Over 1 million tech questions and answers.

Spyguard 2008 and Fake window security window

Q: Spyguard 2008 and Fake window security window

I have windows XP running service pack 2. I am having a problem with Spyguard 2008 which starts from the window security window. Also, I use Firefox and when I use google and the hits for my search are redirects to some other site.

Here is my hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:52 AM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\digi96.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\winscenter.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [RMETray] digi96.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AlcFDMonitor] C:\WINDOWS\ALCFDRTM.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DBDFCF07-C0B2-432F-A775-4B1726B31B25}: NameServer = 68.87.85.98,68.87.69.146
O21 - SSODL: ieModule - {637457F7-FE9A-41CD-B29A-B4CEBC34769A} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (file missing)
O21 - SSODL: InternetConnection - {379454B2-AC08-44A5-8F24-1C70BAC28550} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\frumhqzqsc.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 7596 bytes

Can anyone help me?
THanks!

RELEVANCY SCORE 200
Preferred Solution: Spyguard 2008 and Fake window security window

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Spyguard 2008 and Fake window security window

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 85.6

I have been having this problem for a while. Everytime I boot up my computer, the fake Windows Security Center pops up and lists SystemErrorFixer, SystemDefender and SysCleaner. The red shield X icon also stays put in the System Tray. I have downloaded every malware, adware, and anti-virus program and cannot seem to fully resolve this issue. Every so often a System Shutdown will occur, however I can disable that with "shutdown -a".I have also noticed that when I disable cftmon.exe in the Task Manager, the file reappears in Task Manger when I click on the fake red shield X icon in the System Tray. Do you think this has to do with my problem. I performed a search for ctfmon.exe and it was found in the C:\Windows\system32\cftmon and C:\windows\prefetch\ctfmon.exe-o1e17969.pf.I have not tried SmitFraudFix in Safe Mode because I do not have the password for safe mode. I will obtain it soon.ANY SUGGESTION WILL BE HELPFUL!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:16:11 PM, on 5/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exe... Read more

A:Fake Window Security Center

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.I am not seeing a lot in the HJT log.1) I have not tried SmitFraudFix in Safe Mode because I do not have the password for safe mode. I will obtain it soon.No password required to start a computer in safe Mode:http://spyware-free.us/tutorials/safemode/It is not advised to run "clean" function of Smitfraudfix unless you are sure the infection is present. The symptoms you mention indicate possible Vundo or Smitfraud and both hide well from HJT.2) see this: http://www.castlecops.com/clsid-30914.html3) I can not identify this: O20 - Winlogon Notify: scrixqvf - C:\WINDOWS\SYSTEM32\scrixqvf.dllYou will need to view all files and folders:http://virusscan.jotti.org/ <<< navigate to and scan with this.Post that informaton and a new HijackThis log using Add Reply along with any comments you think will help. Post any symptoms of malware and any error messages you receive "word for word".Thanks

Read other 2 answers
RELEVANCY SCORE 85.6

Hello,

I have seen a number of people who have had the same issue as me, yet the "solution" appears to be unique to each computer user, which is why I am posting a new topic here.

Recently I clicked a link to a fairly trusted site, but it hung, so I closed the browser. A few seconds later, I received the fake Windows Security alert popup informing me that my firewall had detected malicious software on my computer called "trojan-keylogger.win32.fung." The Yes and No buttons were grayed out, so I just closed the popup. A few minutes later, when it popped up again, for some retarded reason I chose to enable my protection. This, of course, took me to the website for the Antivirus 2008/2009. As soon as I saw it taking me to a website, I closed the browser. I'm afraid, however, the stuff ended up on my system.

After running a variety of spyware and virus scanners (Panda scan, d-Aware 2008, SmitFraudFix, Malware-bytes, etc.), both in safe and normal mode, I am still receiving the pop-up. I think I've managed to remove the virus, but the popup is still annoying as anything. I'd also like to ensure that I am free from the virus and as long as I get the pop-up, I can't feel that certain.

I've run the steps requested in one of the topics on this forum, and since none of those fixed the problem, I'm now asking here for help.

Is there anyone willing to help me through this problem via hijackthis logs, etc?

Thanks.

A:Fake Security Window Popup

Your Malwarebytes scans came back clean? Would you please post a log from it. Also are you running XP or another?
Do you have SpyBot installed?

Read other 1 answers
RELEVANCY SCORE 85.6

my wallpaper was turned blue, windows security alerts popup, some saying "security breach beware! spyware infection was found", another one says "tracking software found, your pc activity is being monitored."
every time I try to open a program, such as firefox, the window opens saying "choose the program you want to use to open this file". also, I can't download new programs, when I try do start the set up it gives the same "choose program..." window.
If anyone can help or need more info let me know.
hjthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:00 PM, on 3/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}... Read more

Read other answers
RELEVANCY SCORE 85.6

When I open Firefox, I see a fake page imitating a windows firewall security alert. It reads:

Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).

I am then able to browse to whatever site I'd like to if I ignore this. I also see a popup that also looks like it is generated by the windows firewall program suggesting that Trojan.Sinowal was found on my machine. If it is clicked, it takes me to the site of some non-microsoft antivirus website. This popup happens every 5-10 minutes.



Contents of DDS.txt:


DDS (Version 1.0) - NTFSx86
Run by Compaq_Owner at 19:44:19.81 on Sun 12/07/2008
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.376 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOW... Read more

A:annoying fake window security pop ups.

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 19 answers
RELEVANCY SCORE 85.6

I am facing problem. On booting a fake window security centre opens which tells me to install ultimate fixer, system defender, sys cleaner. Then various pop up messages from this centre come at regular intervals informing that system is unstable,catched media files cannot be erased,buggy application etc.Then after sometime message comes system is shutting down initiated by p4/admin, critical system error and the computer shuts down.I am giving the log files as advised below:Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® 4 CPU 2.80GHzPercentage of Memory in Use: 37%Physical Memory (total/avail): 503.48 MiB / 317.16 MiBPagefile Memory (total/avail): 1230.46 MiB / 1029.12 MiBVirtual Memory (total/avail): 2047.88 MiB / 1921.81 MiBA: is Removable (No Media)C: is Fixed (FAT32) - 9.76 GiB total, 2.07 GiB free. D: is Fixed (FAT32) - 13.66 GiB total, 6.38 GiB free. E: is Fixed (FAT32) - 13.85 GiB total, 6.81 GiB free. F: is CDROM (No Media)G: is CDROM (No Media)\\.\PHYSICALDRIVE0 - SAMSUNG SV4012H - 37.31 GiB - 3 partitions \PARTITION0 (bootable) - Unknown - 9.77 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 27.54 GiB - D: ... Read more

A:Fake Window Security Centre Pop Up

Poster is being help at CastleCops so this thread is being closed, if you need it reopened PM a moderator.

Read other 1 answers
RELEVANCY SCORE 84.8

Hello,

I have been having some issues lately with false security center alerts and redirects in my Internet Explorer. This is my work machine and any help would be greatly appreciated. I have alot of valuable information on the hard drive I don't want to lose. The issues started on December 3rd with the detection of "Backdoor.Tidserv" by Norton Internet Security 2006. When detected Norton could not resolve the issue. I followed the steps on Symantic's website for removal but could not remove the file even in Safe Mode. I then manually deleted the file. Norton now does not detect any threats but I am steal seeing false alerts and IE redirects. I have also run Spybot S&D, but it does not detect anything either.

The Security Alert message I see reads as follows:

Security Center Alert

To help protect your computer windows firewall has blocked activity of harmful software.

Do you want to block this malicious software?

Name: Trojan.Zlob.G
Risk Level: High
Description: Trojan.Zlob.G is a Trojan program that records keystrokes and takes screen…

Click OK: it goes to a Safesoft reviews website and shuts IE down.

When I open Internet Explorer the home page (www.google.com) reads as follows:

Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity c... Read more

Read other answers
RELEVANCY SCORE 84.8

I am getting tons of Spyware pop ups and Fake Window Security Alerts that when clicked upon take me to the following pages

system-defender.com
ucleaner.com





Deckard's System Scanner v20071014.68
Run by Scott Urbach on 2008-02-02 23:05:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-02-03 05:05:32 UTC - RP1039 - Deckard's System Scanner Restore Point
93: 2008-02-03 04:33:05 UTC - RP1038 - Software Distribution Service 3.0
92: 2008-02-03 04:23:21 UTC - RP1037 - Software Distribution Service 3.0
91: 2008-02-02 18:09:30 UTC - RP1036 - Installed Dell Support Center.
90: 2008-02-02 17:48:49 UTC - RP1035 - System Checkpoint


-- First Restore Point --
1: 2007-11-05 08:55:14 UTC - RP946 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-02 23:07:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32... Read more

A:Spyware Pop ups, Fake Window Security Alerts

Sorry I was unable to attached the extra.txt file as I was getting Windows has Encountered an Error and needs to shut down errors.

HERE IS THE EXTRA LOG FILE:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 510.09 MiB / 187.75 MiB
Pagefile Memory (total/avail): 1247.03 MiB / 802.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.53 MiB

C: is Fixed (NTFS) - 71.43 GiB total, 28.17 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - Maxtor 6Y080M0 - 74.5 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 71.43 GiB - C:
\PARTITION2 - Unknown - 3.02 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\... Read more

Read other 5 answers
RELEVANCY SCORE 84.8

I have been recieving these fake alerts from windows security center. Also my desktop says "Click here to scan your pc for spyware" How do I remove this infection?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:35 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Java\jre1.6.0_05\bin\jus... Read more

A:Window's Security Center Fake Alerts. Please Help!

bump.

Read other 1 answers
RELEVANCY SCORE 84.8

Hi the problem began today and I would really appreciate help with it. First it began by showing an error message in the notification area. It later began showing a Windows security window asking if I would like to block the file trojan_spy.Win32 GreenScreen, however, the only option available was to Keep Blocking and whenever I clicked on it it would open IE. Later I restarted my laptop and the desktop was changed and it was impossible to change it back to how I had it. I downloaded and Spybot Search & Destroy and AVG antivirus and most of the problems were fixed exept for the fake Windows security window.

Hijak log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:36:44 p.m., on 31/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\Archivos de programa\Archivos comunes\LightScribe\LSSrvc.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Datos de programa\tcxchirc\fmtqbovm.exe
C:\Archivos de programa\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Archivos de programa\Java\jre1.6.0_07\bin\jusched.exe
C:\Archivos ... Read more

Read other answers
RELEVANCY SCORE 76.8

how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection 

A:how to remove window server 2008 2008 sp1,sp2 vista,sp1,sp2,...

chuck5014 wrote:how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection Could you clarify what you're having a problem with?   Post a screenshot if possible.

Read other 1 answers
RELEVANCY SCORE 70.4

I'm about to let my mother have this computer 2 states away and need to know that Spy Guard will not return. Here's the logs! Thanks all.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:38:49.67 on Wed 05/06/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.85 [GMT -4:00]

AV: BitDefender Antivirus Plus v10 *On-access scanning enabled* (Updated)
FW: BitDefender Antivirus Plus v10 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\zFTPServer\zFTPServer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\zFTPServer Administration\zFTPServerAdmin.exe
C: ... Read more

A:SpyGuard 2008

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 70.4

Hello,
I am infected with this crap as well.. I can't log into any site that you have mentioned it blocks every site that anything to do with a malware, security or scan tool. I can't load Malwarebytes software, it just doesn't load, installs fine but won't run.

I can't go to DrWeb.com it gets blocked. I have gone thru the manual deletion steps and it still comes back

Any help would be greatly appreciated..

A:Spyguard 2008

Some types of malware will disable MBAM and other security tools. If MBAM will not run, try renaming it. Right-click on the mbam.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If you cannot use the Internet or download any programs, try downloading from another computer (family member, friend, etc). Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program.

Read other 1 answers
RELEVANCY SCORE 70

Issue in IE11:

when parent window had a alert triggered, that makes the child window lose focus and go behind

Scenerio:

There is a button in parent page (domain A) and on click of the button Popup window (Domain B) will open and child window will communicate back to parent window. when parent window had a alert triggered, that makes the child window lose focus and go behind
only in IE11 browser.

IE edge and other browsers we can see the popup window on top of the parent window. 


is there any fix to retain popup window on top of parent window until user closes the popup(child) window.

Read other answers
RELEVANCY SCORE 69.6

I see I'm not the only one with this issue. I picked up the Antivirus XP 2008 deal on Sunday, managed to get rid of it (and other things) yesterday but now I have an even bigger problem stemming from the Fake Windows Security Popup that warns me about Trojan-Spy.HTML.Bankfraud.dq or something. I, of course, stupidly clicked the "Enable Protection" button on the popup and then everything went haywire.At this point I can only function in safe mode. When I'm in normal mode things run slooooowwwww and I can't get Firefox or IE to open. I've run every removal tool I've come across, including MBAM and SDFix. I've tried everything I can think of but I'm at my wits end. Here's my HijackThis log. And yes, I'm sure my machine is a mess...6 years old and until two days ago it ran beautifully. Please help! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:13:04 PM, on 8/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32 ... Read more

A:Had Antivirus Xp 2008...got Rid Of It But Now Getting Fake Windows Security Alerts

Hi,We'll begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.-screen317

Read other 17 answers
RELEVANCY SCORE 69.6

Logfile of random's system information tool 1.05 (written by random/random)Run by teresa at 2008-12-21 21:27:50Microsoft Windows XP Professional Service Pack 3System drive C: has 61 GB (80%) free of 76 GBTotal RAM: 2046 MB (60% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:27:56 PM, on 12/21/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exeC:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\Creative\DVDAudio\CTDVDDET.EXEC:\Program Files\Microsoft IntelliPoint\point32.exeC:\Program Files\Yahoo!\Common\YMailAdvisor.exeC:\Program Files\HP\HP Software ... Read more

A:need to remove spyguard 2008

Hi, midgeabee74 Welcome. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix... Read more

Read other 2 answers
RELEVANCY SCORE 69.6

I've had this problem for a little less than a week now, i had the spyguard 2008 malware* (someone clarify if i label something incorrectly). i had random pop ups and all that good stuff but i managed to use Spybot, avast anti-virus, and Malwarebytes' Anti-Malware. The spyguard 2008 problem apparantly is fixed but im sure there are things left behind because i asked a friend to help me out and told me some things were viruses and i deleted them with hijackthis; today i turned on my computer and some of the things i deleted are back there again. Also I am trying to run the game Starcraft: Brood War online and its not letting me because it says i most likely have a virus (i've reinstalled this game so many times to make sure it isnt the game giving me a false alarm).Here are my RSIT and HijackThis logs - log.txt 1st info.txt 2ndLogfile of random's system information tool 1.05 (written by random/random)Run by Administrator at 2008-12-23 06:55:13Microsoft Windows XP Professional Service Pack 3System drive C: has 8 GB (22%) free of 38 GBTotal RAM: 1015 MB (49% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:55:23 AM, on 12/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svch... Read more

A:Infected with Spyguard 2008 and more?

Hello xMiraqex, I will be assisting you with your malware issues.Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!Please bookmark or favourite this page. In case you need it as reference or etc.If you fail to reply in 5 days period from now, this thread will close, and you will have to open another topic, and wait for another helper.----------------------------------------------I apologise for the delay, the forum is extremely busy.If you still need help, post back a HijackThis log following my instructions below:----------------------------------------------Download and Run HijackThis Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please.Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Read other 2 answers
RELEVANCY SCORE 69.6

Hello All,

This is my first post so please bear with me. My daughter has downloaded Spyguard 2008 in error. I read your topic ealier on removal as it has TOTALLY taken over my laptop. When I tryed to log on to your site to get the link to download the malware removal my, machine froze and every time I try to log on it gets so far and freezes up. I can not boot my system up at all. PLEASE HELP!!!!!!

A:Spyguard 2008 removal

Please start here:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results but... Read more

Read other 1 answers
RELEVANCY SCORE 68.8

Ok, so today my pc was infected with Spyware Guard 2008.
I used MalwareBytes and that seemed to remove the virus but I'm still unable to access any websites related to antivirus, i.e. symantec.com or mcafee.com

Any ideas?

DDS (Version 1.1.0) - NTFSx86
Run by vision at 16:36:12.17 on Mon 01/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.548 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core&... Read more

A:SpyGuard 2008 removal problem

don't know if this is somehow part of the reason, but when i attempt to ping any of these sites, like symantec.com it pings the loop back address... same for mcafee, etc, instead of their actual IP

Read other 3 answers
RELEVANCY SCORE 68.4

HI, Can u tell me how to club windows 7 and window server 2008 in a single DVD.
Reply how?

A:how to club windows 7 and window server 2008

By using WAIK?

Read other 2 answers
RELEVANCY SCORE 68.4

HI, Can u tell me how to club windows 7 and window server 2008 in a single DVD.
Reply how?

A:how to club windows 7 and window server 2008

Try this
Guide 2: How to create a combined Windows Server 2008 R2 and Windows 7 DVD - Overclockers UK Forums

Read other 1 answers
RELEVANCY SCORE 68.4

There's a small window in the bottom right-hand part of my screen (not on the action center flag) which bears the Malwarebytes logo and a red-highlighted message that reads, "Scan Complete - Malware Detected. Malwarebytes Anti-Malware has detected one or more threats. Click here to view results."

I went to my Microsoft security center that shows no problems. I pulled up my Malwarebytes site that showed one threat, which I got rid of. But that did NOT make the window in the bottom right-hand part of my screen disappear. Having been burned by imposters in the spot before, I am leery of clicking on it.

What should I do? Besides overreacting.

A:Is there a fake Malwarebytes window?

Hi you could post a screen shot of it,
See the links above my signature image if you need help doing that,
Cheers.

Read other 7 answers
RELEVANCY SCORE 68.4

Hi all, just recently i've had a problem with pop-ups and this annoying window which takes you to some crappy site no matter what i click.

As well as this i am occasionally getting a "Buffer overrun" message which causes the task bar to disappear for a minute or so.
Microsoft Visual C++ Runtime Library

Buffer overrun detected!

Program: C:\WINDOWS\explorer.exe

A buffer overrun has been detected which has corrupted the program's internal state. The program cannot safely continue execution and must now be terminated

Any help would be much appreciated.

Heres my Hijack log;

------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:15, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\runservice.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcn... Read more

Read other answers
RELEVANCY SCORE 67.6

Hello, i have been experiencing a lot of new issues with my pc lately. It's been running slower, not booting properly and I sometimes get redirected from my yahoo searches. Well, all of that is small potatoes compared to what happened yesterday. I started it up, and a window came up that looked like antivirus interface, and it was running a scan. I tried to close it but couldn't. Meanwhile, those little warnings keep popping up by the clock/speaker bar. I could not get on line or bring up the task manager or control panel. I am able to open my computer and upload pics from my iPod. I run xp pro. I spoke to a friend who recommends I wipe it clean and reload xp. I want to know if I can remove this thing and what should I do about the two other drives I had in this machine recently that may be infected? I can provide more info on demand and send a pic of the interface window if it
helps. Thanks

A:Fake antivirus program window

Thought I should add, it looks like a windows security program. I see others had this problem. Should worry about zip drives and storing my files on cd if I reinstall xp? Would the virus be transported with them?

Read other 2 answers
RELEVANCY SCORE 67.6

New to the site, joined to hopefully solve this issue. im having a bit of a panic at this issue that i just cant seem to fix. I was on the internet and something in my start bar tray popped up saying that my computer may be infected with spyware. this wasnt any of my usual scanners but a gray-looking windows notice shield and text bubble. i didnt click it but it still popped up with some SecurityScanner2009 or something similar that i had to buy to get rid of the spyware. i knew this had to be fake (at least i dont think windows pops up with stuff like this), so i tried to exit..instead, it froze my computer. i tried to restart but the message bubble popped up again and now just plain out freezes. So i rebooted into safe mode and for some reason, both Malwarebytes and PCcillin will not start at all. i did a scan on Microsoft live and removed a bunch of trojans and malware, restarted, and i got into the computer just fine. that was yesterday night. this morning i tried again and now it just freezes, no message bubble or anything. So im unsure whats going on and what can be done to correct it. I was using IE and i believe the computer was updated with the latest Microsoft security update, and im using XP Media edition. thank you and i hope this issue is able to be solved. i dont want to have to wipe the hard drive or anything. I'm in Safe Mode right now with Networking hoping to find a solution to this problem. Thank you very much and i hope that someone will be able to hel... Read more

A:fake window notification from tray?

Do you have access to another computer w/CD burner or a thumb drive?You can download Mbam to one of those then transfer to the infected machineIf mbam won't installSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

Read other 3 answers
RELEVANCY SCORE 67.2

This is for RDP users

Hi, I am trying to "as Administrator", change a user password.  i get authentication error has occurred.  i was always able to check the box user must change password at next logon... then I would logon using the current password - then
be prompted to change the password... this doesnt work anymore.  It is possible a tech person made a change.
Can you tell me where to go to check settings that would allow this function to work again
Thank you, 
Lisa

Read other answers
RELEVANCY SCORE 66.8

My sister got a virus and some malware I'm afraid on her laptop. I ran malwarebytes and it found something and removed them. I also ran AVG and it found nothing else. After doing this when she was using it the next day, while she was online she got this pop-up that looked like a MS Windows virus warning. It was fake because I have seen this type of pop-up before and it also started to want to download a file, which I stopped. But after disconnecting from the web I ran malwarebytes and AVG scan again and nothing was found. So I ran hijackthis to see if something was still lurking in the registry. Attached is the log, could you look it over for me? I'm not sure what to look for...

A:fake Windows anti-virus window

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 66.8

Hi there
This is my wife's laptop HP Pavilion dv 3000 running Vista.
Two days ago, using hotmail in Internet Explorer 9, opening an email from what appeared to be a trusted sender triggered something.
A new window full of ads opened up almost instantly and was closed with the red cross.
A few minutes later an adobe reader update window with no title and no close red cross opened up and could not be close from the task bar. I shutdown the computer.
Rebooted ok and appeared normal.
The owner of the sending account confirmed having had a virus problem.
What I did:
- update and full scan with resident AVG free antivirus
- update and full scan with installed Malwarebytes free
- downloaded from another computer TDSS Killer and copied to the desktop and
- run TDSS Killer with all options including loaded modules with reboot
- finally, built a Kaspersky Rescue Disk 10 on another computer and
- boot from rescue disk, update database and scan full computer including restore partition (7 hours).
All scans came clean except for some unsigned services in TDSS Killer (4 or 5). I looked them up (md5 or file) on totalvirus.com and all scanned clean.
Today, login into hotmail informed us that another user was using the account and guided us through resetting the account and changing the password with SMS code confirmation.
I was almost confident that the machine was ok but tonight an
Adobe Schockwave Player update window appeared. No close button on the window or task bar. I managed to close... Read more

A:Fake Adobe Shockwave update window?

Welcome aboard
 
First of all go here: http://www.adobe.com/shockwave/welcome/ and check your Shockwave status.

Read other 28 answers
RELEVANCY SCORE 66.4

I have installed window 8 on my desktop. Before July 29, 2016, I have upgraded it to window 10. now I had some issue in my system. I have formatted the system but now I am fail to upgrade again for window 10. May I upgrade it again? If yes, what is the
link and processor to upgrade the same?

Read other answers
RELEVANCY SCORE 66.4

I have a recurring popup which looks like a Windows Firewall popup as if its been blocked.

It pretends its found Win32.Zafi.B high risk. The keep blocking button is disabled. There is a "Protect" button.

Also when opening internet explorer it shows a page (like a 404) saying:

Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register your antivirus software.
We recommend you to protect your PC now and continue safe Internet browsing.
Then there are two links for a "real time protection" and a continue unprotected.
Firefox works without a problem.
I have run AVG and spybot. Avg shows no problems and spybot just found a few cookies and not much else.

Help!

----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:28, on 12/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\Syste... Read more

Read other answers
RELEVANCY SCORE 66.4

Hello,

My desktop has been changed to a blue background with a fake spyware warning on it. If I change the image on the desktop, upon restart the blue background is back.

Please help. I'm a musician and have a large amount of files I would have to backup and transfer if I had to reformat my HD.

Here is the log I got from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:50 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless-G PCI Adapter with RangeBooster\WMP54GR.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray... Read more

A:Blue Desktop with Fake Warning window. Log Attached!

Hello and welcome to TSF.

I edited your post to remove your email address.
If you still require assistance, please post a fresh HijackThis log as it has been a while since you posted.

Read other 1 answers
RELEVANCY SCORE 65.6

Howdy,
 
I found several processes in the Task Manager that continued to appear when I tried to end them including: PresentationHost.exe, msdtc.exe, dllhost.exe, cmd.exe, msiexec.exe, conhost.exe. It's causing my computer to perform very slowly and I'm positive that a malware(s) is behind this. I would highly appreciate some help!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
Ran by S430219 (administrator) on 010C631-603864 (07-05-2016 15:42:25)
Running from C:\Users\s430219\Downloads
Loaded Profiles: S430219 (Available Profiles: S430219 & OfflineUser & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Novell, Inc) C:\Program Files (x86)\Novell\CASA\bin\micasad.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Novell, Inc.) C:\Program Files (x86)\Novell\ZENworks\bin\ZenworksWindowsService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device ... Read more

A:Fake Window Processes - PresentationHost.exe / msiexec.exe etc. w high CPU Usage

Hello DavidClaus and Welcome to the BleepingComputer.
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
Ensure your external and/or USB drives are inserted during always the scan.
If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator the computer. How is open as administrator the computer?
Dis... Read more

Read other 3 answers
RELEVANCY SCORE 64

My version of Windows: Microsoft Windows XP, Media Center Edition, Version 2002, Service PackI have listed exact text for several Windows that popped up with error-type messages at the end of this post.What I was doing that led to the problem? Earlier in the day I was uninstalling Internet Explorer 8 (IE8) because I was having an unrelated problem with it's search bar not working for me. I wanted to uninstall it and then reinstall it to see if that would fix the problem. Once I uninstalled IE8 I found that only IE8 was uninstalled and Internet Explorer 7 (IE7) was still on my computer, which also was having the same problem with it's search bar. So I uninstalled IE7 and then had to leave for a while, without being able to reinstall IE7 and IE8. Later that night I was using Internet Explorer (I am guessing it is Internet Explorer 6, but I cannot find any Internet Explorer listed under my "Add or Remove Programs" under the Control Panel) to buy some RAM for a different computer of mine. All of a sudden I came to a website (I do not remember which site it was) that made all kinds of fake alerts appear.Additional problems and my attempt to solve them... If I remember correctly, the first thing I did was shut down my computer hoping the problem would disappear upon reboot. Of course it did not, upon reboot my McAfee Internet Security popped up the window for "VirusScan On-Access Scan Messages" which said it had discovered a virus/trojan. I d... Read more

A:Various (about 15) Bad Image Windows Appear Upon Window Start Up, Following Attempt to Remove fake alert Virus

It appears you have a rootkit infectionWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary Mirror
Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Riight-click on rootrepeal.exe and rename it to tatertot.scrOpen on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Read other 1 answers
RELEVANCY SCORE 62.8

Window Media Player is a strangely behaving when I try to play either audio CD or Video DVD.
Some times I could play audio CD and sometimes I can record CD and save it in my personal computer. 
May I doing something wrong?

Read other answers
RELEVANCY SCORE 62.8

Whenever I add an attachment to my emails, and even here on your website when I uploaded the attached pics, the 'Choose to Upload' pop-up window containing (in this case) my pics ALWAYS (but never used to) opens in the Details mode instead of Thumbnails where I can actually view the pics to be attached prior to attaching them.
I would like the default setting for this occurrence to obviously be in the Thumbnails mode.

In a related issue I would also like to be able to load more than one pic at a time when attaching pics to emails, etc...
Is there such a setting?

Thanks for the assistance
 

A:Default Settings for 'Choose File To Upload' Window, Window displays 'Details' vs 'Th

Read other 15 answers
RELEVANCY SCORE 62.8

Hi Everyone,

I am not sure which Windows update caused this, but ever since that download, whenever I close a window, the little blue disc keeps turning until the window DOES finally close. (Hope you understand what I'm saying.) This happens after closing EACH window, ALL the time.

Essentially, it takes a few extra secs for the closed window to really close. It's irritating/frustrating because I don't know how to fix it. I've put as much of my comp's info in my profile as I know or could find. Have been working with comps for six or so years. Not a total dummy, help alot of friends , and always reaching to learn more.

Have never seen this problem anywhere or it would be fixed by now, lol Can't STAND the waiting it causes til I can move onto something else.

Any suggestions?? PLEASE???

CompInfo: Vista Ultimate, IE8--See Profile for more.

I thank you for your time.

A:Closing a window causes little blue disc to turn til window finally DOES close

Welcome
Lets try two steps to see if we can fix the problem
Assuming that you are using IE go to>tools>internet options>advanced>resest and see if that helps.
Second try with clean boot to see if some software is behind the problem
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
If it works follow the instructions to find the precise cause

Read other 6 answers
RELEVANCY SCORE 62.8

Been messing with this for days. When I open the Control Panel I do not have the option to switch the view on the left side pane. All that is there is the See Also window. I went to view, Toolbar, Customize and added the views icon to the toolbar. As long as I keep the customize toolbar box open and move it up or down I can see it on the toolbar. Once I close the Customize Toolbar window the view icon grays out on the tool bar. My back button is the same way. I checked in another users window and the control panel is fine. I have Windows XP SP3. I am the Admin on the PC. Any help would be great.
 

A:Category and Classic view window missing on Control Panel window

In the Control Panel window click on the Tools tab > Folder Options, click on the "Show common tasks in folders" button and click OK or Apply. That should restore the Category and Classic View options.
 

Read other 8 answers
RELEVANCY SCORE 62.8

I used to be able to hit cntrl-n and open multiple windows, but now, it opens in the same window. I was pretty sure there was an option in internet tools to change this setting, but cannot find it. Can someone please help me?

I'd greatly appreciate it!

Thanks in advance!
 

A:Only able to open one browser window at a time..cntrl-n opens page in same window

Read other 6 answers
RELEVANCY SCORE 62.8

I don't remember how long ago I submitted this problem, but it does not appear to have been addressed (or if it has I cant find the reply) I still have field within the properties box which do not have corresponding columns within the Explorer window. 
I seems to me to be a real case of the left hand not knowing what the right hand is doing as whoever designed these two items didn't exchange details. This was my original query "
Using Windows 10 / .wma & .wmv "properties" fields / Folder and file display columns. There are two fields in the properties
box "Content provider" and "Group description" which do not have corresponding columns within the folders. As I use both boxes, what do I do>" Nothing has changed!

Read other answers
RELEVANCY SCORE 62.8

well i ordered a studio xps 9000 and i forgot to ask my dell salesperson about how my free mcafee subscription be renewed if i install a window 7 free upgrade from a window vista?well my mcafee free subscription be gone forever or is there a way for me to get it back???

A:mcafee free suabscription be gone forever if install window 7 from window vista?

Me too

Read other 1 answers
RELEVANCY SCORE 62.8

Hi,
Thanks for all the help. I want to make my shorcuts start programs and windows (In WIndows Xp Pro SP3) at a certain position and with a certain size.

For instance I want to open Excell at position 20,30 (x,y) with a window size of 750 x 200, or maybe a internet explorer window at position 129, 357 with a window size of 562 x 397.

I gave the odd numbers in the example so that people responding will understand that I want CUSTOM SIZES. I know how to set the shortcuts to start maximized and minimized and also window tiling. That's not what I'm talking about. Does anyone know of shortcut switch that I can use?

For instance in some games if you want to start the game with cheats enabled, you put "-devmode" after the directory path in the "target" box of the shortcut properties.

Is there any other way?

There is an awesome program called "Montage3"
http://www.ideaxchg.com/montage/

which I use, but isn't exactly what I'm looking for. Please help out.

Read other answers
RELEVANCY SCORE 62.8

i couldnt think of how to describe it for the title easily and I am about to go home to maybe tomorrow I will work it out.

My Vista box is currently demonstrating curious behaviour. When I open IE7 I select a favorite and it opens a new window with that favorite in it. If I do a search with my default provider in the original window, the search results appear in a new tab in the second window.

The second window does not display this behaviour. It works normally with my standard settings - open favorites in the current tab.

Again, favorites chosen in the first window continue to appear in the second window. Search results too.

Running IE7 in safe mode stops this behaviour but I have not installed any new software and I have removed all my temporary internet files/addon settings etc.

Any ideas would be great. Funny old game eh
 

Read other answers
RELEVANCY SCORE 62.4

I have official windows ten installed on my system , But the real time protection of window in window defender does not turn on . what can I do ?

Read other answers
RELEVANCY SCORE 62.4

Hi All - Thankyou in Advance

My issue is all the network can see each other but when u send or transfer to or from the tablet win 10 - It cannot send through wireless network even through you can tend to see all networks name on the network list etc BUT after ping 192.168.1.1 it shows 1st test no response and then 2nd to 4th shows ping 32 and 64 successful etc then I click on network and can see / Send files to all networks or the network you choose etc as Previously but NOW you can send and receive files etc - it will only work after you ping - any ideas how to solve this ? Just a head up i was thinking its along power management in WiFi but it doesn't have a setting for it on window 10 ?
and make things worst after i think about 30 minutes or so you have to ping again to see network etc

It appears something going to sleep mode or power saver mode etc but wifi or network i cannot see any information or power mangement ? Please Help - This is doing my head in !!ha

Also Try drivers update and window 10 update no change

Read other answers
RELEVANCY SCORE 62.4

I have a Lenovo N580 laptop. Last week, I had to do a factory reset (with help from Lenovo Tech Support) because of compatibility problems with new software from my employer and windows 8.1 which is actually worse than windows 8. The compatibility problems caused my screen to go black. When booting, the Lenovo logo appeared and I had a cursor, but nothing else accept a black screen. I tried suggestions found here and the Lenovo help forum, but none worked and the factory reset was the last resort. Now I am back to using Windows 8 (this was actually the second factory reset due to other problems caused by win 8.1).

Anyway, everything is working (for now) and I also have Classic Shell installed. HOWEVER, before this second factory reset, when I had multiple windows open, aero peek worked fine. Now, it doesn't. I followed earlier suggestions of right clicking the taskbar, then clicking Properties, but the box for "Use Peek ..." is dimmed (grayed out) so I cannot check it to enable aero peek.

I got used to this feature in Win 7 and was glad to see it in Win 8, but it is the only feature about Win 8 and 8.1 that I like. Thanks for your help.

A:Window doesn't open full screen when hover over IE window

Right click on the Taskbar and select Properties.

Read other 2 answers
RELEVANCY SCORE 62.4

Hi ,

I am developing a BHO in C# that is using Win32 Window with the toolbar , In all the scenarios in IE6, IE7 XP, Vista and IE8 Xp this window is displaying correctly on before IE window i.e it is showing in front, But in Vista IE Protected mode ON, this window is showing behind the IE Main Window,

How to Bring this window before the IE main in Vista Protected Mode ON.

Is there any security restrictions for this ?

Any Help would be appreciable

Kumaravel

Read other answers