Over 1 million tech questions and answers.

Tracking down cause of "Suspicious authentication failures" alerts

Q: Tracking down cause of "Suspicious authentication failures" alerts

Our site is currently testing the ATA product and we have been receiving random alerts on different servers

Suspicious authentication failures
Reason:
Excessive number of authentication failures from %server name% for %domain admin% who wasn't observed logging int %server name%

failures are from a production server and failing to log in against the domain admin account.


I have checked the servers event logs application/ system / security and i do not see anything around the times that it is reported.
I have looked at services on the server and nothing is configured to run as the account

I have checked the task scheduler and there is nothing set to run as this account.

i used auditpol.exe to enable these additional subcategories (both success and failures) but still am not seeing anything in the security event log.

Kerberos Authentication Service
Kerberos Service Ticket Operations
Account Lockout
Logoff
Other logon/Logoff Events
Special Logon

What can i do to track this down and prove that its a false positive or correct the issue, from the message on the alert it seams that the server in question is attempting to authenticate

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Tracking down cause of "Suspicious authentication failures" alerts

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 100.8

To whom it may concern,

Today I began receiving pop-ups that appeared to be related to the Windows Firewall under the heading "Security Center Alert" that warned of a piece of suspicious software called "Sinowal.Trojan" on my computer and gave me an option to "Enable Protection". The aforementioned link takes you to a website for Perfect Defender 2009; some sort of rogue anti-spyware lookalike, apparently. At any rate, I can't get these stupid pop-ups to go away (they respawn every 10 minutes or so) nor can I get certain applications to work properly, like Mozilla Firefox and Thunderbird. The only browser I can use is Safari, and it's been crashing a good bit as well. MalwareBytes hasn't been able to fix the problem, and I recently found your website in hopes of figuring this out once and for all. I just want to get rid of this malware. Here are the requested logs. I received an error when trying to attach "Attach.txt" that reads: "Upload Errors
Attach.txt:
Attachment in Progress. Can be deleted here."

Thank you very much for your help and for donating your time!

Sincerely,
J. Addison


DDS (Version 1.0) - NTFSx86
Run by jaddison at 22:28:51.51 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1354 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomL... Read more

A:False Security Alerts (pop-ups) for alleged "Sinowal.Trojan"; suspicious links

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that.

Read other 19 answers
RELEVANCY SCORE 86.8

I have an issue with the "Velocity Scale" under "Brush Tracking" in Painter X while using my Wacom Intuos 3. My Wacom Properties are set to the the default. All of the other scales in "Brush Tracking" are pretty dynamic all across the board but the "Velocity Scale" only moves between 0 and 3. I managed to get it up to 4 one time but I don't know how. It looks like it should be able to reach 100 and the farthest its gone up to is 4.

What does this mean? What is the "Velocity Scale"? Is it supposed to be acting this way or is my pen or tablet broken? If so, is there anything I can do to fix it?
 

Read other answers
RELEVANCY SCORE 85.6

I've been having issues with these 2 cookies I've been detecting on my Norton scan called "MyNameHere.atdmt" and "Orphan Cleanup".
I deleted my temp files and ran CCleaner and a few other cleaners and it's still there.
Here's my HJT log.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:55 PM, on 01/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Search Settings\SearchSettings.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.micros... Read more

A:2 Tracking Cookies that I can't get rid of: "Orphan Cleanup" and "atdmt"

Bump
 

Read other 3 answers
RELEVANCY SCORE 77.2

I have been fighting a problem for years that I may finally have a clue about. If you access a network resource, turn on offline flies for any file or folder, and do not save your authentication to that remote system -- Offline Files will
never allow that system to prompt you for authentication ever again.
I have a Windows 7 Pro installation on a laptop that switches networks very often and I've tried to use Offline files to manage file access while I'm off of a particular network. The laptop is not joined to a domain and access remote files through UNC shares
like \\computer\share.

Typically what I experience is that after connecting to the network, Sync Center Offline Files refuses to acknowledge the remote system is available. All synced files that you've made offline can be accessed, but non-synced files are inaccessible. I can
ping the system successfully, and I can access the share from another computer confirming it is
absolutely operating and available. Sync Center > Offline files shows the system as "Disconnected:"

"Work Online" disappears and no longer becomes an option when browsing the offline folders in question. There is absolutely no way to convince sync center it can reconnect even though it can.

I think I discovered the underlying problem after throwing my hands up and turning off online files permanently. As soon as I disabled offline files, rebooted, and tried to access the same network resource -- I got a username /... Read more

Read other answers
RELEVANCY SCORE 76.8

Will smart card authentication create a false positive alert within ATA version 1.7 for the alert titled "Encryption Downgrade Activity"? I'm trying to confirm some information that purportedly came from Microsoft employees
demonstrating ATA during a conference some time ago. If so, what is the technical reason for this false positive? My understanding is that when a user authenticates with a smart card (using Kerberos with AES TGT
encryption) and while logged on subsequently authenticates to a resource using username/password (for example using Run-As/User Account Control to perform administrative tasks), the TGT ticket request for the subsequent Kerberos TGT encryption type
is downgraded to RC4. Why the downgrade?

Read other answers
RELEVANCY SCORE 76.8

How can I manually (through the registry?) turn on "Forms Based Authentication" for Exchange (HTTP)?

Windows 2003 SBS, Exchange 2003 SP2. Thanks!
 

A:Exchange "Forms Based Authentication" in Registry

Thanks to:
http://www.petri.co.il/using_fba_without_ssl.htm

Follow the steps outlined in the Configuring Forms-Based Authentication in OWA and Exchange 2003 article on general instructions on how to configure FBA.

To configure forms-based authentication to work without SSL for your development environment:

Open Registry Editor.

Go to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeWeb

If it does not exist, manually add an OWA subkey to this key.

Under the OWA subkey, add a DWord value named AllowRetailHTTPAuth and give it a value of 1.

Quit Registry Editor.
He said he would give me a cookie, Now I don't want any electrical kind of cookie. Some chocolate one with huge chocolate chunks would be nice. And it has to be dark dark brown, none of this semi brown non-sense.
 

Read other 2 answers
RELEVANCY SCORE 76.8

Hi,

I've had a wireless problem with my laptop for the last 6 months and despite several attempts to get it working, it just won't connect.

I've enabled DHCP, tested the card and it's fine, checked my key has been entered correctly, configured my router, and everything looks fine. I just can't see what's happening with it.

Every time my wireless tries to connect, it doesn't get any further than 'acquiring network authentication'

It's a Broadcom by the way.

I'm coming close to just selling the damn thing...

Any ideas?

Thanks
 

A:"Acquiring network authentication" Wireless Problem

Read other 16 answers
RELEVANCY SCORE 76.4

In Windows XP, fully updated, I have several folders full of mp3's and want to see the bit rate and duration. I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

But all the figures in the "Duration" column appear to be in "hours" and "minutes", so I see "00:04" or "00:03", but what I want is "minutes" and "seconds".

Any thoughts as to how to change this?
 

A:Solved: Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

Read other 16 answers
RELEVANCY SCORE 76

Hey guys, not first time posting, but issue was not fully resolved the first time it seems and the issue has gotten worse. To sum it up I get Kernel crashes once every few hours, normally 4-5 times a day. Then I get other ones randomly throughout the day as well. Most of the time when i get these crashes I am listening to music or watching videos. Attached will be all the info requested to be attached to a default thread. (new attached to reflect today's crashes [includes a completely new crash to me])

Read other answers
RELEVANCY SCORE 76

So I received the error "Authentication Failed". What does this mean, and, more importantly, how do I fix this? I'm eager to try out Wyse pocketcloud for the first time, but when I try to connect to my computer, it doesn't work. I'm sure my password is correct and the VNC password as well.
Is this some kind of bug/glitch?

Thanks. (I will post this on the Wyse forums too, but you get replies much faster on TSG)
 

A:Wyse PocketCloud "Authentication Failed"? Please help!

are bumps allowed?
 

Read other 1 answers
RELEVANCY SCORE 75.6

I am running Windows XP SP3, fully updated, on an Acer lap top PC.

I have several folders full of .mp3's and want to see the bit rate and duration. To do this I right click on a column heading and select "Bit rate". I then click on "More..." so I can get to "Duration", and I select that one too.

The two new columns appear, but the format of the "Duration" column appears to be "hours:minutes", so I see "00:04" or "00:03" for most .mp3's, when what I want to see is 'hours:minutes:seconds", e.g. "00:03:45".

This also happens for video files (.avi files), e.g. all my episodes of "Heroes" (sad, I know) have a duration of "00:42" instead of "00:42:xx".


Here are two pictures showing the problem with the .mp3's. The first is of Explorer showing the Duration as "Hours:Minutes":




The second picture is of the properties window of the first .mp3 in the list above:




I copied some .mp3 files to another (old) PC on my home network, and it displayed the duration field correctly:




Also, the properties window correctly shows the duration also:





I'm not the only person to have this problem. I received a private message from a member of another forum where I posted about this problem several weeks ago. That person also has the same problem with the duration field.

The tech guys on that forum were unable to find the source... Read more

A:Windows Explorer "Duration" Column - no "Seconds", just "Hours" and "Minutes"

* bump *

Tricky, this one!

Read other 8 answers
RELEVANCY SCORE 75.2

I inadvertenly downloaded the wrong site. I meant to get on the FedEx tracking site but ended up with "PackageTracking by myway". This myway Malware has taken over and the problems worsen. Rather than having Google Chrome as my web browser it is now "myway". Also I am on the home page and click Chrome and MicroSost Word pops up instead ? I have tried everything I know to kill it Search/Programs and Features/ etc but there is no trace of it anywhere that I can find ?
I don't have the $ to go thru MicroSoft so I'm hoping this site will prove useful.

Thanks,
Kevin in Boston

Not sure if my email was posted with my question so here it is:

<[email protected]>
 

Read other answers
RELEVANCY SCORE 75.2

Hi,

I have a dell inspiron 1520 laptop and lately (like the last month) i'v been getting alot of sudden shutdowns~ where it says its collecting data for the crash dump etc.. This is only one of the things, also whenever ANY type of IE internet page comes up when opening something form IE, i get this message saying:

Critical system error

your browser is infected by trojan.win32.obfuscated.gx you need to clean your system immediately, in other case it can be crashed soon!

click ok to download the high-tech antispyware protection software! (recommended)

another thing is when i start my computer there are like 6 different boxes that come up in the middle of the screen saying:

symantec user session

a neccesay file could not be loaded: PEPAuditThread

and each time i exit out of it another one shows up with a different file that could not be loaded...

so those are my problems, i really think something is going on with my laptop... i have the windows updated and everything i went through all the 5 steps.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-05-24 16:51:03
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Descrip... Read more

A:I'm getting alot of "crash dump's" and wierd virus alerts... please help asap

Deckard's System Scanner v20071014.68
Run by bassmanthree on 2008-05-24 17:34:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-24 17:35:56
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\wercon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.... Read more

Read other 19 answers
RELEVANCY SCORE 75.2

We recently updated our ATA installation to version 1.6 and we're getting a lot of "Privilege escalation using forged authorization data" alerts in the console.  We can see that the information is all for an application we use company wide
called Projectwise and the software appears to be generating these even though everything is operating as expected.  Is there anyway we can mark a bunch of these as dismissed in bulk instead of having to go through each one?  Or has anyone tried
to dig into these sorts of alerts with a software vendor to try and find out why the traffic is coming up suspicious?  We've got over 500 of them in 3 days, so it's getting a bit out of hand...

Read other answers
RELEVANCY SCORE 74.8

I understand that this Windows service has something to do with maintaining (keeping) links to files on a network pointing in the right direction. I'm currently disabling this Windows service, seeing as I most probably don't need it (I only run a simple home network using a router).

I hope this doesn't affect the junction-point functionality or the NTFS file system in any other way. I know that Windows 7 uses hard links extensively for example.

I'm pretty sure it's safe to disable in my case. I'm just looking for a confirmation / second opinion. Would disabling this service harm the Windows installation in any other way? I mean besides losing network links updating.

I'm posting in the "tweaking" area of the forum because this is what I'm trying to do. Disabling stuff in Windows for the sake of performance.

Please don't answer with a simple "it is not recommended to mess with system settings" or things like that, unless you can tell me what would go wrong precisely. I'm expecting answers, specifics. Thank you.

A:"Distributed Link Tracking Client" service and NTFS junction points

The issue is that nobody can tell you precisely what disabling this service will do. The reason being that Microsoft has never fully documented what each service does. Do not try to read to much into the name. Many services do more that is documented - anywhere. Nobody can tell you for certain that disabling this service will not have a negative impact on your system. Since the performance benefits from doing this are essentially zero I would leave it alone.

I have had bad experiences from disabling a service I thought was unnecessary - but was.

It appears that some AV products will not function properly if this service is disabled. There areprobbaly others.

Read other 2 answers
RELEVANCY SCORE 74.8

Hi all,

I'm sorry to post again, but I've some problems....

Recently I've got a lot of pop-up ads for anti-spyware etc. I've got a flashing icon in my system tray that says I have all sorts of malware (which I think is malware), and I had these two icons added to my programs list "live safety center" and some security thing which I deleted. I've been getting a lot of norton alerts telling me that it's found and deleted certain viruses etc. I think largely it started with Virtumundo and I downloaded to Vundofix programs and ran them and they seemed to work except that I'm still infected and I have no idea how I keep getting infected. I've ran norton, spybot, AVG, cleaned all my prefetch, temp files, garbage files, cache etc using CCleaner, Clean Up! and ATF Cleaner. But it keeps coming back. I'm running spybot again now and I think it's found some more stuff. I'm posting my HJT log below.

Since my last post, where my IE was knocked out, I haven't been using IE but using Firefox instead, which is now my default browser. But the pop-ups still come up in IE windows.

Currently, I've run VundoFix and Vurtomondubegone, spybot, and AVG, and combined i thought I picked up whatever virus I had. My system looked clean and then I started up a again, and as soon as I loaded my homepage, another popup came on!!! Then I thought it was maybe a widget that i had on my igoogle homepage--something created not by google or something. So i've removed and am now awaiting t... Read more

A:Help Please: pop-ups, system alerts, added "live security center" etc

EDIT: So I've still been having some pop-up problems. The big system alert pop-up in the system tray has gone away. But, I was still getting some IE pop-ups whenever I had IE open; they would pop-up right on top of the window that would be open so it looked like it was a redirection. Anyway, after running some more VundoFixes and spybots, etc., I found a cache of infected .dll files in the C:\Windows\system32 dir created recently and so cleared them out. That improved my system but I was still getting pop-ups. I ran panda activescan (after feeling comfortable running IE) and here is the report:


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mlljg.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Steve Sha\My Docume... Read more

Read other 1 answers
RELEVANCY SCORE 74.8

This is a friend's computer, so my access to it is rather limited (a few hours every day). Whenever IE7 is launched, at least one new tab and an additional window get evoked, with addresses coming from fp.pc-on-internet.com and showing fake security alerts like e.g. "Your computer may be running a risk" etc. I wasn't able to even launch (much more conclude) Panda ActiveScan.


Deckard's System Scanner v20071014.68
Run by cgc on 2008-03-12 12:57:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-03-12 00:34:55 UTC - RP281 - Windows Defender Checkpoint
6: 2008-03-11 23:01:03 UTC - RP279 - Removed Ad-Aware 2007
5: 2008-03-11 22:34:12 UTC - RP278 - Removed SPYWAREfighter.
4: 2008-03-11 22:15:53 UTC - RP277 - AntiVir PersonalEdition Classic - 12/3/2008 0:15
3: 2008-03-11 21:42:04 UTC - RP275 - Installed Kaspersky Anti-Virus 6.0 for Windows Workstations.


-- First Restore Point --
1: 2008-03-11 20:00:24 UTC - RP273 - Installed Windows Live installer


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-12 13:01:23
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:... Read more

A:Fake alerts from fp.pc-on-internet.com ("Your computer may be running a risk" etc)

121-hour bump.

Read other 10 answers
RELEVANCY SCORE 74.8

Have searched Google and various fora on this, but can't find my specific problem.

Have an HP a1620n running Win XP MCE and Norton 360. Attached to LPT 1 I have an HP OfficeJet K60 All-in-One, with printer sharing enabled.

I have a Verizon DSL Modem/Wireless Router through which my laptops connect to my home network. One is a HP Pavilion dv4040us and the other is a HP Pavilion dv6105us. Both run Norton as well (Norton Internet Security 2004 on the former, and Norton 360 on the latter.

I can print from the Desktop fine, but from the Laptops via the LAN has been a problem.

I just moved here and am new to Verizon's modem, but previously, I had this setup working, with a different modem that did not have WEP enabled. So initially, I had trouble getting the laptops on the LAN, but after reading the Verizon instructions and entering the WEP key in the Laptops, they were on-line.

Then I was unable to install the shared Printer on the laptops - it just wouldn't show up in the "Add Printer" Wizard, until I disabled the firewalls, and was then able to install the shared printer on all of the Laptops.

So now the shared printer appears on the laptops as an available printer, but when I send a document to the printer from a Laptop, it never prints. This is true of BOTH laptops - it APPEARS to be sent to the printer, I get no pop-ups or error messages, but nothing gets to the printer. I open a printer window for the printer on the laptop and it is blank (i.... Read more

Read other answers
RELEVANCY SCORE 74.8

Hi, all, first post here, so hopefully I'll go about everything right.

Well, this started about half a week ago when I had an odd little instance of viruses come after me, unfortunately I can't remember all their names (Something about a "Hard Disk Drive crash" and XP Antivirus 2012 virus). I went to bleepingcomputer and managed to get rid of both of them. Then a day or two after, this little bugger shows up.
When I start the computer, the Windows Security icon in the toolbar (lower right) is seen, but red with a white X through it. A balloon pop up appears saying "Your Computer Might be at Risk!" or something along those lines.
I've been brave (and probably stupid) enough to click it. It says that my firewall isn't monitored, and automatic updates are off. Virus protection, however, it reads as being on. Personally, it looks pretty legit, and if this is the actual Windows Security Center flipping out and I'm still on edge from the virus attack, then I'm gonna feel pretty silly, seeing as how I've run Kaspersky, SUPERAntiSpyware, Malwarebytes, AVG and SpyBot all at least twice for a scan and they've all picked at least something up, things I haven't heard of (all trojans or cookies), but not this little guy, and since none of those have prevailed, I'm coming here.
Also, I've run iExplore.exe and exeHelper.exe before running everything, and I've followed several articles on all they way through on... Read more

A:Windows Security Alerts "Your Computer is at Risk" Virus? HELP.

DDS Log:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 22:09:12 on 2011-06-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.811 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
svchost.exe... Read more

Read other 1 answers
RELEVANCY SCORE 74.8

Logfile of HijackThis v1.99.1
Scan saved at 2:36:54 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
C:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\DellSupport\DSAgnt... Read more

A:Solved: lots of "security alerts" to dl random stuff

Read other 8 answers
RELEVANCY SCORE 74.8

Hi.

I've got the flashing yellow icon in the taskbar, the popups saying I'm infected, all the dodgy internet shortcuts on the desktop, it's the typical malware situation.
Attached are HJT logs.
Thanks lots
-D/

I had a bit of a stab at cleaning it last night using SmitFraudfix I think it's called, but looks like it's all reinfected it self.
I'm not totally stupid, so I was able to manually fix some of the stuff, like the HOSTS file redirecting all the antivirus and antispyware sites to dodgy IPS.
But one particular thing thats getting to me are all the Restrictions, Win+E is restricted, System Properties is restricted, Display properties is restricted.. I can't find anything in the registry, all the common restriction keys like 'NoDispCPL' or 'NoDispBackgroundPage' are all set to 0...

Anyway, heres the HJT log, help is much appreciated
Thanks
-D/

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:49:50, on 21/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Prog... Read more

Read other answers
RELEVANCY SCORE 74.8

Just an FYI...
In a few minutes after the 1.7 Upgrade (Full) completes, we received hundreds of "Reconnaissance using directory services enumeration" alerts.
I'm still researching, but so far it appears to be a false alert.
(Our FULL upgrade took just over 9 hours to complete.)
Sidenote:  Is there a way to mass-resolve the +500 alerts, besides manually?

Read other answers
RELEVANCY SCORE 74.8

Hi,

My background changed to all-white and a red/white "pop up/warning" appeared in the center of the screen with "Virtumunde infection Danger".
There was a box on the bottom that said to "click-here for official virus protection". (I did not click the link).

Also there are several pop-ups (every few minutes), labeled as "Microsoft Security Alert!"

1. Microsoft Windows Alert > Critical Systems Warning!
"Your system is probably infected with version of Spyware IEMonster.b
....banking login/password info may be....."

"Click OK to protect your computer" (recommended)
(I did not click)


2. Windows Critical Alert!

Windows Security System detected your PC is under control of remote computer with IP address 297.4.167.118.

The remote computer got access to the following folders in your PC: \Windows\system32, \Program Files\Internet Explorer, \My Documents



Thank you very much!
Daisy_J


Here is my HijackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:45 PM, on 9/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sv... Read more

A:Virtumunde virus, Spyware IEMonster.b, fake pop ups "Windows Security Alerts"

Looking over your log, back ASAP.

Read other 19 answers
RELEVANCY SCORE 74.8

Anyone on the Board using this program, and if so what are your impressions of it as far as reliabilty (no crashes), amount of space on HD; Ease of Use, & accuracy of satellite tracks?
 

Read other answers
RELEVANCY SCORE 74.8

I love the Change Tracking system from Word 2002, where deletions are listed off to one side, with a line indicating the former position of that block of text. Additions are then shown in red in place in the text. each change can be independently accepted or rejected.

For some reason, Word 2007 uses the awful system from Word2000: both additions and deletions show in-place within the text, both in red, with deletions shown as stuck-out. Very difficult to use for complex editing, and prone to error.

Is there a way to set Word 2007 to show changes the way Word 2002 does?
 

A:"Change Tracking" Style in Word 2007

Got it: Review tab>Tracking>Track Changes.

Choose "Always" under "Use Balloons", and make sure you're in Print View to see the balloons.

Yay! Hope my problem helps someone else!
 

Read other 1 answers
RELEVANCY SCORE 74.8

I received a document which was finalized using the reviewing features of Word. However, it has all this highlighting on it and I cannot seem to remove it efficiently. I've tried the shading, fill color, highlighting commands and nothing seems to be able to remove the highlighting all at once. Any suggestions? Thanks.
 

A:Word: Stubborn highlighting in "tracking changes" format

I'm not sure what you mean by highlighted. Are you saying that the words are highlighted in bold/another color, or do you mean that the words appear against a highlighted background?

Rollin
 

Read other 2 answers
RELEVANCY SCORE 74.8

Fellow Nerds
on two different clients' systems I see this pattern:
I try to find a certain [differs on the various sytems] executable file like "whatever.exe", and the search fails, even though the file is THERE. I have tested this numerous times now: The 'Find' seems to overlook or not see certain files but it is baffling to me what it is about that file or type or ?? that renders it un-findable. I do NOT see this same error on Win98 or Win ME. In fact have tested these with exactly the same file!

any brilliance would be greatly and humbly received.

TechWest
 

A:Win XP "Find File" Failures ??? fix?

Hiya

I've moved this to the WinXP forum for more response

Are you searching in My Computer, as I know when i search for stuff at work, if I'm looking in the standard C drive, not much is there. I'm assuming these are on a network.

Regards

eddie
 

Read other 1 answers
RELEVANCY SCORE 74.8

Hi all,
After building my first PC in december, I've had a string of bad luck with hardware failures. On my first video card, an EVGA 7800GT, the fan was dead...not sure if it was ever working, but as soon as I looked at it it was dead. (within a day or two). My second video card (another EVGA 7800GT) starting artifacting and tearing when I unplugged my power strip from the wall, then plugged it back in, about 6 months after running perfectly. I didn't think to turn off the power supply or turn off the power strip at this time. Not sure if the problem is related to the unplug/plug in routine or not. While this card was being RMA'd, I also got a new LCD monitor, a BenQ 20.1" widescreen with an internal power supply. While waiting for my new video card, I turned on the monitor...it showed the BenQ logo, then said no signal and shut down. However, when I got the new card and connected the monitor to the PC, the monitor would no longer power up. Not even a green power-up light, nothing on the screen. That is now being RMA'd for another of the same model.

So...I'm wondering if all of these failures, particularly the second vid card and the monitor, could be caused be some sort of power surges. I do have them all plugged into an inexpensive grounded, surge protected power strip that I got at Best Buy. My apartment is pretty old, and I'm wondering if the outlet is actually grounded or not...it is the three-pronged only outlet in the r... Read more

A:After several hardware failures, could I have "bad power"?

it sounds like you just had some bad cards. I have heard of many problems like that with the 7900's, however i'm not sure if the 7800's had the same issues or not.

your PSU is a good quality unit and should not have a problem with stable and sufficient power.

as far as your house wiring is concerned. even though most of your outlets are two pronged, there's a good chance that the outlet box that their mounted in is still grounded (and that your three prong outlet is in fact grounded as well)

you can buy an cheap outlet tester like this one to verify that your three prong outlet is grounded. or if you know what you're doing, a multimeter will work as well.

good luck
 

Read other 2 answers
RELEVANCY SCORE 74.8

At first when I was normally on the internet, (Firefox) this invisible flash popup would slide along where I was clicking. Since I have flash blocked, I was able to see it until one day I clicked it on accident (when I click on the flash symbol it's supposed to show what it is). Nothing happened until like 5 minutes later when my internet crashed and it said "VIRUS FOUND!" with no way to get out of the window. After that IE opened and said "FREE SCAN!" and pretended to scan my computer. I closed the window as fast as I could.

My computer started running ridiculously slow so I looked in the programs and saw over 100 running processes of some program called "~.exe". I downloaded Avira & scanned it.... to find a trojan! I quarantined.

Now there's a security icon on my desktop with "Windows Security Alerts" saying I need to download their Microsoft update! Haha, I didn't.

I ran HijackThis! cause it seemed like the smart thing to do.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:57 PM, on 12/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe... Read more

A:fake "Windows Security Alerts" trojan! D:

Read other 6 answers
RELEVANCY SCORE 74.8

Hello,

Can you please help me get rid of asafenotice.com virus. Below is my "hijack this" log. I keep getting pop ups and "System Alerts: [email protected]" in my taskbar telling me download malware removal software.

Logfile of HijackThis v1.99.1
Scan saved at 8:17:39 PM, on 2/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\Program F... Read more

A:Infected by "System Alerts: [email protected]"

Read other 12 answers
RELEVANCY SCORE 74.8

I caught some kind of malware i think. It puts the words "VIRUS ALERT" in the taskbar, hides the start menu, gives me pop ups about how my computer is infected, and changes the permissions on the account so that its not an administrative one

can someone help me get rid of this please? It's a real big pain in the butt.

ok, so i ran the Smitfraud fix tool, and the virus alert thing, permissions, and start menu is fixed, but i still get a red balloon in the taskbar saying that my computer is infected. Its a part of the virus/malware i forgot to mention before.

here's the SmitFraudFix Log:

A:"VIRUS ALERT" in Task Bar, False alerts

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 2 answers
RELEVANCY SCORE 74.8

So I keep getting popups when I use firefox, and I have a Windows Security Alerts in my Taskbar. THe Windows Alerts keeps telling me to TURN ON AUTOMATIC UPDATES, but the thing is when I go into Control Panel and look in SYSTEM "it is on" It's lying to me. Oh and it also says turn my McFee Virus scan on. I ran SpyBot Search and Destroy and removed a bunch of stuff, but this is still going on.....

Here is my HiJackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 5:47:46 PM, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\marks files\Programs\Adware\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system... Read more

A:POPUPS.... and "FAKE?" Windows Security Alerts

NEW! I fixed my problem. It was the virtumondo malware. The way removed it was as follows...

Download and ran ComboFIX.exe with all security on my computer disabled allowing it to do what it needed it to do. Let combofix.exe reboot my computer.

Ran HiJackThis.exe and removed the following enteries:

O20 - AppInit_DLLs: aiyjzc.dll
 

Read other 1 answers
RELEVANCY SCORE 74.4

I have a new laptop with abgn, and am having to set DNS manually to connect to a new linksys wrt300N wifi router. I cannot seem to get a correct ipv6/ipv4 dns.

DHCP is enabled, and I"m connecting with the wireless router but just not getting the correct dns (it gives me 192.168.4.1 instead of the workable 192.168.1.1 which I have to set my laptop's wireles connection properties to manually in order to get out to a working net connection).

I can get out to the net by connecting via the ethernet cable to the router - just wifi does not seem to get the correct dns (wrong ip address for dns as stated above).

I don't know if it is related: I'm using WEP64bit and dont know if that may be the problem - hence the title of my post. Any ideas?

Thanks.
 

A:What does "No authentication (open)" for my WEP connection mean?

I forgot to mention that I am running windows vista business on the new laptop. It seems to be trying to configure ipv4/6 at the same time and having trouble.
 

Read other 2 answers
RELEVANCY SCORE 74

Hello,

I'm completely new to this forum. So will try to follow instructions as well as I can!

Last week, we noticed that when going to facebook website, a suspicious looking pop-up window showed up. It's poorly written, so it looks quite dodgy.

Here's a screen capture:

Also, when checking the page source it showed that it was connecting to "analiz-pro.org"
Specifically this:

Code:
</body><script language="JavaScript" src="[URL="http://forums.techguy.org/view-source:https://analiz-pro.org/facebook/query.js"]https://analiz-pro.org/facebook/query.js[/URL]"></script></html>
Facebook takes ages to load, chat is not working properly or anything else for that matter and that "interview" pop-up appears everywhere on the site in any browser. I used Firefox and IE.

Ran avg anti-virus and lavasoft ad-aware. Apparently found something (right now I don't remember what it was called) so quarantined, then cleared, erased all cookies, cleared cache and restarted the computer. But it didn't go away.

Please help! And of course, any help will be appreciated!
 

A:Facebook related malware. Suspicious javascript pop-up labelled "interview"

Read other 7 answers
RELEVANCY SCORE 74

I have been using my roommates computer and recently started having a "Run As" dialog box pop up whenever the computer starts up. I have always pushed "cancel." I downloaded AVG, which showed a clean system. I ran a check with Emisoft anti-malware, which detected the following:

Emsisoft Anti-Malware - Version 6.6
quarantine log

Emsisoft Anti-Malware - Version 6.6
quarantine log

Date Source Event Behavior/Infection
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Desktop\wc3_tft_CDKeyGrabber11800.exe Moved to quarantine Trojan.Conjar!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Desktop\wc3_tft_CDKeyGrabber11800.rar Moved to quarantine Trojan.Conjar!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\59\207a307b-1f56d3e5 File not found Trojan.Java.Agent!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\61\221053fd-310b1728 Moved to quarantine Exploit.Java.CVE-2009!E2
7/22/2012 12:01:29 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\59\207a307b-1f56d3e5 Moved to quarantine Exploit.Java.CVE-2010-0840!E2
7/22/2012 12:01:28 AM C:\Documents and Settings\Matt Rhoades\Application Data\Sun\Java\Deployment\cache\6.0\17\14287991-5de45c99 Moved to quarantine Trojan-Downloader.Java.OpenConnection!E2
7/22/2012 12:01:28 AM C:\Documents and Settings\Matt Rhoades\Application Data\... Read more

A:Suspicious "Run As" Dialog Box & BSODs Virus/Trojan Suspected

Read other 13 answers
RELEVANCY SCORE 74
A:Webcam light turned on, "suspicious activity" alert, don't know what's going on

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.

All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyon... Read more

Read other 7 answers
RELEVANCY SCORE 74

I recently received an email message (during the Christmas holiday!!) purporting to come from my bank, saying that important changes had been made to my account and inviting me to open something. Of course I deleted the message without opening it.

However, I have Malwarebytes (paid version) running all the time (scan and protection log shows both place this afternoon, as a daily occurrence,) and AVG Cloud Care was also running (I will be replacing AVG soon). Neither alerted me to the email.

Should they have? if not, Malwarebytes is claimed to spot fishing messages; if so, why not?

Thanks.

A:Suspicious email "from my bank". Malwarebytes and AVG Cloud missed it.

Next time you get a suspicious mail, send it to Virus Total. That checks it with two dozen AV programs.

https://www.virustotal.com/

Read other 1 answers
RELEVANCY SCORE 74

Test mails are sent but I can't share an SA.


Tested in both IE and Firefox.

Read other answers
RELEVANCY SCORE 74

Hey all! So every once in a while I get this pop up:
So I run NPE and the results are always the same.... "Nothing found". After about the 5th time of this happening, I decided to go into the firewall settings to see if I can find anything. I found that a LOT of programs/apps had inbound and outbound access. I went through and blocked everything I was positive didn't need internet access, and everything else I changed to "Inbound only". This seemed to work for a while, then I got another pop up. I went back into firewall settings, and the programs I switched to "Inbound only" now have an "In/Out" rule listed below the "Inbound only" rule and both boxes in front are checked. Anyone have any ideas or suggestions? Are these 2 separate issues? Or are they related? Thanks.

My O/S is Windows 8. I have both Malewarebytes and SUPERantispyware on my machine, and run one or the other every night and both come up empty. (Sas comes up with cookies but that's it. Nothing major)
 

Read other answers
RELEVANCY SCORE 74

I have found 329 entries under "persistentroutes" in my (TCPIP) stack. "Normal" entries by the system appear like "0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway). I have some very specific questions that I need addressed. 
Who and what would have added these and for what purpose? How do these entries work with the TCPIP stack? What does "=" do, what does "1" do? What does "-1" do, in relation to the system auto generated entries? Can this be used
for reverse HTTP/TCP/VPN? "Normal" entries by the system appear as "0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway) What does this mean in reverse and how does it relate to my computer and the IP addresses involved. 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes]

"104.107.13.214,255.255.255.255,0.0.0.0,1"=""
"104.210.4.77,255.255.255.255,0.0.0.0,1"=""
"104.210.40.87,255.255.255.255,0.0.0.0,1"=""
"104.214.35.244,255.255.255.255,0.0.0.0,1"=""
"104.41.207.73,255.255.255.255,0.0.0.0,1"=""
"104.43.140.223,255.255.255.255,0.0.0.0,1"=""
"104.45.11.195,255.255.255.255,0.0.0.0,1"=""
"104.45.136.42,255.255.255.255,0.0.0.0,1"=""
"104.45.214.112,255.255.255.255,0.0.0.0,1"=""
"104.46.1.211,255.255.255.255,0.... Read more

Read other answers
RELEVANCY SCORE 74

CCleaner found a number of "invalid firewall rules" when scanning my registry for errors. (I did not remove anything from the CCleaner registry scan.) Emsisoft has also been detecting many connection attempts to "the suspicious host" of different names... I've also seen a few messages saying that ATL80.dll is missing. I did try to download the Farbar Recovery Scan Tool from Bleeping Computer, but my system tells me it is malware. So I don't know where to begin, and I greatly appreciate any help you can give me. Thank you!

Update:
While waiting, I did a couple of things:

1) I went into safe mode and ran sfc /scannow, and the first results instructed to reboot and then run scannow again, which I did. The second results informed that there were corrupt files which it could not fix. I can post the CBS log here if that would help.

2) I also went to Microsoft and downloaded and ran the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update, as well as the Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update. Then I tested one of the items that gave the missing ATL80.dll error (Snipping Tool), and didn't get the error message. But then I re-checked, and the missing ATL80.dll error is coming up again, consistently.

(I've also run bitdefender and ESET online scans, as well as MalwareBytes,Super AntiSpyware, etc, and none are indicating infections, except for the multiple messages ... Read more

Read other answers
RELEVANCY SCORE 74

I sure could use some help! I contracted the nasty tracking cookie called z1.adserver. I have tried spybot and many other spyware removal programs and have gone through and cleared out all my temp files trying to get rid of it. I have searched and searched my registry and cannot find where the little bugger is hiding. I have tried hijack this and it doesn't pick it up either. I am running out of ideas and am not really wanting to wipe my labtop and startover. Anyone have any advice for me??????????????
 

Read other answers
RELEVANCY SCORE 74

One of my friends got this nasty virus probably from active x component thingy. Theres a yellow alert sign in the minipanel saying that "your computer is infected and its performace has dropped by " " percents" - and so on. Then there are these internert explorer pop-ups that are disguised as windows security alerts, offering "ultimate virus protection" and other hoax to remove the problem.

I cant locate the original source of the problem but I can remove all of its Zlob "minions" its downloading. I have spybot SD,Malwarebytes malware thing(cant remember the exact name!) and then AVG as active antivirus program.

I searched these forums and found quite similar problems, but couldnt find cure. I have used SmithFraud too trying to remove it came back pretty soon as I failed to eliminate the source.

Heres my Hijack-raport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:33, on 18.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\... Read more

A:Fake"windows security alerts" by IE

[email protected] Hijack HELP PLEASE!! Hi there,

Please please can somebody help us! we somehow appear to have got a NetWorm-i.Virus @ fp Hijack

The symptom are:
1) Flashing yellow triangle at the bottom right of the screen
2) A Security Toolbar (located just underneath the web address browser) which cannot be removed (which shows PC Security Level as Low and 2 green ticks for remove malware and scan for spyware)
3) Pop ups of all kinds (even when offline)

I have tried AVG and Lavasoft Adware 2008 but it's still there.

Any help would be greatly appreciated.

Regards
Darren

Click to expand...

Looks like I have exactly the same prob/virus(NetWorm-i.Virus) @ fp", so this thread can be killed.
 

Read other 1 answers
RELEVANCY SCORE 74

I don't know if I'm using the right term, but I searched and couldn't find anything.

Anyway, I really like the color orange. I want my taskbar to be orange, so I set it to be, but the problem is, when I use Windows Live Messenger, if an IM is incoming, I can barely see the taskbar icon change colors. Is it possible to make the icon turn a DIFFERENT color when a message comes in? Can I make all of the icons turn this new color (possibly silver? white?) when "alerts" come in?

If this is possible, I'd love to know how. I've never edited any aspect of my computer in this way, except for a custom image on the user login screen, so I'm pretty new at this. Looking forward to figuring this out.

A:Change color of taskbar "alerts"? Is it possible?

Anybody? I really want to keep my orange theme.

Read other 3 answers
RELEVANCY SCORE 74

Using Windows Vista Ultimate and Outlook 2003.

I am trying to make certain mail go to certain folders automatically and immediately on receipt; but, it seems Outlook's provisions for "Rules and Alerts" are deficient.

I received a mail with the following in the "From:" field:

[email protected]; on behalf of; [email protected]

I made a new rule supposedly to send any mail containing @weirdstuff.com in the From: field to the Weird Stuff mail folder.

It doesn't go there.
 

A:Another Outlook "Rules & Alerts" Question

Read other 10 answers