intrusion detection system (IDS software)
YOUR PRIVATE INFORMATION IS IN OPEN ACCESS TO OTHER COMPUTERS
Your... Read more

A:Solved: virus.. popup "Malware Wipe" "the spy guard" and alot of commercials

Read other 14 answers
RELEVANCY SCORE 162

Hi i have the "your pivacy is in danger" red screen virus that appears to have infected many othe users.
Similarly i have limited acces to my computer, have numerous popups and am generally frustrated.
I have posted my hijackthis log below

Really hope someone can help.

Regards

James
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 19:05: VIRUS ALERT!, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0... Read more

A:Solved: "Your Privacy is in danger" Virus has infected my computer

Read other 13 answers
RELEVANCY SCORE 160.8

hi every body
My PC has lots of files called "Thumbs.db" & "System volume information" in all its drives.I cant delete these files and I think the cause of shutting my pc down automatically and showing blue screen is these files.the operating system is win xp/sp2.
I don't know what to do with these and what anti virus will delete them.please help me.
thanks
 

Read other answers
RELEVANCY SCORE 160.8

After privacy protection installed itself I no longer have a desktop. The task bar is still on the screen as well as the start menu. But when I click on the start menu there is nothing on it. The only programs that are running are " privacy protection", "windows security center", and "XP anti-virus 2012". All three of these are running completely by themselves and I never installed or downloaded any of them. I cannot get on the internet or do anything with my computer. I know that privacy protection and XP anti-virus 2012 are fake virus protection but when my computer was still somewhat functional, these programs did not allow me to run anything which made it hard to fight it off. I have some really important stuff on my computer and I would hate to lose it all.
 

Read other answers
RELEVANCY SCORE 157.6

About a month ago Computer Associates' internet security suite (free through my ISP) told me it couldn't update. Tried a couple of things and gave up. Uninstalled CA and installed AVG Free. Same thing. AVG Free can't update. Today I got a message "attention...trojan spm/lx...etc." with a prompt for a web page, but instead I closed the window from the top right corner. Today I also got a background on my desktop that said "your system is infected, system has been stopped due to a serious malfunction".

I started through some of the threads on this site, and was looking at a promising thread (855938-trojan-spm-lx-infection..) that cybertech posted and instructing kramer8886 to run malwarebytes. I installed malwarebytes and it opens but self closes in a matter of seconds (regardless if I hit quick scan or not).

Some additional symptoms:
1. Can't open computer in Safe Mode
2. Can't use "run" from start menu
3. Can't use volume on computer
4. Malware is redirecting my url choice to its own choices

This is the first virus that I can't seem to deal with myself. Any help is appreciated
 

A:Malware indicates "trojan spm/lx" and "your system is infected"

Windows XP operating system
It has also disabled my Task Manager and is currently running something in the background
 

Read other 2 answers
RELEVANCY SCORE 154.4

Thanks in advance to the BleepingComputer users for helping me and others with this malware/virus problem: On December 14, 2011, the System Fix Virus & Privacy Protection Virus hijacked and infected my system: WinXP (64-bit). They've caused my default web browser to change frequently (each time I reboot my PC). So I've been having trouble getting rid of all of this malware/viruses from my system, since I use Windows XP x64. The latest version(s) of ComboFix and TDSSKiller don't work on the 64-bit version of Windows XP, but they are compatible with other versions of Windows: 98, XP, VISTA, 2000, 2003, 2008 and Windows 7! The following programs were made for other operating systems, so I need a solution to these 3 problems (listed below)e: ComboFix.exe and TDSSKiller.exe are not compatible with my Windows XP 64-bit system. So how do I get rid of the malware/viruses from this computer without those apps that were made to get rid of the following problems on other Windows OS's?:1. System Fix Virus (reference: http://www.bleepingcomputer.com/forums/topic432547.html)2. Privacy Protection Virus (reference: http://www.bleepingcomputer.com/forums/topic432664.html)3. Google-Redirect Malware (reference: http://www.bleepingcomputer.com/forums/topic416561.html)

A:Infected WinXP 64-bit with "System Fix Virus" & "Privacy Protection Virus" (Malware)

That is coorect they will not.. If you need to remove malware stiil then please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Include a link back to this topic.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 153.2

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 151.6

Hello
I have been experiencing some problems with my computer recently. Firstly, my virus scanner (AVG) keeps on finding a virus called 'not-a-virus:RemoteAdmin.Win32.WinVNC-based.f' and some trojans called 'Trojan.JavaClass'. I have also been getting random pop-ups whenever I have been browsing the internet, and my computer seems to be running very sluggish, especially at startup.

I also believe that, last week, someone gained remote access to my computer, as all of a sudden, my mouse wouldn't move properly and the computer became really slow. This only stopped when I engaged the internet lock on my Zonealarm firewall.

Today, I was asked by Zonealarm to give a program called spoolsv.exe "access to privileged rights" which I have never seen before for this program. When I looked at the properties of spoolsv.exe, it said that it was created in 2006 but modified in 2005 (???), and so therefore didn't allow the program access. (I don't know if that has anything to do with the problems that I am having but thought I would mention it)

I have done "the 5 things you need to do" before posting a blog; here are the files requested:

Panda Scan:

Incident Status Location ... Read more

A:[SOLVED] &quot;not-a-virus&quot; virus and &quot;javaclass&quot; trojan keep appearing on virus scans

Bump.

Read other 4 answers
RELEVANCY SCORE 151.6

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 150.8

Hi.

I've got the flashing yellow icon in the taskbar, the popups saying I'm infected, all the dodgy internet shortcuts on the desktop, it's the typical malware situation.
Attached are HJT logs.
Thanks lots
-D/

I had a bit of a stab at cleaning it last night using SmitFraudfix I think it's called, but looks like it's all reinfected it self.
I'm not totally stupid, so I was able to manually fix some of the stuff, like the HOSTS file redirecting all the antivirus and antispyware sites to dodgy IPS.
But one particular thing thats getting to me are all the Restrictions, Win+E is restricted, System Properties is restricted, Display properties is restricted.. I can't find anything in the registry, all the common restriction keys like 'NoDispCPL' or 'NoDispBackgroundPage' are all set to 0...

Anyway, heres the HJT log, help is much appreciated
Thanks
-D/

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:49:50, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 150

When I am on the pc, (and even when I am not, but haven't actually logged off), I keep randomly getting the "Run as" box popping up asking me "Which user account do you want to run this program?" with my account Current User as the first choice and a box to check that says "Protect my computer and data from unauthorized program activity" or the second selection which is "The following user" and a space for a user name and password. I'm concerned that some program(s) are attempting to run without my knowledge.

I did inadvertantly load myfreeze.com on my pc a couple of weeks ago, and then unistalled it, including removal of registry keys, etc. per a website that gave instructions on how to do so. It is around this time that this unusual "Run as" behavior started, but I'm not sure if the two are related.

I have run Malwarebytes and SuperAntiSpyware in the past 24 hours (as I tried to follow instructions from another post to "completely remove all malware" from my pc and have had Spyware detector and Max's Registry cleaner on my PC for awhile. I'm not sure what I have let slip through, but the run-as boxes have me a bit concerned.

I did a HiJack this log a little bit ago and am attaching it. I'm new to this and am not sure if I'm giving you everything you need, but appreciate the help. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:08:20 PM, on 12/28/2008
Platform:... Read more

A:Weird "Run As" box keeps popping up - am I infected with a virus/malware?

Hi everyone. I know all have been busy and we have had holidays, but this is still happening and it doesn't matter what user ID I use or anything. I'm really concerned that someone els is trying to access and run progrms on my PC. Since it has been over 4 days since I first posted, I just wondered if anyone has had any ideas? Thanks so much.
 

Read other 1 answers
RELEVANCY SCORE 148.8

I need help. A worm/virus/malware has invaded my Dell E520 Windows XP OS computer. It appears on the monitor as a small 2" X 3" popup which miniaturizes randomly on the page after logging in to the net.

When I try to hit delete prompt the malware shuts off my internet connection, then the image re-appears, hopping all over the desktop in replicating multiples. It's proved impossible to identify their web address.

I've run AVG, SuperAntiSpyware and MalwareBytes versions to rid the virus, but this has not been effective.

Can someone help or suggest a cure?

Appreciatively,
Hiram
 

A:"Mama Crack" or "Mama Casper" malware/virus invasion

Hiya and welcome to Tech Support Guy.

As you've run MalwareBytes already, can you post the log of what was found, if anything?

Also, can you do the following:

Download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download RootRepeal from one of the following locations and save it to your desktop:
Link 1
Link 2
Link 3

Double click to start the program
Click on the Report tab at the bottom of the program window
Click the button
In the Select Scan dialog, check:

[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT

Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan
Note: The scan can take some time. DO NOT run any other programs while the scan is running​
When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program
If the report is not too long... Read more

Read other 1 answers
RELEVANCY SCORE 148.8

The issue is a Malware/Virus Program that is on my Wife's laptop. At startup, the virus shuts down all other programs except the Operating System. The Virus program says the computer is infected, The Virus Program sends the user to a screen to put in Payment information to buy the fake program. This Virus makes the background turn blue and also there are 1's and 0's in the background too.

Scans and attachments are included. I do have a recovery/reboot disk available if needed.








.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Ashley at 17:21:19.86 on Sat 03/05/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1917.1459 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system3... Read more

A:"System Tool Virus" Malware Removal

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

You will find the instructions here:

Remove System Tool and SystemTool (Uninstall Guide)

If at any time you need advice before proceeding please ask for help here.

p.s.
The <random>.exe file mentioned in the article is this one.
uRunOnce: [jNnOkKb06310] c:\programdata\jnnokkb06310\jNnOkKb06310.exe

At any time when you can disable the process via the Task Manager.

CTRL+ALT+DEL KEY should give you the way to the Task Manager.
===

When you ... Read more

Read other 2 answers
RELEVANCY SCORE 148.4

The "Idle-time Full System Scan" in Norton 360 v4 is bogging down my computer constantly, and there is no option to turn it off in "Automatic Tasks".

I contacted Norton and (after several attempts to find someone at Norton who could understand what I just said above and getting "hung-up" on over Norton chat. Inexcusable!!!) I was able to get a hold of a technician who told me that Norton intentionally removed this option "for security reasons, because they didn't want people turning it off".

The problem is, people will then be forced to turn it off by turning off ALL scheduled tasks (under "Settings/Scheduling/Schedule:Manual Schedule") and that is an even worse security problem than the relatively small one that would be created by turning off idle-time full system scanning.

Once the system has completed a full system scan, all files are on-access scanned anyway, so running a full system scan every 3-4 days is rather silly and extremely annoying--especially, because it will continue to try to run every time the system is idle if you cancel it.

A warning urging the user to not turn off idle-time full system scans without fully understanding the risks, and after explaining the risks, would be VERY preferable. Or at least the option to run the full system scans when the system is idle on a certain day of the month/week! The schedule for idle-time full system scans really needs to be separate from other tasks. In fact, t... Read more

Read other answers
RELEVANCY SCORE 148.4

My home desktop computer has a virus and I cannot get rid of it. I have tried everything. My wallpaper is now a green screen but sometimes when I reboot the background will be blue. It did say "your system is infected" in a black box but it no longer says that. The computer will lock up and I get alot of run.dll errors. Also if I try to go online I get redirected to different sites and it will not let me do anything else. Then the computer will lock up. I was unable to run DDS when I tried to run it all I got was a bunch of symbols and letters that made no sense at all. I was able to run gmer. I am attaching it to this post

A:Unknown Virus, "system is infected" and redirects

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please try all 3 of these links for DDS Here, Here and Here

Let me know if you still can't produce a readable report.

Please download Rootkit Unhooker and save it on your desktop.Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it:"Rootkit Unhooker has detected a parasite inside itself!
It is recomm... Read more

Read other 2 answers
RELEVANCY SCORE 147.6

I have a 7200rpm hard drive that shows up as 3 separate partitions on my MacBook Pro desktop. They are "System Reserved", "Untitled 1" and "Untitled". When looking at them in the Disk Utility program, they show up as "System
Reserved",  "disk2s1" and "disk2s3". I can't seem to find a way to wipe the drive and just have 1 partition. I don't need to save anything on it so it can all be deleted and consolidated. Not sure if this helps but the previous
owner told me that he had accidentally erased another partition that prevented the hard drive from being reconsolidated. It also may have been a Windows boot drive. Any help in restoring this hard drive would be appreciated. Thank you.

Read other answers
RELEVANCY SCORE 147.2

Hello, I seem to have some sort of virus or adware that cannot be removed. i've run spybot, pest patrol, and panda antivirus and they have all found something at least once, so i delete the problems and restart and shortly thereafter my browser is going terribly slow and barely loads many webpages. i've been trying to get rid of this using normal antivirus and spyware programs for a week now with no luck. hopefully you guys can help me. thanks a lot.

this is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:41:55 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\... Read more

A:adware/virus - "you're privacy is at risk" message replaces pictures

Apologies for the delay in responding.

The workload on this forum is intense, and sometimes it is not possible to respond to every
inquiry.



It appears there are two AntiVirus scanners running on your computer:
Panda Antivirus 2008
Grisoft\AVG7

Running more than one AntiVirus program is not a good idea. Having more than one of these programs active in memory opens the door to potential conflicts between the programs, uses additional resources, may result in diminished detection capabilities, cause false virus alerts, and, most of all, may be the reason for the malware in your system!!

Please uninstall one of the AV programs, and let the one you choose to keep do its job.

To uninstall the programs you do not want to keep.

Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and uninstall the programs you do not want to keep by selecting the entry and clicking on Remove

Next, search for and delete the folder related to the program. It should be in:
C:\Program Files

Restart the computer.

~~~~
Next, download ComboFix
Save to the Desktop <<< Important!!

Double-click combofix.exe to run the program
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to stall.)

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.
However... Read more

Read other 1 answers
RELEVANCY SCORE 147.2

Hi there,

I recently got an alert from McAfee that a Trojan virus came onto my computer. I stupidly did not record the name of the virus before my computer shut down on its own. Now whenever I sign on to AOL Explorer I have a page that comes up instead of my AOL homepage that says "Browser Warning" and states "Your internet privacy is being compromised", that this is my #10 warning and that all sorts of pornographic words are being investigated and sent over to authorities, etc. Then it says that I need to buy their software. Obvious scare tactics. It might also be a total figment of my imagination but it seems like sometimes my cursor has a mind of its own. Not sure if this is what they call hijacking or if I am just being paranoid. I know next to nothing about computers. Any help you can offer would be greatly appreciated. Thanks very much in advance! I've pasted the DSS reports below.


Deckard's System Scanner v20071014.68
Run by Rob on 2008-01-28 22:16:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
61: 2008-01-29 06:17:03 UTC - RP316 - Deckard's System Scanner Restore Point
60: 2008-01-28 07:58:19 UTC - RP315 - Software Distribution Service 3.0
59: 2008-01-28 07:55:27 UTC - RP314 - Software Dis... Read more

A:Trojan virus on my comp/"Your internet privacy is being compromised"

bump up

Read other 2 answers
RELEVANCY SCORE 147.2

I hope I'm doing this right...
I ran the Deckard thingy and this is the results. I have a virus or something in my computer- it has covered my desktop bg image with a red pic with the words 'your privacy is in danger! download blah blah now'
I keep getting pop ups and my virus scan is not picking it up? Can you help?

Deckard's System Scanner v20070611.50
Run by Judi Hernandez on 2007-07-06 at 18:59:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
90: 2007-07-06 23:59:28 UTC - RP283 - Deckard's System Scanner Restore Point
89: 2007-07-03 04:10:16 UTC - RP282 - Software Distribution Service 3.0
88: 2007-07-03 03:58:28 UTC - RP281 - Software Distribution Service 3.0
87: 2007-07-02 13:12:31 UTC - RP280 - System Checkpoint
86: 2007-07-01 12:40:09 UTC - RP279 - System Checkpoint


-- First Restore Point --
1: 2007-04-05 08:11:01 UTC - RP194 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Judi Hernandez.exe) --------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:02:37 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C... Read more

A:invaded by virus? large pic covers desktop bg says "your privacy is in danger" (link)

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download combofix.exe to your desktop.


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

MSDNS Service

---------------------------------------------------------------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan an... Read more

Read other 18 answers
RELEVANCY SCORE 147.2

Hey guys, Ive run Adaware, Spybot, and Symantec in safemode. Adaware and Symantec successfully removed some entries but the problem still persists. Im getting constant popups including "netster", "heavy.com", "smashits", and others. Heres my log, and thank you in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:43:05 PM, on 7/22/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1... Read more

A:"Byte.Verify", "Downloader" virus, and endless popups

Also Backdoor.DSNX, Dropper.Agent.PP and Trojan.Dropper

Was looking around in the root C drive and found some interesting things there as well, but didnt want to do anything without advice first. Heres a "dir" listing

07/22/2006 04:38 PM 586,928 626_101newer.exe
09/25/2005 11:25 PM 219,412 adlog.txt
07/22/2006 08:44 PM 627 asdf.txt
07/26/2004 06:18 PM 0 AUTOEXEC.BAT
08/26/2005 07:53 PM 11,859,569 AVG7QT.DAT
07/26/2004 06:18 PM 0 CONFIG.SYS
07/26/2004 06:28 PM 10 csb.log
05/17/2006 10:47 PM 81 CTX.DAT
07/22/2006 04:37 PM 73,728 dfndred_7.exe
07/22/2006 04:38 PM 27,648 dist13.exe
07/26/2004 06:22 PM <DIR> Documents and Settings
06/30/2006 10:41 PM <DIR> Downloads
07/22/2006 08:44 PM 32,768 drsmartload.exe
07/22/2006 08:45 PM 20,480 drsmartload45a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload46a7d.exe
07/22/2006 08:45 PM 20,480 drsmartload849a7d.exe
07/22/2006 08:45 PM 578,560 Installer3.exe
07/22/2006 08:45 PM 290,816 installerwnusnewer.exe
11/16/2004 05:11 PM <DIR> KPCMS
07/22/2006 04:37 PM 28,672 kybrded_7.exe
07/29/2004 02:16 PM <DIR> mj-comp-files
07/22/2006 08:45 PM 25,105 MTE3NDI6ODoxNg.exe
07/22/2006 08:44 PM 25,105 MTE3NDI... Read more

Read other 19 answers
RELEVANCY SCORE 147.2

HI, first of all, I found out that my home computer was infected by the lovelorn worm. Plan to clean that tonight.

Secondly, I found copies of 2 files named "folder" and "desktop" in almost all folders. The files where identical so I suspect that there is a virus that's propagating this. Is my hunch correct? Is this related to the lovelorn virus or is it another kind? What should I do?

Thanks!!!
 

A:files named "folder" & "desktop" in all directories.. is this a virus???

Symantec site you may want to review. I don't see anything about the file replication you are experiencing but the site may be helpful to you.
 

Read other 1 answers
RELEVANCY SCORE 147.2

My friend's computer seemingly got a virus, since it sent an email to somebody in her email list, on its own. She asked me to take a look.

She had a virus checker, but it had never been updated. So I installed "AVGfree" and ran that. It found a "trojan horse" virus as well as some other stuff that it said should be removed, so I did. I then ran "ccleaner" and it suggested to remove a TON of crap, like 500mb worth of files (she installs dumb stuff on her computer all the time). I removed these files. Then I ran "spybot" and it removed some stuff. I then defragged, which it needed.

So here I am, feeling like a hero, but then I reboot and there's a message saying that "lsass.exe" cannot be found. I cancel this message, and then there's another message saying that "ipwins.dll" cannot be found.

I tell her to just ignore these messages until I figure it out, but then she informs me today that she cannot access her email account on her computer. So I've gotta figure out how to fix this.

Any advice?? Thanks.

A:After virus checking and cleaning, "lsass.exe" and "ipwins.dll" missing

She could try the system file checker : tell her to prepare her XP CD (she'll need it if it asks to replace the missing files), then she will have to go to start => run, and type "sfc /scannow".

If that fails, she can perform a repair install if she has an OEM, retail or upgrade XP CD (recovery CD's cant' do that). She will have to boot on the cd, thus she needs first to change the boot order in the bios to CD-rom first. Then, when XP setup loads, choose the option "To setup Windows XP now" (not the one about recovery console). On the next screen (after the licence agreement) she should be given the option to repair her current xp installation by typing R.

Once that's done, if the CD wasn't a SP2 version, first thing is to go to windows update to reinstall XP SP2 and all updates she could have done since. Don't surf on the internet before any antivirus and firewall (either windows or another) is enabled.

Read other 2 answers
RELEVANCY SCORE 146.8

Hi guys. I noticed that in Win7, the applications in the new Quick Launch move if you run one of the applications in the "Pinned to Taskbar" section. For example, if I have Windows Explorer and Firefox next to each other and I click to open Windows Explorer, the Firefox icon will slide far to the right so that it's after the Windows Explorer task in the taskbar.

Is there a way to keep the new quicklanuch icons in Win7 in the same place, like WinXP?
 

A:Force Apps "Pinned to Taskbar" ("Quicklaunch" in WinXP) stay next to Start Button

Read other 10 answers
RELEVANCY SCORE 146.8

If someone could help me with this virus/trojan situation it would be very much appreciated, I thank you ahead of time. Recently, while surfing, my desktop background changed to "Your System Is Infected!" with the subtitle of "System has been stopped due to a serious malfunction. Spyware activity has been detected. It is recommended to use spyware removal tool to prevent data loss." (Notice the spelling error gives away that it's a virus). I created a Logfile from "Hijack This", here it is:

Logfile of HijackThis v1.99.1
Scan saved at 4:29:20 PM, on 9/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\... Read more

A:"Your System is Infected" Virus/Trojan Help

Read other 7 answers
RELEVANCY SCORE 146.4

My system, XP Ser Pk 3, was infected by malware called "System Progressive Protection". I understand that this malware belongs to the Winwebsec family of rogue security products. It blocks its victims from accessing any other application on an infected machine. It would only allow access to IE, presumeably for paying the fee to clear it.
Unfortunately I contracted for a one-time-fix to be carried out by MYTECHGURUS. At their request I booted into Safe+Network mode and then watched as the downloaded a single anti-malware prog, MalwareBytes, and ran that. They then unloaded my installed Microsoft Security Essentials, which would not respond, re-installed it, updated it, and ran a Quick scan. They then declared my computer to be ok!!

Shortly afterwards I discovered that Security Essentials will not update. The pop-up says:
"Virus and Spyware definitions update failed.
Check Internet and Network connections and try again.
Error code: 0x80070424"
Other computers on the home wireless network Update without a problem and prior to this issue there was not a problem on this box.

The only way that I can update Essentials is by uninstalling and reinstalling. It will then update but following that update the error message recurs on the next attempt.

Also when I attempt to check if Windows Firewall is on by Run Firewall.cpl I get the message:
"Due to an unidentified problem, Windows cannot display Firewall settings"

I no longer trust the machine and would... Read more

A:After effects of malware "System Progressive Protection"?

Read other 16 answers
RELEVANCY SCORE 146

Hi

I got a "Solve PC Issues" (white flag) saying "Remove the Win32/Small.CA virus".

I am running MSE (Microsoft Security Essentials) on Windows 7 Pro (x64). So I did an update followed by a full scan using MSE. I then ran
- Malware Anti-Virus
- SUPERAntispyware
- Microsoft Safety Scanner (full scan)
- Windows Defender Offline (booting off a CD)
- AVG Rescue CD
- Avira Rescue CD

But none of them have found any thing!

I am nervous that I still have an infection - particularly after the trouble that I had recently running updates.
(See my thread: "Windows Update failing with Error codes: 8007371B, 800736B3, 80070246"
Windows Update failing with Error codes: 8007371B, 800736B3, 80070246)

Any thoughts?

J

A:How can I be sure if I am still infected with "Win32/Small.CA" virus".

Rerun them in safe mode.

Read other 9 answers
RELEVANCY SCORE 146

I did what was suggested on one of the "Solved" posts regarding this messy virus. Here's where I am. I probably started in the middle, I see, after reading many posts about this same problem.

Did the Smitfraudfix and forgot to save the text box info; can redo if necessary.

Did the Super Anti-Spyware, here is that info:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2010 at 07:58 PM

Application Version : 4.44.1000

Core Rules Database Version : 5685
Trace Rules Database Version: 3497

Scan type : Complete Scan
Total Scan Time : 02:40:44

Memory items scanned : 619
Memory threats detected : 1
Registry items scanned : 9059
Registry threats detected : 43
File items scanned : 151710
File threats detected : 874

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
[svchost] C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-11D9B1DB.pf

Adware.MyWebSearch/FunWebProducts
HKLM\Software\Classes\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\Control
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{1D4DB7D2-6E... Read more

A:"Anti-Virus" Virus, Started on Fix from "solved" post, what now?

Read other 16 answers
RELEVANCY SCORE 145.6

This is driving me bonkers and I have almost no hair left. I really hope someone can help.

When I attempt to copy or move a file or folder from my Win7 box to my WinXP (SP3) media server, the operation nearly always fails. Take, for example, my trying to copy the VLC Media Player folder (704 files, 75.1 MB) from Program Files on Win7 to the C: drive on the media server via a mapped drive (X). In all cases, after hanging up at some point during the copy, I get this message:

Network Error
There is a problem accessing X:\<whatever current sub-folder copying is>
Make sure you are connected to the network and try again

I should note here that you only see the message come up if you wait for it (~1 min) after the copy hangs. If you try to cancel the hung copy before the message comes up, you can crash explorer.exe. I must also stress that there are no other access problems on the network. Files on the media server are accessible as expected from the Win7 box. Performing the same copy in reverse ("pulling" the same folder to the XP box from its console instead of "pushing" from Win7) works perfectly. All machines are in WORKGROUP and the same exact credentials are in use on all machines. All machines run the same version of Symantec Endpoint Protection and have firewall rules configured to allow all LAN traffic. All machines are connected through a Linksys SD2005 5-port GB "dumb" switch. Routing/DHCP is provided by a D-Link DI-604. ... Read more

A:Win7 "workstation" to WinXP "server" file copy FAIL

Same thing happens in my LAN between both Seven Ultimate x86 and x64 and a XP Pro SP3 file server, and also no problem copying from a Toshiba U200-182 laptop with Seven Pro x86 (Upgrade disk from Toshiba)to the same xp machine, also note that there is a normal transfer speed between al Seven platforms....

Read other 6 answers
RELEVANCY SCORE 145.6

I reformatted my computer recently, with all the same hardware and software I usually do, but this time I noticed something different.

On my E: partition (non-system), there is a folder called "9ca233a934811ecf86022b48e5" which contains two folders: "AMD64" and "i386".

I researched a little bit, and found out those folders pertain to a windows 64-bit edition, but I don't have anything to do with a 64-bit edition, mine's a 32-bit.

Here's my system specs:WinXP Media Center Edition Version 2002 SP3
Intel Core 2 Duo Processor E6300
3GB RAM
NVidia GeForce 7600 GS 512MB
ST3300831AS 300GB HD
I have my HD partitioned to 3 drives:14GB System Drive (C:)
40GB Document Drive (D:)
190GB Storage Drive (E:)
I also have 40GB partitioned as an Acronis True Image Home Secure Zone, for storing Disk Images.

I was wondering why those two folders are on my E: drive, when I'm running a 32-bit version of Windows. Also, (sorry if this should be in another thread) my computer has been restarting unexpectedly while I've just been doing random things on it. Nothing graphics-intensive, or anything like that, so I don't know why it's doing that either.

Thanks for your help and time,
Nic

A:"AMD64" and "i386" folders on WinXP Media Center 32-bit edition

It sounds like those are temporary files from a driver installation. A lot of companies seem to package every possible driver in the zip or executable, extract them all to the hard drive, find the one the system needs and copy it to the system32 directory, then leave the rest behind.

In that case they should be safe to delete. It would take a bit more research on your part to make sure. Maybe a readme or help file somewhere in the directory?

Read other 3 answers
RELEVANCY SCORE 145.2

Hello,

I recently got a virus on my computer that prevents me from opening any programs. In addition, it causes a fake windows "Privacy Center" pop-up telling me that my computer is not secure, and that I should download their program, which I assume is probably a trojan. I didn't download the program, but it's preventing me from doing anything on my computer because it crashes every program I try to open.

In response, I started Windows in safe mode, downloaded HijackThis, and made a log (also while in safe mode), which is as follows:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:28:49 AM, on 11/14/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.19088)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jeremy\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0410&m=sx2800-01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z013&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h... Read more

A:"Privacy Center" virus with HijackThis log

Hi uteng2k7, welcome to the forum.
To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
Let's see if we can stop it from popping up.

Open hijackthis, do a system scan only and checkmark these lines, if present

O4 - HKCU\..\Run: [Privacy Protection] C:\Users\Jeremy\AppData\Roaming\privacy.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

Close ALL other windows/browsers and click Fix Checked.

Answer Yes if prompted. Close HJT.
Reboot the computer into normal windows if possible. Please try to run the next 2 tools in normal windows. If they won't run try safe mode.


Download OTL to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Outpu... Read more

Read other 2 answers
RELEVANCY SCORE 145.2

Hi,
It seems like my computer is infected by a trojan virus - it is the same virus as described in the post:
http://www.techsupportforum.com/secu...ml#post1145389

I have a desktop picture which redirects me to the site:

link removed.

I have got two icons on my desktop: "Spyware&protection" and "Privacy Protector". A pop up called "Spyware Alert" appears every now and then with the description as follows:
"Spyware alert Warning:

Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internet through e-mail and Active-X objects. The worm has its own SMTP engine which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process should be removed from your system.

Type: Virus
System Affected: WIndows 2000, NT, ME, XP, Vista
Security Risk (0-5): 5
Recommendations: Click Yes to remove it from your PC immediately "

Could you please help me remove this virus from my system?
Please let me know if you need any furthur details.

Thanking You,
With Regards,
Bharat Gattu

A:Trojan Virus - "Your Privacy Guard"

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 8 answers
RELEVANCY SCORE 144.8

My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar was represented with a big custom icon to save eye strain. I had them installed in opposite vertical margins, and they were set on auto-hide to keep them out of the way when not being used. Just move your mouse pointer to the left or right margin, and BAM! Sorry for the cliche, but I really got used to the convenience of what I had set up, and I just don't think I can be as efficient without anything comparable.

Now there appears to be nothing comparable in the Windows 7 GUI, and it's making me sick with rage! I see only the option to put a "toolbar" on an existing "taskbar", and no option to create any additional taskbars! This cramps up your one-and-only taskbar, plus the tiny toolbar access buttons require way too much precision for anything that's supposed to be quick. When you've figured out how to bring up that ridiculous button, the list that it yields is small enough to cause painful eyestrain - nothing efficient, much less cool about this at all! I have seen customization options in other OS GUIs that may have resolved some of these issues, but I see none such in W7.

I have tried every google search string that I can think of, and found... Read more

A:Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"

Several possibilities here: Second taskbar in windows7? [Solved] - Windows 7 - Windows 7

Read other 1 answers
RELEVANCY SCORE 144.8

Could anyone explain the differences to me.
Also, does anyone know a good piece of virus toolkit that can actually remove them as well as prevent them?

T.I.A.
 

A:Difference between a "virus removal tool" and a "patch"?

A virus removal tool removes the virus from your computer meaning that the file is already on your system and running, so it stops it from running and removes the file. A patch however is used to prevent bad things from being installed, usually released when big worms hit, like SoBig, MSBlast, CodeRED...etc...So patches are to prevent and removal tools are to remove files already installed.
 

Read other 2 answers
RELEVANCY SCORE 144.8

I believe i have the Adclicker virus, however neither my Adaware or my Norton Antivirus has found it. I get popups continously and I have noticed the IEXPLOER.EXE running. When i delete it, Size File.exe runs and reloads IEXPLORER.EXE. I have done a search for Size File.exe and deleted it then deleted IEXPLORER.EXE but then SIZE FILE.EXE appears again and I go through the whole cycle again. Please help me delete this sucker. I have also ran CWShredder and it didn't find anything (not sure if i ran the right one though). Please help! Thank you.

Here's my HijackThis file:

Logfile of HijackThis v1.99.1
Scan saved at 9:19:25 AM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files... Read more

A:Virus: "IEXPLORERE.EXE" & "Size File.exe" - Can Anyone Help Remove?

Read other 9 answers
RELEVANCY SCORE 144.8

I was looking at these freeware AntiVirus program's to replace InoculateIt. The Company is ending InoculateIt support in May.
:
"Avast!" (ALWIL Software); "AVG" (Grisoft)
:
Both seem to get pretty good ratings, and I was thinking of getting one of them, then getting Norton AntiVirus when I have the extra $$$ available.
:
Any opinion's as to their ability to stop unwanted stuff from getting in, ease of setup & use would be appreciated.
One thing I've noticed is AVG only issues updates monthly--and I think Avast! is the same--is this often enough to effectively defend against new virii?
:
Will be using whichever one I get with ZoneAlarm (Freeware) Version 2.6.231
 

A:"Avast!" and "AVG" Anti-Virus program's. Opinion's?

Read other 7 answers
RELEVANCY SCORE 144.4

Hi,

When our website users click on an html attachment embedded on a web-page in IE9, the download manager will not display the "Open" option. It will only display "Save" and "Cancel" which our users don't like, having to save the
html document in a folder to open it. Whereas, when downloading attachments like pdf, word etc. all three options are displayed. 

Is there any setting to tweak , which will display all the 3 options for HTML attachments as well?

A:IE9 download manager will not display "Open" option (only "Save" and "Cancel" is displayed) for downloading HTML documents.

Hi,
As you know, the Open-Save-Cancel dialog box helps you prevent your computer from affecting by virus while downloading. 
So I suggest you test to reset all zones to a lower level temporarily and then please attempt to download this html attachment again.

However, since you can normally download the other documents, I suspect there is some restriction in the website which you are trying to view. I recommend you to contact the administrator of that website if possible.
could you please send me the link of the website from where you are trying to download the html attachment?
Thanks!


We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Read other 6 answers
RELEVANCY SCORE 144.4

I got my dell few days ago. Installed it with Samsung EVO 850 SSD 500 Gb and Kingston 8GB PC3L - 12800 SODIMM.The Windows 10 Home OEM home is installed on HDD 1TB so I decided to use Samsung Data Migration software to clone the data to SSD. However, the OS crashed and decided to install a fresh Windows 10 Enterprise to SSD and deleted the previous OS on HDD using diskpart.Now after Installing Windows 10 Ent OS files. Every after BIOS run, I got BSOD errors "MEMORY MANAGEMENT" + "Page Fault it non paged area" + "IRQL NOT LESS OR EQUAL" 

Read other answers
RELEVANCY SCORE 143.6

I am trying to use the fsutil file setshortname to set "Program Files" to PROGRA~1,

but the system is giving me an "Error: Access is denied" response.
what I have typed:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd /d D:\
D:\>fsutil.exe 8dot3name set 0
The registry state is now: 0 (Enable 8dot3 name creation on all volumes).
D:\>fsutil file setshortname "Program Files" PROGRA~1
Error:  Access is denied.
And I try it in Safe Mode.It is also "Access is denied.".
Can someone
help me?

A:"fsutil file setshortname "Program Files" PROGRA~1"=>"Error:Access is denied."

Hi TimFF,
This might be related with the UAC settings, check this thread:
give full permission for the users in program
files folder
The steps in the above thread is not recommended.
For the short name usage, we may consider to create a directory-junction from
PROGRA~1 to C:\Program Files:
With the following commands:
mklink /J "C:\PROGRA~1" "C:\Program Files"
Reference:
Mklink
Best regards


Michael Shao
TechNet Community Support

Read other 3 answers
RELEVANCY SCORE 142.8

I double-click and get "search" instead of "open"--only when I click a disk, like Hard Drive C: or Floppy A: or CD F: and so on.

It didn't used to do this, so I must've inadvertently changed some setting somewhere, but darned if I can find it now.

Any ideas?
 

A:Solved: On the "my computer" list, I double-click on disks and get "search" instead of "open"

Read other 12 answers