Over 1 million tech questions and answers.

Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Q: Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Hi there,
I am running Windows XP SP2
I have constant bogus system and virus alerts along with VIRUS ALERT! displayed by the clock. In addition to this when I select the 'Start' button the options for 'All programs', 'My Computer', 'Control Panel', 'printers and faxes', 'help and support', 'search' and 'run' have all disappeared. The only ones left are 'Set program access and defaults' and a 'connect to'
I have worked through your steps 1 to 5 with the following results:

STEP 1
I have AVG free and McAfee Security centre running, I have tried to uninstall McAfee but when I try and uninstall it I get an error message saying that legacy items must be removed first. At this point I am unable to select the uninstall option so I have had to leave it running for now.
In accordance with your malware list I removed 'ShopperReports by Hotbar' and 'Viewpoint Media Player'. There was nothing on spyware warrior that I needed to remove.

STEP 2
I have downloaded Panda Active Scan but when I try to install it I get an error message at 100% requesting me to try again. I have tried numerous times, it won't install. Hence there is no Panda scan log.

STEP 3
I have downloaded Spyware blaster and ie-spyad. Whilst installing ie-spyad and having to browse to select the file I noticed that there was no 'C' drive displayed in 'my computer'

STEP 4
Up until these problems started I had always kept windows up to date. When checking the latest updates as per your link I get an error message telling me that I cant receive updates bcause of the following:

The site cannot continue because one or more of these Windows services is not running:

Automatic Updates (allows the site to find, download and install high-priority updates for your computer)
Background Intelligent Transfer Service (BITS) (helps updates download more quickly and without problems if the download process is interrupted)
Event Log (keeps a record of updating activities to help with troubleshooting, if needed)
To make sure these services are running:
1. Click Start, and then click Run.
2. Type services.msc and then click OK.
3. In the list of services, double-click on Automatic Updates and then click Properties.
4. In the Startup type list, select Automatic and click Apply.
5. Verify that the Service status is started, if the Service Status is Stopped click on the Start Button.
6. In the list of services, double-click on Background Intelligent Transfer Service (BITS) and then click Properties.
7. In the Startup type list, select Manual and click Apply.
8. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.
9. In the list of services, double-click on Event Log and then click Properties.
10. In the Startup type list, select Automatic and click Apply.
11. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.

STEP5
Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07: VIRUS ALERT!, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ncntstdm.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\QuickTime\QTTask.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
O3 - Toolbar: olnmraew - {1EE3EAF4-D787-4E81-944C-D61A9E1869C4} - C:\WINDOWS\olnmraew.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [{43-34-4F-F7-DW}] C:\windows\system32\rqwnw64s.exe DWram02XX
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\ncntstdm.exe DWram02XX
O4 - HKLM\..\Run: [BMbfa707c4] Rundll32.exe "C:\WINDOWS\system32\iupmiovo.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [\YUR13.exe] C:\Windows\system32\YUR13.exe
O4 - HKLM\..\Run: [\YUR14.exe] C:\Windows\system32\YUR14.exe
O4 - HKLM\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKLM\..\Run: [\YUR1F.exe] C:\Windows\system32\YUR1F.exe
O4 - HKLM\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe
O4 - HKLM\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKLM\..\Run: [\YUR3B.exe] C:\Windows\system32\YUR3B.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Frazer\LOCALS~1\Temp\f.exe
O4 - HKCU\..\Run: [\YUR13.exe] C:\Windows\system32\YUR13.exe
O4 - HKCU\..\Run: [\YUR14.exe] C:\Windows\system32\YUR14.exe
O4 - HKCU\..\Run: [\YUR15.exe] C:\Windows\system32\YUR15.exe
O4 - HKCU\..\Run: [\YUR1F.exe] C:\Windows\system32\YUR1F.exe
O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe
O4 - HKCU\..\Run: [\YURB.exe] C:\Windows\system32\YURB.exe
O4 - HKCU\..\Run: [\YUR3B.exe] C:\Windows\system32\YUR3B.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ncntstdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rqwnw64s.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: mrgszi.dll
O21 - SSODL: lfstbwvd - {BA103F49-1655-4A5F-93F2-B6D1FA7763E2} - C:\WINDOWS\lfstbwvd.dll
O21 - SSODL: qmafxprs - {27482234-E72D-4B40-86C4-3114FD9E64C9} - C:\WINDOWS\qmafxprs.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8518 bytes

RELEVANCY SCORE 200
Preferred Solution: Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Constant bogus system alerts and VIRUS ALERT! displayed alongside the clock

Bump please

Read other 13 answers
RELEVANCY SCORE 82.4

Hi, any help anyone can give me is greatly appreciated. I have this virus that changed my system clock to military time, won't let me bring up my computer and has put a VIRUS ALERT! next to the system clock. Again any help would be much appreciated. My hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:32: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC... Read more

A:Virus Alert Beside System Clock

Hi John05, Welcome to the forums!My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:Please make an Uninstall List using HiJackThis.To access the Uninstall Manager you would do the following:1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.Lastly, please keep these points in mind:If you have questions, please DON'T hesitate to ask!The instructions I give are specific to your current problem and should not be used on other systems.Please post your replies only to this topic, and please DO NOT start a new thread.Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"I am reviewing your log now, and will be back wi... Read more

Read other 4 answers
RELEVANCY SCORE 81.6

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\com... Read more

A:VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the to... Read more

Read other 6 answers
RELEVANCY SCORE 81.6

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 81.6
A:Solved: Virus Alert By System Clock

problem soved through another forum. thanks anyhows
 

Read other 1 answers
RELEVANCY SCORE 80.8

Hi - I'm new here, and like everyone else - help needed please.I picked up a bogus virus alert program that poppped up with messages saying you have this virus or that trojan horse or whatever - I purchased and ran spyware doctor which appears to have removed the public messenger ver 2.03 program but I'm still getting hit with these alerts - such as system alert: [email protected] Whenever I try and go on the internet it takes me automatically to http://isecuritypage.com which I assume is where they try and get you to buy packages to deal with the messages it's popping up.How can I get rid/ I've run spybot it just found the usual low level (DLOexploit?) type things but still getting these pop ups and directed to the dodgy web site.Any ideas please?

A:Bogus System Alerts - How To Get Rid

Welcome to BC Quinny, First run this Smitfraud removerIf your problem is still there,but it shouldn't, follow these instructions Preparation Guide for use before posting a HijackThis Log

Read other 11 answers
RELEVANCY SCORE 80.4

Ugh, I hate Viruses. I knew when I clicked on this file it was a virus right away. At first it stripped my nice background image and gave this plain bluish backdrop and came up with virus warnings and many different virus scanner ads that wouldn't go away, they popup continuously. It took over my internet explorer and redirects it to download more viruses when it's opened. The system clock now says the time followed by "VIRUS ALERT!" in the lower right corner. I seem to have lost some icons, not sure what but there are definitely less on my screen now. Settings>Control Panel doesn't show up when you click on the start menu. I ran AVG and it found many different viruses and put them into the vault. Also ran Ad-Ware and stripped everything it found. Only thing left that I can think of is cleaning the registry but I need help in doing so. I'm not familiar with making adjustments to this critical file. Below I'm posting a copy from AVG and HijackThis.I'm having to use my business computer to surf the web for instructions on cleaning this garbage. I depend on this laptop for my wife?s online PhD courses any help would be greatly appreciated. How do we pay for your support? Donations? Box of flowers? Bow and kiss your toes? Give up my first son?DetailsThe laptop: HP Pavilion dv8000 Operating System: Windows XP Service Pack 2Ad-Ware Definitions File: 0117.000AVG Free version 8.0.169 Virus DB: 270.6.21/1669AVG scans over the last week or so: HijackThis information c... Read more

A:Virus Alert! In System Clock & Messed Up Registry

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 10 answers
RELEVANCY SCORE 80.4

Hi jack this Log:Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NetProject\scit.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\VBTUCopy\VBTUCopy.exeC:\Program Files\QuickTime Alternative\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Microsoft Shared&... Read more

A:Js?psyme Virus...constant Secuirty Alerts And System Performance Warnings

Hello cnez and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Please from now on post whole reports, do not cut of parts of them.Step #1Please download Deckard's System Scanner (DSS) and save it to your Desktop.Close all other windows before proceeding. Double-click on dss.exe and follow the prompts.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.Step #2Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.NOTE: If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.NOTE: process.exe is detected by some antivirus pro... Read more

Read other 2 answers
RELEVANCY SCORE 79.2

Hi, I'm having a problem with pesky malware of some kind. It started with bogus "Windows Security Alert" messages, "Antivirus Software Alert" and "Infiltration Alerts", and "Security Warning / Application cannot be executed. The file xxxx.xxx is infected. Do you want to activate your antivirus software now?". It would also redirect me to different websites in IE8.Based on that info, I found the sticky forum on here that deals with that virus, and I ran RSKill, MalwareBytes, and also Spybot, etc. but the problems come back after the next reboot. I ran through the removal routine several times, but it keeps coming back.At the present time, the computer takes a very long time loading upon reboot, and IE8 blanks out whatever site address I type in -- it replaces the address with "http:///" and returns with a "the address is not valid" page. At the moment, the "Infiltration Alerts" are not happening, so I don't know if that first virus is gone, but it let another one in the door in the meantime, or if this is just a different manifestation of the original virus?I tried running DDS.SCR program as asked in the Preparation Guide. But it just flashed me the little black window with the DDS introduction for a few seconds, but never gave me the DDS.txt or Attach.txt results. I tried several times, without success.I was able to run the Gmer program on the second attempt. The first attempt ended after a... Read more

A:bogus Windows Security Alert messages, Infiltration Alerts, Security Warnings

Hello johntee, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. I will be analyzing your log. I will get back to you with instructions.

Read other 39 answers
RELEVANCY SCORE 78.8

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

A:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

Read other 3 answers
RELEVANCY SCORE 71.6

Hi there,This looks like a great help site. I hope you can help.I used to consider myself fairly computer literate, however, I'm beginning to wonder. An associate of mine has evidently acquired a rather nasty, and very tenacious virus that appears to be, from what I have read so far, a "redirect virus", and the symptoms appear to be the same as one of the posts I read that dubbed it "The Google Redirect Virus".I have run Avast! AV, Spybot, AdAware, and Malwarebytes Anti-Malware, both from the normal windows environment, and from Safe Mode, and also have run those that provide the option as a boot scan ... I have also searched for everyone suspicious file (and found number of them) and deleted or quarantined them, but have not been able to find and/or eradicate this stinkin' virus.I have read the instructions provided on your site, and believe I correctly followed them:- Downloaded Defogger, DDS, and GMER;- run each of them in the order given, and saved the reports as indicated;- downloaded RKUnHooker, but HAVE NOT run it yet- registered on this site (obviously);- Posting this new topic- Pasting the DDS.txt file copy below;- Attaching the zipped ATTACH.txt file.The following is the cut-n-pasted text from the DDS.txt file:--------------------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by Sherry at 14:31:03.39 on Sat 09/18/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.429 [GMT -7:00]... Read more

A:Need help removing Redirect Virus plus Bogus AV Alert Warning

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 19 answers
RELEVANCY SCORE 70

I have tried everything to get this off of my computer and have failed. Your help will greatly be appreciated. I ran combofix and hijack this and it gave me the following results:


COMBOFIX:
"Ry" - 2008-07-20 20:24:56 - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))


2008-07-20 18:33 94,208 --a------ C:\WINDOWS\system32\pphc3wbj0elca.exe
2008-07-20 18:33 <DIR> d-------- C:\Program Files\rhc7wbj0elca
2008-07-20 18:33 <DIR> d-------- C:\DOCUME~1\Ry\APPLIC~1\rhc7wbj0elca
2008-07-20 18:32 60,928 --a------ C:\WINDOWS\system32\blphc3wbj0elca.scr
2008-07-20 18:32 110,080 --a------ C:\WINDOWS\system32\lphc3wbj0elca.exe
2008-07-20 18:29 92,672 --a------ C:\WINDOWS\system32\abaxcuyi.dll
2008-07-20 18:29 116,352 --a------ C:\WINDOWS\system32\vhtkjstu.dll
2008-07-20 18:29 116,352 --a------ C:\WINDOWS\system32\rnkoeg.dll
2008-07-19 18:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-19 18:28 93,184 --------- C:\WINDOWS\system32\idhaonyd.dll
2008-07-19 18:28 116,864 --a------ C:\WINDOWS\system32\jekpml.dll
2008-07-19 18:27 116,864 --a------ C:\WINDOWS\system32\fudiggte.dll
2008-07-19 18:03 5,880 --a------ C:\dnsbak.reg
2008-07-19 16:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-19 16:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-07-19 16:55 <DIR> d-------- C:\Program Files\Common Files\Wise Insta... Read more

A:ANTIVIRUS 2008 has taken over my system! (fake alerts, clock chage, desktop backgrd)

Hi,

I have tried everything to rid my computer of Antivirus 2008. I have Spybot and PC Tools antivirus that will not pick it up. I am also having constant pop ups from PC tools and my clock has changed formats (did have "Virus alert" written next to it.

I have tried to follow the 5 steps before posting but my computer ill not run Panda virus.

Attached are the logs from DDS. Thank you for your help.

Deckard's System Scanner v20071014.68
Run by Ry on 2008-07-23 08:04:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
189: 2008-07-23 13:04:41 UTC - RP189 - Deckard's System Scanner Restore Point
188: 2008-07-23 01:03:32 UTC - RP188 - System Checkpoint
187: 2008-07-21 23:03:00 UTC - RP187 - System Checkpoint
186: 2008-07-20 22:11:21 UTC - RP186 - System Checkpoint
185: 2008-07-19 21:56:04 UTC - RP185 - Installed Ad-Aware


-- First Restore Point --
1: 2008-07-19 17:24:14 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2 ... Read more

Read other 11 answers
RELEVANCY SCORE 69.6

HiEver since my partners grandson managed 20 minutes unsupervised access on this laptop I have been expriencing problems. As soon as I switch on avast picks up at least one virus alert, usualy 2 or 3. This is before I open IE. I also keep getting unasked for pages opening offering to scan the pc aswell as others.Also I cannot seem to switch on automatics updates in the windows security centre.Here is the DSS scan main text. The extra text didnt appear, or rather it did the first time I ran DSS, but the pc went on the fritz and hasnt appeared on either of the 2 times I've run DSS since.Hope you can help, Gypsys Kiss.Deckard's System Scanner v20071014.68Run by user on 2008-07-04 17:08:46Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as user.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:08:56, on 04/07/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4�... Read more

A:Constant Virus Alerts

Hello Gypsys Kiss and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 9 answers
RELEVANCY SCORE 69.6

I cannot connect to the internet with this virus so I couldn't download hijackthis or do any of the other steps suggested in the stickies. However my problem sounds alot like this thread I found on the site

http://www.techsupportforum.com/secu...se-advise.html

I'm also missing my C: and D: drives, am told task manager has been disabled by my sys admin when I press CTRL-ALT-DEL and have the programs error cleaner, privacy protector, Spyware&...protection on my desktop, as well as fake pop-ups claiming to be system errors and offering to fix the problem.

I ran AVG and quaratined/deleted the files it found but everything I mentioned above is still going on. Any help would be greatly appreciated, Thanks

ok, i followed the instructions on the combofix website (+ windows recovery console) and here are my results (note: most of the problem is gone, however I'm sure there are still some lingering malware files.

ComboFix 08-09-11.02 - Benjamin Cohen 2008-09-12 17:26:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -4:00]
Running from: C:\Documents and Settings\Benjamin Cohen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Benjamin Cohen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benjamin Cohen\Application Data\STEM3... Read more

A:Toolbar reads "VIRUS ALERT!", fake system alerts, fake AV programs on desktop

its been long enough I can bump right?

Read other 5 answers
RELEVANCY SCORE 69.2

am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scanner it's very annoying also when i try to use firefox my desktop goes hay wire the clours look weird please help here is a hjt log

Logfile of HijackThis v1.99.1
Scan saved at 6:39:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Softwar... Read more

A:system alert down by clock please help have ( hjt ) log

Closing duplicate thread, please continue here: http://forums.techguy.org/security/541873-help-system-alert-down-clock.html
 

Read other 1 answers
RELEVANCY SCORE 69.2

i am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scaner it's verry anoying also when i try to use firefox my desktop goes hay wire the clours look weard please help here is a hjt log

Logfile of HijackThis v1.99.1
Scan saved at 6:39:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Softwa... Read more

A:help with system alert down by clock

Read other 16 answers
RELEVANCY SCORE 69.2

I have Mcafee virus scan and AVG virus scan and I still get messages warning me about virus detections just to get me to buy spy wares and virus scanners. How can i stop these messages from popping up on my computer?

A:how to delet spyware alerts n windows alert system

What?

McAfee i don't know about.
AVG i do - it does NOT tell you to do anything. Just informs.

The first step here might be that you did what the programs asked you to do?

Read other 3 answers
RELEVANCY SCORE 68.8

Anybody know how I can cure my computers of these viruses???

Backdoor.IRC.Zcrew

Norton Anitvirus keeps popping up the same message over and over alerting me that there is a virus on my computer. It tells me the action taken was: The File Was Automatically Deleted. But its happens over and over and wont go away, its stays on my screen and everything.

This Is Whats on the alert:

Norton Antivirus has detected and removed a virus from your computer.

Object Name: c:\winnt\system32\rmtcfg\files\runme383462.bat
Virus Name: Backdoor.Irc.Zcrew
Action Taken: The file was automatically deleted.

Over the past while i've been alerted with viruses over and over, different ones all the time and its pissing me off. I am using live update to help me out but nothing is working so far.

For the Object name, runme383462.bat, the number keeps rising everytime i accept the alert and then it disappears for now but this really sucks

N E BODY KNO WHAT I CAN DO TO FIX MY PROBLEM???
 

A:Unusual constant virus alerts

If you have Symantec AntiVirus or Norton AntiVirus product lines, see: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.zcrew.html
 

Read other 1 answers
RELEVANCY SCORE 68.8

Hi guys,

I must admit my laptop is completely messed up. This is my last resort before I reimage the damned thing. I have Spybot and Malware Bytes installed and running. Attached is a log of HJT. Please help me or I will need to reimage my laptop.

Another little bit of info. Everytime I run SpyBot it finds more and more infections of type Vundo and its variations.
 

Read other answers
RELEVANCY SCORE 68

Hi,

I've got SOPHOS Anti-virus on my desktop system (Win XP SP3 2.6Ghz, 2gig Ram) and have been getting things the following messages of items that are quarantined:

- HIPS/ProcMod-005 with the file wisecustomcalla11.exe
- Sus/UnkPack-C with a system file A0142023.EXE

Sophos a few weeks ago detected the W32/Silly-F Win32 worm. I used Sophos to clean it and it hasn't detected it since but my system is running extremely slowly. The internet frequently cuts out despite my laptop running on the internet on the same network without any problems. Other times the loading time on the browser is just extremely slow. I have used SPYBOT Search and Destroy and Adware to scan for any problems. Nothing seems to have helped.

I have also noted in TASK MANAGER that SH4SER~1.EXE has started running in the last week.

The results from a DDS scan are pasted below and the ATTACH.txt and ARK.TXT are in the uploaded folder. I do have a WIN XP boot disk for SP1. I downloaded HIJACK THIS but under your advice on the forums have not used it.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Phil at 16:18:08.25 on 30/04/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1578 [GMT 1:00]

AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}

============== Running Processes ===============

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\WINDOWS\system32\svcho... Read more

A:Constant alerts. Slowed internet. Possible Virus

attached file
 

Read other 1 answers
RELEVANCY SCORE 68

Hey,This really stumped me. Windows firewall came up asking to allow or deny "a.exe". Denied it, then my background changed to "You are infected with spyware" and I always get a message asking me to install some remover. It was totally out of the blue! Not even browsing at the time!ram Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXELogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:41 AM, on 19/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\... Read more

A:Constant Virus Alerts + Background Changed

Ok, so this virus seems to be on a lot of peoples computers considering the amount of posts its getting on here.I've been teaching myself how to analyse hijack this logs and this is my most recent log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:43:24 PM, on 21/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Alwil S... Read more

Read other 9 answers
RELEVANCY SCORE 68

hi all...a past few days my comp. affected with XP antivirus 2008..i've scan with Malwarebytes' Anti-Malware.but now beside my clock still got "virus alert"..can anyone hel me to slove this problembelow is my HijackThis..tqLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25: VIRUS ALERT!, on 7/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Internet Security\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\... Read more

A:Virus Alert Beside My Clock

HiFirst ... as you've run Malwarebytes' Anti-Malware ... please post the log THEN ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My Co... Read more

Read other 2 answers
RELEVANCY SCORE 68

I had a virus alert next to the clock in addition to numerous other problems. Saw the fix here with using Malwarebyte's Anti-Malware, installed the program and ran it. It found numerous problems and fixed them, however I still have some issues. My wallpaper is gone. It shows up after booting then just goes to white. Also, on booting I get the message "cannot find 'file:///c:/Windows/privacy_danger/index.htm' " The computer is running much better and it appears that the Malwarebyte's program fixed most things but not all. Any more suggestions? I ran the program twice and it did find another problem the second time. I did reboot. Should I try a complete scan? Here are the logs:

First time:Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 3

9/7/2008 8:43:44 PM
mbam-log-2008-09-07 (20-43-44).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 29
Registry Data Items Infected: 13
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\efcDwUKB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wregiimn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xwnldn.dll (Trojan.Vundo) -> Delete on reboot.
... Read more

A:Virus Alert Next To Clock

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow key... Read more

Read other 12 answers
RELEVANCY SCORE 68

i let my friend on my computer while i was at work, came home computer is screwed up /sighControl Alt Delete Disabledfiles are hiddenClock has a VIRUS ALERT Beside itSafemode works.i ran these following programs in safemode.Malware Bytes - Anti MalwareAd-ware Personal - SpywareAd-ware 2008 AVG?? Cannot run for some reason.Search and DestroyA-squaredSDFixSmitfraudFixPlease help, thanks, Morth.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:52:59, on 7/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0ZR5LBX4\HiJackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {c1e31e8c-a12e-d8a8-1eb4-bba4f8dc0e11} - {11e0cd8f-4abb-... Read more

A:Clock - Virus Alert? - Hj Log

Bump

Read other 4 answers
RELEVANCY SCORE 68

Okay, I admit I was dl torrents and now Im in some trouble. I had my many virus protection programs running. As soon as I ran a recently dl program. All my vp programs went nuts! It stopped most of them but my search, control panel, run and my comp are missing. So, im in desperate need of some help. Thnx in advanced.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diana\Application Data\inst.exe
C:\WINDOWS\erem.exe
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini2
C:\WINDOWS\SYSTEM32\svevsbly.ini
C:\WINDOWS\system32\ylbsvevs.dll
.
---- Previous Run -------
.
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\mmmghb.dll
2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\hjjcbnwq.dll
2008-07-11 11:27 . 2008-07-11 11:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 09:46 . 2008-07-11 09:46 321,792 --a------ C:\WINDOWS\SYSTEM32\wvUoPihf.dll
2008-07-10 11:32 . 2008-07-10 11:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-07-10 00:34 . 2008-07-10 11:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 00:34 . 2008-07-11 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Applicati... Read more

Read other answers
RELEVANCY SCORE 68

Hi,I was downloading a keygen the other day and I got a virus where it displays "Virus Alert" on the clock and it changed all the setting in my computer. I was able to resolve a lot of it. The only one that I have left is the wall paper setting. When I tried to change the wall paper setting. i got the following error... file:///C:/Windows/privacy_danger/indexi have posted the Hijackthis log below. hopefully, somebody could help...thanks....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:10 PM, on 8/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Program Files\Common Files\LogiShrd&... Read more

A:Virus Alert On Clock

HiPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 2 answers
RELEVANCY SCORE 68

Hi,
I was just browsing imdb.com with my dad and we suddenly had a virus or viruses rapidly begin to take action. We first noticed a popup appear with only the text like "??????". Before I could finish saying don't click the Ok button to my dad, he had clicked it. From that point on we have not clicked buttons on any pop ups. After that we started seeing all kinds of fake alerts about viruses. A window came up that appeared to be from Windows and was scanning for viruses. There are 2 tray icons that keep showing balloons about security risks or detected viruses. There is a very legitimate Security Center Alert asking if we want to enable windows firewall protection against net-worm.win32.dipnet.d, Backdoor.Win32.Kbotal, Trojan-Downloader.JS.Multi.a. The Keep Blocking and Unblock buttons are disabled. We immediately tried to restart in safe mode because it seemed the virus(es) were running out of control despite having McAfee installed. We were unable to start in safe mode. Every time it got to mup.sys we got a bsod, I think it was PAGE_FAULT_IN_NONPAGED_AREA. So we were forced to restart in normal mode. We installed (when trying to install spybot we were first redirected to a fake spybot page that wanted us to enter username and password info...) and ran Spybot and it found and removed the following:

Fraud.Sysgaurd
-C:\Program Files\txatfb\sysguard.exe
-Some registry keys pointing to that exe

Win32.KillAV-KQ
-Class ID: AFD4AD01-58C1-47DB-A404-FB... Read more

A:Security Center Alert and other Fake Virus Alerts

Welcome to BClet's see if we can produce a logWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr========================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press an... Read more

Read other 5 answers
RELEVANCY SCORE 67.2

Hi, I would appreciate any help with this..

i keep getting a popup that says :
“Windows Security Alert” warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protections

I have Mcafee on the system but now I cannot change registry, my start menu is messed up (no icons) etc...
Here is my hijackthis log:
--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22: VIRUS ALERT!, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\svchostBT.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Netw... Read more

A:Solved: Virus Alert in clock

Thanks to the forum... this reply solved my problem.
http://forums.techguy.org/6175760-post2.html

--- here is the log from MalwareByte---
Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 2

10/5/2008 19:08:37
mbam-log-2008-10-05 (19-08-37).txt

Scan type: Quick Scan
Objects scanned: 56130
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 21
Registry Values Infected: 5
Registry Data Items Infected: 18
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBTJyXR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sbajslyg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJCrPIC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\neksolda.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\xgpsarbm.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjcrpic (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser H... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

My computer was recently infected by a trojan (Trj\Downloader) but I believe that it has been deleted. Now, I'm trying to restore affected programs (including my Start Menu for which All Programs will not appear). My concern at the moment, though, is that my clock is consistantly in Military Time with the words "VIRUS ALERT!" after them. I found a similar thread on this website concerning this problem and followed the instructions given there (download a program called dss.exe, run the scan feature, and post the logs of the scan). Now I have no idea how to read the scan and was hoping someone here could help me out. I just need the time in Central Time (US) and the "VIRUS ALERT!" message to go away. Is this possible?

Main.txt

Deckard's System Scanner v20071014.68
Run by Tonya on 2008-07-13 21:26:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-14 02:26:40 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-14 00:01:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Tonya.exe) -----------------------------------------------

Logfile of Trend Micro HijackT... Read more

Read other answers
RELEVANCY SCORE 67.2

I was infected by several trojans (including Smitfraud.C and Antivirus2008) yesterday, but managed to get rid of the worst of them with Spybot S&D, Onescan, Windows Defender, Ccleaner and SUPERAntiSpyware. The "VIRUS ALERT!" next to my Windows clock, however, can't seem to be removed. Also, I can't seem to access my C drive from My Computer. Would appreciate any/all assistance. Deckard's System Scanner v20071014.68Run by April Han on 2008-08-02 14:24:00Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --79: 2008-08-02 06:24:10 UTC - RP419 - Deckard's System Scanner Restore Point78: 2008-08-02 02:51:28 UTC - RP418 - Cleaned registry with Windows Live OneCare safety scanner77: 2008-08-01 19:20:41 UTC - RP417 - Windows Defender Checkpoint76: 2008-08-01 18:11:37 UTC - RP416 - Installed SUPERAntiSpyware Free Edition75: 2008-08-01 17:59:29 UTC - RP415 - Windows Defender Checkpoint-- First Restore Point -- 1: 2008-08-01 03:12:48 UTC - RP341 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as April Han.exe) -------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:25: VIRUS ALERT!, on 8/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Interne... Read more

A:"virus Alert!" Next To Windows Clock

Hello Widowpoison and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

My computer has been infected with some pop-up message trojans or viruses. It has at least two visible problems: one is that the system clock now displays both the time and a message "VIRUS ALERT!" right after the time. The other problem is that various pop ups from both reputable and non reputable companies keep invading my IE. Last night a VIRUS ALERT! sign appeared on a message someone sent me on messenger, I have run AVG, ADAWARE, C Cleaner and SPYBOT in the safe mode but to no avail. The VIRUS ALERT! sign seems to be getting more virulent and invading more of my computer. Should I run a Hijack Log? Has anyone any idea! I really would be grateful.

A:Virus Alert! Message In Clock.

Moving to Am I Infected

Read other 18 answers
RELEVANCY SCORE 67.2

I was getting the virus alert in the clock area and was getting a lot of pop ups for virus scans. I read some of the forms and down loaded the Malwarebytes' Anti-Malware and ran some others as well. I was able to change the clock after getting the control panel and start menu back. I think I have everything taken care of but my firewall is turn off and I cant turn it on because of group Policy. I beleave that this can be cured buy the XP_CodecRepair.inf. You said that the link was taken away and I should start a new topic to resolve my problem. Thank you for all your help with this.

Read other answers
RELEVANCY SCORE 67.2

Good evening, eveyone.

I have a VIRUS ALERT! message next to my time clock which has been changed to military time. I ran symantec norton antivirus, windows defender and also spybot, none of which got rid of the message or changed my time clock back. When I go to my computer, I do not see any of my drives either. Please help me to fix this. I've been working on it for two days and I'm getting frustrated.

Thank you in advance.

Tweety

A:Virus Alert! Next To Time Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

Hello.

A few days ago I accidentally downloaded some malware onto my computer. My computer had slowed to a crawl, I couldn't access my hard drive, I kept getting messages about viruses and spyware and the words "VIRUS ALERT!" appeared next to my clock.

After following some instructions I found on another thread, everything seemed to be back to normal. My computer is working at full speed, the pop-up messages have stopped and the "VIRUS ALERT!" message has disappeared.

But I still can't access my hard drive. Does this mean I'm still infected with something or do I need to sort something out in my computer settings?

I would be very grateful for any help with this.

A:VIRUS ALERT! next to clock: Aftermath

What exactly do you mean by "still can't access my hard drive"? Can you provide more information. How are you trying to access the hard drive? Do you get any error messages?

Read other 4 answers
RELEVANCY SCORE 67.2

I know you are prolly getting tired of this on but here it goes. I have the virus alert in the bar by the clock and some start menu items are missing or locked by admin,i am the admin. No control panel and IE is FUBAR. My whole system is EXTREAMLY slow . I keep getting alerts from SpyWare Dr. about Explorer.exe trying to write to the registery but Spyware Dr. stops it.

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59: VIRUS ALERT!, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD8... Read more

A:Virus Alert in taskbar next to clock

Welcome to TSG
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Before we start with the fix, we need to fix the restrictions.
Navigate to the SDFix folder (usually C:\SDFix).
Right-Click on XP_CodecRepair.inf OR W2K_CodecRepair.inf depending on your Operating System.
XP for all versions of Windows XP and W2K for Windows 2000.
Click o Install
Your desktop may refresh a couple of times, don't be alarmed.
Please reboot into Safe Mode and follow the instructions below.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will rest... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

Have VIRUS ALERT! on time clock tool bar and has been converted to military time. How to fix?

Results of scan:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-12 09:34:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2008-07-12 13:34:10 UTC - RP323 - Deckard's System Scanner Restore Point
34: 2008-07-09 00:57:37 UTC - RP322 - System Checkpoint
33: 2008-07-06 03:48:13 UTC - RP321 - Installed AVG 8.0
32: 2008-07-06 03:47:24 UTC - RP320 - Removed AVG 8.0
31: 2008-07-05 20:36:32 UTC - RP319 - Avg8 Update


-- First Restore Point --
1: 2008-04-08 16:25:17 UTC - RP289 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 09:35:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-A... Read more

A:VIRUS ALERT! on time clock

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AIHEOGZP\dss[1].exe




Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then Run f... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

Good afternoon.

I have an issue with my computer (obviously). My clock is now showing up with VIRUS ALERT! beside it. My homepage has also been hijacked to hxxp://pc-antispypro.com/?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

Please let me know if there is anything you can do to help me out, I have run a number of antispyware scans and have run my Norton a number of times and haven't been able to get rid of this so far, so I figured it was time to try to get some help before I spend many more hours and getting no where on my own.

This is the first time I've had to ask for assistance on this sort of issue, so please let me know if you require any further information.

A big thank you in advance for any assistance you can provide.

Here is the log file from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by agordon at 2008-10-28 15:51:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 74 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:55, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Pr... Read more

A:Virus Alert beside clock / popups

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted remov... Read more

Read other 11 answers
RELEVANCY SCORE 67.2

virus alert is in my task bar. the clock is reading in the 24 hour mode. I downloaded hijack this and have a file saved. I'm hoping for some helpMod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

A:Virus Alert Is In My Task Bar Next To The Clock

Hi uoi, and welcome to BleepingComputer.Please read this guide before going any further.

Read other 1 answers
RELEVANCY SCORE 66.4

Hi i am new to this site and have gone through "Preparation Guide for use before posting a HijackThis Log "I have shortcut links to 3 items appearing on my desktop everytime "Malware Defender, Protect your privacy, System Error fixer". Also the word "VIRUS ALERT!" appears on toolbar next to clock on right side. My computer would switch off, but i have managed to get to the point where its not switching off. I have no access to control panel, my computer, my documents, etc and progam list from start button, i only have access to "set program access and defaults" and "conect to" from start button, everything seems to have disappeared. I have ran spybot, ad Aware, avg, stinger, sygate firwall etc, but every time i switch the computer on virus or malware turns up again. Spybot always detects and remover the follwoing: NNC.MGRS, Microsoft.Windows.Explorer, Microsoft.Windows.System, Microsoft.WindowsSecurityCentre.RegistryTools, Microsoft.WindowsSecurityCentre.TaskManager, and most of all Smitfraud-C.CHANGED MY NAME TO USERNAME IN LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50, on 20/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\... Read more

A:VIRUS ALERT! on toolbar with clock, Smitfraud-C.

Hi

I'm sorry it took so long to get a reply. Forums have been very busy

If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 66.4

Hi,

These are the symptoms.

VIRUS ALERT! next to the tool bar clock
Control Panel and other options missing from the Start Menu
A Bugs screensaver (desktop is now blue, if left for 10/15 mins, little bugs start crawling across the screen.
Popups staing Vundo
Updates will not complete (yellow shield on tool bar)

Deckards log below. I would attach extra, but dont seem to have it. Sorry

Deckard's System Scanner v20071014.68
Run by philip on 2008-06-06 15:29:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-06 15:29:47
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drive... Read more

A:Vundo & VIRUS ALERT! by tool bar clock

Hello and welcome to TSF

Can you post the extra.txt from Deckard System Scanner, in you reply.

==========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.

========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and com... Read more

Read other 9 answers
RELEVANCY SCORE 66.4

I have a message next to the clock saying virus alert, and pop ups appearing for internet explorer regarding homepage changes. i have run smitfraudfix superantispyware and spyhunter (subsequently finding the dll's which apparently were causing issues) and removed them, however the system still runs slowly and the message on the clock is still there ? your help is very much appreciated!
(and also the original pop up which no longer appears was a worm.win32.netbooster warning which i have understood to be a fake warning to con people into buying adaware software?)

(os is windows xp sp3)

A:Virus Alert Message On Toolbar Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 8 answers
RELEVANCY SCORE 66

Websense® Security Labs(TM) ThreatSeeker(TM) Network has discovered a new replica wave of bogus 'msnbc.com - BREAKING NEWS' alerts

see the whole alert at http://securitylabs.websense.com/

I highly recommend you subscribe to this very useful service
 

A:Bogus CNN Alerts

jobeard said:





Websense® Security Labs(TM) ThreatSeeker(TM) Network has discovered a new replica wave of bogus 'msnbc.com - BREAKING NEWS' alerts

see the whole alert at http://securitylabs.websense.com/

I highly recommend you subscribe to this very useful service Click to expand...

Just have to tighten up the security defense systems. Like we're going to war just to get online!
 

Read other 4 answers
RELEVANCY SCORE 66

I first had problems when Virus Alert! appeared next to the clock in windows, icons to various supposed spyware removal tools appeared on the desktop and internet explorer's home page defaulted to another supposed spyware removal site. Alongside general system instability and crashes and no access to the C or D drives.

I ran various scans with AVG and superANTIspyware with the latter showing up trojans which were nominally removed. I edited the registry regarding the clock as per these instructions http://miekiemoes.blogspot.com/2008/...o-restore.html
although I did not adjust the system properties.
I also used the VArestorepolicies.inf file from the above blog to regain access to drives.

Assuming it was the Zlob Media Codec issue I used SmitfraudFix from:
http://vpcsolutions.blogspot.com/200...ownloader.html which has appeared to have made the system more stable but still not properly usable.

Here is the HijackThis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:18, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Pro... Read more

A:Partially resolved issues with Virus Alert! next to the clock.

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following
Download and Run RSITPlease download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:log.tx... Read more

Read other 2 answers
RELEVANCY SCORE 66

I have a virus alerts and security alerts popping up and a loss of administrative ability. I also have a virus alert message where the clock is. I cant access alot of functions because of this. I managed to get a HJT log off of it (its a laptop). I cant remove any programs and i dont want to connect to the internet for fear of the malware downloading more stuff. I am transfering everything (HJT logs,programs you tell me to) with a flashdrive till I get this resolved.Hope you can help. You guys havent failed me yet. Heres my log.



Logfile of HijackThis v1.99.1
Scan saved at 13:59: VIRUS ALERT!, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost... Read more

A:Virus alert in clock area and no adminisrtaive ability

Hello and welcome to TSF

You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "... Read more

Read other 15 answers
RELEVANCY SCORE 66

Thought I had got rid of ushopper malware , but this pesky virus alert appears everywhere and has also meant that I have a popup saying I don't have genuine windows notfication etc. HELP! Have attached the log from HiJackthis

Logfile of HijackThis v1.99.1
Scan saved at 14:06: VIRUS ALERT!, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Ranger Remote Control\client32.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Google\Common\G... Read more

A:VIRUS ALERT added to clock on desktop toolbar

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 2 answers
RELEVANCY SCORE 66

I have an infected computer which i am trying to clean, but I am not able to remove all of the viruses or reverse the corrupted settings. The Administrator account has no problems whatsoever, but the other users all have Virus Alert! next to the clock. Also, the Start menu does not have All Programs listed. And, when I press Ctr-Alt-Delete, I get a message that says the Administrator account removed premission to use the task manager. Here is my HiJack This log (main.txt)Deckard's System Scanner v20071014.68Run by Other user on 2008-06-23 16:09:39Computer is in Normal Mode.--------------------------------------------------------------------------------Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis (run as Other user.exe) ------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:10:33 PM, on 6/23/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDevic... Read more

A:Virus Alert! Next To Clock, No All Programs Or Task Manager

Hello singlemp,

Welcome back to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers