Over 1 million tech questions and answers.

Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

Q: Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

I did a stupid thing yesterday. I downloaded an icon pack APK file on my computer to upload to my mobile. Anyway, the thing is, when I double clicked on it, BlueStacks (Android Emulator) opened up, and Avast started giving me lots of warnings about BlueStacks accessing Trojan URLs (it blocked them of course).
 
Now, the thing is: I scanned the APK file both in Malware Bytes Anti Malware and Avast (and even Malware Bytes Anti Rootkit), and it showed no virus or malware found. But when I try to attach the the same APK file as a Gmail attachment (which I read on the net detects viruses, which is why I tried it), Gmail gives me a "Virus found" error.
 
So, my question is how come such reliable antivirus / anti-malware programs like MBAM and Avast didn't detect the virus but Gmail did? And more importantly, (though I have deleted the APK file in question from my computer) is my computer safe? Or has a rootkit / trojan been installed?

RELEVANCY SCORE 200
Preferred Solution: Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Virus not detected in Avast & MBAM, but detected when I upload the file to Gmail

Upload file in question here: https://www.virustotal.com/ for security check.

Read other 5 answers
RELEVANCY SCORE 99.6

Note the detections, other than the PUP there are temp avast files which are malicious. I hope this is a false positive
 

A:Avast files detected as malicious by MBAM

Malwarebytes used to detect itself as malicious, so this isn't as surprising.
 

Read other 4 answers
RELEVANCY SCORE 88.4

Hi, I was the one who made this post about something that prevented MBAM from installing on its own or via Chameleon + rkill does not help.
 
It messed with file permissions, so the psr.exe that I downloaded (which caused the problem) is hidden in Windows Explorer even with show hidden files enabled, and I can't delete it. The other offending files that it created are hidden too (except in WinRAR) and can't be deleted either.
 
Somehow I got MBAM to scan once, and it found the other files the virus created, but not the original psr.exe that's still unremovable in my Downloads folder. Restarting however resulted in the virus coming back and uninstalling MBAM.
 
Trying to run DDS got me the attached screenshot. There's no option in the properties to stop it from running in compatibility.

A:Tough virus not detected by MBAM

Oh, and it just disabled Windows Defender on the latest boot (not that it was helping anyway).

Read other 27 answers
RELEVANCY SCORE 88.4

Hello, I have been having BSOD issues that I was getting help with in another thread. These led me to MSE being the cause of the BSODs. basically MSE is constantly stopping, and if I try to run MBAM, I get a BSOD. If I run MBAM is safe mode, it works and finds one file (below) infected. it says it removes the file but if I restart back into safe mode and run the scan again, the same file comes back. I am not sure what to do with this, but it seems to be causing MSE to frequently BSOD. Any help is greatly appreciated. let me know if there is anything else that you may need from me.

c:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

here is a link to my other post about the BSOD issues: http://www.sevenforums.com/crashes-d...dom-bsods.html

A:MSE Causing BSOD and MBAM not removing detected file

Someone had the same problem this morning and it was a false alarm.> http://www.sevenforums.com/system-security/190160-trojan-malwarebytes.html

Right click Malwarebytes and select run as administrator. Once open click update tab and do so.

Then click the Quarantine tab next to the Update Tab. If your Trojan file is listed there click restore.
This will put the file back in place.
Then run Malwarebytes again and see if it shows clean. If it finds something again click Quarantine option not delete.

There evidently is a glitch that has been fixed for false positives.

That missing file could be causing BSOD's.

I think it was a false positive. That is the only way I know to find out.

Mike

Read other 4 answers
RELEVANCY SCORE 85.2

I am using Windows 7.

Avast detected Kill.bat file in system32 folder.


Opened it with notepad and contains these commands-

*
@ECHO OFF

taskkill /f /im explorer.exe

START %SystemRoot%\explorer.exe

exit


Anything to worry about ? Or is this a normal file that is usually in Windows ?


Thanks

A:Avast detected Kill.bat file in system32 folder

Hy and welcome to TSF.
I am sorry for the delay.

This file is not a default one in sys32 dir but the content says ( in simply words )

Kill explorer.exe
launch explorer.exe

So not really something to worry about and up to you if you want to keep it or not.
I noticed that Jenae has replied to you in this topic
Avast detected Kill.bat file in system32 folder

Read other 2 answers
RELEVANCY SCORE 85.2

I am using Windows 7.

Avast detected Kill.bat file in system32 folder.


Opened it with notepad and contains these commands-

*
@ECHO OFF

taskkill /f /im explorer.exe

START %SystemRoot%\explorer.exe

exit


Anything to worry about ? Or is this a normal file that is usually in Windows ?


Thanks

Read other answers
RELEVANCY SCORE 85.2

I have been having issues installing windows updates, updating Microsoft security essentials, and even uninstalling certain programs.  I did a system restore and was then able to do updates and uninstall programs.  Just in case MSE was overlooking threats I uninstalled it and installed Avast! and it detected several rootkit threats.  Any help would be appreciated.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Kevin at 21:54:05 on 2014-08-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8097.5854 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Progra... Read more

A:Avast! has detected several threats/rootkit:hidden file

Hello needinghelpplease I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "t... Read more

Read other 43 answers
RELEVANCY SCORE 85.2

I am using Windows 7.

Avast detected Kill.bat file in system32 folder.


Opened it with notepad and contains these commands-

*
@ECHO OFF

taskkill /f /im explorer.exe

START %SystemRoot%\explorer.exe

exit


Anything to worry about ? Or is this a normal file that is usually in Windows ?


Thanks

Read other answers
RELEVANCY SCORE 85.2

What is that file and is it safe to delete it?

A:Avast! detected mqsv32.exe as a virus?

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Prevx's Investigation Report of the file "mqsv32.exe"What did avast do with that file?

Read other 1 answers
RELEVANCY SCORE 85.2

Hello, and thanks in advance.I recently have run into a problem, in where my explorer.exe is infected. I run 64-bit Windows 7, and about two days ago out of the blue, my libraries icon on the taskbar started to not come up with explorer, saying that explorer.exe had a virus, and could not run. I ran a quick scan with Avast!, and I found 3 viruses that had not been there earlier, two of which affected explorer.exe, and came with the description Bamital.AE. Not knowing if my computer was fully affected, I downloaded Malware Bytes and ran a quick scan, showing me that I had more Malware. I removed it with Malware Bytes, but I know it still isn't working. This usually isn't a problem except that trying to update Windows usually results in 99% completion than an explorer.exe crash that I can't fix because it refuses to run. I don't know what to do, there's no visible symptoms except the explorer.exe, but I don't want to let this fester. I have no idea how this came aobut, because it wasn't any problem two days ago. I think this may have to do with Megaupload now using an obnoxious advertisement that seems like a virus, so that may be the case, as I used Megaupload two days ago. As a sidenote I can still access my files my using the My Computer link, but the normal Libraries shortcut does not work.The Hijack This! Log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 5:07:02 PM, on 10/21/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Interne... Read more

A:Bamital.AE virus, detected with Avast!

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 19 answers
RELEVANCY SCORE 85.2

... but can't do anything about it. Need help. Thanks. 
 
a.k.a. Win32:SaliCode
 
EDIT: Used SalityKiller and got rid of some infected files but not all of them. Avast still detects some infected files with the same trojan/virus.

A:Sality virus detected by Avast

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/494804 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 9 answers
RELEVANCY SCORE 84.4

Hi there,
avast! detected virus on my computer. The virus is Glupteba-B, Adware-gen, Malware-gen and Rootkit-gen. I did a bootscan with avast! to delete the virus and then I did another scan again, yet the virus has not been removed. This computer is bought and mainly used by my father and he's not tech savvy at all. This computer freezes randomly. I will do a scan with MBAM tomorrow as I do not have MBAM installed in this computer right now and will need to copy it off my computer back at home. Appreciate any advice given and if needed I will post the scat log of avast! Thanks a lot!

A:avast! detected virus, unable to delete

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 1 answers
RELEVANCY SCORE 82.4

I have Avast! Running automatic scans once a day and am having a couple of issues:
 About once a week I will get a “Threat Detected” pop-up window post-scan, but when I click on the “Show Results” button it does not work, and when I look at the “Scan History” button and look at the scan it always shows “No Virus Found”.  This pretty much sums it up:
https://feedback.avast.com/responses/threat-detected-during-scan-log-shows-no-virus-found
After each daily automatic scan Avast! Opens a pop-up window showing that the scan was run, even though I have turned off having the pop-up window (when nothing is found) via the Avast! Settings.
 
This problem occurs on a Dell XPS 8500 desktop running Windows 7.
 

A:Threat Detected during Avast! scan, log shows no virus found

More feedback reports here.Quick scan results window says threat detected but Show Results and logs says no virus foundshow results not workingThis has occurred and been reported previously at the avast forums...Disappearing Reappearing "Threat found!" note in Internet Security"Threat detected" but no threat?Quick scan Threat detected errorThey usually say the fix will come in the next version...see here.

Read other 3 answers
RELEVANCY SCORE 81.6

hi skyy here

2 problems

#1
i just tried to run panda activescan and avast wouldn't let it download... it stopped it and said

My computer has been threatened with a virus and not to worry
File Name: http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL
Malware Name: Win32:CTX
Malware Type: Virus/Worm
VPS Version : 0641-4, 10/13/2006
and told me it stopped it before it got into my computer and for me just to abort connection...

So...I just aborted connection and avast went off again... this time it says

VIRUS FOUND
File Name: C:\WIN2K\system32\ActiveScan\pskavs.dll
Malware Name: Win32:CTX
Malware Type: Virus/Worm
VPS Version: 0641-4, 10/13/2006

and recommended me to move it to chest.

i am afraid to do anything and i am just sitting here with that virus warning going off...

~~~> what to do or is it a negative detection? what's up with this please???

~~~~~~~~~~~~~~~~~~~~~

[B]#2[/B]

what prompted me to do this scan is that my YInstStarter Class file is damaged when i checked downloaded files. it was fine yesterday.

can someone please answer these two questions before i go any further?

thank you

skyy
[email protected]
 

A:avast detected virus in panda activescan while downloading the online scan

(it seems like everyone is busy with the msn yinstall virus??? )

so...
i went ahead and moved the virus to the chest and when i did, the pandaactivescan tried to finish downnloading and run...

i selected scan computer but it just sat at 0 % scanned and wouldn't begin, but it wouldn't allow me stop and exit either. so...

i x'd out and found the file and scanned it again with avast and the report was...

Scanning of selected files
Action was completed successfully!
Virus has been detected!
File Name: pskavs.dll
FileID: 4
Virus Description: Win32:CTX

i closed it and am now going to run avast full system virus scan including archives.

i don't know what else to do at this point.

i wonder if my damaged YInstStarter Class file is this msn virus that i've been reading about here while waiting???

i don't remember clicking any links in my mail... but i did just in the last two or three days reinstall msn messenger and opened it last night and today... hmm now what?

i guess i will run avast right now while i wait. i wish i had some direction because i am heavily dependant upon the internet almost 24 hours a day and have only my laptop at the moment. i will be lost without it...

please see what you can do to get back to me??? thanks

skyy
[email protected]
 

Read other 2 answers
RELEVANCY SCORE 81.6

Hi, I am completely new to this, so please be patient. All I know is that my new computer has detected the Trojan files listed in the subject and I don't know how to get rid of them. I am running Vista premium and this is my first post, so I need to know what I can do to remove this stuff before it starts wreaking havoc. Thanks!
 

A:Solved: OfficeScan detected WinAntiSpyware2007 file and SpyHunter 2.9 detected Trojan.vundo!

Closing duplicate.

Please continue here:

http://forums.techguy.org/showthread.php?t=610916
 

Read other 1 answers
RELEVANCY SCORE 80.4

Hi all,
 
Today I was uploading an attachment to send it to a friend of mine via gmail. The attachment was of .xap extension because the file is a mobile application for windows phone and a virus was detected according to gmail. I scanned the file with Avira and nothing was detected. I also tried to upload the same application's dll and it also shown that a virus was detected but nothing was detected by my Avira Antivirus.
 
How can I be sure that I'm not infected?
 
Any help will be much appreciated.
 
Thanks!

A:Gmail Attachment Virus Detected

https://support.google.com/a/answer/6590?hl=en
 
 


(A xap file does contain executables.....this is the reason you are receiving a 'no go' from Google
 
 
Try sending it via DROPBOX   or maybe FILEDROP   ....there are plenty of others available of a similar nature

Read other 6 answers
RELEVANCY SCORE 76.4

Animal,
 
My bad. Sorry for posting in the wrong place.
 
Once MBAM finished about 80 items were removed. Shall I post this log here?
 
Thanks,
 
James

A:I have several detected in MBAM

Hello jkdempsey I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 22 answers
RELEVANCY SCORE 76.4

When I started my computer, a pop-up came up saying Run or Cancel application from the source I think, Users/app roaming/dscvhost.exe I think.
MBAM detected some trojan virus and a backdoor virus? I am not sure. I then system restored my computer and scanned my computer again, nothing showed up.
After I system restored MBAM couldnt update and I went to uninstall mbamclean.exe and install a clean copy and worked to update again.
So I am not sure if my computer still has infected files or not.

A:MBAM detected something

Run a quick scan with MBAM and post the log.

Read other 30 answers
RELEVANCY SCORE 75.6

The past 48 hours I have been noticing my computer running extremely loud. I open ctrl+alt+delete and noticed this processes was taking up all my CPU Memory; after googling the processes I figured it was a part of Windows Media Player and could be closed out- everytime I ended the process my computer would stop being super loud and go back to normal.
A couple days went by.. When I would power on my computer it would sound like a jet engine or the GPU is working in overdrive or something; So everytime I would just end the process.
This morning Malwarebytes detected 2 TROJANS on my computer with the same exact name of the process I found to be giving me issues. I have since quarantined in MBAM Premium. But I am afraid I am still infected.
Can someone please help verify if my computer is malware free?
Do I need to change ALL the passwords of the accounts I logged in to while I was infected? (I logged in to everything from my e-mail, bank to gaming accounts).
Please help me!!
Windows 7 Ultimate
64bit

A:MBAM just detected 2 Trojans!!

Hello texasmitch14, and welcome to the forums!
My name is bloopie and I will be assisting you with your malware issues!
 
==========
 
Before we begin, I must impress the point of patience to your topic! It has been mere minutes without a reply, and already you have posted in the 'Please post in this topic if you have not received help after three days'!?! Did you not read the instructions posted there!!?!
 
There are many users waiting much longer without a response with situations that are much more time-sensitive than yours are!
 
Normally, your post in that topic would be removed without anyone even looking at it (as the instructions clearly state):
This thread is only to be posted in if you have not begun receiving help after three days of waiting. Posts made here prior to the three day mark will be deleted without notice.
 
So, consider yourself extremely lucky, that I have come across your post in the meantime! I sincerely hope that you will not be so impatient with the help that I provide, and analysis of your logs! I have a child, and a life at home...this time is what I use to help people in need.
 
==========
 

Because I would like a log that is not allowed in the Am I Infected sub-forum (a FRST log), I have moved this topic to the Malware Removal Logs forum where it will stay.
==========
As indicated by the name of your topic (MBAM just detected 2 Trojans!!), could you please post the log from MBAM (Malwarebytes) with those det... Read more

Read other 13 answers
RELEVANCY SCORE 75.6

Hello
 
Following an update to the latest version, mbam detected 2 pup entries of
 
 
PUP.Optional.VShare.A
 
Seems they are relating to an IE toolbar of some sort. I chose the ignore once option, as googling didn't give me any definitive answers. Should I quarintine/remove, or is this an FP?
 
The computer in question is an old Toshiba Satellite running Vista.
 

A:mbam-- pup detected, should I be concerned?

 I always click the Quarantine all button.  I've never had a problem doing that.  You can always restore quarantined items if you see a need, but I've never needed to.
 
Good luck.

Read other 7 answers
RELEVANCY SCORE 75.6

I ran MBAM this morning and it reported no infections. I updated the definitions and MBAM reported the following infections:MBAM said my system needed to be restarted to remove these infections. I did this, re-ran MBAM and they are still there. Do I have a problem?

A:Trojan.BHO detected in MBAM

These are a faalse positive with database version 1932, just corrected with 1933

Read other 4 answers
RELEVANCY SCORE 75.6

Hi all, Got a nasty spell of viruses last night with mbam detecting backdoor.bot. I also saw y.exy (and my Firefox browser opened a window for...exy).MBAM seemed to be able to clean backdoor.bot and attached. But I want to make sure I'm clean and of course I'm paranoid about my passwords and internet activity now. I have never had a serious malware problem before now !!Here's Hijack this log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:50:32 AM, on 12/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\Norton Internet Security\En... Read more

A:MBAM detected backdoor.bot

Title was: Backdoor bot followed by trojan.vundo, lots of weird behavior--trying to clean up ~ OBETA: I was able to run another rootkit from GMER (the one suggested on Malwarebytes Forum...I am adding the attached labelled ark.txt.Hi all,I posted yesterday about a backdoor bot appearance (also accompanied by y.exy). I downloaded MBAM and it looked like it cleared. But I wasn't sure everything was done. I posted here (before reading your how to post instructions). I'm back again for 2 reasons. 1) I think I know how to communicate better now and have followed the dds instructions and posted here ( could not do rootrepeal, see below, EDITED TO ADD: but have included a gmer rootkit )2) Norton picked up a trojan.vundo virus last night (but only after it managed to run 195 or so processes). It seemed to wipe it out but I was still concerned. Nothing seems to be working right and of course I'm worried about security.I've run MBAM again and Spybot S&D since and they did not find anything. I don't know if my registry is fracked. I can't tell.Today I followed bleepingcomputer instructions for eradicating trojan.vundo using both the specific malwarebytes instructions from that page and the Vundo Fix instructions. Neither found anything. I had some trouble with rkill. While running it, 4 files would post to my desktop (ncmd.cfxxe, pev.exe. rkill.bat and rkill.reg). Each time I ran the program I got a notification that pev.exe could not run and was shutting down.After I did all that I... Read more

Read other 3 answers
RELEVANCY SCORE 75.6

Hello,
 
MBAM detected backdoor.bot and I'm only able to access the internet by unchecking the proxy server box in the LAN settings but seems to always come back when restarting my computer. Please help me get rid of this. TIA.
 
OS: Windows 7
System: 64-bit OS
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by Bob (administrator) on BOB-PC (05-01-2016 11:25:57)
Running from C:\Users\Bob\Downloads
Loaded Profiles: Bob (Available Profiles: Bob)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files (x86)\MR APP\MRAPP.Event.Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Spotify Ltd) C:\Users\Bob\AppData\Roaming\Spotify\SpotifyWe... Read more

A:MBAM detected backdoor.bot

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===My research revealed that this Proxy is used by Digital Market Research apps ply ltd.If you wish to remove it let me know and I will provide you with a fix.

Read other 20 answers
RELEVANCY SCORE 74.8

Hey. I was running a routine scan with MalwareBytes and received notification that it had picked up some ZeroAccess Trojan files. They are currently quarantined (I haven’t deleted them yet in case of a false positive), and subsequent full scans with MBAM and Microsoft Security Essentials come up clean, but I know that this Trojan is hard to remove and I need some advice on how to verify that my system is clean. MBAM required a restart to complete the quarantine process, and upon restart I was informed that Windows Firewall was turned off, which is unusual.  
 
Two other issues that are probably unrelated but I feel I should mention anyway: at startup, I am getting a Windows notification saying “There is a file or folder on your computer called "C:\Program" which could cause certain applications to not function correctly. Renaming it to "C:\Program1" would solve this problem. Would you like to rename it now?" and the options are to Rename or Ignore. It appears that this is related to a problem caused by an update to Foxit Reader, though the problem persists even after uninstalling Foxit. Probably not a virus thing, but full disclosure and all. I started a separate BC thread on it here: http://www.bleepingcomputer.com/forums/t/534482/file-name-warning
 
Another oddity that just happened is that I was looking at the Microsoft support site and a couple flickering horizontal lines appeared on the screen. They stayed anchored to specific places on the sit... Read more

A:MBAM detected ZeroAccess Trojans

Hi,
 
You are infected with ZeroAccess, we will need more advanced tools to deal with it:
 
Please follow the instructions in THIS GUIDE starting at Step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then make a NEW TOPIC and post it HERE. Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.
If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
xXToffeeXx~

Read other 3 answers
RELEVANCY SCORE 74.8

Originally, I posted about my problem here:
http://www.bleepingcomputer.com/forums/topic436692.html/page__pid__2541614#entry2541614

Basically, the problem I reported was that the scan results from MBAM were negative (clean log),
but AVG is showing the following infections (I've just done another one full AVG scan) with Trojan horse Agent_r.AWW:

1/ file c:\WINDOWS\System32\drivers\smb.sys
2/ file c:\WINDOWS\system32\DRIVERS\smb.sys

AVG says that: "object is white-listed (critical/system file that should not be removed)"

3/ registry key: HKLM\SYSTEM\CurrentControlSet\services\Smb
(Result/Infection: Found registry key with reference to infected file: c:\WINDOWS\system32\DRIVERS\smb.sys

Also, from time to time I'm getting "AVG Threat detected" message:

"File: c:\WINDOWS\System32\drivers\smb.sys
Threat: Trojan horse Agent_r.AWW.
Detected on open."

Following my post mentioned above, I was given instructions to post here and report, following the Ginler's 10-Step Guide - from Step 6.

I did that, but wasn't able to finish each and every step. Here is what happened:

Step 6 - Disable CD Emulation software
- downloaded and started DeFogger
- black screen appeared, with a cursor on it, but nothing more
- after about 5 or 10 minutes the program AND Windows closed
- I restarted the laptop in Normal mode.

Step 7 - Download and run DDS, ... Read more

A:Agent_r.AWW detected by AVG (MBAM gives clean log)

UPDATE

AVG just gave the follow message:

"Threat was blocked!
File name: iso.khatikmala.gen.in/sp3stats.php?cust=a01e3f765fc7a25
Threat name: Exploit Blackhole Exploit Kit (type 2090)
Details:
Process name: c:\WINDOWS\System32\PING.EXE
Process ID: 684

pumex

Read other answers
RELEVANCY SCORE 74.8

Afternoon to all, I just updated MBAM not even 15 minutes ago, and already its detecting this trojan, Trojan,vawtrak.ED, i did a little research and shows that its mainly retrieving passwords for banking accounts, although i don't do much banking on this system i would like to remove this trojan due to all my passwords having a chance of being compromised...I saw that there are plenty of websites claiming to have the removal kit, and none that I am familiar with. I don't trust any other website at this point due to being infected from a source unknown (in other words, i dont trust any of those sites because honestly i dont know how i got this trojan) I just want some help is all, I have some things backed up on this system (important to me for the most part) and i would like that wiping my computer as a final solution not the first. Thanks it will be much appreciated for input please!
 

A:Trojan.vawtak.ED Detected by MBAM

Read other 8 answers
RELEVANCY SCORE 74.8

Had a malware attack, detected in Malwarebytes Anti Malware. Computer is running really slow. Can anyone help me?

Thanks

A:Malware attack, detected in MBAM.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 13 answers
RELEVANCY SCORE 74.8

C:\Windows\Installer\537ef9a.msi|>cabs.w1|>go.exe69
Avast detected it as Win32 Trojan-gen, I get error 42111 (from what I've read it's due to inability to remove without corrupting the file)

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:14:47, on 2012-11-21
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
D:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\SysWOW6... Read more

Read other answers
RELEVANCY SCORE 74

I am working on a WIN 7 computer at my wifes office and cant download any files from internet and just says virus was detected..
 
Ive attached a few log files that i did some scans on
 
 
Thanks
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Chris [Admin rights]
Mode : Scan -- Date : 05/12/2013 23:14:43
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\tracy\AppData\Local\ArcadeCandy\candyUpdater.exe  [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [N... Read more

A:unable to download file virus detected

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Third party programs if not up to date can be the cause of infiltration an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do ... Read more

Read other 2 answers
RELEVANCY SCORE 74

I'm using Panda Antivirus, it shows this log after scanning C:

++++++++++++++++++++++++

Scan completed 01/13/09 19:23:29 Scan: All hard disks
Virus detected: Generic Malware 01/13/09 19:19:20 Disinfected Location: C:\WINDOWS\system32\drivers\334fc0f9.sys

Adware detected: Adware/VapSup 01/13/09 18:41:50 Notified Location: C:\WINDOWS\Downloaded Installations\{28170427-F935-424B-926B-C5FE612FA81B}\Client Security - Password Manager_msi.vir[unk_0113][tpmstate.exe.E69CB083_828B_4A0D_9B34_A9A7FA17F94F]

+++++++++++++++++++++++
I tried to delete 334fc0f9.sys, windows replies, it does not exist.
Directory of C:\WINDOWS\system32\drivers

14/01/2009 07:16 a.m. 94,444 334fc0f9.sys
1 File(s) 94,444 bytes
0 Dir(s) 15,839,846,400 bytes free

C:\WINDOWS\system32\drivers>del 334c0f9.sys
Could Not Find C:\WINDOWS\system32\drivers\334c0f9.sys

C:\WINDOWS\system32\drivers>del 334fc0f9.sys
C:\WINDOWS\system32\drivers\334fc0f9.sys
The system cannot find the file specified.

Following is the HJT log, I need to know what is reactivating this malware or whatever it is, and how to eliminate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:42 p.m., on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Win... Read more

A:334fc0f9.sys file detected as virus and cannot clean

Ifound
I used combofix.exe and problem solved
 

Read other 1 answers
RELEVANCY SCORE 74

Have been having issues with some sort of trojan on my computer for a couple weeks at this point. Started with mainly pop-ups (Antivirus 2009 and others) in Firefox, then crashed IE 7 entirely (I've since uninstalled it), and is generally slowing my computer immensely. I've tried a number of different virus scanners (Symantec, Kaspersky, AVG Free) and malware programs (Ad-Aware, Spybot, MBAM, Vundofix) and I tried TweakNow Regcleaner when I was getting desperate. The malware seems to disappear for a certain period and then resurface. I've restarted the computer to finish the "clean" a number of times, only to have the issues (pop-ups and slowdowns) reappear. I'm no longer getting pop-ups, but am still having serious slowdown and hourly pop-ups from AVG claiming to have found various malware (trojan.vundo.bz, trojan horse generic 12.wvl, etc.), although a number of them seem to not actually exist. I'm running XP Service Pack 3 on a P4 3 GHz with 500 mb of RAM. I've run the log for the HijackThis/Malware forum, but wanted to check here first to make sure I wasn't missing anything before I posted.

Thanks for any help.

EDIT - That would be "tough," in the subject.

A:Trojans detected by MBAM and AVG, touch to remove

Hello soupyman10,I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/186324/trojanvundobz-trojanvundocb-others/ We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possi... Read more

Read other 1 answers
RELEVANCY SCORE 74

hello,
 
I think i am in need of some help. Normally i run scans once every day or so and nothing is ever found.  However, MBAM found and quarantined ten trojan's today.  I have no clue how i got them and if my OS is truly clean.  My regular AV (Bitdefender) has found nothing except 1 over compressed file it could not scan.  I'm running Win 8.1 64bit OS.  Thanks for any help you can offer
John

A:10 trojan.agent's detected by MBAM pro today

Hi scagsCan you post the report from MBAM, so we can see what was detected.Are you using the latest version 2 of MBAM?if so...(Copy to clipboard for pasting into forum replies)After the restart once you are back at your desktop, open MBAM once more.Click on the History tab >> Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply.-------------If you are using the older version:Start Malwarebytes AntiMalware.Click on the logs tab.The logs are date stamped ... double click on the log that showed the infection items.It'll open in notepad.Please copy/paste the report in your next reply

Read other 17 answers
RELEVANCY SCORE 74

Running MBAM Pro on my Windows 7 Ultimate Dell laptop detected Open Candy
 
Deleted and Quarantined it, and rebooted.
 
Files Detected: 1
C:\Users\Gene\AppData\Local\Temp\is-9FOPN.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
A reboot and two MBAM successive scans have not come up with any other infections.
 
A  Eset Nod32  v7 Smart Scan has not detected anything else.
 
I also have CryptoPrevent 4.3 installed. It blocks malware from using the AppData folder. No issues there.
 
I don't think I have any infections, but to be sure, where do I go from here?
 
I have had assistance from Bleeping Computer Techs before, so I am good at downloading the tools and posting reports exactly as asked. 
 
Thanks in advance,
 
Gene

A:MBAM Pro detected OCSetupHlp.dll (PUP.Optional.OpenCandy)

Hi Gene,
 
Run these for me:
 
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
-------------
  Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
 
----------
 
Download Temp File Cleaner (TFC)Alternate download: http://www.itxa... Read more

Read other 8 answers
RELEVANCY SCORE 74

I have a toshiba satellite running windows 8, 64 bit
I have malwarebytes, and avast free edition
 
Malware bytes detected the pup.optional.aslyrics.a and identified it as non-malware
Mbam then quarantined it.  I then deleted it from Mbam.
I ran the avast and they found nothing.
I ran mbam again and now is says no malicious items detected.
 
My question: is the problem solved, or do I need to do more in depth searching?
Thank you. 
Tad

A:MBam detected non-malware pup.optional.aslyrics.a

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 16 answers
RELEVANCY SCORE 73.2

New to this forum - in desperation mode!!!
 
A couple of weeks ago developed two problems, I'll focus on this one first: Any email attachment I try to open, file download, etc., as always, I'm asked: Run - Save - Cancel.  If I click Run or Save, a box pops up naming the file or attachment, says it has a virus and was deleted.  Game over, I can't do anything else.
 
Running Windows 7, Google reg version, have gotten rid of my McAfee Security and Avisoft for now.  Lots of advice on how to get rid of this but have one big problem: I can't download any fixes. I've tried clicking this and that, or go into regedit but the files in subfolders I'm supposed to look for aren't there.
 
Not computer literate but with detailed steps will give anything a try....Thanks!!!
 
 

A:Any download or attach: "Virus detected. File deleted"

You're probably infected with ZeroAccess. Open your topic here --> http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
 
Follow this instruction to open topic --> http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Read other 3 answers
RELEVANCY SCORE 73.2

Hello, when I visit a website that has a video, my Avira antivirus gives me the following notification:
Virus or unwanted program 'HTML/Malicious.Flash.Gen [virus]' detected in file 'C:\Windows\temp\0000000E-E6DED9FD. Action performed: Deny access
my computer usually freezes up and is very slow for several seconds or until I x out of the page. The file in C drive it gives is different each time it gives the virus notification. I have run the following scans:
 
Avira, superantispyware, malwarbytes, lavasoft adaware, combofix, and I have uninstalled all java and flashplayer programs and then reinstalled.
 
but nothing helps. Can anyone give me a hand?

A:HTML/Malicious.Flash.Gen [virus]' detected in file...

Hello Jim be careful running Combo,Empty your temp folders using TFC (Temporary File Cleaner)Please download TFC by Old Timer and save it to your desktop.alternate download linkSave any unsaved work. (TFC will close ALL open programs including your browser!)Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)Click the Start button to begin the cleaning process and let it run uninterrupted to completion.Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.Last run ESET.Hold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan... Read more

Read other 3 answers
RELEVANCY SCORE 73.2

Hello, when I visit a website that has a video, my Avira antivirus gives me the following notification:
Virus or unwanted program 'HTML/Malicious.Flash.Gen [virus]' detected in file 'C:\Windows\temp\0000000E-E6DED9FD. Action performed: Deny access
my computer usually freezes up and is very slow for several seconds or until I x out of the page. The file in C drive it gives is different each time it gives the virus notification. I have run the following scans:
 
Avira, superantispyware, malwarbytes, lavasoft adaware, Spybot S&D, combofix, and others and I have uninstalled all java and flashplayer programs and then reinstalled.
 
but nothing helps. Can anyone give me a hand? Here are the DDS scan results:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Home PC at 10:35:11 on 2013-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.3037 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD47... Read more

A:HTML/Malicious.Flash.Gen [virus]' detected in file 'C:

Does no replies mean no one knows how to fix this issue?

Read other 3 answers
RELEVANCY SCORE 73.2

I hope I am posting this in the right place this time...

Microsoft Security Essentials found a trojan downloader virus, and supposedly removed it. But I wonder if I am still infected...

Here is the DDS notepad log...

I have deleted what I think might be personal information and replaced it with this symbol: [!]
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: [!] BrowserJavaVersion: 1.6.0_31
Run by [!] at 9:42:53 on 2012-05-23
Microsoft? Windows Vista? Home Basic [!] [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\W... Read more

A:DDS Log file after trojan downloader virus detected and removed by MSE

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 18 answers
RELEVANCY SCORE 73.2

Hello,I've had an issue occur in the past two days which has given me cause for concern that my computer is probably not safe. What happened first, is I ran a full scan of MalwareBytes just out of habit, and it detected two files that were infected:QUOTEMalwarebytes' Anti-Malware 1.44Database version: 3579Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187021/16/2010 3:32:38 PMmbam-log-2010-01-16 (15-32-38).txtScan type: Full Scan (C:\|)Objects scanned: 323184Time elapsed: 1 hour(s), 52 minute(s), 59 second(s)Files Infected:C:\Documents and Settings\***\Local Settings\Temporary Internet Files\Content.IE5\0B7VS49R\load[1].php (Rootkit.TDSS) -> Quarantined and deleted successfully.C:\Documents and Settings\***\Local Settings\temp\66.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.However, when the system was restarted by MBAM to fix the issues, the computer refused to boot into Windows. No matter what I tried, the system would not boot up (even Safe mode failed with a blue screen crash). I was forced to Repair the OS with the Installation disc. During the windows setup process (prior to actually performing the repair), the computer blue screened again at one point, but eventually it worked on the second try and I was able to repair the OS. I then went ahead updating all the patches and Windows Updates (such as SP3), but soon a new problem arose where my computer refused to comple... Read more

A:Probably infected with Malware (earlier Rootkits detected by MBAM)

I went ahead and just reformatted my hard drive and did a clean install. The issue was resolvedPlease close this thread with my appreciation nonetheless. Thank you.

Read other 2 answers
RELEVANCY SCORE 73.2

Hi guys,
 
I am not sure if I am still infected with the Trojan.Agent.ED that MBAM Premium detected yesterday
 
Can someone please help 

A:MBAM Premium scan detected Trojan.Agent.ED

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

Read other 3 answers
RELEVANCY SCORE 73.2

I was recently given a used laptop, which uses Vista Home Basic service pack 2. The security software installed on it had been expired for a while, so I ran an MBAM full scan and some items were detected. I haven't noticed any issues/problems with the computer so far, so I was a little surprised that malware was found. Now I am concerned that there could be other malware hidden deeper in the computer and not found yet. I want to transfer files from the computer, but I don't want to spread any viruses, malware, trojans, etc.
So how can I determine if the computer is really clean and safe?
Can I post the MBAM log, to see if there is cause for concern?

A:Items detected in MBAM scan, is computer really clean now?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 29 answers
RELEVANCY SCORE 72.4

Hello! I want to thank you in advance for your help. I suppose this is just me being paranoid, but considering this is a backdoor.bot that Malwarebytes picked up yesterday, I just want to make sure that it's been completely removed from my laptop, since this is my main computer and I do most everything on here.

I received one of those pop-up messages yesterday that told me it detected some critical processes running on my computer and that it would like to run a scan of my system. I started task manager and ended Firefox to close all windows (including the pop-up). A scan with Microsoft Security Essentials turned up nothing, but when I ran Malwarebytes, it showed that I was infected with the "backdoor.bot". I had MBAM remove the file, then downloaded the trial version of Kaperskey 2011 AV to get a second opinion. Upon restarting and running both Kaperskey and MBAM again, both scans turned up clean. However, I'm still paranoid that my laptop is still compromised.

Any suggestions?

I'm using a Sony VAIO laptop with Windows 7 OS.

Thanks again!

A:MBAM detected and removed backdoor.bot - now seeking verification that it's completely gone

Please post the complete results of your MBAM scan for review (the one which detected the backdoor.bot).To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.Click the Logs Tab at the top.The log will be named by the date of scan in the following format: mbam-log-date(time).txt
-- If you have previously used MBAM, there may be several logs showing in the list.Click on the log name to highlight it.Go to the bottom and click on Open.The log should automatically open in notepad as a text file.Go to Edit and choose Select all.Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.Come back to this thread, click Add Reply, then right-click and choose Paste.Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Logs are saved to the following locations:-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-ddDid you remove Microsoft Security Essentials before installing Kaspersky? Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource managemen... Read more

Read other 7 answers
RELEVANCY SCORE 72

My computer has been running slower than usual lately. I ran Avast Anti-Spyware and it detected two viruses, both of which it could not remove. I don't think the viruses are gone from my system. It would be very much appreciated if one of you guys here could help me analyze and fix any problems on my computer. Thanks in advance. Here's my logs:DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 21:15:26.83 on Fri 02/26/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.265 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\WINDOWS\system32\dllhost.exeC:\Program Files\Mozilla Firefox\firefox.e... Read more

A:Not sure what I have, Avast detected two viruses

After I posted this, I ran Avast again and it said no threats were found, so I am assuming they were deleted.. can someone please go over my logs and make sure I am clean? THANK YOU SO MUCH!! ===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attemp... Read more

Read other 13 answers
RELEVANCY SCORE 72

Hello, My name is Alan.

I have had a little experience with computers and viruses in the past but this one is winning the fight.

Recently, my AVAST Antivirus free edition has been telling me about a Trojan named JS:ScriptSH-inf [Trj]

I have run a scan with AVAST - no success.
I have run System Restore - no success.
I have run MalwareBytes - no success.
I have run SpyBot - no success.
I have downloaded HiJackThis and created the following log.

Can you please help me remove this virus from my Windows Vista Home Edition SP2 Toshiba Satellite laptop?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:50:20 AM, on 11/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Pr... Read more

A:Trojan Detected by Avast

Hi alanschoeff ,I will be handling your topic to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

Read other 31 answers
RELEVANCY SCORE 72

Hi,

1) Recently, Avast blocked an access to a malicious site while the system was idle & no web browser was active. Screenshot of the threat attached as first thumbnail.

2) Also, the USB drives being used with this system are getting infected.

3) Getting an error message 'ubd.exe - Entry Point Not Found' every time on startup. Screenshot of the same attached as second thumbnail.

4) Also, the system is running slow. Nothing else in particular observed.

Hence, I hereby post the DDS logs for review. Kindly assist;

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 11.66.2
Run by USER at 17:18:21 on 2015-12-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.3069.1463 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DUSER3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIUSEROMM\Bluetooth Software\btwdins.e... Read more

Read other answers
RELEVANCY SCORE 72

Hello,

I am trying to help my uncle fix his computer. He had a fake spyware program come up on his computer (Adware 2007 Professional). Avast detected this and other files in the Adware 2007 folder as Win32:Bravesentry-b, Win32:Adware, and Win32:Bravesentry-d. My uncle told me that continuously IE would popup 50+ random windows within an hour (completely random sites). I have the computer now hooked up at my house in an effort to fix it. I have run the Panda scanner and DSS. Here is my HijackThis log...

Deckard's System Scanner v20071014.68
Run by Pegorari on 2008-03-11 21:34:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
31: 2008-03-12 01:34:55 UTC - RP1396 - Deckard's System Scanner Restore Point
30: 2008-03-12 01:31:03 UTC - RP1395 - Software Distribution Service 3.0
29: 2008-03-11 23:02:02 UTC - RP1394 - Configured Bonjour
28: 2008-03-11 22:21:22 UTC - RP1393 - Software Distribution Service 3.0
27: 2008-03-07 00:20:28 UTC - RP1392 - System Checkpoint


-- First Restore Point --
1: 2008-02-06 02:44:45 UTC - RP1366 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 383 MiB (512 MiB recommended).
System Drive C: has 2.47 GiB (less than 15%) free.


--... Read more

A:Avast detected Bravesentry!!! HJT log help...

Bump...

Read other 13 answers