Over 1 million tech questions and answers.

All sorts of problems following Winpc Defender

Q: All sorts of problems following Winpc Defender

Hi, this is my first post on here so apologies if it is in the wrong place or anything? I have tried to find similiar problems to the ones Im having but havent been able to nail it down exactly. Ill try and explain as best I can.A few days ago I got what I think was Winpc defender/Winpc Antivirus, it took over both IE and Firefox and now neither will search properly without redirecting. Having read how to manually get rid of all the associated files I did so but the problem hasnt gone away. The computer now freezes/crashes after a few minutes of being switched on, and any spyware removal programmes I download won't work. I have tried Windows Defender, Malwarebytes, Spyware Doctor, Xoftspy and even Combofix but none will work. After installing when they are selected to run nothing happens whatsoever. The same thing happens with System Restore, it just doesnt react when clicked.I will post a Hijack this log here as I believe thats helpful but to be honest guys I havent a clue what Im doing! Any help is much appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:35:04, on 23/05/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exec:\program files\mcafee.com\agent\mcdetect.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\QuickTime\qttask.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\Program Files\McAfee.com\VSO\oasclnt.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exec:\program files\mcafee.com\vso\mcvsshld.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEc:\progra~1\mcafee.com\vso\mcvsescn.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeC:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exeC:\WINDOWS\system32\ezSP_Px.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Common Files\Teleca Shared\CapabilityManager.exeC:\WINDOWS\stsystra.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Dell Network Assistant\ezi_hnm2.exec:\progra~1\mcafee.com\vso\mcvsftsn.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Grant Archer\Desktop\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061128R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=ukR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/hws/sb/dell-usuk/e...html?channel=ukR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061128R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4061128R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=yy...IRdszRi5l6eVt-MO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: WinInet Class - {39fc2065-c9c7-49cd-8942-44cc2dedc844} - C:\WINDOWS\ieocx.dllO2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeO4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktaskO4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exeO4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exeO4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exeO4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startupO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exeO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exeO4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exeO4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exeO4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exeO4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exeO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Dell Network Assistant.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cabO16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cabO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exeO23 - Service: Google Update Service (gupdate1c9be77c6cfb3fa) (gupdate1c9be77c6cfb3fa) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exeO23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exeO23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exeO23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exeO23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeO23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 13989 bytes

RELEVANCY SCORE 200
Preferred Solution: All sorts of problems following Winpc Defender

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: All sorts of problems following Winpc Defender

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 2 answers
RELEVANCY SCORE 78.4

Yes, this problem started yesterday, when WinPC Defender automatically installed itself on my computer. I'm having a lot of trouble getting rid of it.

I visited a lot of sites with instructions about how to manually remove the virus. The problem is, they tell me to delete folders which I can't find. For example, telling me to delete a certain WinPC Defender folder from Program Files which isn't there for me.

I've tried the malwarebytes program, and I downloaded the setup program, but when I click it, and hit run, it doesn't do anything.

Also, I've tried doing a system restore. The problem is that when I choose the date, and click Next, it takes me to another screen that prompts me to click next to begin the system restore. However, after I click Next, nothing happens.

Can someone please help with some advice? Thanks.

A:WinPC Defender problems...

i had a similar problem with a program called "xp police" and i got rid of it with spyhunter3 by enigma software...good luck...oh you have to pay for the software...30.00

Read other 4 answers
RELEVANCY SCORE 75.6

I consider myself a moderately informed computer user, however I have 2 other people that regularly use my computer and managed to infect my computer. I don't know the extent of the infection, all I know is that one day I turned on my PC and got these "your computer has spyware" messages from dubious sources of programs that I had no knowledge of downloading. I used spybot and I think I got rid of most of the spyware protector 2009 stuff but the WinPC Defender garbage just won't go away. Any help you could give would be immensely appreciated! Here are my logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:56:42 PM, on 3/29/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20583)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exeC:\Program Files\Free Download Manager\fdm.exeC:�... Read more

A:WinPC Defender/spyware protector 2009 problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 7 answers
RELEVANCY SCORE 64.8

Hi, I'm having a problem with a malware called "WinPC Defender" I cannot connect to the intrnet on my computer to get rid of the virus because when I try to open a web page it says "internet explorer cannot display the web page" I have tried everything there is to fix the problem including following instructions on the microsoft website, I have also tried using other browsers.

Can anybody help me to delete the whole of this virus, or just to get my internet up and running again so I can download something to help? thanks.
 

A:WinPC Defender help.

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, lets try a program. You can manually update it as follows:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Download the update from here, and install after you've installed the program:

http://www.gt500.org/malwarebytes/database.jsp

Also, lets have a look at a HijackThis log:

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it ... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

I have been trying to remove the WinPC Defender malware. I have already run the Malwarebytes' Anti-Malware program and removed all but one offending file successfully. I am now unable to get that program to run successfully now, so I cannot post which file that was. It was to be deleted upon reboot. I think it was something to the effect of uacint.dll. Anyways, HJT and DDS will run on the computer without issue and this is my log. Is there anything in here that I can remove to get my pc back to normal? Thanks for your help.DDS (Ver_09-05-14.01) - NTFSx86 Run by Kevin at 11:12:13.78 on Sun 05/24/2009Internet Explorer: 6.0.2900.5512Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1547 [GMT -5:00]============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\Iexplore.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Microsoft IntelliType Pro\type32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Windows Medi... Read more

A:WinPC Defender

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

last night i got winpc defender on my laptop. i have malware bytes on my computer and tried to run it but its not popping up and also im not getting internet to it because of the winpc. the laptop is a IBM thinkpad with window xp professional. what do i do next?

A:winpc defender

Hi and welcome . Let's do these..See if this fixes your connection issues .Go to Start ... Run and type in cmdA dos Window will appear.Type in the dos window: netsh winsock resetClick on the enter key.Reboot your system to complete the process. Some tips to get MBAM to run..Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first***Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..***Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.***Open up command prompt, type in following commands: XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.regsvr32 mbamext.dllregsvr32 ssubtmr6.dll re... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

I brought up my machine this morning and received notifications from WinPC that I was heavily infected. I used a different machine and found the WinPC is malware. I am not sure where it came from but I am sure I would like to get rid of it.

I use a Dell Optiplex, WinXP Pro 2002 SP3, 2.4GHz, 2M RAM.

I went to MSCONFIG and found PCDEFENDER and stopped it from starting. I rebooted and brought the machine up again. I searched on the WEB and found www.2-spyware.comp/remove-winpc-defencer.html. I followed the instructions to remove WinPC. Not all of the instructions applied to my machine. I found the application under my hidden folders and change its name to exe.txt.

I then searched around and found a TechGuys forum. It mentioned installing and running ComboFix. I did that and then read the manual saying that I should not do that. Whoops

I then downloaded and ran HijackThis. I am attaching both logs to this note.

Currently, I have a non-functioning WinPC Defender on my desktop. I also have an a3er5.exe on my desktop and I am not sure where that came from.

I use ZoneAlarm Security Suite to protect my box. The box has been running really slow. This morning I found, installed and ran SpeedUpMyPC 2009. I also have AdAware installed. Today, I upgraded and ran that. I assume the WinPC came from one of those two actions but I am not sure.

I appreciate any help you can give me in cleaning up my box.

Thanks!
 

Read other answers
RELEVANCY SCORE 64.8

Ok ive been working to clean this computer of viruses, malware, spyware and trojans. This computer had zero protection when i got it to repair. It was loaded with problems, the main one being winpc defender. I was able to get rid of the majority of issues but i am still having a BIT OF TROUBLE with it. I have done an etsonline scan, downloaded, installed and updated adaware, avgfree, and spyware blaster. All of these removed different things and the computer is still showing signs of infection. 2 of my favorite programs spybot s and d and malwarebytes, will both install but neither one of them will run when i double click the icons. besides that i dont see any problems and the comp runs pretty well, no explorer redirects and no false alerts. Please advise me what i can do to ensure this pc is cleaned.

A:WinPC Defender and more

Update:

I was able to get malwarebytes running by renaming the executable, .com didnt work but .pif did. It got an error when i tried to update it but it still allowed me to do a scan. here is the results of a quick scan.

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/14/2009 6:54:47 PM
mbam-log-2009-04-14 (18-54-47).txt

Scan type: Quick Scan
Objects scanned: 65859
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) ->... Read more

Read other 12 answers
RELEVANCY SCORE 64.8

In am infected with winpc defender, it keeps on adding popups and I cannot removed it, it is active in my task manager, but has no off buttonplease helpI have a PC with vista home premium, and run Norton internet securityEdit: Moved topic from Vista to the more appropriate forum, due to additional problems described below. ~ Animal

A:WinPC Defender

Here's the tutorial on how to get rid of it:http://www.bleepingcomputer.com/virus-remo...-winpc-defenderIf you have anymore questions or need to have someone review the logs, please post in the Am I Infected? forumshttp://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Read other 3 answers
RELEVANCY SCORE 64.8

Tuesday night I was infected with WinPC defender. I deleted the process, but I'm sure that it's still there. Every google link redirects me to a generic search page with an odd name, my old virus scanner was damaged and won't load up (not sure if this is because of the malware though) and the computer has been quite slow. I downloaded Malwarebytes after reading up on WinPC, but after I install it, I can't get it to start up. I think that it's being blocked. I was going to do a system restore, but then my computer restarted itself, and at the start screen, I can't click on my account. I also can't click on "Turn Off Computer" and after a few seconds, it freezes up. I need that laptop for when I go out of town, and I'm so frustrated right now. I'm not very good with computers... Please help!

A:WinPC defender help?

Hi and welcome to BleepingComputer The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Result... Read more

Read other 14 answers
RELEVANCY SCORE 64.8

Hi.

I have been directed here by a friend as I have no other ideas as to how to get rid of this horrible programme. My PC is almost useless.

I have no idea how it got in or how to erase it. I cannot unistall, I cannot run spybot or do a system restore. Ad-aware does not detect it. My PC is slow its unbelievable. I have to use the guest account and it takes more than 5 minutes to start up.

I am running windows XP. The prograame uses the 4 colour shield as its logo the same as windows security centre.

Any ideas anyone?

Thanks
Paul.

I would be so thankful if anybody could help.
Thanks again.

A:WinPC Defender

Welcome to BCRemoval tutorial:http://www.bleepingcomputer.com/virus-remo...-winpc-defenderThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will ... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

Hi, so i was infected by the WinPC defender and tried to manually delete its files and then used malware to definitely delete all of its traces. Now, I still can't get on my internet browsers. I read in a different forum that I needed to reinstall Windows XP sp2 because of the firewall problems and the tcp/ip problems i seem to have that I think are the ones not letting me use my internet browsers. Well after reinstalling and even updating up to the sp3 i still have the same problem. WHAT DO I DOOOO?!?!?

A:WinPC defender

When I try to change the Firewall settings it says Windows Firewall/Internet Connection Sharing (ICS) service cannot start. I've tried going to administrative tools>settings to try to get the WebClient and other services to start up but they either cannot find the files. WHAT DO I DO?!?!

Read other 1 answers
RELEVANCY SCORE 64.8

I was given a laptop tonight, When I turn it on I get pop ups that say WinPC Defender and tell me it has 24 threats, I know this is malware but my problem is how to get it off the laptop. I cannot connect to the internet to download the removal tool on the laptop. I'm wondering how I can remove it manually or if I can download it to my desktop and put it on the laptop. Thank you and Merry Christmas
 

Read other answers
RELEVANCY SCORE 64.8

Hello everyone,

first off want to say thanks for the service you provide here, much appreciated.
Well it looks like ive been infected with WinPC defender. Im not real computer savvy, but im open to any suggestions as to how to get this removed, thx

A:WinPC Defender

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

Read other 41 answers
RELEVANCY SCORE 64.8

Helo to Everyone here,
I'm nelo55,and looking for some HELP on how to get rid of MALWARE-WinPC Defender! when there ISN'T Internet available.
When installing from CD-ROM,or USB,or Desk top,the programs I trying to use(MalwareBytes,Spyzooka,PC-Tools)to clean this
malware,they all get frozen!!! Any Ideas for those with similar Experiances/or Know-How to do clean it?..Appreciated.

A:WinPC Defender?

Have you tried to run Malwarebytes directly from the CD?Also try from safe mode. to install it and run it for now. If it works post back the scan log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 2 answers
RELEVANCY SCORE 64.8

got an e-mail from my brother.......... had a nasty bug in it. installed a fake maleware program i cant seem to get rid of.

DDS (Ver_09-03-16.01) - NTFSx86
Run by kagera at 11:40:06.56 on Sun 04/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2046.953 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081123-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software&#... Read more

A:winpc defender

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

I have a computer that seems to have been taken over by the WinPC Defender malware. Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:41 AM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpSc... Read more

Read other answers
RELEVANCY SCORE 64.8

How do I get rid of WinPc defender? My computer is a hp pavilion DV8113CL. I have attached a Hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 10:33:54 PM, on 3/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Michael Heun\Application Data\pcdefender.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Pro... Read more

A:WinPC defender

Read other 7 answers
RELEVANCY SCORE 64

Hello BC,

A couple of days ago my pc was infected with the WinPC Defender Virus. I've downloaded Malwarebytes but cant run it. The same with SpyBot S&D and SmithfraudFix, Combo Fix, SDFix etc... I also tried to run these from a removable flash drive but it controls that also. I also tried to rename the files and nothing and tried Safe Mode and nothing. I did manage to run Dr Web Cure It and ran a full scan in safe mode and created a txt file. It did fine lots of viruses but it couldnt cure them. I also managed to install AVG AntiVirus but it wont let it update. When I'm on the net and try to access this website or others for help it redirects me every time. It has control of FireFox and IE8. However, I also have the MSN browser and thats how I am able to write this post. I think this is a way through but i thought id reach out to you guys for help. I hope you can. Thanks in advance for all your hard work. Below is my DDS txt file and the Cure it Report.

Here is the DDS.txt

DDS (Ver_09-03-16.01) - NTFSx86
Run by Marcelino at 23:17:49.35 on Tue 03/31/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.313 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:... Read more

A:Infected with WinPC Defender

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 2 answers
RELEVANCY SCORE 64

I am trying to fix a friend's hp mini running winxp.has problem with winpcdefender pop-ups all over the place.I killed the process in task manager and the pop ups have stopped but want to clean any other crap/junk off of it.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:19:42 PM, on 5/31/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Internet Explorer\Iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeC:\Program Files\AskBarDis\... Read more

A:winpc defender problem

Hello, daryl_ks.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

Read other 3 answers
RELEVANCY SCORE 64

I am working on my friends computer, and her roommate downloaded i believe winpc defender. I have attempted (and failed) to install spybot S&D (it wont turn on, other than teatimer, which lags the system down), installed avg free, and lavasoft adaware free. the installed programs are current as of monday 4/13. i have run adaware and avg in safemode with networking enabled and normal windows, and both programs have found and attempted to remove several infections. i have a copy of ag's last safemode scan called avgrep.txt available. i hae taskmanager running and a copy of iexplore.exe randomly opens and sucks up about 32 MB of memory and a little bit of processing. i have done what i can, and would appreciate any help you can give me. dds follows and attach.zip, is...:
DDS (Ver_09-03-16.01) - NTFSx86
Run by GW2K at 19:29:07.82 on Wed 04/15/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101676&l=dis
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSear... Read more

A:winpc defender, UACeybwdqbs.dll, and others

Please download SDFix by Andy Manchesta and save it to your desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please reboot into Safe Mode In Safe Mode, right click the SDFix.zip folder and choose Extract All, A new folder will be extracted to your %systemdrive%, typically C:\SDFix Open the extracted folder and double click RunThis.bat to start the script. Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files. When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons. Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.NEXTPlease make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1Link 2Link 3Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.If ComboFix asked ... Read more

Read other 7 answers
RELEVANCY SCORE 64

Hi Folks,First of all, I have read posts, etc. here for some time and have received good advice - this is my first post, though.Skip to the chase:I have been working on a friends computer. He infected his computer with the WinPC Defender virus. I volunteered to help him get rid of it. I started with Malwarebites' Anti-Malware and that seemed to get rid of the meat of the infection, or at least the primary effect.Whether or not it was at this same time or not, he also seemed to be infected with a Google redirect virus. I took a look at the HiJack This report and saw the issue: the HOSTS. file was packed with Google redirects. After I figured out how to edit the HOSTS. file on Windows XP Home (what a pain this is...), I removed all of the entries except for the standard localhost one. Along the way, I installed AVG Free edition since he did not appear to have any ongoing Antivirus protection.So, I just wanted to check here to see if any of you guys see anything in the log files that still seems awry before I give this computer back. Apologies for not doing things in the proper order as I did not run DDS but ran HJT instead.Thanks in advance!HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:40:12 AM, on 10/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\se... Read more

A:WinPC Defender removal

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 64

While watching videos yesterday, I found one that required me to download "hero-codec." After searching it and finding nothing, i downloaded it. Afterwards, the video applet said i needed to download "249.exe" foolishly, assuming it would also be safe, I downloaded it. Using my download manager, I double clicked on the exe and it redirected my current web browser into a new tab to a web page with a pornographic video and some sort of search engine that had "porn" typed in. I exited the tab, and on my desktop was a shortcut to "WinPc Defender." I immediately got an alert from the fake antivirus and I ignored it. In order to minimize any damage that could be done, I shut my computer down.

I have tried running Malware Bytes' Antimalware, but after clicking on any 'exe' having to do with mbam, my cursor appears with the hourglass (not just the hourglass alone) and turns back into just the regular pointer after a while, but nothing is executed. I booted in safe mode, to try to run SuperAntiSpyware, MBAM, or AVG Free 8.0. None worked. Same problem on MBAM, and SAS had to 'quit unexpectedly.' I sent the error report. After attempting to boot AVG free, an error mesage stating that reinstalling the software should fix the problem.

I looked up the virus on various websites, finding that MBAM would be the most likely candidate for removal. So I first uninstalled MBAM from my infected computer, and then used a CD with the... Read more

Read other answers
RELEVANCY SCORE 64

Hi,

My Dad (300 miles away) called w/computer issues. From what he is telling me he clearly has WINPC Defender on his computer. Popping up all kinds of fake virus complaints.

I had him browse to teamviewer so I could take over his computer. He was unable to download the SETUP.EXE that would install the TeamViewer on his computer. It sounds like WINPC Defender is blocking the download and claiming the SETUP.EXE is infected (NOT).

I then had him try to download malwarebytes - same deal, install was blocked.

I had him start computer (XP) in safe mode with networking. I was able to install malwarebytes but the install locked when the progress bar got to 100%. Software appears installed but does not run.

I had him go to Teamviewer and that installed as well but when we attempted to start a session where he shares his desktop with me it appears that we connect but his desktop does notdisplay on my computer. I shared my desktop and he was able to operate my computer but that's no help.

I'm very computer savy but don't have the patience to walk someone through deleting files and registry settings. I would like to either operate his computer remotely or provide him with an executable that can run.

When I allow him to boot to normal mode and try to use these "installed" programs they do nothing.

Is WINPC Defender so sophisticated that it can block software installation and execution of certain programs?

Thanks for any advice
 

Read other answers
RELEVANCY SCORE 64

I am having a serious issue with my Dell Vostro 200 PC running Windows Vista Home eddition. Recently, a family attempted to download something, obviously unkowning what he was doing... anyways, I now have "WinPC Defender" running on my computer, it restricted all my administrator rights, including the task manager and other process utilities. I am unsure how to correct the issue, but I'm sure it is correctable, knowing that most viruses and malware are. Also, most of these malware programs do not work with this virus, not letting me update the programs, due to this virus I assume. Any help would be appreciated, I am sure there are other instances such as this you've all dealt with. Thank you again, - Brian.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:47 PM, on 4/21/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Intern... Read more

A:WinPC Defender - Serious Problem!

Quick Update:

I downloaded the "Dr. Web Cureit", which helped in this situation: http://forums.techguy.org/malware-removal-hijackthis-logs/811192-winpc-defender.html

At first, this virus would not allow me to open task manager, run malwarebytes or Combofix. After running the Dr. Web Cureit, it now gave me access to these programs... however, it disabled my internet connection somehow. As of right now, I do have the log from Combofix, and I am currently running the malwarebytes program right now. I will save the logs from that scan as well. After that, I will be restarting to post the logs. Also, I will be running McAfee to check for any further viruses stemming from this WinPC Defender...

Does anyone have any further advise? Will these 2 programs remove the program and remove the problems with my computer? I can already see effects from the Combofix. In other words, should I remove registry entries, and block the WinPC Defender websites in my "hosts" file. Actually, I did try to edit the "hosts" file, and it wouldnt allow me to overwrite it... for some reason or another. I am kind of figuring it stems from this current problem.

Until then, i will fix all issues found with malwarebytes, and I will post the logs. If anyone has any advice for me to completely rid my machine of this problem, it would be more than appreciated! Thank you to all the volunteers who help people out on a regular basis, you truly deserve to be commended.
 

Read other 2 answers
RELEVANCY SCORE 64

This is my first time here so I hope I do this right! I unforunately got WinPC Defender on my PC which is an HP compaq NC8000 and my OS is XP Pro SP3. When I looked for a solution I downloaded Spydoctor, but unfortunately, nothing could be fixed until I became a premium member which I cannot afford at this time. I then downloaded Malwarebytes Anti Malware but when I go to open it it won't. In its properties menu "Start in" section is empty. I then downloaded Spybot search and destroy and again it wont open, but there is an active icon down in the right corner saying that new process are being scanned. This has been for 3 or 4 days now still scanning. My computer is and is freezing all the time. Also when I search in Google it redirects me to all kinds of different search sites. Can someone help me...I might be new at this, but I would say I am infected! Thankyou!

A:It All started with WinPC Defender

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it and changing the file extension.Right-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Read other 1 answers
RELEVANCY SCORE 64

Hi all,

I have managed to be infected with WinPC defender and have downloaded Malwarebytes removal tool however the program will not install. I have tried running process explorer and have 'killed' the WinPCdefender.exe but this has not fixed the problem. Any ideas out there?

A:WinPC Defender malware

I have now gotten rid of the WinPC defender by using drweb but there is something else that has hijacked all my browsers and my PC is running like a dog, freezing when loading windows, freezing when opening browser, redirecting any google search to random sites. I can't get any malware remover tools to run. so far I have tried spyhunter, malwarebytes, gmer and spybot without any success in launching. My virus protection Norton 360 has detected trojun.Metajuan but is unable to repair (details read globalroot\systemroot\system32\uacmqwihjup.dll browser cache. I have run process explorer but don't know what to do with the info.

I am at a loss as to what to do next.

nic1

Read other 2 answers
RELEVANCY SCORE 64

Opened an email from a friend and clicked on a rapidshare link and it went all down hill from there. I ran MBAM a few times in safe mode but now it's just to much for me to handle. Here's the link I clicked if it helps. link deleted. Please do NOT post live links to malware here. We do not want others to get infected with itAny help is appreciated.DDS (Ver_09-03-16.01) - NTFSx86 Run by Jefff at 18:32:59.79 on Wed 04/08/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1352 [GMT -4:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)FW: Norton Internet Worm Protection *disabled*============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files&... Read more

A:WinPC Defender infection

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 12 answers
RELEVANCY SCORE 64

I installed and ran combofix. This is the diagnostic report it filed after completion. What do I need to do with this to remove this junk from my pc. It's a DELL DIMENSION E310.

ComboFix 09-03-30.04 - PHILIP 2009-03-31 11:27:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1334 [GMT -5:00]
Running from: c:\documents and settings\PHILIP\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\PHILIP\Application Data\FunWebProducts
c:\documents and settings\PHILIP\Application Data\FunWebProducts\Data\PHILIP\avatar.dat
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\162059BB.urr
c:\program files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
c:\program files\FunWebProducts\Shared\Cache\MailStampBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\p... Read more

Read other answers
RELEVANCY SCORE 64

Driving me crazy

Windows XP

Have downloaded Spybot, Malwarebytes and comboFix and none will run.

AdAware finds WinPCTrojan Olmarik but cannot delete it.

Spyware Doctor runs but doesn't delete it.

Oh yes, my USB ports don't work anymore with my USB backup. Does work just fine on my other computer.

Really need some help.

Thanks
 

Read other answers
RELEVANCY SCORE 64

Hi, I got my own copy of winpc defender this weekend. I think I'm almost thru it but not sure. I ran malwarebytes once in the fast setting. It found lots of issues. Fixed them. Onreload I found my userinit.exe gone so I couldnt log in. Dealt with that. Then the system was painfully slow and horrible to use. I reran the malwarebytes program which found more issues. I think something is still afoot. Here is my file. The unknown file in winsock is very suspicious.

Any tips greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:34 PM, on 3/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\edison\edsvc.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\emergedesktop\Emerge Desktop\emergeCore.exe
D:\emergedesktop\Emerge Desktop\emergeTasks.exe
D:\emergedesktop\Emerge Desktop\emergeTray.exe
D:\emergedesktop\Emerge Desktop\emergeDesktop.exe
C:\Program Files\Java\jre1.5.0_09\b... Read more

A:winpc defender weekend of joy

Could anybody tell me if I should delete the
O10 - Unknown file in Winsock LSP: ws2lspx.dllitems
 

Read other 1 answers
RELEVANCY SCORE 64

This is my first time here so I hope I do this right! I unforunately got WinPC Defender on my PC which is an HP compaq NC8000 and my OS is XP Pro SP3. When I looked for a solution I downloaded Spydoctor, but unfortunately, nothing could be fixed until I became a premium member which I cannot afford at this time. I then downloaded Malwarebytes Anti Malware but when I go to open it it won't. In its properties menu "Start in" section is empty. I then downloaded Spybot search and destroy and again it wont open, but there is an active icon down in the right corner saying that new process are being scanned. This has been for 3 or 4 days now still scanning. My computer is and is freezing all the time. Also when I search in Google it redirects me to all kinds of different search sites. Can someone help me...I might be new at this, but I would say I am infected! Thankyou!

A:It All started with WinPC Defender

Instructions are here:http://www.bleepingcomputer.com/virus-remo...-winpc-defenderIf you need further assistance, I would suggest opening up a new topic here:http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/Explain your problem, steps you have taken, and any other information...The folks there are specially trained on how to properly remove these nasties...

Read other 2 answers
RELEVANCY SCORE 64

Hello, Here is my Hijack This log after I got hit with WinPC Defender. I've tried to install Malwarebytes' Anti-Malware but I can't seem to get it to install. The Security Center is disabled and I've no access to the Task Manager. Thanks for the help in advance. Cheers, Jack Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:02:47 AM, on 4/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\HP\KBD\KBD.EXEC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Caere\OmniPagePro90\opware32.exeC:\WINDOWS\LTMSG.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Hewlett-Packard\HP Softwa... Read more

A:Posting Log - Hit with WinPC Defender.

Hello & Welcome to TSFPlease Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Options, then click Track this topic. Make sure it is set to Immediate Email Notification, then click Proceed.In the meantime please note the following:Any recommendations made are for your computer problems only and should NOT be used on any other computer.Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.If you get stuck or are unsure of something please ask for a further explanation, do not guess.It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abando... Read more

Read other 2 answers
RELEVANCY SCORE 63.6

i have a dell laptop that is slow and infected with winpc defender...

i cant run any anti malware scans malware bytes doesnt launch and neither does
spybot, (not that i think that would help anyway)

i have looked up removal (manual) but none seem correct
(cant find files or reg entries) that they talk about.

can anybody help me with genuine removal please///
 

A:winpc defender causing bother...

Read other 6 answers
RELEVANCY SCORE 63.6

Please see the below log;Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:15:14 AM, on 23/03/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Java\jre1.6.0\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApVxdWin.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\System32\rundll32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Windows\ehome\ehtray.exeC:&... Read more

A:hijack this log for computer with WinPC Defender

Please help.

I have been running various spyware programs and t hey haven't caught anything. Adaware and Malware bytes. For some reason I haven't been able to download the updated definitions for these programs, so they aren't finding anything.

Thanks in advance.

Kyle

Read other 4 answers
RELEVANCY SCORE 63.6

i have a dell laptop that is slow and infected with winpc defender...

i cant run any anti malware scans, malware bytes doesnt launch and neither does spybot, (not that i think that would help anyway)

i have looked up removal (manual) but none seem correct
(cant find files or reg entries) that they talk about.

can anybody help me with genuine removal please///

A:winpc defender causing havoc...

Most of the cleanup tools will run from Safe Mode. This is often a necessary step for troublesome cleanups.

Read other 3 answers
RELEVANCY SCORE 63.6

I followed all instructions for removal of Win PC Defender . Steps 1 ,2 ,3 ,when I try to open from desktop it opens and then immediately closes. What Now ?

A:WinPC Defender won't allow me to open MBAM. What Now ?

Hi, let's try it this way and then post the scan log here.Run RKill and then MBAM immediately.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.

Read other 3 answers
RELEVANCY SCORE 63.6

winpc defender causing bother...
i have a dell laptop that is slow and infected with winpc defender...

i cant run any anti malware scans malware bytes doesnt launch and neither does
spybot, (not that i think that would help anyway)

i have looked up removal (manual) but none seem correct
(cant find files or reg entries) that they talk about.

can anybody help me with genuine removal please///

here is my hj log:

Logfile of HijackThis v1.99.1
Scan saved at 20:59:58, on 30/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program F... Read more

A:winpc defender causing bother...

Closing duplicate.
 

Read other 1 answers
RELEVANCY SCORE 63.6

Hello-- I have a laptop that is infected with WinPC Defender. It has several of the symptoms listed on The BleepingComputer homepage. It has The WinPC Defender "Program" showing up with fake firewall warnings and virus threats. I believe the browser is hijacked as well because when I attempted to download MalwareBytes(I googled Malwarebytes and clicked on the result for it's homepage) and the browser just shuts down. I then downloaded Malwarebytes and Hijackthis from a differrent, uninfected computer onto a flash drive, copied them to the infected computer and tried to install the programs. MalwareBytes will let me get to the first step of installation where it asks for you to choose the setup language....but after I choose english and click "OK" the window just closes and the installation will not continue. When I attempted to install Hijackthis nothing at all happens. I just click on the .exe link for Hijackthis and nothing happens. It was suggested to me to try changing the file name so I redownloaded from a safe computer, changed the file names, and tried to run them on the infected computer with the same results for both programs . I have no logs to post because I cannot get the programs installed. Can you help me with this issue?? As always thank you for your time and help.

A:Badly Infected with WinPC Defender-Please help

If mbam won't install or runSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

Read other 15 answers
RELEVANCY SCORE 63.6

This computer is infected with Winpc Defender. I had to put malwarebytes and combofix on a cd and copy them to the hard drive because I could not get an internet connection. When I try to install, nothing happens. I have tried in safe mode and in standard mode. Spybot is installed but will not run. Ad-aware runs and detects a trojan, but that keeps coming back.

What program can I install to start the clean process?
Help
thanks
DD

A:winpc defender virus/ Moved

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.PLEASE DO NOT NOW POST LOGS unless a log is specifically requested.I had to put . . . combofix on a cdPlease note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created. There is a good reason to do that when you have a severe infection--but if you aren't infected you might need... Read more

Read other 28 answers
RELEVANCY SCORE 63.6

The WinPC Defender pop up appeared a couple of days ago and I used Malwarebytes Anti-Malware to get rid of it and it did for a bit. I also used AVG and Spybot to clean up what they could. I had one more eposide of the pop up and ran all three progs again and it seems clean right now.

Two residual issues remain. One is that a number of programs that ran at startup and placed icons in the start up tray stopped working (one was Spampal and a couple of others but I've uninstalled and replaced the ones I wanted). The other issue is that I can no longer open data for my Simply Accounting files. The data I believe is stored in MySql format. I have reinstalled Simply both on this computer and on another one. Both can't open the files (symptom is that it stays on the 0%-1% stage and ties up the computer) On the clean computer I can open the sample data which leads me to suspect that the files have been put into a read only mode or something similar.

I do have a high jack log and can upload if that's relevant.

Thanks,

Jack
 

A:WinPC Defender removed, having some after affects

Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:38 PM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\SCANJET\PrecisionScanPro\HPLamp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Twain_32\Samsung\SCX4x28\Scan2pc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Hello I got on my son's pc yesterday and found he had a rootkit called winpc defender. i downloaded superanti spyware and removed the infection but now can not connect to internet because the winsock in the registery is messed tried a hundered things to fix and was hoping you guys could help.
the computer is running windows xp. Can not run the gmer program it will not start.

here is the log file.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Alayna at 15:26:04.10 on Mon 04/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090213-0] *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDis... Read more

A:WinPC Defender removed winsock corrupt

Hello and welcome to TSF.

Sorry to inform you but one or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

========================

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of mal... Read more

Read other 17 answers
RELEVANCY SCORE 62.8

This is my first post on malware.

I am running a Dell Dimension XPS GEN 5 3.2Ghz, dual CPU, RAID config Window/XP Media edition with updated patches applied.

Contracted WIN PC Defender rogue and was trying to remove and in process it disabled my McAfee Security Center and Spybot/SD.

System is unstable, sometime freezes, at startup, and Google toolbar installer issues a pop-up on a fatal error which i suspect is a symptom of something else.

Can someone tale a look and tell me the offenders that should be deleted ? Also, I am getting a windows update constantly which I suspect may be malware disguising itself as a Microsoft update. Any thoughts on this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:37 PM, on 4/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\B... Read more

A:Infection started with WinPc Defender ... need next steps

I am making allot of progress on this problem, (although Win PC Defender is still on my machine it is not making trouble) system is running OK, but would like a expert to comment on hijack log.
 

Read other 1 answers
RELEVANCY SCORE 62.8

Recieved an e-mail that had a link that downloaded and install WinPc Defender. I did not executed the software and attempted a virus spyware removal process. Cleanup most of WinPc Defender but unable to access the internet. Windows Firewall/Internet Connection Service not running. Cannot find -k netsvcs executable.

Would like assistance with the cleanup of this issue.
DDS (Ver_09-03-16.01) - NTFSx86
Run by Creed at 8:01:28.84 on Thu 04/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Pro... Read more

A:Winpc Defender Installed and Particially Removed

Hello cruck123 .You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!These steps are for member cruck123 only. If you are a lurker, do NOT try this on your system! If you are not cruck123 and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use! Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.This system has a large amount of Vundo. I'd like to have you start with the following tools & procedures.=Close any of your open programs while you run these tools.Next, Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Next, Take out the trash (temporary files & temporary internet files) Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.Start ATF... Read more

Read other 17 answers
RELEVANCY SCORE 62.8

I've got myself into a right pickle i've read all the instructions on how to remove it but it's still on my system. Malwarebytes doesnt run for me and i dont know what to do! help me please.

A:WinPC Defender is Making My Life a Misery!

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it and changing the file extension. <- click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.

Read other 10 answers
RELEVANCY SCORE 55.6

So I let my uncle on this computer and somehow he got this programme on my computer. at first I thought it was a windows programme but then today I googled it a bit and saw it was a fake.

I had troubles starting up my computer (I get a black screen after turning on my computer - not at windows yet)
I had troubles with starting mozilla (I deleted it and installed oprah and it works good)
Got problems with starting programs I download like malware stuff to delete this.
Maybe some more which I haven't figured out yet.

So what I did so far is :
running multiple online scanners since avira and nod32 gets buggy (most likely because this trojan kills my comp.)
tried some manually guide but it didn't work, I had to delete 1234.exe but couldn't find it at processes.

So my question is how to fix this. I don't wanna formate my hd because I lost the cd for installing certain drivers. Also I'd like my comp as it use to be. Help would REALLY be appreciated asap cause I think my computer is getting worse and worse
 

Read other answers