Over 1 million tech questions and answers.

malware blocks firefox from accessing google, malwarebytes and any HTTPS

Q: malware blocks firefox from accessing google, malwarebytes and any HTTPS

 
Hello,
 
some malicious code prevents my Firefox from accessing google.com; browser tries then says "The server at
google.com is taking too long to respond." Same for encrypted.google.com and forums.malwarebytes.org =( Any other sites from my everyday list are accessed OK. Except for Wikipedia since it only works via HTTPS and malware seems to block any https:// requests.
 
My proxy and firewall aren't messing with it, in fact, the proxy doesn't see any requests for affected sites. But from the Opera i was able to connect and post this panic message here! =) Malwarebytes' Anti-Malware is unable to start due to the problem described here: https://forums.malwa...howtopic=140731 to which nobody cared to answer. SpyBot found no threats. Disabling all the plugins in firefox didn't help. What can i do? Please reply something?

RELEVANCY SCORE 200
Preferred Solution: malware blocks firefox from accessing google, malwarebytes and any HTTPS

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: malware blocks firefox from accessing google, malwarebytes and any HTTPS

Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.    Click on Change Parameters and click Detect TDLFS File System.    Click the Start Scan button.    Do not use the computer during the scan    If the scan completes with nothing found, click Close to exit.    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.    A TDSSKiller text file would be saved in Local Disk C.    Copy and paste the contents of that file in your next reply.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.

Read other 9 answers
RELEVANCY SCORE 73.6

I am currently using Firefox. When I click on Google search results, I get redirected to a STOPzilla site. Additionally, MalwareBytes blocks the IP addresses 67.29.139.153 and 64.111.196.121 (apparently RBN's work). I've run MalwareBytes, Avast, and HitmanPro, and I thought I had killed the virus (or whatever it is) since there had been no problems yesterday, but today it came back and I was getting redirected again.
Here is the DDS.txt:
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
Run by Administrator at 12:43:36 on 2011-06-25
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1023.236 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: McAfee Host Intrusion Prevention Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program File... Read more

A:Google keeps redirecting, MalwareBytes blocks IP Addresses

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 12 answers
RELEVANCY SCORE 73.2

I have got a computer with Vista on it from a friend because the browsers were being hijacked and being redirected to other pages.
Her Norton 360 was expired, so I uninstalled it and installed Avast Free and purchased Malwarebytes Anti Malware software for her computer.
Malwarebytes Anti Malware found a bunch of stuff and removed it.  The computer re-installed some of the bad stuff all over again.
Internetupdater.exe and something called conduit.
I kept running Malwarebytes Anti Malware and it seems to have removed most of the nasty stuff but Malwarebytes Anti Malware keeps popping up
that it is blocking outgoing attempts to the following.

Detection, 04/01/2015 8:00:34 AM, SYSTEM, JULIE-PC, Protection, Malicious Website Protection, IP, 119.145.147.181, mama.cn, 0, Outbound,
Detection, 04/01/2015 8:00:37 AM, SYSTEM, JULIE-PC, Protection, Malicious Website Protection, IP, 91.202.63.7, cy-pr.com, 0, Outbound,
 
Internet explorer also will stall displaying certain pages even from the Bleepingcomputer website, but any of these websites will work perfectly fine on any other browser.
 
Please can someone assist me...
Thanks
Stimpsonthecat

A:Malwarebytes Anti Malware blocks several sites

Hello,We will be helping you with your problems. Please be patient while we assist you.Some points for you to keep in mind while we are helping you to make things go easier and faster for both of us:Please do NOT run, install or uninstall any programs, unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, a... Read more

Read other 19 answers
RELEVANCY SCORE 72.8

I have run a Gmer scan and it found some registry entries under HKLM\System\ControlSet002\services\BTHPORT\ - i have tried to manually delete these keys but it says i don't have permission even after I have tried to add custom permissions to that specific key. This rootkit seems to bind itself to all external online applications like javaw.exe, firefox.exe, chrome.exe, skype.exe.

Randomly Malwarebytes will block external IP connections when using Skype, Firefox and/or Chrome.

Running Symantec Endpoint finds nothing.
Running Eset Online Scanner finds nothing.
Running TDSSkiller Scanner finds nothing.
I have ran ComboFix.exe as well but its still infected.

I have run JavaRa to remove all java update instances. I have ComboFix, Gmer and DDS logs to post if someone can help me out. Thanks

A:BTHPORT - Rootkit - Malwarebytes Blocks Remote IP Connections in Firefox and Skype

I ran some more scans and this is what showed up but i had them removed and am still having random external connectionsMSIL/Injector.LX TrojanWin32/HackKMS.AHere are LOGS for Gmer, ASWMBR, DDS, TDSSKiller, OTL and ComboFix--------------------------------------------Gmer-log-----------------------------------------GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2011-12-26 16:24:12Windows 6.1.7601 Service Pack 1 Running: lmg5ckpn.exe---- Registry - GMER 1.0.15 ----Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f846c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x68 0x3D 0x48 0x67 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xE2 0xB2 0x51 0xB1 ...Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002722069f0 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0011675c4132 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f846c (not active ControlSet) Reg HKLM\SYSTEM\Control... Read more

Read other 5 answers
RELEVANCY SCORE 70.8

Untill I get a laptop of my own, I'm using my great aunt's netbook (Eee netbook which uses Windows XP) since I just moved out to a dorm to attend the new college I'm at right now. I wanted to use my roomates printer, and since the netbook doesn't have a CD drive, I decided to try and find the software online so I could use it without installing the disk. Bad idea.

A few hours after installing the program (which did nothing but freeze up, but I had to run to class, so I didn't have time to worry about it), the computor restarted itself, and all of a sudden, there were these two new icons on the taskbar; a red circle with a white x in the middle. Whenever they popped up, they said something about how I have spyware, and that I had to download something for it. I ran Mcafee, and it said that the system was clean, but after the scan, after I clicked on one of the new icons, mcafee came up, and told me that it was a trogan and that it was deleted. I was kind of confused, but I disabled the alerts on the taskbar for the new icons, and I didn't think about it further.

Today (two days later), however everything has been acting strange. Popups have been coming up saying that a certain website needs a new font thing installed, and everything from aol and google had a pop up ad where there weren't any before. Also, when i used a search engine, I'd get an add instead of the link that I clicked on. Mcafee freaked out, and after a scan, it told me to restart the computor to get rid of a ... Read more

A:Malware: resistant to McAfee; blocks malwarebytes, disables task manager

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

Hi guys and gals,

New to this forum, so I hope it the right place for and way of explaining this problem.

I just bought my first PC, which is pretty awesome after having worked on laptops for years.
Here is the configuration:
- i7 4790K
- MSI Z97 Gaming 5
- MSI GTX 980
- Corsair Vengeance Pro Red 16GB 1600 MHz CL9
- Corsair RM750
- Samsung 850 Pro 256GB SSD

This is also my first system with Windows 8.

Now here is the problem:
After installing my favorite browser Firefox, for some reason it won't load google.com properly.
It automatically tries to load the https version of google, which makes sense.
But it gives my the "Untrusted connection error" (but then in Dutch, so I hope it is correctly translated).
When I delete the "s" and try http it loads fine, but then my search results are different from my laptop with Windows 7 and only the categories "Web" and "Images" are shown.
The same happens in Internet Explorer.

I have tried the solutions as described on the Mozilla support pages, but without any luck.

I hope someone on this forum can help me out.

Thanks in advance and best regards,

T

A:google.com not loading with https, Firefox and IE

Just found out that Internet Explorer has similar problem on my Windows 7 laptop.
Google Search results only show the categories "Web" and "Image".

Anyone that might have a solution?

Read other 1 answers
RELEVANCY SCORE 60.8

Hi all,
the current cumulative update KB3161608 blocks older HTTPS sites on IE11, which are not having current TLS/Keylength/Ciphers standards.
This may be reasonable for the Internet, but in our company's intranet it's a desaster, as older programs/applications we are connecting to cannot simply get updated (e.g. Dell DRAC access on older server).
Now we only get a "This page can't be displayed" error.

Two questions:
1. Is this a bug or planned behaviour?
2. Does anyone know what we can do to restore the ability to connect to these sites per IE11 (with KB3161608 installed)?

Read other answers
RELEVANCY SCORE 60.4

Hello, I picked up some kind of Malware/Virus thing a few days ago, not sure the "type" so I will just describe as much as I can.I'm running Windows XPInitially, a bunch of unwanted windows opened up in my IE7 & also certain links in google would turn into links they were not supposed to be & the malwarebytes forum & other would-be helpful sites came up as "could not be found" then I tried to open Malwarebytes & it didn't work. I was able to open SUPERAnti-Spyware but NOT able to run the update. I couldn't do this in safe mode either, however Mawarebytes DID run in safe mode, but I could not update. I ended up downloading the programs on a external drive from my work CPU & updating them & then bringing the External drive home & running updated versions of Malwarebytes, SUPERAnti-Spyware & Spybot in safe mode. Each of them found & destroyed several problems & the random IE windows that popped up seem to stop but I still couldn't run Malwarebytes or other recommended programs. HiJack this will NOT run in safe mode or regular mode. DeFogger & DDS will not run in regular mode either, I have not tried it in Safe Mode yet. I WAS able to run a program called RootRepeal in safe mode, I was NOT connected to the internet & I disabled my firewall when I ran these reports:here is the report for the FILE part:ROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time:... Read more

A:Malware - Malwarebytes, etc. won't run, google hijacked, etc.

Hi dethsquad,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - Preparation GuidePlease follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.STEP 2 - MBAMNote: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Doubl... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

I believe I recently aquired some spyware/malware and have not been able to remove it from my system. I was able to remove some infected files through Ad-aware however the problem still persists. Spybot S&D will not start nor will Malwarebytes. Initially, neither Ad-aware or Spybot would update. I tried to run them both from a flash drive but this did not work either. Virusscan did not detect anything.

When clicking on a google search link I am redirected to some random spam page. Upon restart my windows firewall is deactivated. I recently installed zone alarm and found that in order to access the internet I had to allow a random ip address (67.210.14.81) access with IE. For firefox I did not allow the random IP access and thus was not able to access the internet. The IP was 67.210.14.81 and destination DNS was 67-210-14-81-rev.cernet.net. Also, I blocked access to 74.125.74.100 with destination DNS www3.l.google. Similar IP addresses also came up with destination DNS (www3.l).

My operating system is windows XP sp3 and I regularly use Firefox 3.0. I also have IE 7

The Hijackthis log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:50 AM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program File... Read more

Read other answers
RELEVANCY SCORE 59.2

Before we start, I just want to thank the kind volunteers who help people in these forums. You guys are amazing! Thank you SO much!I seem to have been infected with some pesky malware. It is hijacking my browsers (happens both in IE & Firefox) and re-directs me to other sites. What happens specifically is if I do a google or search, if I click on one of the linked search results, instead of going to that page, I am re-directed somewhere else. It doesn't appear that I am always redirected to the same place, though.I tried removing malicious software using Malwarebytes. It detected 20-some objects, but said 2 could not be removed. I removed those manually, but I think I must have screwed up Malwarebytes in the process, because not it doesn't work correctly. I tried uninstalling and reinstalling, but I can't seem to do either correctly.Here is my DDS Report (Attach.txt & Ark.txt files attached): DDS (Ver_09-12-01.01) - NTFSx86 Run by Jennifer Ashbrook at 13:03:57.21 on Sun 01/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.336 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32&... Read more

A:Malware Hijacks/Re-directs Browser (IE & Firefox) + Malwarebytes no longer working

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 59.2

I already did some work to clear an infection on my desktop, linked here: http://www.bleepingcomputer.com/forums/topic409833.html. DDS attached, can't run GMER due to 64 bit Windows 7.

Current situation is that google searches are redirected to random search sites. Entering the address directly works fine. I also had a problem where all my files were 'hidden' by the malware, which I manually undid and also removed malware (detail logs in the link above) from the computer. Some other internet functions seem to be buggy as well, for example trying to connect to Team Fortress 2 games the server details comes up as 'cannot connect' even though the game connections work just fine. Unsure what to do next to try to finish cleaning off any issues created on the computer. Much thanks for any help.

A:Removed some malware with MalwareBytes still getting Google search redirects

Well, its been about a week, so just drawing some attention on this one...===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our MRT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make furt... Read more

Read other 1 answers
RELEVANCY SCORE 58.4

Using Vista Home 32bit, it does not allow me to access the websites that start with https:\. It used to allow me to do that until the end of July 2009, and after an automatic windows update regarding IE, it did now allow me to do that anymore. I tried removing the update that was done on the date of 7/27, but ended in vain.

Also used FireFox and could not access it. I use the latest version of McAfee. I also made sure that SSL is selected in Tool-option. Also, I added the https:/ site to a list of permitted websites, but still could not access it.

Hope I get some help from you guys!! Thanks in advance!

A:problem accessing https:\

I have the same problem, Vista Home Premium 32bit, not IE or firefox or opera opens https sites.....I've tried several options, ssl2 ssl3 activated, empty ssl cache, some advanced security options, with another session, disabled antivirus, firewall, but nothing works......

Read other 2 answers
RELEVANCY SCORE 58.4

I'm running vista rc1 currently, but notice that it won't let me access certain areas of my computer. For example, if I try to open C:\Documents and Settings, I get an error "C:\Documents and Settings is not accessible, access is denied."

So I figure it must be a vista "feature" to stop noobs from deleting stuff they shouldn't, and I try booting up in safe mode as administrator. This gives me another error. It says the administrator account has been disabled, please contact your system administrator for more information... I then searched around in the vista accounts menu in control panel, but didn't easily find any way to enable an admin account.

It seems like all the places that I can't access are marked in windows explorer with a blue upturned arrow in the bottom left of the icon(just like a shortcut's icon).

Any ideas on how to access these areas, or am I "locked out."

Thanks.
 

A:Vista blocks me from accessing some files?

I got it working.

The problem was with folder ownership and permissions. The folders I was trying to access were owned by "system" instead of by me. I changed the owner, and now it works, but only after clicking "continue" on all the warning popups several times.


Both linux and mac have a better security system IMO.
 

Read other 1 answers
RELEVANCY SCORE 57.6

Hi

I use IE and don;t seem to be able to access any https sites when I go to log in. Also, when I start my PC Norton displays a message telling me that it cannot load the drivers and therefore is not in operation. Have I got a virus of some sort?
 

Read other answers
RELEVANCY SCORE 57.6

Dear all,

I'm suddenly unable to access my hotmails and other secure websites.

I normally access hotmail via Outlook express, but it will no longer download them from the server. I have tried accessing them via the Internet, where I get a “Cannot find Server DNS Error” (Starts with… The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.)

I have checked numerous help boards and so far tried the following:

My date and clock are correct.

My privacy level is set to medium.

I have no restricted sites.

In Security Settings my Userdata Persistence is Enabled.

In Advanced>Security my SSLs and TLS are all checked.

Spybot finds no threats.

I can access all other websites fine. I can use messenger (which is taunting me by singing 12 new emails!!). I have tried it on my work pc, which works fine.

In a last ditched effort I’m posting my Hijack This log in case anyone out there can help!

Thanks in anticipation…

Kelly.

------------------------------

Logfile of HijackThis v1.94.0

Scan saved at 17:12:45, on 02/07/2003

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.co.uk/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssi... Read more

A:IE6 error accessing https and hotmail

Read other 6 answers
RELEVANCY SCORE 57.6

Just wondering how important it is to check on the certificate on a website?

If my browser alerts me that a certificate cannot be verified, how much of a deal is that? I understand that phishing emails try to trick you to sites pretending to be a bank/ebay/paypal and then this alert would be relevant. If on the other hand I am sure that my url is correct (manually typed it or using a bookmark), do I still have to worry?
 

A:How important is a certificate when accessing https?

If the site has a cert,it is still encrypted.
The warning you showed usually shows up if a site
has purchased a certificate with extended verification,
but they have not verified all the information,
If you trust the site,then you are more than likely still safe
using it.
These messages can also sometimes be used as a tactic to
try to get the cert purchaser to buy certs from the major
higher priced sellers like verisign.
 

Read other 3 answers
RELEVANCY SCORE 57.6

hi

i am having a pc with windowsxp,ie6. i cannot connect to https site. Connection to other sites are possible.

i checked the advanced option in ie tools, ssl 2.0, ssl 3.0 and tls 1.0 are checked.

Can anyone help?
 

Read other answers
RELEVANCY SCORE 56.8

Recently added a new laptop running windows 10 ("Win10 laptop")onto our home network. Since then, within a short period of time (minutes to perhaps an hour), others on network no longer have access to internet (Win10 laptop maintains internet access). Win10 laptop is connected through wifi. Mac is also connected wifi and is one that loses internet access (it remains connected to network I believe, since I can see the modem when I enter its ip address, for example). Our ISP is low bandwidth (satellite), however I have tried to reduce the 'bandwidth hog' characteristics of the W10 laptop without success.

I can reset (power off/on) the router, and all machines have internet access again, however, not long lasting. Any suggestions?

Read other answers
RELEVANCY SCORE 56.8

I have Malwarebytes Pro running in the backround. As well as Microsoft Security Essentials.
 
I believe I have an infection for 2 reasons.
 
1 - Malwarebytes balloon popup tells me svchost.exe is trying to access a malicious IP and it was blocked.
 
The IP address is: 95.211.194.79
 
 
2. At the following location:
 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 
that Content.IE5 folder is constantly filling up with junk files of between 1kb-14kb a piece. Millions of files. Over the last few days it has accrued up to 13 GB of data on my SSD. I keep manually deleting the folder, but every few days it fills back up again, so I know there is an underlying problem.
 
PLEASE HELP! This is my main Desktop in the household and I'm sick of getting Xfinity Constant Guard notifications on every device in my network when I cannot disable that notification!
 

A:Malwarebytes constantly blocks svchost.exe

I have the exact same issue here. Norton 360, malware bytes and Microsoft Malicious Software Removal Tool from May 2013 all report the system is clean after running full scans. 

Read other 5 answers
RELEVANCY SCORE 56.8

So, this is my work computer and two days ago it started acting funny... I got the moneypak malware. I successfully regained control of my pc jumping through forums, but now I need to clean. Here are my logs. Malwarebytes, then dds.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.06.21.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
SCAN :: SCAN-PC [administrator]
Protection: Enabled
6/21/2013 9:28:22 AM
MBAM-log-2013-06-21 (09-34-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 268079
Time elapsed: 3 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\SCAN\AppData\Local\Temp\A978.tmp (Trojan.FakeAV.sig) -> No action taken.
C:\Users\SCAN\AppData\Local\Temp\notepad.exe (Trojan.Tracur.s) -> No action taken.
C:\Users\SCAN\jucheck.exe (Trojan.FakeAV.sig) -> No action taken.
(end)
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by SCAN at 9:46:54 on 2013-06-21
Microsoft Windows 7 Ultima... Read more

A:Malwarebytes blocks outgoing connection to IP

Hello YantisOmegus I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

Read other 39 answers
RELEVANCY SCORE 56.8

Hello
 
A few days ago I started getting pop-ups that said "Congratulations you've won a prize" (in my native Slovenian language). I had to click OK button to proceed to the sites I wanted to visit.
First pop-up appeared when I visited a xxx site that was probably infected. Later pop-ups started appearing on almost all sites I visited.
Yesterday I installed MalwareBytes and it is blocking some potentially malicous sites (lookup at who.is showed they are from Moldova, Russia, Romania etc)
From log file:
2014/02/06 17:28:36 +0100    TURK-PC    Turk    IP-BLOCK    218.7.200.202 (Type: outgoing)
2014/02/06 17:33:15 +0100    TURK-PC    Turk    IP-BLOCK    89.28.31.195 (Type: incoming)
2014/02/06 18:14:43 +0100    TURK-PC    Turk    IP-BLOCK    109.196.137.15 (Type: outgoing)
2014/02/06 18:59:11 +0100    TURK-PC    Turk    IP-BLOCK    220.248.167.235 (Type: outgoing)
2014/02/07 09:17:48 +0100    TURK-PC    Turk    IP-BLOCK    178.152.13.101 (Type: outgoing)
2014/02/07 12:09:46 +0100    TURK-PC    Turk    IP-BLOCK    188.211.239.23 (Type: outgoing)
2014/02/07 12:09:52 +0100    TURK-PC    Turk... Read more

A:MalwareBytes blocks malicious website

Hello,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 16 answers
RELEVANCY SCORE 56.8

Sometimes malwarebytes will block a threat but it is isn't, and then the file disappears right before my eyes.
 
I'm trying to retrieve that file that malwarebytes blocked but can't find it.  Where did it go?  Is it deleted or quarantined in some folder that I can simply "restore" back to it's original folder?
 
 

A:Malwarebytes blocks threat, where did the file go?

Hello cornflakes2:
 
If your computer has Malwarebytes Anti-Malware Premium installed and running, and an identified file was blocked while downloading, then the file in question is not able to be conventionally retrieved. If found by on-access or on-demand scanning then, by option, the file can be quarantined in an encrypted form, deleted or ignored.
 
If the file in question was deleted by MBAM, standard file recovery actions can still retrieve it if attempted immediately, and where no HDD defragmentation, optimization or other write activities are allowed.
 
If you can bring somewhat more clarity to your post, more details could follow.

Read other 11 answers
RELEVANCY SCORE 56.8

I get this pop-up every once in a while that Malwarebytes block avastsvc.exe on port 1861, outgoing.  It believes that it is a malicious website.  I do have avast installed.  Is this just a false positive?

A:Malwarebytes blocks avast service?

Did you ever have avast installed on your system? Have you performed a search for the avastsvc.exe file and if so, where is it located?

Read other 11 answers
RELEVANCY SCORE 56.4

I'm having trouble with my browsers, both firefox and internet explorer. I apparently contracted some malware last night and can't figure out how to get rid of it. All my links in google searches are redirected to ad sites, and after hours of trying to fix it, I'm out of ideas. My virus scanner doesn't even detect it, and I'm at a loss of what to do. I've read several posts about this link redirecting problem already, and tried to follow their intructions. The tools ComboFix.exe and Malwarebytes' Anti-Malware refuse to even run properly. I can see it in process explorer when I try to run them.. they just hangs there and nothing happens. Here is my hijack log... requesting any assistance that can be provided..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:48 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files�... Read more

A:google + yahoo links redirect to ad sites, can't get combofix or Malwarebytes' Anti-Malware running

Hi

If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 56.4

Hey,
Any help will be appreciated.
I'm not sure what this virus is. It's very persistant.
It blocks the use of Malwarebytes. Webroot runs ok. It wont allow me to use the Task Manager. It says that my administrator has blocked it, even though I am the adminstrator. I have had several pop ups in new windows. Also, i tried to write a cd, but my drive won't recognize the cd. I've never had that problem before. It would recognize the usb port either. I'm getting fake warnings about a trojan with a little red circle with a white X in the center of it on my toolbar. It prompts me to download some antivirus software from windows. Webroot has found some interesting files: Tajopava.dll, __c001900.dat, and dofakase.dll. I have already tried to get rid of Tajopava.dll, but it came right back. Also, does anyone know what this file is? 1041o.exe? I have been trying to get rid of it for a while, but it's still there.
I am a photographer and there are some very important files that I need. I would hate to lose them.
Thank you again,
ArchAngel677

DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Administrator at 15:29:38.45 on Mon 11/16/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1341 [GMT -6:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\Spy Sweeper\WRConsume... Read more

A:Infected with persistant virus. It blocks Malwarebytes

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

Hi. I have followed advice on this forum for removing Antimalware Doctor and have used regedit and taskmgr.exe to delete processes etc. Am computer novice so not too confident I got everthing, especially in regedit run folder. I left all but one alone. Anyway, I have successfully, after many trys, got rkill to download to my desktop and have run it. Now, however, the malware is preventing me from downloading and opening the link to run the Malwarebytes antimalware programme. How do I get this to work?

Many thanks.

A:Antimalware Doctor blocks Download of Malwarebytes

On another computer (Windows only) download the Malwarebytes exe. Run it, but set the install to isntall to a flash drive. after install, plug said flash drive into said infected computer and run malwarebytes from there. the program should run from a flash drive as far as I'm aware.

Read other 5 answers
RELEVANCY SCORE 56.4

After installing the latest version of Malwarebytes Premier 2.0.? released in early April, I can no longer run Foxpro for Windows 2.6a. The main culprit seems to be a Windows XP process NTVDM which calls WOWEXEC when a program such as Foxpro uses a 16 bit process. Shutting down Malwarebytes allows Foxpro to run. Also, using Malwarebytes Free, does not cause the problem.

I will also post to the Malwarebytes forum if they ever accept my registration.

A:Malwarebytes (Premier 2.0.?.?) Blocks Faxpro Windows 2.6a

Hi and Welcome to TSF!

If you turn off your Malwarebytes Website filtering feature, does the program work?

Read other 3 answers
RELEVANCY SCORE 55.6

I've run Avast antivirus and Malwarebytes and cleared the infected objects. Subsequent scans came back clean. My Powershell starts up randomly and Malwarebytes is regularly popping up saying it blocked outbound from Powershell. I've ran TDSSKiller and Farbar Recovery Scan Tool.

I've already marked this to Watch and receive emails.
 

Read other answers
RELEVANCY SCORE 55.6

This happens when even when surfing pedestrian pages like Yahoo and Amazon. The Malwarebytes will popup from the systen tray and say it blocked accedd to a site. If I google the site it usually comes up blank whth just a bunch of whois hits. Here is the list of sites blocked.

09:54:57 mikedan MESSAGE Protection started successfully
09:56:30 mikedan MESSAGE IP Protection started successfully
10:41:21 mikedan IP-BLOCK 222.76.25.150 (Type: outgoing)
10:42:30 mikedan IP-BLOCK 116.111.184.202 (Type: outgoing)
10:57:59 mikedan IP-BLOCK 62.45.154.4 (Type: outgoing)
10:58:45 mikedan IP-BLOCK 89.28.118.50 (Type: outgoing)
11:26:52 mikedan IP-BLOCK 195.216.174.11 (Type: outgoing)
14:37:10 mikedan MESSAGE Protection started successfully
14:37:47 mikedan MESSAGE IP Protection started successfully
15:08:39 mikedan IP-BLOCK 83.243.13.40 (Type: outgoing)
15:22:30 mikedan IP-BLOCK 89.28.120.197 (Type: outgoing)
15:53:07 mikedan IP-BLOCK 83.243.13.40 (Type: outgoing)
15:53:14 mikedan IP-BLOCK 62.45.129.161 (Type: outgoing)
16:08:44 mikedan IP-BLOCK 222.65.80.151 (Type: outgoing)
16:23:07 mikedan IP-BLOCK 89.28.117.20 (Type: outgoing)
16:36:47 mikedan IP-BLOCK 91.188.57.212 (Type: outgoing)
16:51:41 mikedan IP-BLOCK 219.153.98.173 (Type: outgoing)
17:08:23 mikedan IP-BLOCK 89.28.117.20 (Type: outgoing)
17:08:49 mikedan IP-BLOCK 89.28.50.170 (Type: outgoing)
17:21:29 mikedan IP-BLOCK 203.93.211.210 (Type: outgoing)
17:21:47 mikedan IP-BLOCK 85.234.163.95 (Type: outgoing)
17:53:51 mikedan IP... Read more

A:Malwarebytes repeatedly blocks accesses to malicious sites

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430952 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 3 answers
RELEVANCY SCORE 55.6

Hello,

I am running windows XP. I have malware that is hijacking my browser, blocking my outlook from opening and crashing SAS and MalwareBytes when trying to scan the computer.

When trying to open SAS normally or open Outlook I get the error, "Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access the item.

This is happening on my work computer attached to a local network. The programs that are blocked are installed on the hard drive of the infected computer.

Please advise on how to fix this problem. I am aware of combofix and have not yet run it as per the instructions on this site.

Thank you for any advice.

A:Windows XP Maleware, Blocks Outlook and Crashes SAS and MalwareBytes

go to the start menu > click on "My Computer" > Right click on "C:" > Click Properties > Click on the Tools Tab > Under "Error-checking" click "Check Now..." > Select "Automatically Fix errors" and "Scan for and attempt recovery of bad sectors" > click start > Reboot if asked
Good luck!

Read other 2 answers
RELEVANCY SCORE 55.6

We were so very very happy and pleased that Malwarebytes free version helped clean out the InternetSecurity2010 virus/trojan infection, thereby resurrecting this Toshiba Satellite (WinXPMediaEdition2002,Sp3).
That.... we purchased a key code enabling Malwarebytes to run all the time

We did this despite some warnings by one or two posters on this site... '
well,
we have found out that Malwarebytes ... first...blocked access to one of our email IP host sites. After over an hour of searching, we found out how to add that site to the program's "ignore list' so that it stopped blocking that access.

Now we have discovered that Malwarebytes has disabled com port 3, which our internal modem was using to reach the internet.

SO, we have disabled Malwarebytes. We still appreciate the fine programmers at that company ... but the keycode fee to enable realtime operation of their program is, we regret to say, best donated to St. Vincent de Paul (or Goodwill or Starvation Army) instead.

Does anyone just happen to know how to fix this easily in Malwarebytes, (the Device manager is no help) or else we will defer buying all the additional licenses were were planning for our other computers.... and ..... thanks again for all the nice folks,. Flavius and everybody ... on this site. You are so very very kind to help people. Happy New Year.

A:Malwarebytes blocks internet access (com port disabled)

Start > run > cmd > right-click > run as administrator > netsh winsock reset > IF SUCESSFUL, REBOOT THE COMPUTER AND TRY ACCESSING INTERNET AGAIN.

IF STILL NOT WORKING, POST BACK FOR FURTHER HELP.

Read other 4 answers
RELEVANCY SCORE 55.2

I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplier but before I could do so last week I got hit by the WindowsRecovery virus. I thought I had cleared it out manually, but had been having some problems with access to IE so opened in safe mode to download Malwarebytes. At once a new virus opened, XP Anti Spyware with the usual dire warnings, and has blocked access to Malwarebytes website. Cannot now run in even safe mode as this new virus is rampaging about inside safe mode. It has presumably infiltrated SE in some way. I have no idea how it got in as I have not downloaded anything in weeks. But now I cannot even run in safe mode or access malwarebytes.

I assume the only way forward is to download an anti virus package from this pc (not yet infected) onto a usb stick and install it from there. Is this the way forward and which one should I chose. I am running XP Pro by the way.

A:Virus runs in safe mode and blocks access to Malwarebytes

Please see the self-help guide: Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011. Be sure to follow the instructions exactly as written using FixNCR.reg, RKill and then an immediate scan by Malwarebytes.I run MS Security Essentials and AVG - AVG expired a month ago and I had been debating whether to change to another supplierUsing more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior. Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights ... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

Hi.
 
I run a Windows 8 Core i3 64-bit machine (Windows Experience Index is 5.6).
 
For a couple of weeks since I installed it, MalwareBytes keeps blocking malicious websites continuously. It is scary because even when the computer is idle and there's no internet activity, MalwareBytes shows messages of blocking access to malicious websites. I have no clue where this activity coming from. Please help! Am I infected? The computer's been running decently but I am still scared. Along with MalwareBytes, I use Windows Defender as my main antivirus.
 
Do let me know if any other information is needed.

A:MalwareBytes blocks malicious website when computer is idle. Am I infected?

Malwarebytes Anti-Malware Malicious Website Blocking (IP Protection) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These types of events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate.IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts which it stores in the "protection-log".More information about IP Protection can be found in the Malwarebytes Anti-Malware Malici... Read more

Read other 17 answers
RELEVANCY SCORE 55.2

LIke many here in this forum, I have been plagued by Malwarebytes displaying a message about every three seconds telling me that it has blocked an outbound virus. The message reads like this:
___________________________________________________________________________
 
Malwarebytes Anti-Malware
 
 Malicious Website Blocked
 
Domain:    istatic.eshopcomp.com
              
IP:              205185208.26      
 
Port:          58054  
 
Type:        Outbound
 
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Manage Web Exclusions
___________________________________________________________________________
 
In addition to this message, other similar ones have the following differences:
nlw.underwearliftoff.com;834112227; 53623
omd.printingsparole.com;834112229; 59361
 
I'm running System 7 Professional Sp1 on a ASUS Motherboard with N Intel Core i7-4770K CPU
running at 3.5GHz with 16.0 GB of RAM and a 64-bit Operating System. 
 
A couple of days ago, I spent half the day with Geek Squad who ran their virus cleaning routines not once but twice and didn't get rid of the problem until they finally uninstalled and reinstalled Chrome. 
 
And now it's back. 
 
I have done what was requested in the previous forums and here are t... Read more

A:Familiar issue: Malwarebytes perpetually blocks outbound viruses

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-312271826-1430807147-1564925630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-312271826-1430807147-1564925630-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-312271826-1430807147-1564925630-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKU\S-1-5-21-312271826-1430807147-1564925630-1000\...\Firefox\Extensions: [{3f34ed98-04e6-4252-9646-d930abe8bd3b}] - C:\Program Files (x86)\findAdeal\135.xpi => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-17] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\Med... Read more

Read other 7 answers
RELEVANCY SCORE 55.2

LIke many here in this forum, I have been plagued by Malwarebytes displaying a message about every three seconds telling me that it has blocked an outbound virus. The message reads like this:
___________________________________________________________________________
 
Malwarebytes Anti-Malware
 
 Malicious Website Blocked
 
Domain:    istatic.eshopcomp.com
              
IP:               205.185.208.26      
 
Port:          58054  
 
Type:        Outbound
 
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Manage Web Exclusions
___________________________________________________________________________
 
In addition to this message, other similar ones have the following differences:
nlw.underwearliftoff.com; 8.34.112.227; 53623
omd.printingsparole.com; 8.34.112.229; 59361
 
I'm running System 7 Professional Sp1 on a ASUS Motherboard with N Intel Core i7-4770K CPU
running at 3.5GHz with 16.0 GB of RAM and a 64-bit Operating System. 
 
A couple of days ago, I spent half the day with Geek Squad who ran their virus cleaning routines not once but twice and didn't get rid of the problem until they finally uninstalled and reinstalled Chrome. 
 
And now it's back. 
 
Any help you can give me would be gratefully appreciated. 

A:Familiar issue: Malwarebytes perpetually blocks outbound viruses

Let's see what the programs below find.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may re... Read more

Read other 11 answers
RELEVANCY SCORE 54.4

Hi all,

Thank you in advance with your help with this one. First time that a virus has had me stumped, plus there have been attempted fraudulent transactions on two of my bank accounts. I have taken (long overdue) steps to improve my security regarding these, but despite what anti-virus says, I am still getting the same problems.

DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
Run by Home at 5:23:00 on 2011-12-06
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.61.1033.18.1012.206 [GMT 10:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows�... Read more

A:Google+Firefox Malware

GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-06 08:58:28
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3160815AS rev.3.CHF
Running: 8y8sedcv.exe; Driver: C:\Users\Home\AppData\Local\Temp\kwldipow.sys
---- System - GMER 1.0.15 ----

INT 0x51 ? 85338BF8
INT 0x72 ? 85338BF8
INT 0x82 ? 85338BF8
INT 0x92 ? 85338BF8
INT 0xA2 ? 83B6EBF8
INT 0xB2 ? 83B6EBF8

---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\qhdjq.sys The system cannot find the path specified. !
? System32\Drivers\spbn.sys ... Read more

Read other 15 answers
RELEVANCY SCORE 54.4

Please help. Wife opened an email attachment she shouldn't have (.exe of all things) an now she gets redirects in IE and firefox and and Malwarebytes is constantly blocking attempts to connect do maliscious sites. svhost.exe is usually the one but sometimes when browsing, firefox will be the one trying to access the sites. Its a different site each time and it is just and ip address with no name.

67.29.139.153 on port 56648 just popped up as being blocked.

I also get from time to time a windows massage that says "Host Process Windows service has been stopped...." then It closes before I can finish typing.

My malwarebytes is going to exipre in 2 days so any help you can give in a hurry would be appreciated. I don't mind buying it but I'm afraid to put my credit card information on the net while this is running loose in my machine.


=========================================================================================================
.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_25
Run by dan at 18:45:08 on 2011-06-14
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1739 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Pro... Read more

A:Malwarebytes blocks sever attempts to access maliscious websites by svhost

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box next to "... Read more

Read other 10 answers
RELEVANCY SCORE 54

My other computer is no longer acknowledging any keyboards for some reason so I switched to my Gateway from 2002. It was barely used and didn't have spyware protection or anything like that. My browser was out of date so I downloaded firefox and immediately began being redirected to google or a error 400 screen. the only way i could access any other page was to go to run>cmd>ipconfig/release>ipconfig/renew every single time I needed to click a link or be redirected. I switched to the Internet explorer browser and can now use the internet but with an outdated browser. i downloaded malware bytes anti-malware and it didn't find anything. neither did hitman pro 3.5 or hijack this. i went to C:\windows\system32\drivers\etc\hosts and there's just one address; 127.0.0.1 localhost. i don't know what else to do and was hoping someone can help me. I'd really appreciate it. I have Windows XP Home Edition version 2002 service pack 2, if that helps.

A:google redirect malware when using firefox

Try this:http://forums.majorgeeks.com/showthread.php?t=182559

Read other 1 answers
RELEVANCY SCORE 53.2

HiI have two computers infected with malware(s) that have me getting redirected whenever I click on a google search result in FF. I will talk about the newer computer in this thread and the older one in the another thread. For this computer, the following has happened:1) downloaded MBAM...tried to run it...wouldn't until I renamed the executable mbhide.exe. After which it cleaned up a bunch of things including a DNSchanger registry entry.2) started firefox...first few search and clicks through google were fine. Then started surfing and a couple minutes later my next search reshowed the redirect issue.3) tried IE for the first time. after 3 searches...no issues, but not sure if it's similar to #2 or not.4) downloaded and ran DDS though I forgot to turn off MS Security Essentials (logs included as requested). I assume that since this is a noninvasive tool it's ok that the AV software was on?5) downloaded GMER and ran it. It crashed. Turned off MS Security Essentials when I realized my mistake. 6) restarted computer and unzipped GMER again and reran it. Finished this time.I have pasted the DDS log below and attached the attach.txt as well as GMER's log (ark.txt)Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 Run by Justin at 14:08:54.18 on Wed 09/15/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3032.1954 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning enab... Read more

A:Google search redirect malware with Firefox

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 19 answers
RELEVANCY SCORE 53.2

I usually can find something on the web when I get hit by something and am able to figure out where to get rid of it. This one is a doozy.

I've already run Malware Bytes twice and SuperAntiSpyware, no go...

Thanks for taking a look...

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 18:51:06.15 on Sun 09/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.601 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
... Read more

A:Hit on IE & Firefox with the Google Search Hijack Malware

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the sc... Read more

Read other 9 answers
RELEVANCY SCORE 53.2

At first I thought I had a browser hijack or similar; on Firefox 3.0.10 Google searches would redirect me to sites like eBay, Britannica, and obvious rogue malware detectors. SpyBot S&D, Malwarebytes, SUPERAntispyware and AVG Free 8.5 (all updated) picked up some tracking cookies, a couple of trojans and virus and dealt with them, but the problem persisted. I believe I may have picked it up from perhaps an email; I opened an email from a friend with what I thought were image attachments - didn't download them, but the trouble seems to have been since then.Thought it was this: <hxxp://spillspace.com/2009/new-firefox-virus/> at first, followed the instructions, but overlay.xul kept reappearing, suggesting that it was the symptom, not the cause. Eventually Firefox stopped functioning altogether; crashed on startup (to "We're sorry, Firefox had a problem and crashed.") - restarting or quitting and starting again led to the same result, as did uninstalling/reinstalling, uninstalling/deleting all Firefox files/reinstalling. Tried to open regedit, but it leads to the toolbar at the bottom disappearing, which I understand to be a common effect of rootkits or viruses.Worryingly other browsers, including Internet Explorer and Google Chrome now seem to be effected with the original Google redirect problem.Below is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:37:12, on 18/05/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.0... Read more

A:Firefox malware/google redirects/no regedit?

Hello Lorca,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.Please download GooredFix and save it to your Desktop. Double-click Gooredfix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Select Files and Folders created in last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
info.txt can also be found at c:\RSIT\info.txt

Read other 27 answers
RELEVANCY SCORE 53.2

I have contracted the a redirecting virus. I do a google search and the browser takes me to another website than desired. I have run AVG and Malwarebytes both during a regular boot and in safe mode. Both have found some viruses but the problem still remains. I have had this once before and 'combofix' got rid of it. I tried to run gmer.exe but everytime I ran it, it had a problem and either locked up my system or the program crashed.Here is the DDS output, and I have attached the attach.txt file as directed.Thanks in advance for all help.DDS (Ver_10-03-17.01) - NTFSx86 Run by HP_Administrator at 20:31:38.76 on Wed 09/29/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1203 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\dwm.exeC:\WINDOWS\ehome\ehtray.exeC:\WINDO... Read more

A:Annoying redirection malware in firefox/google

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 15 answers
RELEVANCY SCORE 53.2

When I use the Google searchbar on Firefox 3.6.3, and follow the resulting links, I'm redirected to a different site than the link indicates. I suspect malware, but I don't know which possible infection.I have run DDS and GMER. Here's the DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Susan at 16:55:13.64 on Fri 04/09/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.391 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exesvchost.exeC:\Program Files\a-squared Free\a2service.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\Brmfrmps.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDO... Read more

A:Possible Malware -- Google Searchbar on Firefox Redirects

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 53.2

Hi there, I am not very technical so please bear with me. Also please bear in mind I am working full time and am very busy at home. I may not be able to get back to this forum every day, but I will try. I have a lot of data on my PC (not on C drive, as the HD is partitioned) and it takes about 6 hours to do a full scan.MY SYSTEM* P4 3Ghz* 2GB RAM* Vista 32 bit* Internet connection: Broadband (cable)MY PROBLEMI seem to have Malware on my computer randomly causing a click from a SERP (eg. from Google) to go to a strange website. Eg. topdaofinder.com, c.ppcxml.net (deceptive malware warning site) and other random websites from gambling to shopping sites. If I copy and paste the URL I can see in the SERP, it is fine.This occurs from Firefox 3.6.3 and I have not yet observed it occurring in IE8. I have turned cookie security to "always ask" in FF and to 'Medium High' in IE8. Websites that describe my problem are common and include:* [url=http://google.com/support/forum/p/web+search/thread?tid=6df7e15519290612&hl=en]http://google.com/support/forum/p/web+sear...90612&hl=en[/url]
* [url=http://jogtheweb.computing.net/articles/topdaofinder/ALL-1-forever]http://jogtheweb.computing.net/articles/to...r/ALL-1-forever[/url]
* [url=http://bleepingcomputer.com/forums/index.php?showtopic=267394&hl=topdaofinder&st=15]http://bleepingcomputer.com/forums/index.p...inder&st=15[/url]
* [... Read more

Read other answers
RELEVANCY SCORE 52.8

HiThis is the second computer that I have that is infected with something the makes all my google search results redirect to some random site when I click on the links in firefox. I have not tried it in IE.Since discovering the problem I have tried:Housecall by TrendMicro, MBAM (though it wouldn't run until I renamed it). I even tried to start ComboFix (it also wouldn't run until I renamed it. However, I quit out before I agreed to let it do anything)DDS report pasted below as well as the requested attach files.Thanks for any help!DDS (Ver_10-03-17.01) - NTFSx86 Run by jmdeng at 13:44:34.07 on Wed 09/15/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.446 [GMT -7:00]AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\Explorer.EXEsvchost.exeC:\Program Files\... Read more

A:Google Search redirect malware with Firefox - Computer 2

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 14 answers
RELEVANCY SCORE 52.8

I have some form of malware that is causing my Google searches to redirect to advertisement sites and tabs to these advertisement sits to open in new, unauthorized, while using firefox.When I first got these symptoms I ran:McAfeeAdawareSpybot S&DMalwareBytesSuperAntiSpywareThe problem was still not fixed.I searched the symptoms (on another computer), found this site, and completed the preparations. Below is my DDS.txt file, and I've attached attach.txt. gmer froze the first time I tried running it, so I rebooted my computer. The next time I tried to run gmer, about 10 seconds into the scan I got a blue screen that said something along the lines of 'Windows needs to shut down to protect the system.' The computer shut down before I could read or copy down the entire message. I rebooted the computer in safemode and ran gmer again. ark1.txt is the initial scan that gmer made while not in safemode. ark2.txt is the scan made in safemode. While this scan was running, a balloon on the task bar informed me (from gmer) "the file or directory C:\DOCUME~1\Administrator\Local Settings\Application Data\Adobe\Acrobat\9.0\Cache\search is corrupt and unreadable. Please run Chkdsk utility."I do not know if this is relevant, but when I restarted after the first time I ran gmer my Windows Theme had been changed to classic.If you need any more information, just tell me and I will be happy to provide it.Thank you in ad... Read more

A:Malware causing Google redirects and Firefox Tab openings

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers