Over 1 million tech questions and answers.

Outerinfo Fake Spyware Removal Virus

Q: Outerinfo Fake Spyware Removal Virus

Whats up first time poster to this site just looking for some help with this menacing virus which is attacking my computer. The vundofix found an infected system file but was unable to delete live or on reboot. The following is my hijackthis log and combo fix log. Any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:42:19 PM, on 10/25/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\pirdelmy.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\winshow.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\DAEMON Tools\daemon.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\WINDOWS\?icrosoft.NET\m?hta.exeC:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exeC:\DOCUME~1\Owner\APPLIC~1\MANTEC~1\lsass.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Documents and Settings\Owner\Desktop\HiJackThis.exeO4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [045352ce] rundll32.exe "C:\WINDOWS\system32\gbhwkrro.dll",bO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startupO4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exeO4 - HKCU\..\Run: [Vtzl] C:\WINDOWS\?icrosoft.NET\m?hta.exeO4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"O4 - HKCU\..\Run: [Cpue] "C:\DOCUME~1\Owner\APPLIC~1\MANTEC~1\lsass.exe" -vt ndrvO4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXI\command.exe (file missing)O23 - Service: DomainService - - C:\WINDOWS\system32\pirdelmy.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe--End of file - 3728 bytes

RELEVANCY SCORE 200
Preferred Solution: Outerinfo Fake Spyware Removal Virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Outerinfo Fake Spyware Removal Virus

Hi miamifan22 and Welcome to the Bleeping Computer!Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stallAfter posting those logs,please consider these free options for some Antivirus and Firewall Software to help secure that machine. Avira AntiVir PersonalEdition ClassicandZone Alarm Free

Read other 3 answers
RELEVANCY SCORE 66

Hello..
Can someone please help me? I have been getting popups for 3 days now...used Avast, my anti-virus. It is saying that there is something called Outerinfo, I downloaded SpyguardPro by accident thinking it would work, and also my Sophos anti-virus is saying I have a troj/virtum-gen, troj/dloadr-BGU, and WinAntiVirusPro in my quarantined items. And now, the resolution on my computer is HUGE, and I can't change it! Here is my attached information:


Deckard's System Scanner v20071014.68
Run by KatieD on 2008-01-24 08:38:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
45: 2008-01-24 13:39:26 UTC - RP901 - Deckard's System Scanner Restore Point
44: 2008-01-24 13:26:58 UTC - RP900 - Software Distribution Service 3.0
43: 2008-01-23 14:08:43 UTC - RP899 - Removed Apple Mobile Device Support
42: 2008-01-23 04:43:36 UTC - RP898 - Removed iTunes
41: 2008-01-23 04:33:54 UTC - RP897 - Removed Apple Software Update


-- First Restore Point --
1: 2007-12-16 12:04:25 UTC - RP857 - Installed Windows Live Messenger


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulati... Read more

A:Virus/Spyware Problems Outerinfo? SpyguardPro?

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

I apologize for the delay in responding, but as you can probably see the forums are quite busy
and sometimes a post manages to slip by us.
Unfortunately there are far more people needing help than there are helpers.
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 1 answers
RELEVANCY SCORE 65.2

I picked up some fake adware/spyware warnings through a video codec download. It doesn't seem like anything malicious, mostly annoying. I've run Spybot, McAfee, and Malwarebytes to no avail. I'm getting 4 kinds of pop-ups that link to various websites selling fake spyware:1) Abebot, file location C:\WINDOWS\wml.exe, go to PC-antispyware website2) security warning about TrojanDownloader.XS3) Yellow triangle bottom right of screen with exclamation point in it, ?Click here to fix problem? when I mouse over it?4) System Integrity Safety Wizard: Warning: Your computer may have critical errors in Windows registry and file system!I definitely appreciate any help you can provide.Here is my DSS main.txt and extra.txt: Deckard's System Scanner v20071014.68Run by Ross Collins on 2008-04-05 23:19:40Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --9: 2008-04-06 04:19:47 UTC - RP9 - Deckard's System Scanner Restore Point8: 2008-04-06 04:00:44 UTC - RP8 - Removed Java™ SE Runtime Environment 6 Update 17: 2008-04-06 03:59:41 UTC - RP7 - Removed Java™ 6 Update 36: 2008-04-06 03:58:42 UTC - RP6 - Removed Java™ 6 Update 25: 2008-04-05 00:26:35 UTC - RP5 - System Checkpoint-- First Restore Point -- 1: 2008-04-01 03:28:47 UTC - RP1 - Sy... Read more

A:Fake Spyware/adware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 8 answers
RELEVANCY SCORE 64.4

Please help. I am getting two wierd ads. One is a yellow shield that mimics IE's and says I need to download their spyware prevention software. It says click on the "ballon" to proceed. The other is a "stop" box saying I'm infected with spyware and need to install there stuff. I have run my Sophos antivirus software, Ad-aware SE 1.05 and spybots S&D. Any help is appreciated.

Thanks,
wtimbeng

(EDIT: Don't need both logs, thanks.)

Result.Txt

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/27/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 1:33:31 PM, on 1/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\QUICKENW2\QWDLLS.EXE
C:\WINDOWS\system32\unlodctl.exe
C:\WINDOWS\system32\nlsfuncs.exe
C:\WINDOWS\system32\openconf.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Inter... Read more

A:Fake Task Bar Shield for Spyware Removal

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it back on and create a new restore point.

Download WinsockFix and unzip it. Then double-click on it ... Read more

Read other 19 answers
RELEVANCY SCORE 64

Hi there - I'm not sure what my computer has come down with, but I'm certain there's something. My system is running really, really slowly. Occasionally my wireless connection is terminated for no reason and it looks as though some type of script is running in the background right before it terminates. It resets itself momentarily but I'm quite concerned. My browser has been redirecting to fake spyware removal sites - today was proantispyware something or other.com. I didn't get the exact site as I was too concerned with closing it quickly. I'm running Windows XP Home Edition. My virus protection is Norton Internet Security. It is up-to-date. I've run full scans on Norton several times and nothing shows up. I ran Malwarebytes' Anti Spyware yesterday and it removed one file infected with the worm.koobface virus. It seems as though my browser redirects most frequently when I'm on Facebook. I don't know if that information helps. I ran a hijackthis log earlier. I'll post below. Any help will be greatly appreciated!!! Thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:11 AM, on 7/19/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchos... Read more

A:Please help - browser redirecting to fake spyware removal sites

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log

Read other 3 answers
RELEVANCY SCORE 63.2

My problem. Uh. For a while now, explorer would crash when I opened any folder. It'd give me an error, something about dividing by zero? And if I closed or accepted the error, explorer would restart. If I moved it out of the way, explorer would usually work fine, though it'd sometimes freeze up.

Then, it started shutting down firefox. Maybe not the same thing? I don't know. I had a picture of the error but I lost it.. I've been having a rough day, I apologize. But yeah, it'd shut down after a period of extended use, no warning, just boom. freeze in the middle of whatever, "firefox has experienced an error" or something, and it'd die.

a few other things programs have unexpectedly shut down, too. some background processes I don't use, my chat client, notepad once, even. I don't know.

Today, I restarted my computer to clear it up, get it to run faster, and there was a spyware claiming to be spyware removal program waiting for me? I didn't get a picture or anything, I just blocked it from my startup list when spybot's teatimer alerted me, and I couldn't find it in my process list using task manager, or procexp. So I'm at a loss. I killed it, rebooted to make sure, and it's been taking me about ten times as long for my computer to boot up.

I don't know. Any help would be greatly appreciated.

Oh and. the gmer log? ark.txt? I use http://www.fspro.net/my-lockbox/, My Lockbox, to hide files. Nobody else uses my PC, but I like the security? Anyway, it seemed ... Read more

A:Programs forced shut, fake spyware removal program

Hello, stiqe :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encr... Read more

Read other 15 answers
RELEVANCY SCORE 62.4

Hello TSGF,
I caught something-- your help is much appreciated!
-on desktop: "Warning: Spyware threat has been detected on your PC."
-popups, including "Your computer is working slowly",
"Warning: Your computer is infected..., "Click here", etc.
IE pages auto-opening with "Top-rated Spyware Removal..." etc. etc.
-"Task Manager has been disabled by your administrator"
Nothing new for you, yes?
Thank you very much---

My HJT log............

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:48:20 AM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HiJackThis_v2.e... Read more

A:Solved: Task Manager disabled, fake Spyware removal popups, etc.

Update---
I have run and/or am running
AVAST!, Spybot SD, and Ad-Aware,
Was told by "expert" that I have Zlob.trojan and/or smitfraud,
both of which reportedly may be cured via Spybot or Ad-Aware.
But still have same issues affecting:
Task Manager (not available)
Desktop (hijacked with spyware ad)
Toobar (regular ad/warning popups)
IE (regular ad/warning popups)
...please someone help soon--
been waiting for days-- thank you...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:59:41 AM, on 5/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explo... Read more

Read other 2 answers
RELEVANCY SCORE 60

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

A:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

Hello again.

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? I found this running when I entered msconfig on the Run field.
 

Read other 1 answers
RELEVANCY SCORE 59.2

what was the link for the fake antivirus removal tool. I have it on my flash drive but can't remember the link to get it for someone else. they aren't local so I can't just take it off my flash drive for them.
 

Read other answers
RELEVANCY SCORE 59.2

I get the fake popup window saying there is a security threat and if I want to fix it I am taken to a web page mimicking AVG and asking if I want to remove threats. Have had this happen before but now it is on a laptop.

A:Virus Fake Virus Removal Alert

Problem solved. No further action needed.

Read other 3 answers
RELEVANCY SCORE 58.4

Hello,

This weekend I was hit with one of the fake virus scanners. Malwarebytes was able to remove it but the computer seems to have several issues in the aftermath. It is very slow running and random web pages now pop up even with the pop-up blocker on.

There is a RUNDLL error when the computer is stated and many other isssues.

Thanks in advance!!!!!!!!!!!!!

Here are the logs:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Lewerenz at 7:59:59.62 on Mon 01/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.2488 [GMT -8:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program File... Read more

A:Malware left behind after fake virus scanner removal?

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
Then click Continue > Reboot now
Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
Attach that log, please.
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwis... Read more

Read other 9 answers
RELEVANCY SCORE 58.4

Hello, much smarter people than I
I've run through all of the fixes and downloaded the suggested spyware and removal items. However, when I attempt to run them, the fake MS Removal Tool advises me that they too are infected and does not allow them to run successfully. Help, suggestions, tips welcome. Thanks in advance!

A:Problem removing "MS Removal Tool" Fake Virus

Hello kriskupn ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.STEP 1Try to download the already renamed RKill by Grinler files from one of the 3 links below and save it to your desktop.WiNlOgOn.exe
uSeRiNiT.exe
eXplorer.exe
Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on one of the renamed Rkill files on your desktop to run it. A black screen wil... Read more

Read other 2 answers
RELEVANCY SCORE 58.4

A window keeps popping up trying to "scan" my computer. It keeps trying to act like a spyware removal for windows but I can tell it's fake. It shuts down windows task manager every time I try to open it. Pop ups will fill my screen and then disappear suddenly. I have run MalwareBytes and it has detected over 600 trojans and supposedly deleted them all, but IT WON'T GO AWAY. I have copied and pasted my log from MalwareBytes below in hopes that you can identify the problem. Please help, I'm afraid it might be keylogging and stealing passwords and various info, thanks. *NEW INFO*: It has apparently erased all of my files on my desktop, and my pictures and other documents. Are these retrievable? this a fairly new computer, so I haven't backed up anything

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7868

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/4/2011 2:32:42 PM
mbam-log-2011-10-04 (14-32-42).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Objects scanned: 380422
Time elapsed: 36 minute(s), 20 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 260
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 400

Memory Processes Infected:
c:\Users\Sidney\AppData\Roaming\ftwub1vo3mqd8lh\iuebzy0si3gq6.exe (Backdoor.Bot) -> 6544 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items d... Read more

A:Fake Spyware Detection Virus

Download the following program to your desktop:

Unhide tool

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.
Please be patient as this may take several minutes to run, it will scan and fix all Hard drives on your system. You will see a new window with the drive being processed, typically C:\ as below:

Changing as the next drive is processed as below:

You will get a success alert at the end.

Re-boot and see if your files are present.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
Ensure that Combofix is saved directly to the Desktop <--- Very important

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:


Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

Close any open browsers and any other programs you might have running

Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

Instructions for running Combofix available Here if required.

If you ... Read more

Read other 1 answers
RELEVANCY SCORE 58.4

Hello,

I need some helps. The problem I'm currently having is a suspicious software called AKM Antivirus 2010 pro is automatically installed on my computer somehow...it disables everything on the computer from start running...I tried add or remove programs and it pops up alert saying it's infected...I've tried Hijack this and try to produce a log, but it couldn't start. I've also tried ComboFix and it couldn't run either, I even tried save ComboFix and rename it to Combo-Fix and run from there and it still couldn't get going.

The only thing I got going is RSIT, which I run in the safe mode and produced the following log, please take a look on the two logs I pasted. I tried ComboFix in the safe mode, but it couldn't run...

I am kinda running out of options, so please help me and let me know what I need to do now...

Thanks much!!


Info:

info.txt logfile of random's system information tool 1.04 2010-05-08 14:51:25

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Fla... Read more

A:Need spyware/virus/trojan removal help (AKM Antivirus 2010 pro spyware)

Alright, somehow I got HijackThis to run in the safe mode and I pasted and attached the log. I still couldn't get comboFix to run...also tried to install Kasperskey Internet Security 2010 in the safe mode, but got denied and said Administrator set rules not to run this, I guess it's the malware doing the trick...

Someone please take a look on these logs and give me some helps...

Thanks!


HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:10 PM, on 5/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Thunder5.7.6.426-Lite-Final\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ADC PlugIn - {77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02} - C:\Program Files\adc32.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Thunder5.7.6.426-Li... Read more

Read other 17 answers
RELEVANCY SCORE 58

hi all...

ive got a problem with my laptop and ive no idea what info to give you.

norton is working strange with popups all the time, online virus cleaners seem to not function and freeze all the time. im pretty sure there is something that isnt meant to be there. any advise much appreciated.. if you require further, just ask

here's my log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:32 AM, on 5/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\3 MobileBroadband\3 MobileBroadband.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micr... Read more

Read other answers
RELEVANCY SCORE 58

I recently removed a fake security center/ antivirus from my computer and now everything is back to normal minus the internet. I am unable to connect successfully to my router. This is taking place on my Samsung N 130. In the list of available wifi i see my wifi connection and I attempt to connect and It fails everytime and says unsuccessful. Ive run MBAM, LSPfix and Rkill and it doesnt fix anything. I have no idea what to do next.heres a hijackthis logLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:56 PM, on 10/30/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16839)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\regedit.exe
C:\windows\system32\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\system32\UI0Detect.exe
G:\Hij... Read more

A:Internet doesnt connect after fake virus protector removal.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425709 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 58

Hi, I hope you are doing well.

My friend called me a couple of days ago stating that she downloaded a file from a fake IRS e-mail. Since then, her computer cannot load a single file, and all her icons and programs are missing. Yeah, this seems pretty bad.

I'm going over to her place tomorrow to check it out, so I don't have a lot of information right now. I've fixed computers infected with viruses and spyware before, but this seems like it's worse than usual.

Any thoughts? Links to good sites? Thanks!

Computer information: She's running Windows XP, either Service Pack 1 or 2.
 

Read other answers
RELEVANCY SCORE 58

Hello people

I have a question my friend has downloaded some software from this website:
http://antivirus-scanonline.com/pre...EFBEA7A5F3ABA6A3F0A0AEFCAAABA5FBAA&errors=44&

^^ i know thats a long link sorry but i beleive its the index page yet no .index E.T.C

So anyway now it won't let HER lol sign into anything like hotmail facebook accept files sent over MSN most thing that invlove a password and stuff like that.

What i really would like to know is is that company legit??????? or is it spyware/malware E.T.C i certainly wouldn't of downloaded it, and that website looks suspect as well.

Thanks guys

P.S also i did wonder why would you call you product/company Antivirus 2008 seems a little strange and simple(appeal to everyone?)
 

Read other answers
RELEVANCY SCORE 58

I came to my computer today, and there were a ton of pop ups that looked legit saying I need to download/register for their virus removal, because they detected a ton of viruses and spyware on my computer. AntiVirus XP 2008, and Vista Anti Virus 2008. I keep continually getting notifications from taskbar saying 'You have a security problem!' There are a ton of things missing from my startup, where the time used to be it now says 15:59 VIRUS ALERT! My background is changed to just a sign that says, "Warning! Spyware detected on your computer Install and anti virus program or spyware remover now. I downloaded 30 day trial of mcaffee, it turns up no viruses in the scan, but for some reason did not scan more files that 423. I downloaded AVG because I hear that was a legit anti virus software, and i left the scan on and it came up with 20 threats, and I left it on while it was still scanning and when I came back the computer had restarted and a blue screen came that said there was a problem, and if this was the first time I'd seen it to restart. I restarted and started the virus scan again. It is still going, and the vista 2008 doesn't pop up anymore. I am still getting notifications saying 'Antivirus has found six viruses on your computer.' and the background with the warning is still there, and my start menu is still messed up. and i just tried to log onto my aol email and it would not work.

A:Fake Virus? Spyware warning backround

Hi

Download and install TrendMicro HijackThis
* Once installed open HijackThis by clicking Start > Programs > HijackThis and click the button labeled
Do a system scan only

* Click the scan button in the lower left hand corner of the interface and HijackThis will quickly scan your system.
* Once the scan is complete the scan button will now read save log. Click this button to save the log file to your PC. Once you select where you would like to save the file it will open in your systems default text editor. Typically this application is Notepad. Post the log here.

Read other 1 answers
RELEVANCY SCORE 58

Help! I'm infected with a virus....there's a blinking icon (the handicap symbol to a red "no" sign) in my icon tray, and it keeps saying I should download new spyware programs! Also I keep getting pop-ups, some are adult sites and some are advertisements for other websites. Please Help. I ran Ad-Adware and Norton Anit-Virus Logfile of HijackThis v1.99.1Scan saved at 2:23:57 PM, on 5/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\... Read more

A:I'm Infected With A Virus: Pop-ups And Fake Spyware Programs!

Hello,It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against next entry:O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hpD7F1.tmp* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window... Read more

Read other 4 answers
RELEVANCY SCORE 58

My computer (it has Windows 2000...so I couldn't find where I could do a system restore which would be the quick fix) just got this fake virus alert and spyware program on it. My homepage in internet explorer is now set to //www.systemuptodate.net/ I think the file called: C:WINNT/system32/shdoclc.dll/navcancl.htm or something like that is the bad file but I couldn't find it to delete it on HJT.Here's my HJT:Logfile of HijackThis v1.99.1Scan saved at 9:39:40 AM, on 6/3/2006Platform: Windows 2000 SP2 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\acs.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\System32\Ati2evxx.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\hidserv.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\Atiptaxx.exeC:\Program Files\Common Files\AOL\1133407375\ee\AOLSoftware.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINNT\System32\de081d1d.exeC:\Program Files\Internet Explorer&#... Read more

A:Fake Anti-spyware/virus Program

Hi debbie703 and Welcome to the Bleeping Computer!Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts.You will be asked to reboot your computer; please do so.Your system may take longer than usual to load; this is normal.Once the desktop loads a text file will open report.txt,please save this report.Let the System reboot Normal once,then Reboot into SAFE MODE(Tap F8 when restarting)http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_namAfter restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:http://www.bleepingcomputer.com/tutorials/...62.html#win2000Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yetO2 - BHO: Nothing - {6ab7158... Read more

Read other 3 answers
RELEVANCY SCORE 58

Hi, I hope you are doing well.

My friend called me a couple of days ago stating that she downloaded a file from a fake IRS e-mail. Since then, her computer cannot load a single file, and all her icons and programs are missing. Yeah, this seems pretty bad.

I'm going over to her place tomorrow to check it out, so I don't have a lot of information right now. I've fixed computers infected with viruses and spyware before, but this seems like it's worse than usual.

Any thoughts? Links to good sites? Thanks!

Computer information: She's running Windows XP, either Service Pack 1 or 2.

A:How to Remove Virus/Spyware from Fake IRS E-mail

Hello without going much further, I feel you are indicating a Backdoor infection by the Zeus trojan.http://voices.washingtonpost.com/securityfix/2009/09/irs_scam_e-mail_could_be_costl.htmlOne or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.Caution: If you are considering backing up data and reformatting, keep in mind, with a Virut infectio... Read more

Read other 3 answers
RELEVANCY SCORE 58

Hi, I hope you are doing well.

My friend called me a couple of days ago stating that she downloaded a file from a fake IRS e-mail. Since then, her computer cannot load a single file, and all her icons and programs are missing. Yeah, this seems pretty bad.

I'm going over to her place tomorrow to check it out, so I don't have a lot of information right now. I've fixed computers infected with viruses and spyware before, but this seems like it's worse than usual.

Any thoughts? Links to good sites? Thanks!

Computer information: She's running Windows XP, either Service Pack 1 or 2.

Read other answers
RELEVANCY SCORE 57.2

Hello!Two days ago I was copying some analog video to digital via my old laptop (Dell Latitude D600) because it runs Windows XP.The driver for the hardware only works with Windows XP. But there was no security software on the laptop, only Norton Utilities.So I opened my USB drive to install something but it wouldn't start.I got the alert: "Microsoft Security Essentials Alert". I knew from that moment that I was infected.So I tried the follow the guide here on bleepingcomputer:http://www.bleepingcomputer.com/virus-remo...ssentials-alertBut that didn't work. I could't start executable files (taskmgr/regedit). So RKILL.com didn't work too. (When I tried, the alert was popping up)In safe mode it didn't work either. I got also the alert that there is a problem in services.exe and the the computer is closing down in 60 seconds.I tried to run Malware AntiBytes, but I couldn't update because when I tried to start it, I couldn't connect to the internet. I was looking in Internet Options but there was no Proxy server connection. Everything was OK.With norton utilities I could open a sort of processmanagement. I saw there was a kind op security program (antispy safeguard?) using a lot of CPU. I killed it, and I removed it out of Application data. Internet worked! I updated Malware Antibytes and I started scanning. He found some things:422888.exejytr.exemsftldr.dllsshnas21.dllAnd something like (Trojan.downloader Rogueagent..)Also I saw in pr... Read more

A:After virus removal (fake Microsoft Essential alert) computer don't boot up

What does it hang on?

Read other 6 answers
RELEVANCY SCORE 57.2

I have XP Media Center Edition Version 2002 Service Pack 3. THE virus scan window pops up
with the name XP Anti Spyware 2011-Unregistered Version. I used the Windows Task Manager to close it.
Zone alarm also asked for ten.exe (I think was the name) to access the internet. I clicked on deny.
I shut down the computer and I am using a different one to post this message.
I have Avira Anti Virus, Malwarebytes, Super AntiSpyware, CCleaner and Spyware Blaster already installed.
It has been a while since I have posted about a virus problem, but I am familiar with the process.
Thanks for your help.

A:Fake XP Anti Spyware 2011 Virus scan

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Read other 11 answers
RELEVANCY SCORE 57.2

I saw this on a friend's machine, and never expected it here... well, sadly it hit when someone in the family downloaded something they shouldn't have and tried installing.

This is the fake ANTI-VIRUS XP 2008, which hijacks the desktop background with it's blue screen and error message in the middle, and attempts to run it's "fake" ANTI-VIRUS XP 2008 application, all the meanwhile hijacking any desktop settings, and running it's "fake" screensavers that resemble the BSOD.
Thru some minor tinkering, I've been able to stop the fake ANIT-VIRUS app from starting (just edited it out of the MSCONFIG,)

Like a fool, I hadn't yet installed my ISP provided CA Security Suite. Attempted to do so AFTERWARDS, and was able to get its ANTI-VIRUS to run, but unable to get it's ANTI-SPYWARE to install... I assume this junk is blocking that from happening. Any assistance is appreciated. Attached is my HJT log, and in the meantime, I'll scour thru the forums seeking knowledge.

Thanks... you guys never fail to FAIL me... I have great confidence!

-Andrew
============================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:35:46 PM, on 7/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system... Read more

A:Solved: *fake* ANIT-VIRUS XP 2008 Spyware bug

30 minutes w/ COMBO-FIX saved the day.
 

Read other 1 answers
RELEVANCY SCORE 56.8

My computer is infected by some type of virus and it is saying I have a windows security alert and is blocking me from running any type of scans etc. It is saying I am infected which is all a fake popups and antivirus spyware alerts etc. I did however get to run some logs before it blocked me. I was not able to run the Gmer report though as it started then got blocked and now it will not let me open and run this. I could not even open the logs on my desktop and had to email them to a different computer and open them there to paste them here.Here are the logs I was able to run. Help Please!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 19:10:27.67 on Thu 04/22/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.337 [GMT -4:00]AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program... Read more

A:Infected with fake security virus/ Antivirus spyware alert

hi magoo4242,Your log is a few days old. If you still need help simply reply to my post.

Read other 3 answers
RELEVANCY SCORE 56.8

I had a problem earlier yesterday with a balloon that would pop up on my taskbar (an image from someone's blog of the exact baloon that I had: http://raymond.cc/images/spysheriff1.GIF) and I worked for the past 48 hours trying to get rid of it. It started out by closing all of the windows that i had open yesterday and then shutting down my computer. I rebooted and then I ran my virus and spyware scan (the ones in Verizon Internet Security Suite) and nothing was found. I obviously had a problem and updating my virus definition files did nothing even with another scan.I chose to download the 30-day free trial of BitDefender because someone on here had been praising its capabilities. When I ran it it took care of about 15-20 viruses and a few spyware problems. It came up as unable to quarantine one problem and unable delete the same problem. I took that to be the problem that was causing my balloon to appear because it was still there. I believed my computer to still have problems because in task manager I had processes with wild names like "kzmdqnmt.exe" and "sxyfevyv.exe". Shortly after running my second scan (the one on BitDefender), I got the thought that perhaps the balloon causing virus might have placed whatever it is in my startup processes in "msconfig". I went in and found the one that BitDefender couldn't delete and then found it in my C: drive in WINDOWS. It wouldn't allow me to quarantine or delete the file. I was, however a... Read more

A:Fake Windows Security Alerts & Various Spyware/Virus Problems

Hello please do an MBAM scan..Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware t... Read more

Read other 23 answers
RELEVANCY SCORE 55.6

Hi,

I've been getting loads of irritating popups recently and have just found the Outerinfo program in my Add/Remove programs list. I am unable to uninstall it.

I have looked at previous forums about removal of outerinfo and I couldn't work out what to do.

Please help!

Thanks
 

Read other answers
RELEVANCY SCORE 55.6

I recently (yesterday in fact) found out that I had something called Outerinfo on my computer, I used the removal tool but I am sure that my bandwidth is getting used without my permission by something as my connection status seems to be constantly receiving and sending, another thing is that after removing the Outerinfo my AVG anti virus went haywire and now does not seem to run - it seems to be running as a process but I can't get the program to run to do manual scans or anything. I am sure I still have spyware or something on the pc - anyhelp will be much appreciated!

Here is my HJthis log

Logfile of HijackThis v1.99.1
Scan saved at 20:36:38, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\... Read more

A:Outerinfo removal help

Read other 15 answers
RELEVANCY SCORE 55.6

Can someone kindly help me remove this Outerinfo spyware crap? It's driving me nuts. Here is my HijackThis log. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 9:36:28 PM, on 5/8/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
C:\Windows\retadpu1000272.exe
C:\Windows\smanager.7.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:... Read more

Read other answers
RELEVANCY SCORE 55.6

Hello, board members,I have a terrible infestation. Outerinfo that I cannot install, virtumond that reappears, and probably more.I have followed the preparation guide to the best of my abilities:I am using AdAware 2007. It will clean and remove, but will not be clean upon re-boot, after many tries.Also running Spybot S&D. Same story. Also Norton A/V 2005 w/ current definitions.I did not get good results with the housecall, panda, or bitdefender. Housecall ran once. I accidentally closed it when I mistook it for one of the many pop-ups that appeared while running.(The pop-up's graphics had stayed over the Housecall window after I closed it, and I closed the housecall window).Further attempts to run Housecall stopped during "Preparing" (I gave it about 15-20 min). Panda never ran, wouldnot get past "Updating = 0%". And betdefender gave me a series of pop-ups to "ErrorDefender" which I closed downand avoided.Niether the Outerinfo uninstall or the stand-alone uninstaller d/l'ed from Outerinfo were able to uninstall.Stinger ran clean. I still have System Restore Disabled.Thanks for any and all help you can provide.Here's my HJT log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:21, on 2007-07-23Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS ... Read more

A:Outerinfo And Other Pop-ups That Re-appear After Removal

Welcome to BC Download Combofix and save it to your desktop.http://download.bleepingcomputer.com/sUBs/ComboFix.exeNote: It is important that it is saved directly to your desktopClose any open browsers.Double click on combofix.exe & follow the prompts.When finished, it shall produce a log for you.Post the ComboFix.txt and a fresh Hijackthis log in your next reply.Note:Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 9 answers
RELEVANCY SCORE 55.6

My laptop does not work properly. I think virus has attacked my laptop. How to remove virus from laptop ?

A:Virus Removal / Spyware Removal

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with DDSDownload DDS and save it to your desktop from here or here orhere.Disable any script blocker, and then double click dds.scr to run the tool.When done, DDS will open two (2) logsDDS.txt: save to your desktop then post its contents in your topicAttach.txt: save t... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

Hi, i just found this site through a search engine and i'm surprised to see a place that offers a service like this without charge. Good job! I'm sure i speak for all us computer idiots when i say thanks.

Right, i have managed to get this awful outerinfo program onto my computer. It floods my computer with pop-ups and i also have unwanted shortcuts on my desktop. After a while i seem to lose the start bar at the bottom of the screen and my computer comes to a grinding halt. Please can someone help. My HJT Log is posted below. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:25, on 09/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VGVycnkgQ2Fzc2lkeQ\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\zHotkey.exe
C... Read more

Read other answers
RELEVANCY SCORE 55.2

I have tired various scanners: Adaware, Spybot S&D, ewido, Kapsersky, and Norton Anti virus. Nothing has been found on any scan. Do you see anything? What suggestions are available? Here is my log:Logfile of HijackThis v1.99.1Scan saved at 9:10:03 AM, on 5/21/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exeC:\Program Files\Common Files\Sy... Read more

A:Outerinfo Popup Removal

I have tired various scanners and read other possible fixes on this site. None seem to apply to me. I have used Adaware, Spybot S&D, Stinger, ewido, Kaspersky, and Norton Antivirus. I am in the process of installing SP2 for XP. here is the log:Logfile of HijackThis v1.99.1Scan saved at 11:12:45 AM, on 5/21/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Sony\HotKey Utility\HKWnd.exe... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

Hi, first time visitor here. My comp seems to be running a bit slow. Please help, thank you.

Logfile of HijackThis v1.99.1
Scan saved at 7:10:04 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Updater.exe
C:\WINDOWS\retadpu11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\LiveUpdate\LiveUpdate.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msi... Read more

A:Solved: Outerinfo removal help

Read other 9 answers
RELEVANCY SCORE 55.2

Please I need help removing Outerinfo popups. My Symantec AntiVirus isn't working properly (Auto-Protect failed to load). I guess I also need help tightening up my security. I think my Java needs updating. I'm on a work computer so this really sucks.

Thanks for your help.

jj

Here is my HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 12:20:18 PM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\USB Storage RW\udsi.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\COMMON~1\SSTEM~1\javaw.exe
C:\WINDOWS\?ymantec\s?ool32.exe
C:\WINDOW... Read more

A:Solved: Outerinfo Removal - Please help.

Read other 12 answers
RELEVANCY SCORE 55.2

I ran superantispyware program to remove spyware and got the following log. What are the next steps I need to do to make sure it is gone completely from my computer. thanks

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2007 at 12:34 PM

Application Version : 3.8.1002

Core Rules Database Version : 3256
Trace Rules Database Version: 1267

Scan type : Complete Scan
Total Scan Time : 00:21:17

Memory items scanned : 354
Memory threats detected : 7
Registry items scanned : 4295
Registry threats detected : 121
File items scanned : 18666
File threats detected : 158

Adware.Vundo Variant
C:\WINNT\SYSTEM32\VTUTQ.DLL
C:\WINNT\SYSTEM32\VTUTQ.DLL
HKLM\Software\Classes\CLSID\{5CCCBED1-0DBD-4821-8588-6111FB65A15B}
HKCR\CLSID\{5CCCBED1-0DBD-4821-8588-6111FB65A15B}
HKCR\CLSID\{5CCCBED1-0DBD-4821-8588-6111FB65A15B}\InprocServer32
HKCR\CLSID\{5CCCBED1-0DBD-4821-8588-6111FB65A15B}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CCCBED1-0DBD-4821-8588-6111FB65A15B}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtutq

Trojan.Downloader-Gen/HitItQuitIt
C:\WINNT\SYSTEM32\AWTSRQO.DLL
C:\WINNT\SYSTEM32\AWTSRQO.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\awtsrqo
C:\WINNT\SYSTEM32\IIFGFEE.DLL
C:\WINNT\SYSTEM32\KHFCAXW.DLL

Trojan.Downloader-SysMon
C:\WINNT\GNSFVCQ.EXE
C:\WINNT\GNSFVCQ.EXE

Trojan.Downloader-Gen/RetAd
C:\WINNT\RETADPU2000219.EXE
C:\WINNT\RETADPU2000219.EXE
[r... Read more

A:Outerinfo Spy ware removal - pl. help

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 55.2

I have removed them from the add/remove programs list but they are still affecting my computer. Pop ups galore and also it automatically starts my limewire pro. I removed limewire also but it still tries to start it up. Please help me.

Thanks in advance!

Here is my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:09 AM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd .exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxpers .exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray .exe
C:\Program Files\... Read more

A:Help with outerinfo/webbuy removal

Read other 16 answers
RELEVANCY SCORE 55.2

hi im about going crazy with this ive been trying to get these programs off my computer for a while now and everytime i turn my computer on it seems like there is more

help?

thanks
adam
 

A:Malware removal, outerinfo + others

this is what is slowing my system down

"SysFader: IEXPLORE.EXE - Potential Application Error
The intruction at "ox01d62739" referenced memory at "0x02354c50". The memory could not be "read. Click on OK to terminate"

"Your system could become unstable
A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to you computer. ****WXYZ.SYS - Address F73120AE base at C00000, Date Stamp 366072A3
Kernel Debugger using: COM2 (port 0x28f, Band rate 192000)"

here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 6:18:20 PM, on 01/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\RAM Idle\RAM_XP.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:... Read more

Read other 1 answers
RELEVANCY SCORE 55.2

In summary: I was playing fallout 3, got stuck. Googled help, clicked a website, got millions of pop ups, and the next thing I know I have a trojan. I think I may have multiple ones, one of them I know the name is 'Extra antivir'. It advertises itself as a Virus Remover and constantly sends me popups and warnings with a range of different things such as "Extra Antivir has prevented your credit card information from being stolen, it is suggested you purchase Extra Antivir for further protection" and things like that. It will also give me a fake blue screen and fakley restart my computer saying microsoft recommends I buy Extra Antivir.

I'm also getting spammed with read-only icons for porn websites on my desktop. I also noticed a performance decrease in my computer.

Please and thank you for the help!

I've tried running Ad-aware and Symnetic.

DDS:


DDS (Version 1.1.0) - NTFSx86
Run by Jimmy at 2:50:30.01 on Fri 12/19/2008
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1435 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lav... Read more

A:Trojan spams desktop with icons, advertises fake spyware removers, 'fake' restarts

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 1 answers
RELEVANCY SCORE 55.2

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

A:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 4 answers
RELEVANCY SCORE 54.4

hey guys, so i was in the middle of the outerinfo and malware removal 5-step process, on the pandasoftware scan, and the scan got stuck on a specific file or folder for a while, so i left it and hit the library for some SAS. when i got home, all that awaited me was a big blue screen with some announcement that i had spyware on my computer and needed to install an antivirus. attempts to restart in safe mode went nowhere as all i get are a black blank screen with "safe mode" in all 4 corners, but no access to any programs, etc. is there any hope for this HD?

thanks!

A:outerinfo/malware removal and CRASH

bump.

Read other 19 answers
RELEVANCY SCORE 54.4

Just the other day I was infection with the Outerinfo malware. While I was able to get rid of the program to where the icons no longer show up on my computer, I think there still might be traces of it left as I still get popups when I'm not actually browsing the internet every so often. And also, ever since then my IE and yahoo browsers have been basically unfunctional to where they freeze whenever new windows are opened. Luckily, I can still use my Avant Browser normally, but the computers default browser is a lot more convenient to use.

I downloaded AVG and it found a few high risk infections such as Downloader.Agent.bls, Rootkit.Agent.eq, and Logger.Delf.uc. I'm not exactly sure what these are, but they've been quarantined on my computer.

I was going to download HJT this to post a log, but I read that it's for advanced users and I'm not exactly saavy in this aspect. Which is why I'm asking for help obviously
 

A:Solved: Post Outerinfo removal help..

Read other 16 answers
RELEVANCY SCORE 54.4

Hi,

Another Outerinfo victim here... Spybot S&D, Ad-Aware, OneCare's antispyware, and SuperAntiSpyware tried without success to eradicate. Still getting ad redirects in web pages.

Thanks in advance for any help!

HJT log (run in standard mode, not safe mode):

Logfile of HijackThis v1.99.1
Scan saved at 1:11:49 AM, on 5/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Virtual CD v8\System\VC8SecS.exe
C:\Program Files\Virtual CD v8\System\VC8Play.exe
C:\Program Files\... Read more

A:Solved: Outerinfo... Trouble with removal.

bump
 

Read other 3 answers
RELEVANCY SCORE 54.4

Results from HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:38:53 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\??mantec\??plorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\caroyln\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Outerinfo removal assistance needed

Whoops - one more thing: both "Outerinfo" and "DriveCleaner 2006"....

Read other 19 answers