Over 1 million tech questions and answers.

Is my computer compromised?

Q: Is my computer compromised?

Hello everybody!

I finally removed Spyware Protect 2009 from my computer with Malwarebytes, and just wanted to know if my personal info (banking records, etc..) can be accessed by others on the web. I don't see any TDSS/backdoor.bot, soo... idk, just want to be sure. Any help is appreciated. Here is my log:
Malwarebytes' Anti-Malware 1.33
Database version: 1733
Windows 5.1.2600 Service Pack 2

2/5/2009 8:31:53 PM
mbam-log-2009-02-05 (20-31-53).txt

Scan type: Quick Scan
Objects scanned: 75586
Time elapsed: 19 minute(s), 59 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c9c42510-9b21-41c1-9dcd-8382a2d07c61} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysguard (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Microsoft Common (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Common\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\A9installer_880808.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

RELEVANCY SCORE 200
Preferred Solution: Is my computer compromised?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Is my computer compromised?

Hi DAUeleven and welcome to BCPlease print out and follow these instructions: "How to use SDFix". When using this tool, you must use the Administrator's account or an account with "Administrative rights"Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.Please copy and paste the contents of Report.txt in your next reply.Be sure to renable you anti-virus and and other security programs before connecting to the Internet.-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

Read other 1 answers
RELEVANCY SCORE 47.6

Esteemed Forum Members,

This is my first posting here. I am a Java programmer/developer. And I look forward to participating. Although I generally find that I learn more from reading the posts of the knowledgeable folks here than with me talking.

My current question is to see if anyone knows any more about a computer affliction that has affected two friends in the past week. (They are in different groups, so these are separate "afflictions".)

The two are remarkably similar so I am hypothesizing that they are basically the same attack. I suspect that if I have bumped into two of these cases, you folks may have already been there and done that.

As I don't have access to either of their computers, and as they are rather naive MSWindows users, it might be difficult for me to run the various diagnosic tools on their systems.

Basically the symptom is that they received an email from a known source. (Yeah, I know...) And clicked on a link to one of the {canxhealth health24x medhealthx xmedx } dotcom websites. The result is that, at a minimum, their Yahoo email account was compromised and an email was sent out to all of their contacts. The sent email has no subject and contains only the link to the malware website.

Googling through the web, I see suggestions ranging from changing the email account password through reformatting the hard-drive and resetting external routers. I also see claims that none of the major anti-virus/firewall applications detect this... Read more

A:Yahoo Account Compromised, possible system compromised

Hello Chuck, First i will move you one forum down to Am I Hacked.Please read the first pinned topic there, Who To Contact If Your Yahoo Webmail Account Is Hacked Next follow tese instructions,also a pinned topic there How to receive help in the Am I Hacked? forum

Read other 5 answers
RELEVANCY SCORE 47.6

Hello.  I seem to be sharing my firewall privileges with a remote hacker and a system restore didn't help.  A similar posting at Tom's Hardware pointed to a corrupted/malware rundll32.exe file creating extraneous malware files (guard.tmp, filename.dll) in his Win/System32 folder.  I suspect I have something similar though couldn't find those same file names.  (His posting is here: http://www.tomshardware.com/forum/134388-45-mysterious-rundll32-administrator-privileges )
 
I have tried kaspersky, combofix, rskiller, hitman, symantec, emsisoft, avg, symantec, windows defender, etc.  I am not a tech guy by trade but serve as my own IT guy some months so any help I get is welcome.  I probably am supposed to be posting "hijack this" findings or something as a first step but haven't done anything like that in 12 years so I figured I would post my problem first.  Thank you.

Read other answers
RELEVANCY SCORE 46.4

Hi there,

Im trying to help my mum out with her computer. After a visit to her local bank they informed her that someone had got her bank details online and has been ordering video games for themselves from this. I need to ensure that her PC is like fort Knox as im meant to be good with computers but need help this time. Heres what ive tried so far:-

Ran MSE anti-virus, updated and full scan: nothing found.
Ran Malwarebytes anti malware: updated and full scan: nothing found

IE is the latest version but it seems to have adverts all over the place. Ive disabled all add-ons but to no avail. Is the best thing to do next uninstall and reinstall IE?

Thanks for any advice given to me.

A:Computer compromised

The first thing you need to do is change all passwords, using a "known clean" computer. Do not use the infected one!

Next, flush the bad DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Now, download DDS from one of these links:
DDS.com
DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

Read other 4 answers
RELEVANCY SCORE 46.4

Been fighting this for a week and I can't find anything actually wrong, but I know something has to be there. My Warcraft account was recently hacked and based on some of the actions of the hacker I have to assume that they have gained access to my computer. Not only have they gotten my login information everytime I change it, but they have gotten some files submitted to Blizzard. Despite running multiple virus and malware scans nothing has ever come up. I am reluctant to simply reformat because I would like to at least try to understand how this has occured, but you can't fix what you can't find.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by troy at 1:30:21 on 2014-01-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4094.1950 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svc... Read more

A:Computer Compromised

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520819 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 17 answers
RELEVANCY SCORE 46.4

Hello. Yesterday when I returned from lunch, my computer was logged out. I thought maybe I had a power outage, but the other computer on the network (server) was still logged in. So, I just logged back in and went back to work. This morning, when I came into work, again I was logged out. And again I just logged back in. While I was working today, I looked up and saw that I was logged out. When I went to log back on, now there was my icon, but also another one with a karate icon, and it said "administrator"...and that "person" was logged on. I was very concerned and tried to log back in, but it wouldn't let me. I shut off my computer and then turned it back on. Now, the only user I saw was mine. Some background....I have Windows XP, McAfee Security with a Firewall. I do use logmein.com, but it's password protected. Just to be safe, I turned that off. I looked around my files and found that someone named "administrator" was in my computer yesterday when I was out to lunch. Also it showed that my fax file was used around the same time. I found a new document in "recent documents" called "desktop" and when I clicked on that file, this is what came up:

[LocalizedFileNames]
Mail [email protected],-4
Desktop (create shortcut).[email protected],-21
Compressed (zipped) [email protected],-10148
I am very concerned that someone took some private information from me. Is there a way to find out what this was? An... Read more

A:Has my computer been compromised?

Read other 16 answers
RELEVANCY SCORE 46.4

So my dad tells me that his desktop computer is acting all weird, and I have a feeling something may be infected. Internet Explorer.exe cannot be found, I think it was deleted or renamed, which raises alot of questions as to how that happened. Here is my Hijack This Log File... Thank you !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:49 PM, on 2/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\Goo... Read more

A:Computer compromised

Read other 9 answers
RELEVANCY SCORE 46.4

I've got a computer at work that seems to be fairly compromised. I've followed all of the steps listed in the 'read this topic' message and am at the point where I get to post a hijack this log (joy!). Basically this system has popups that show up constantly and the typical cleaning programs/methods have not gotten the popups to go away. Virtumonde has been detected on the system but I haven't been able to get it cleaned up yet. Basically each time I run a scan (with whatever program) it finds new things that weren't there on the previous scan. I just need to figure out the root cause of these popups and get rid of it. The date on the comp was set wrong at the time of the scan. I took this scan 20 minutes ago.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:45:33 PM, on 7/21/2003Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\WIDCOMM�... Read more

A:Compromised Computer

Welcome to the BleepingComputer HijackThis Logs and Analysis forum ensoll My name is Richie and i'll be helping you to fix your problems.It appears you've no virus protection installed.Download\install one of the following freeware options from the choice below.Once installed update its definitions and then run a full system virus scan.AVG7 Free Edition Antivirus:http://free.grisoft.com/softw/70free/setup...ree_446a965.exeAvast! 4 Home Edition: http://files.avast.com/iavs4pro/setupeng.exeAvira AntiVir Personal Edition Classic http://www.free-av.com/------------------------------Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.When VundoFix re-opens,click the "Scan for Vundo" button.Once it's done scanning,click the "Remove Vundo" button.You will receive a prompt asking if you want to remove the files, click "YES".Once you click yes, your desktop will go blank as it starts removing Vundo.When completed,it will prompt that it will reboot your computer,click "OK".Post the contents of C:\vundofix.txt into your next reply.Note: It is possible that VundoFix encountered a file it could not remove.In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.------------------------------Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your d... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

Hi all,

I have Win7 pre-release running on my loungeroom PC, as well as the old faithful XP on dual boot (second HDD).
After the October 22nd release, Win7 would not run, and has also shut down access to XP as well!!

Im was told that it would shut down every 2 hours until I paid money, but was not expecting my whole machine to be sabotaged?

Also read that I would get $100 off retail from using the pre-release Win7?

Anyone else like me - frustrated.

Automatic repair could not do justice to Win7 and it shut down no warning.

A:Computer compromised

I re-started and tried to get XP happening, but the screen disappeared permanently after the intro logo.
Then I re-set and tried Win7 again, and lo and behold, it came up and ran normally??? I have a TV program running on MCE as I type!

Any ideas as To why XP is compromised? I have done chkdsk in the recovery console.

Read other 1 answers
RELEVANCY SCORE 46.4

hello there, wonder if someone can help me out, I think someone has hacked my computer, what is the process of checking please

A:I think my computer has been compromised

What are the symptoms making you believe your computer has been compromised?  Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to ... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

I downloaded a few songs from LimeWire last night. Two of them did not play music and I was suspicious of them, so I deleted them. Then I ran stinger and it isolated one of the files as being a UA trojan dopwnloader and it said it deleted it. I searched the computer for the other file name and it did not come up. Ok, now today, I opened a My Docs folder and I notcied every folder in there is "Date Accessed" on 3/1/2009 at 8:58 pm. Also a bunch of files are listed as date accessed this morning and afternoon. Some info in those files is sensitive. Is my computer security compromised?
 

A:Is my computer compromised?

Read other 16 answers
RELEVANCY SCORE 46.4

Good morning,
I need help!
Yesterday, I found out that one of my online bank account (Bank A) has been compromised. I do most of my banking online, so I link my other banks (Bank B and Bank C) into this bank.

On July 10, Bank A instructed ACH transfers from Bank B($2000) and Bank C($2500) into Bank A. I dont know if i should say I am lucky because I dont have much money, but because i dont have much money those ACH transfers are denied (Non-sufficient fund).

So, yesterday, I went online into Bank A, and i did found 2 instructions. So, 1st impression that maybe banks screw up the transactions (should be other poeople account). Then, later when i look at the bank setup, I found a new bank that is waiting to be verified for linking with Bank A. Then, I know I have problem. So, I have called the bank and report this.

I googled, and found this site. I saw a posting about Keylogger and many replies of helps. So, i am hoping i can get your helps as well.

For the past 2 months, I have several things that happens differently.
1. I started to play World of Warcraft battlenet again...
2. I receive a new computer from work
3. My wife started to use computer at home more often, but mostly to go friendster.com (I think)

I uninstalled my zonealarm because I have been having problem restarting.
But prior to this, i have zonealarm, spydoctor, avg antivirus installed. Right now, I have hijackthis, panda (didnt get catch anything), trojanhunters (found 2 trojans, but t... Read more

Read other answers
RELEVANCY SCORE 46.4

My computer has been acting funny, websites not displaying properly, HTML messed up, hanging all of the time. It should be a high performance machine with Win 64, P6TD deluxe MB, 6GB Corsair Dominator RAM, but it's really sluggish. Here are the DDS log reports. My website was hacked recently, maybe because my PC was compromised. Not sure. Thanks in advance.
Sam

ps. I do have access to Windows Disc.


DDS (Ver_10-12-12.02) - FAT32_AMD64
Run by Monster at 9:38:13.24 on Mon 01/10/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.3268 [GMT 9:00]

AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\s... Read more

A:Computer Compromised

ANyone? DOes this look clean? Is that why nobody got back to me? I am having problems with websites like ESPN which is telling me that the server's certificate does match the host's name.

static.ak.fbcdn.net

I am getting weird HTML across the page instead of a clean website. Pages are loading slowly.

Read other 1 answers
RELEVANCY SCORE 46.4

edit: sorry for not posting the malware name in title its JPGIFRAMERi feel that some kind of malware has recently compromised my computer. symptoms:random internet dropslow computermcafee randomly repairing jpg files from the virus JPGiframerbeen a logn time since i got a windows updateheres an HJT log. halp me!!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:23 PM, on 5/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\WINDOWS\system32\nvsvc32.exeC:\PROGRA~1\McAfee\VIRUSS~1&... Read more

A:Compromised computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hi! I posted a log a while back for a different computer and ended up replacing that one, but now I'm afraid my laptop may now be infected.Can someone please take a look at my logs & let me know if I have anything remaining? I ran Malwarebytes Anti-malware and it removed a few items, but my computer is still acting strangely.Thank you in advance!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:14:41 PM, on 10/13/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exec:\drivers\audio\r211990\stacsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDOWS\system32\DRIVERS\o2flash.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Dell Support Center\bi... Read more

A:Computer may be compromised

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Helly all,
 
I had an issue with my email, did a search on Google and found a support website. I called them, they asked for card details and a screenshare
 
they then took over my system and I think installed somethings asthey showed me my passwords in a text file, also they sent an email from my account to themselves stating I authorize payment... I tried to stop it they kept writing and after I switched computer off just to get away, I feel I have been compromised. My bank said the same thing and a friend said thebest place to get help was here.
 
Please do help me clean my system from these leechers
 
I run windows
 
thank you

A:computer compromised seriously

I would suggest you replace the credit card and of course dispute any charges.
 
There are sites when doing a search for help represent themselves falsely as Microsoft, popular security programs and many other popular programs.
They are simply thieves.
 
It is likely that no malware was installed but the program used to remotely connect may still be on the computer and some crappy scan program or
two.
 
Use all of the programs below to find and remove both malware and adware.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat S... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hello,

I'm hoping I can get a second opinion to a question I posed on the MS Win7 Forum. The answer seemed to go against what I've read on numerous computer security sites regarding different software to have. Also mentioned was "first I would dump anything Norton", many sites gave it extremely high marks, but anyway. It seemed reply was all negative without answering question. Here is what I posted, and His answer, Hope this is okay.

One thing I didn't think to add to original question was that I'm using Norton Safe Search in toolbar if that matters. _______________________________________________________________________________________________________________________________________________________________
Is my computer compromised?

Win7, IE9, Norton Internet Security 2011, (Malwarebytes, SuperAntispyware, and Ad-Aware, I only use the ones in brackets as secondary scans and not actively running.

I notice sometimes at many different websites my toolbar will what I say is "move down a step" and leave a blank like toolbar (empty of course) above it just below the address bar.

I'm using Norton Internet Security 2011, and have Malwarebytes, SuperAntispyware, and Ad-Aware as just secondary scanners. I keep everything updated at least weekly, though Norton automatically updates on its own the same as Windows. Everytime I do scans (weekly) they all come up clean.

With the toolbar moving down leaving an empty space between ... Read more

Read other answers
RELEVANCY SCORE 46.4

using ad-aware I found a file in the windows system folder that did not look familiar: yrbxysxr.exeI decided to run hijackthis and post the log to see if anyone could help. ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:29:07 PM, on 10/12/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_02\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXEC:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXEC:\... Read more

A:S.o.s. Compromised Computer

Hello and welcome to BC.

Sorry for the late response. If you haven't received help elsewhere yet and still need help, please post a fresh HijackThis log and I'll be happy to help you.

Read other 20 answers
RELEVANCY SCORE 46.4

My entire computer has been compromised. I no longer have access to my C: drive, anything I touch on as far my taskbar I'm getting error messages 0x80070005, 0x800c0008 and code 1203. My current Microsoft acct has been linked to an old Microsoft acct I closed so anything I try to download its been stopped by the closed Microsoft acct and there's absolutely nothing I can do. I've tried rebooting to factory settings using the HP disks I purchased and they are not working. When I go into the system and try to add my acct name to the properties I instantly see that code S12545645 show up instead of the Micrososoft acct  I set up for my computer. I don't know what to do at this point.  Everytime I try to restore when I go into settings I notice my computer is being remotely changed by way of VPN settings and there is nothing I do to change it to prevent it from happening. Any advice would be helpful. I'm literally at the point where I want to throw this computer away but I just purchased it less than a year ago.

A:Computer compromised

Hi: Try a clean install of W10 by making your own plain W10 installation media by using the Media Creation tool at the link below. https://www.microsoft.com/en-us/software-download/windows10

Read other 3 answers
RELEVANCY SCORE 46

A friend is fearful that her computer has been compromised. This is the HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:07 PM, on 11/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D... Read more

A:Suspect computer is compromised!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


More detail about why your friend thinks the machine has been compromised will be helpful. What symptoms? Please report them in your new topic.

Read other 1 answers
RELEVANCY SCORE 46

I play World of Warcraft and recently had my account taken control of. I then realised since I have never given out my password, it must be a keylogger.

I ran KL-Detector while I screwed around in notepad and a few other things, and this is what it came up with
Code:
KL-Detector has found some suspicious files:
C:\Users\Taylor\AppData\Local\Temp\~DFF1AC.tmp
C:\Users\Taylor\AppData\Local\Temp\~DFFCBB.tmp
C:\Program Files\World of Warcraft\Logs\SESound.log

Please check; someone might have installed a keylogger on your computer!
You MAY want to take a look at:
C:\Users\Taylor\AppData\Local\Temp\
C:\Program Files\World of Warcraft\Logs\
C:\Users\Taylor\AppData\Roaming\Microsoft\Windows\Cookies\
C:\Windows\Prefetch\
C:\Users\Taylor\AppData\Local\VirtualStore\Program Files\World of Warcraft\Cache\WDB\enUS\

>>FULL REPORT<<

Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.
C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\Taylor\ntuser.dat.LOG1
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Users\Taylor\NTUSER.DAT
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\KL-DETECTOR.EXE-BAE45825.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was modified.

C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf
was... Read more

A:Computer compromised with a keylogger

Hey guys, if the KL detector doesn't mean much, just ignore it and look at the hijack this post.

Thanks guys!
 

Read other 3 answers
RELEVANCY SCORE 46

My friend was browsing through the internet on firefox and inadvertently downloaded a malicious program by visiting a website link posted on a forum. I know that my computer is infected as I have had multiple passwords changed on me such as my email password and my friend's game account has also had a password change. I have scanned with AVG and spybot search and destroy. Nothing has worked thus far. I would try to do something with hijack this, but I made an error due to my stupidity last time I tried to delete something scanned by it and ended up having to re-format my system. Here is the log that I have from a recent scan. Any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 6:36:45 PM, on 9/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\s... Read more

Read other answers
RELEVANCY SCORE 46

I have a 2wire router/modem which is usually very sloppy but today I noticed a few warning signs that make me think that somebody accessed or tried to access to my computer through my network.

First, last night I completely charged my Acer laptop and used it for a few minutes. When I woke up, I could hear the computer was trying to start unsuccessfuly but I didn't worry about that since it does that sometimes, I have a cheap laptop. I woke up my computer (I don't shut it down everyday) and I could go online right away, but after 5 minutes I was disconnected. I reset my router once but after a few minutes my internet was disconnected again. This time, I manually disconnected my computer from my network and reset the router again. When I came back to my computer, this is what happened:

* My computer was connected to a neighbor's unsecured network.
* Right away, I disconnected from that network and connected to my own secure, hidden network.
* ZoneAlarm prompted me to add and set the new network. Since I didn't know which network that was, I did something stupid. I shut down ZoneAlarm. When I realized that, I started it again.
* I went to my devices and I found a Belkin router--I have a 2wire router. I deleted it.
* I went to ZoneAlarm and found my own network and another network that shouldn't have been there. I deleted all networks.

I don't remember my last configuration but I think it might have changed. This is what I see in Network and Shari... Read more

A:Help me figure out if my computer has been compromised

Enable WPA(2)-PSK encryption on the router. Use a strong passphrase--20+ (at least 8 or 9) characters of letters and numbers and special characters mixed (do not use dictionary words).
 

Read other 3 answers
RELEVANCY SCORE 46

The first time I noticed this I got a window saying "This machine dangerously low on resources!" I read where Win98se users should correct this by rebooting and clearing the cache, that this is a flaw in 98. I did but the problem persists, especially if I have Word and a couple of other applications running at once.
Task monitor shows that Explorer is continuously running in the background, even tho I use Firefox for browsing. Attempts to close Explorer result in a scrambled desktop and that 'Restore Active Desktop' message, or everything simply hangs until I power off and reboot. I run 98se on a compaq deskpro with Pentium 3 that is part of a home network with 2 other computers running Windows XP. They seem to be fine.
Here is a Hijack This! log I just ran which is pretty short.

Logfile of HijackThis v1.99.1
Scan saved at 8:16:08 AM, on 6/11/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ FIREWALL\CA.EXE
C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMTRAY.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FIL... Read more

Read other answers
RELEVANCY SCORE 46

Hey guys,
 
I'm a little out of my depth here so don't feel bad about telling me I'm a complete idiot.  I got to work this morning unable to connect to my network drives because "The system detected a possible attempt to compromise security." So I did a little digging through event viewer and found a few disconcerting entries:
 
At 6:14 AM this morning: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 69.49.130.122.
 
According to google this generally happens when there's high traffic to the server, but the server doesn't get high traffic ever and the office doesn't even open until 7.
 
Also there's an audit at 12:45AM: 
 
A logon was attempted using explicit credentials.

Subject:
Security ID: SYSTEM
Account Name: WORKSTATION-17$
Account Domain: <REDACTED>
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: WORKSTATION-17$
Account Domain: <REDACTED>
Logon GUID: {b8e5e60f-7cd0-e25e-5654-baf839662d0d}
Target Server:
Target Server Name: workstation-17$
Additional Information: workstation-17$
Process Information:
Process ID: 0xce0
Process Name: C:\Windows\System32\taskhost.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occu... Read more

A:My computer's security may have been compromised.

Open the Start Menu and type cmd in the Search programs and features box.  Command will appear above the search box in the, right click and select Run as administrator.  This will open the Command Prompt.
 
When the Command Prompt opens copy the command below and paste it in the command prompt, then press Enter.
 
netsh int tcp set global chimney=disabled

Read other 2 answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1
Scan saved at 1:45:09 PM, on 4/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\DLink\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common File... Read more

A:Another Hijack This log from another compromised computer :(

Read other 13 answers
RELEVANCY SCORE 46

Currently my computer has a number of issues, these started when I downloaded what I thought was a no-cd crack for Diablo 2: Lord of Destruction (I DO own the game, however I cannot find my cd ><). I noticed immediately after unzipping the files that I had a problem, popups everywhere, I couldn't go into my computer without errors showing up (these are fixed as I use spybot and it took care of most of these things, however I still do have popups). I also cannot use ctrl+shift+esc to get to task manager, nor can I use ctrl+alt+del to get to task manager as apparently task manager is "disabled".

Currently if I google anything and click any link that would lead me to where I would search, I go to this link

Mods note:

<URL removed>

Hmm, I can't think of any other problems that I would think originated from infection, however I somehow managed to accidentally uninstall my soundcard driver - if anyone can assist me in finding that I'd much much appreciate it - though I'm mostly concerned with getting my computer virus free. (I don't really know what sound card I have, however this is a link to the exact model of PC I have - the only thing I have upgraded in my PC is my video card which should be a non issue - http://www.dealtime.com/xPF-Gateway-...VDRW-Dual-Laye)

My Log:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-08 19:57:04
Computer is in Normal Mode.
--------------------------------------------------------------------... Read more

A:Frustrated with compromised computer

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 11 answers
RELEVANCY SCORE 46

Help.... Please...

I think that I have a few problems going on that are a result of an infestation of a virus or other malicious software. I am running an IIS on a Windows 2000 Server. Since last week we cannot send email. I even tried to drop a few messages into the pickup directory and it immediately goes to the bad mail folder. So far, I have found the following.

1. net32a.exe

2. spybot.exe

Also, when trying to send mail I receive a message that looks like the following:

"Unable to deliver this message because the follow error was encountered: "Error is processing file in pickup directory.". The specific error code was 0xC00402CE.
The wording is broken in some places ("follow" instead of following / Error "is" instead of Error "in") which leads me to believe I may have been compromised by someone. I'm not sure what to do... I need help.
Thank you.
 

A:Solved: Computer Compromised? Help...

Read other 16 answers
RELEVANCY SCORE 46

My wow account has been recently hacked 2 times in a row by a keylogger. I was told that posting my HJT logfile as well as my MBAM logfile should be useful for someone specialized in 'malware detecting and cleaning' to see what is really happening in my PC and finally fix it. Please take a look at my logfiles below:

Here's the HijackThis logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:27 μμ, on 14/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\A... Read more

A:Computer compromised with keylogger.Please help!

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 46

This is going to be a long one, sorry. Let me start by saying that I am a professional in the field (web systems engineer) so have a pretty good working knowledge of systems and networks.
 
I recently (6/28/16) received an email from my ISP (Cox) stating that they detected a ZBot infection from my network, due to access of a known C&C server. I inspected the email headers to ensure that the email did in fact come from Cox and it appears to be legitimate.
 
I can post the URL that they said my network had contacted, but was not sure if I should do that in this forum or not, given the stated rules. Since my systems are behind a router locally Cox was (obviously) not able to tell which system on my side this traffic came from, but I only have one personal Windows system running at the moment. There are also a few Android devices, a smart TV, and Xbox One.
 
We use OpenDNS (free version) for our DNS services here, and the OpenDNS server IPs are configured directly on the router. All devices within the network use DHCP and pull the correct IPs for DNS services from the router as expected (FYI -- router is a DLink DIR-655 on the latest firmware). I have confirmed that all of this still appears to be in place and that OpenDNS is recording queries coming through it. I also confirmed that the specific URL that Cox flagged was indeed seen in the OpenDNS logs on 6/28/16. This part seemed a little strange to me -- that Cox was able to determine that this URL was access... Read more

Read other answers
RELEVANCY SCORE 46

I was on my computer tonight when my computer froze and I had to restart. I'm on a wireless connection run by my apartment building, and I have some personal security stuff on here but really am not too sure about the wireless security my building runs. I don't really download that much off of the internet, so I was surprised when strange things happened when I restarted my computer tonight. First, there was a brand new internet connection listed under my connections tab called Internet (1) that was not there before using WAN miniport. Also, the bar on the bottom of my screen is becoming distorted at times for no reason. And as I just now look, part of my screen is becoming cut off, with a strip of nothing but black along the right hand side of the screen. The time was changed to military time which I didn't do, and I can't change it back for some reason. I'm going to post my HJT log, and I also have RKR, ComboFix, and GMER on my computer as well. If anyone can help me, I'd greatly appreciate it, thanks!

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 00:18, on 07-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C... Read more

A:I think my computer security has been compromised?

If someone can please help me I would greatly appreciate it....thanks!
 

Read other 2 answers
RELEVANCY SCORE 46

Hi,
 
I have an ongoing problem. For the last five years, the same person or persons keeps breaking into my computer, and network. I have had several computers, different ISP's, I have even moved out of state for six months even there they kept on attacking me, I came back and still the person keeps getting in. I have bought security software, and I have used the free ones as well, and to no avail. Somehow this person is able to listen into my conversations. Now they are impersonating me online, and make it their business to draw my attention to it. One thing is if they are harassing me, and threatening to hurt me. But is completely another when they are taking to harassing my family, or anyone else that I care about. I have contacted the police they wont do anything without solid proof. I have sent in complaints to FBI, and other computer crime resources, heard nothing back from them.
 
This person believes that since they have been getting away with this so long, no one can stop them. I must stop them. I need to get my life back. This person or persons are all into my business, and I do not even know their name? They can attack me whenever they want to,and I cannot identify this person? I need help here. I feel like a victim, I sound like one even to my own ears. I do not wish to be one. I won't be one. Can you help me with my problem? If you could I would most certainly thank you.

A:Computer and cellphone compromised

Tonight I downloaded the tcp utility to see what is going on on network. Everytime I try to run the program it starts to run then it shuts down. I have tried several times, and still the same result. What I did notice for the short time that the program was running that there many processes running. I noticed other things as well. I just tried again, and many of the process running before are all closed down. I see now that there are just very few running, not the case five minutes ago.
 
Also I was having issues accesing a site I use usually with no issues. I believe that it was a denial of service attack. This went on for about three hours.
 
I was hoping that by now someone would get around to helping me with this problem. I am aware that there many people are on this site, and they too need help. I am going to continue to ask for help, and state what is going on until I am helped. I would prefer to receive help from someone who actually works for the site. I am not being fussy or think that I am more entitled than anyone else. The person who has been attacking me has just recently tried to communicate with me. I must be sure who I am speaking to, and who is assisting me with his situation.Thank you.

Read other 3 answers
RELEVANCY SCORE 46

Somehow someone is seeing my passwords on my computer and accessing some of my accounts specifically my Verizon account and Vanguard so far.  I have a flag setup on credit bureaus and setup security features and alerts in all my accounts.  I'm posting Speccy and ToolBox below.  Curious if you see anything suspicious or have any recommendations?  Thanks
 
 
http://speccy.piriform.com/results/akVa5YbYYOg6ghUMB30gqou
 
 
MiniToolBox by Farbar  Version: 21-07-2014
Ran by zj (administrator) on 07-03-2015 at 16:20:55
Running from "C:\Users\zj\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/07/2015 02:51:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/06/2015 11:32:28 AM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (03/06/2015 10:46:09 AM) (Source: LMS) (User: NT AUTHORITY)
Description: LMS Service lost connection to HECI driver
 
Error: (03/05/2015 09:24:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: NinjaTrader... Read more

A:Computer security compromised..

There is a chance that you are infected with a backdoor, bot or RAT. (remote administration tool). If this is the case more powerful advanced tools will be needed than can be used here in Am I Infected.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 3 answers
RELEVANCY SCORE 45.6

Windows 7, Outlook 2013 and ESET Smart Security 7. This is the second computer with the issue below that we would like reviewed please.

The other day my hosting company shut down my email accounts, not sure which system did it, but my dad and sister were using our webmail and now email accounts starting sending thousands of emails. This is the only details that I have. This computer is approx 2-3 years old and runs great but it's my sisters so not sure if she's on Facebook or which sites may have done this. Please help by reviewing the files and see if there is anything trojans, malaware, etc that could have done this. We are afraid to use the systems as passwords are now compromised.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:09:58 PM, on 4/21/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (... Read more

A:emails & passwords have been compromised - Computer 2

Hi, I just wanted to reach out see if anyone could review this.
 

Read other 2 answers
RELEVANCY SCORE 45.6

Hi everyone, this computer is running Windows 8 and outlook 2013, plus Smart Security by ESET 7.

The other day my hosting company shut down my email accounts, not sure which system did it, but my dad and sister were using our webmail and now email accounts starting sending thousands of emails. This is the only details that I have. This computer is approx 2 months old and runs great. Please help by reviewing the files and see if there is anything trojans, malaware, etc that could have done this. We are afraid to use the systems as passwords are now compromised.

GMER had problems loading. COuld not run some scans because System32 was running and ntuser.dat. FYI

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:05:29 PM, on 4/21/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\TeamViewer\Version... Read more

A:emails & passwords have been compromised - Computer 1

Read other 10 answers
RELEVANCY SCORE 45.6

Hello all,
About two weeks ago my computer got attacked by a nasty virus, and ever since it?s been running a lot slower. A few days ago I got a message from time Warner cable that they were temporarily blocking my internet service because my computer had been turned into a zombie and was sending out spam messages. They weren?t completely sure, but they think it was the Koobface virus and the only way to get rid of it is to reformat and reinstall. Thankfully I have nearly everything I need backed up, some on CDs and most through Carbonite. I was also planning to upgrade to windows 7 so this is as good a time as any. The big issue I?m facing though is what can I safely put back on my system after I reinstall. From what I understand, when a computer is turned into a zombie the worm digs into your system and constantly changes its name so it?s nearly impossible to track down and get rid of. Is this only through things like the registry and system files/settings, or can it embed itself into other unrelated files like pictures and videos? If it?s the first situation I should be alright if I just restore everything in my Carbonite and hard copy backups back onto my clean system. But if it can get into my other files then are they all to tainted to trust? On a side note, could a worm infect files in a separate volume on my hard drive? Most of my movies are on their own partition so it would be simple to save them.

Read other answers
RELEVANCY SCORE 45.6

Alright, my Dad's office has about 10 computers and they have all been locked down via securities to not have internet access; however one computer is open that receives the company email.

The other day some x-popups were on the screen when only one person was supposed to be in the office. This person denied it so any investigation was under way. A log was pulled of the last couple of months showing sites visited and the times they were visited. Some of the times were like 3 or 4 am. So logs where checked at the bldg security company to see when people were logged into the bldg, which no one was at the times involved. The computer has been slow for a very long time so my dad had already ordered another one before this happened so just replaced the computer in question.

So now we have a brand new computer added to the same network where it is the only computer online and it still shows visits to x-sites at 3 and 4 in the morning.

Can anyone explain what might be going on?

Thanks,
Will

A:Can my network be compromised if I just bought a new computer?

I am suspecting of a night crew some how..Cleaning,,night shift.Are thet on a router?What is the Antivirus?Lets run 2 sans on the PC that connectd..Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on to download the ESET Smart Installer. Save it to your desktop.Double click on the icon on your desktop.Check Click the button.Accept any security warnings from your browser.Under scan settings, check and check Remove found threats Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potential... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

I was on AIM doing my usual thing until I recieved a messege from my friend. It had some wierd url that made me suspisious, but being the idiot that I am I clicked it and ran some file. Norton Antivirus instantly flagged it as a virus and did auto-repair which didn't work. In Norton's log viewer it has 2 entries, here's a picI've ran the full system scan option and nothing turned up. I've also ran the antivirus software that you guys recommended (except for Panda Anitvirus) and nothing turned up.I havn't ran Norton in safe-mode yet, but i'm going to in abit.My question is, is my computer still infected?Here's my hijacklog:Logfile of HijackThis v1.99.1Scan saved at 2:35:16 AM, on 7/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Norton Internet Security\ISSVC.e... Read more

A:[email protected] Virus Compromised My Computer.

Hello TranNova and welcome to the BC HijackThis forum. I do not see any signs of that in the log but it probably wouldn't show up there anyway. HJT does not scan the temp folders.Norton should have taken care of the file by quarantining it or one of the scanners should have picked it up if it was still there. Since it was downloaded to the temp folders you can clean those out rather quickly.Download and install ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.There are a couple of questions I have though. Is the IE executable in the C:\My Files\Website\Browsers\ folder for a reason? If you put it there that is fine. If you didn't, then we might want to check that file out.Also, the file Cleaner.bat might or might not be questionable. If you know what it is and have it set to run on startup then it's Ok. If not, then we should d... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

It's been month reading and searching around forums but I just can't get it done. It's totally another level for newbie like me.
My laptop Samsung, desktop Alienware both got corrupted. Factory image being modified, download anti virus program but get mod become useless. Do not have admin rights on my own computer. Window firewall policy got mod but have no idea how to get it fixed. Window defender can't be run due to its service is missing. I have TEMP/TMP folder which can't be remove in my profile. All the files and folder is being shared but I did turn off sharing setting. Can't be delete due to admin access. Shortcut, and thumbnail have invalid path. Group policy is being mod which I'm totally clueless how to get it done. Workstation is running which I'm on a home network. Background process like CTF loader and COM keep running even thou I keep end the process. Window installer keep running but no idea what is it for. Window update keep searching but can't be install. Sometimes it get freeze. Registry is being mod, have no knowledge about it so don't dare to delete some of it. Cmd can't be run. Lots of svchost running in the svc. Did so many correction once restart everything back to square 1. Guys please help. Cause the one who did this is just staying right above me. So I'm clueless how I get it fix.

A:Computer devices got compromised using the same router.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/581281 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

I had a World of Warcraft account that is accessed from my computer recently attacked by hackers. Since I also access a number of much more valuable accounts (banking, etc.) it rang a lot of alarm bells. I had been running Norton Antivirus, but apparently it didn't find anything. I'm totally sure I didn't fall prey to any sort of social engineering or phishing, so I'm trying to review my system to see what was installed. It does look like spyware made it onto the system at some point (note the Media Star 2 toolbar, which I didn't install myself, and took over IE), and I'm assuming a Keylogger or password sniffer made it onto the machine.

Since Norton didn't detect anything, I tried Kaspersky, and it did find some files that it identified as trojans. Those were removed, although it still isn't clear to me how the passwords were observed.

I've run HijackThis, and I'm hoping an expert can take a look and let me know if you notice anything I should still be concerned about.

==================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:54 PM, on 3/2/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard&#... Read more

A:HiJackThis - Recently Compromised Computer

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Hi Guys,
 
I been a frequent lurker on this site and you guys have been a great help. 
 
What are some options for someone who has had their phone's sim card cloned. Also the PC is compromised..
 
Have any of you ever dealt with a situation like this, what can I do to ensure that this phone is clean its an iphone 6 - the cell company says its been addressed. 
 
Will scanners like malwarebytes actually pick up installed "spy" programs? I believe someone locally did this.
 
I haven't looked at the computer yet, but just trying to get a game plan and not make any mistakes.

A:Computer compromised by a local person, help

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/578101 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:14 PM, on 1/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\e... Read more

Read other answers
RELEVANCY SCORE 45.6

Hi, I just got an email from my ISP saying that my computer is infected.
 
Here is the actual quote from the email (only part of it, the rest of the email was just them recommending scanners to use)
 
"Dear Subscriber,ISP has identified that one or more computers/ devices behind your cable modem may be infected with the FakeSecSen or "Spy Sheriff" Virus. A device behind your cable modem appears to have connected to a command and control server affiliated with this malware."
 
I have 
 
- Windows 10 Home edition
- 64 bit
- Bitdefender Antivirus Plus 2018
 
My computer has been acting fine and I have not seen any strange pop-ups or anything like that yet.
 
Thanks for your help in advanced

A:ISP sent me a "Compromised Computer Notification" email

"Dear Subscriber" is the first indication its fake.....they would use your name when contacting you,
 
delete the email and ignore it, or call them directly.....don't follow any instructions on the email, or click on anything in the email

Read other 22 answers
RELEVANCY SCORE 45.6

Here is the Log from the Panda scan. Computer is compromised. Severl problems.

I have Windows XP, Home Edition. Just checked for WINDOWS updates. Evidently all are there except for SP2.

LOG:


Incident Status Location

Virus:Trj/Cimuz.JX Disinfected Operating system
Adware:adware/virtualbouncer Not disinfected c:\windows\system32\INNERADINSTALL.LOG
Adware:adware/savenow Not disinfected c:\windows\downloaded program files\WUInst.inf ... Read more

A:Computer compromised. Many problems. Log attached.

Well it doesn't look bad after having run that program.

I just think you should run a couple of others.

Those are the two free programs from AVG, Antivirus and Antispyware. Be sure to also have removed the Panda program, and you can also remove both AVG programs after you have completed 2 cleanings each. As in clean, restart, clean once more.

http://free.grisoft.com/

Read other 2 answers
RELEVANCY SCORE 44.8

please help!!! seems compromised, combofix says detected rootkit, cannot seem to fix up???

A:computer seems compromised, freezing, combofix says rootkit

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 21 answers
RELEVANCY SCORE 44.8

Hi.
First I would like to thank you for helping me with my problem... It really means a lot to me that there is people around the world willing to help other people, even thoguh they dont know eachother...

My WoW account have recently been hacked and I think that it might be a keylogger or a trojan virus... The hacker have someway been able to get my account name and password.

I have been following a Keylooger cleaning guide on the officiel WoW forum... I have downloaded several anti-virus program and done as the guide told me to do... The last checkpoint in the guide was to post a thread on this site with a Hijackthis log, and thats what im doing now

So heres the Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:20:34, on 12-09-2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\... Read more

Read other answers