Over 1 million tech questions and answers.

I think I am infected by some chinese malware

Q: I think I am infected by some chinese malware

My computer suddenly corrupted with a chinese malware (!) which is shown in the icon tray and desktop. I could not remove it by running AVAST antivirus software. I am attaching the log file for help.

RELEVANCY SCORE 200
Preferred Solution: I think I am infected by some chinese malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: I think I am infected by some chinese malware

I have done further scan with spybot. After fixing the issues with spybot, I am attaching again the log files. 

Read other 8 answers
RELEVANCY SCORE 66.4

So, I've heard about this happening before, but never thought it would hit me... I am very careful about adware, etc, and have never had a problem until now. The other day I purchased a new 750Gb Iomega external hard drive. It was mac-formatted, so I plugged it in and turned it on with the intention of reformatting it. However, once it was connected and installed I started getting these full-screen IE (i use firefox for browsing) popups full of advertisements in chinese. I didn't think much of it so i didn't write down the addresses. Immediately the computer started acting odd... slowing down, hanging up at odd times. Then my norton antivirus notified me of a couple viruses in the temp folder. I started to get worried so I stopped everything and did a full virus scan. The scan crashed with a BSOD and when I rebooted the computer I ran every online virus scan I could find, repeatedly, trying to get rid of all of the crap. I found a bunch of trojans, keyloggers, infostealers, rootkits, etc, could not run task manager or HijackThis, and at one point windows would not even fully boot.I've done a lot of work so far, and am almost there, but there are still a few things that keep coming back. It is for this reason that I am forced to finally ask for help. Here is my HijackThis log... hopefully you can see some things in there that I did not notice.EDIT: I read on another thread that I should list the steps I've taken so far...I have installed and run ad-aware, spybot, av... Read more

A:Infected With Nasty Chinese Malware

Hi,Welcome to BleepingComputer HijackThis Logs and Analysis forum, Peter E. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. Please rescan your computer and post a new HJT log and an Uninstall List.In the meantime, please refrain from making any changes to your computer. Thanks.Make an Uninstall List1. Start HijackThis2. Click on the Config button3. Click on the Misc Tools button4. Click on the Open Uninstall Manager button5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.7. Copy and paste the contents in your next reply and a fresh HJT log.

Read other 23 answers
RELEVANCY SCORE 65.2

Hello! I've noticed a "Good link and associates" icon appear on my computer. When I looked online to see what the cause might be I found my way to this forum where people had helped folk like me with a similar problem.
 
Following advice from Alexstrasza to someone with a similar past problem, I have:
1) Run MiniToolBox and saved result.txt, in case that might be useful
2) Run SecurityCheck.exe and saved the checkup.txt log
 
Would it be helpful if I posted these up? Thanks so much to anyone who can help!
 
 

A:Infected with "Good link and associates" chinese malware?

Hello and welcome to BC,
 
Yes, you can post results here, but we should do some checks.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
-----
 
Kaspersky Virus Removal Tool
Please download Kaspersky Virus Removal Tool from here.
§  Right click on KVRT.ex... Read more

Read other 18 answers
RELEVANCY SCORE 54

A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals.

Yingmob, an advertising company based in Chongqing, China, is supposedly the group behind the YiSpecter iOS malware and the HummingBad Android malware.

Both function in the same way, meaning they infect devices to show ads and secretly install other applications, earning their creators money from pay-per-install programs.

Crooks making over $300,000 each month
Check Point estimates that HummingBad alone delivers over 20 million ads per day that achieve a click rate of 12.5 percent, which is the equivalent of 2.5 million clicks per day. Additionally, HummingBad installs over 50,000 fraudulent apps per day.

Putting all these numbers together, Yingmob earns over $3,000 per day from clicks alone and another $7,500 from fraudulent app installs. That's around $300,000 each month, or $3.6 million per year.

Check Point researchers say that HummingBad has managed to infect 85 million devices at the moment, and Yingmob has complete control over these smartphones because it illegally rooted the devices and can push any type of malware or make the devices take any action.

Read more: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware
 

Read other answers
RELEVANCY SCORE 50.8

Today, two chinese programs appeared and installed in my laptop. I am very sure that I didn't installed them
I have slightly read the post in the forum. I can't understand the content of notepad=.= 
 
Can anyone help me to check is there any malware?
If there is, how should I remove?
 
ATTACHMENT: FRST & ADDITION.TXT 
 

 Addition.txt   39.54KB
  4 downloads

 FRST.txt   39.84KB
  4 downloads

A:Chinese Malware?

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 0 answers
RELEVANCY SCORE 50.8

Hi,
I have this problem with my computer that it keeps on installing new programs. Some of them are chinese. There are some changes in my browsers too. For example mylucky123 as a search engine. Please find my logs attached. Thank you in advance.

Read other answers
RELEVANCY SCORE 50.8

Am I in the correct place? New forumer here I have been infected with chinese malware on 1st september. My firefox will automatically connect to1. www.sdo.80809090.com2. www.873511.comMy internet explorer cannot be used at all; everytime I launch it, it will display a VB Script error and close.Using various antivirus and antispyware programs, I tried to search and destroy the virus, all having failed badly.AVG Antivirus, AVG Anti-Spyware, Kaspersky online scanner, Norton 07, ad-aware and some other.Having failed with all the antivirus programs, I turned to combofix and smitfraud. Both failed deleting the host file.Then, I formatted my pc overnight. Thought problem solved, then I connect to internet, one second later, my firefox browser is directed to www.sdo.80809090.com again...I have a HijackThis log, but its totally clean.Logfile of HijackThis v1.99.1Scan saved at 3:37 PM, on 3-Sep-07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\G... Read more

A:Chinese Malware

Hi ff7ytaPlease rename Hijackthis.exe to Iseeyou.exe. To do this navigate to:D:\zPrograms\Important\HijackThisand then right click on HijackThis.exe and select rename.Then run Iseeyou.exe (Hijackthis) and choose "Do a system scan and save a logfile".Copy/paste the text from the resultant log in a reply to this post.Demon Cleaner

Read other 2 answers
RELEVANCY SCORE 50.4

will ima post it here since they deleted my post in da other section i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus"

Hello and welcome. You're topic in the HJT forum wasn't deleted. i will tho since it doesn't contain an HJT log so they will not look at it. Let's try these here first and if needed we'll makr a new one there.Please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finish... Read more

Read other 5 answers
RELEVANCY SCORE 50.4

I use anti malware bytes its not helping
i have lot of chinese malware things at my pc
sometimes it changes my keybord to chinese x_X
 
I have log files from frst
please help me out
 
michael
 

A:Chinese malware spam

please help me

Read other 0 answers
RELEVANCY SCORE 50.4

hi im haveing a problem so i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus" not sure

Topic deleted, no log and I have replied to Dup in AII here...http://www.bleepingcomputer.com/forums/index.php?showtopic=212043&st=0&gopid=1182701&#entry1182701

Read other 1 answers
RELEVANCY SCORE 50.4

So this is the case: I recently visited a Chinese Website on my Windows XP system. I have to admit that I had no Antivirus or Antispyware software installed on my computer at the time. Any way, with the help of Yahoo' s Antispy Scan I found out that I had quite a lot of Spyware on my system. The're names: Cinmus A, CNNIC downloader, Quiq, Sogou, Cdn helper, pctools.dll, Cinmeng among others. I used Spybot(free version), Zone Alarm Internet Suite Trial, Xcleaner(free), CWShredder, Hijackthis, AVG AntiSpyware Trial, AVG Antivirus Trial, Avast Antivirus (free), Ad-Aware SE (free) & McAfee Internet Security Suite 30 day Trial. They removed most of the junk, but were unsuccessful in removing Cinmus A, pctools.dll and some of the registry keys from those nasty buggers. I'm not sure but it seems like not much of our top rated Antispyware/Antivirus programs can handle Chinese Adware & Spyware. Please HELP! I'm currently using McAfee Internet Suite trial which really does secure my system, but doesn't detect Cinmus A, and I can't delete or shred pctools.dll. Plus, McAfee Trial ends on the 1st Of July 2007 (so if I don't come up with something quick, I'm kinda screwed: cause all that stuff will phone home to China and reinstall themselves). I'm deperate. Please someone, HELP ME!
 

Read other answers
RELEVANCY SCORE 50

Hit by a new? Chinese trojan this week. Was getting popups--thought it was just spyware/adware junk. But Avast didn't pick it up and on reboot after an attempted clean my boot sequence now takes 7+minutes. It's bad enough that i thought it was faulty memory or somesuch and swapped out my RAM.problems showing up in the windows/system32 and user/app/remote.... foldersran avast, then antimalware, some others (vundofix, ATFcleaner, trojan remover, etc.).here to beg help from the experts. can't run Kaspersky at the moment because of internet connectivity problems where i am in China. anyway, here's the log:info.txt logfile of random's system information tool 1.05 2008-12-22 23:10:33======Uninstall list======-->MsiExec /X{AFD5ED58-271A-4907-96C2-2745C83BB035}Acubix PicoZip 4.02-->"C:\Program Files\PicoZip\unins000.exe"Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exeApple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonlyAudiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6... Read more

A:Infected with Chinese trojan

Hi,Welcome to BleepingComputer HijackThis Logs and Malware Removal,QTQuazar. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. In the meantime, please refrain from making any changes to your computer. and please do in the following:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please post back:11.RSIT log.txt and info.txt. (Before running RSIT, please delete the folder C:\rsit) Thanks.

Read other 7 answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.6

Half of all malware originating in China during October was designed to steal usernames and passwords, an IT security firm warned today.By analysing the malware, which was written in a simplified version of Chinese, Sophos reported that 45.2 percent aimed to steal online game log-in information.A further 7.5 percent was designed to provide the hackers with username and password details for the popular Chinese QQ instant messaging client."Given the ever growing popularity of online gaming in China, this is a worrying trend," said Carole Theriault, senior security consultant at Sophos."Once hackers have stolen log-in details, they can effectively impersonate the victim in the online world.http://www.itnews.com.au/newsstory.aspx?CI...p;src=site-marq

Read other answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.2

Win XP Pro SP2I am in China, and my someone tried to install QQ instant messenger when I wasn't here. The first thing I noticed is that my system fan goes to high speed soon after startup, and this only happens when a process is using a lot of CPU time.I am running AVG Pro and Spybot S&D with Tea Timer, but these didn't protect me from this stuff.Task manager shows me that cdnup.exe is using about 53% of CPU time, and crss.exe is using about 24%. I think both files have been messed with.I was getting pop-up virus warnings from AVG; it would report healed successfully, but the next time I rebooted, the same things would be back.I have gone through the entire process of "Preparation Guide for use before posting a HijackThis Log." I couldn't get Housecall Anti Virus, though. The only thing that seemed to make a difference was Bit Defender. After running it, I don't get the virus reports from AVG any more. I also didn't have the cdnup.exe and crss.exe problems after that, until I plugged the ethernet cable back in, then these problems came back.IE6 settings have been changed, including default page and search pages. Explorer has been changed; I keep changing it so that I see all file extensions, but it keeps getting changed back so that I don't see file extensions.IE keeps popping up Chinese websites with girlie pictures.There's so much crap going on, I don't know what to do next.I'll paste in the HijackThis log, followed by the other logs of the antivirus and spyw... Read more

A:Infected With Boran.g & Other Chinese Stuff

Hi yuehan,

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience.

Read other 5 answers
RELEVANCY SCORE 49.2

My comp is seriously infected by annoying chinese spywares... i've tried using every possible remover to remove them but they don't seem to work. I tried spybot,avast antivirus,ad aware,dr web cureit and malware.This is my hijackthis log. I've also tried removing the hosts but it says the file is being in used. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:04:36 PM, on 6/19/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\wordpad.exeC:\WINDOWS\System32\360up.exeC:\WINDOWS\RavNT.exeC:\WINDOWS\qqshel.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Softw... Read more

A:Comp Infected By Chinese Spywares

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 10 answers
RELEVANCY SCORE 49.2

Hi community members  i have bought a new dell vostro 3568. km spico got installed in it i dont know how that kmspico installed some chinese malware so as to remove it i installed mlware bytes it detected 538 threats especially PUPs i deleted all then i installed hitman pro that detected malware tracking cookies  deleted them on next scan those cookies appeared again like tboola.com adaptv advertising,com and many more they come again and again i  tried resetting chrome but these privacy hacking cookies appear again i am new to all this please help me 
                                      

A:Km spico attacked my pc and installed some chinese malware

One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  
Please follow the directions at http://spywarehammer.com/post-here-for-malware-removal/(new-instructions!)-what-do-i-do-first/  to register and post the requested DDS logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.
Good luck!

Read other 1 answers
RELEVANCY SCORE 49.2

Hey,

Have any of y'all seen a box that pops up with a blue border, at the top there is a penguin with 4 Chinese characters beside it. Below is another with QQ: then a box with 10000 in it, two or three more characters, another box with 10000 in it, then a small box with the image of a person in it, followed by 8 more characters.
Then below that is a larger box full of Chinese characters and some numbers. After this pops up, things deteriorate rapidly. The first thing we noticed was that the Task manager would not open. Others had other problems, eventually not being able to work at all.

I'm not asking for a solution. We have been looking High and Low, and we know how to use the tools available. I just want to know if anyone out there has come across this and if anyone knows where it came from?

Thanks!!
 

Read other answers
RELEVANCY SCORE 49.2

Dear All,

I'm having an issue with a popup in Chinese characters.
it pop up always at the start up and then few times during the day.

it looks I have not other problems on the machine but I've tryed all type of antivirus and malware.
including
Avast, spybot, on line scans,
the machine were running Antivirus,andimalware and firewall since beginning, not only after "infection"

no one finds andy issue but the popup still comes.

I'm running windows 7 64 on an ASUS noteboook, i7, with ATI card.

Does anyone have the same issue? anyone knows how to wipe out?

Thanks in advance

Best Regards

Antonio
 

Read other answers
RELEVANCY SCORE 49.2

Hello, Firstly I want to say I have learned my lesson and not downloading anything from pirate bay again.
 
I tried to download a tv show tonight. Only to discover (too late) that it's one of the worst viruses I have personally seen, It all appeared after I deleted the tv show I downloaded and went outside for a smoke, when I came back there's chinese porn, chinese dialog boxes of things I simply cannot read, IE opening by itself, adware, redirects, trojans, browsers, you name it. Fake antivirus programs specifically a fake version of rising anti virus that blocks my real programs like adwcleaner and microsoft security essentials. I have tried other antivirus programs with no effect because of the blocking issue.
 
I am accessing this forum on a different pc, because the infected pc is virtually unusable, I have had viruses in the past but nothing like this, I really need a program that I can download with this clean PC and install onto the infected one via USB.   
 
Should I just buy a 2TB drive and try to salvage what I can before it locks up completely. 
 
I am sorry if this seems a little bit rushed, the infected PC is used for some graphic design stuff I need access to for work. I am stupid I know.
 
Any help greatly appreciated.
 
 
-edit-
 
I just checked it again locked up from infinite chinese porn pages automatically loading in IE, starting to accept I've lost everything on that PC

A:Chinese Porn adware malware redirects... Got it all

Hello and welcome to BC,
 
We will try to help you with your problems.
 
Please, use that other computer to download following programs. Use USB to transfer them to infected machine. If you can't run them in normal mode, try in safe mode.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present ... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

Hello,
during exploration of various app creators for android I came across beta.appinventor.mit.edu. I'm still using IE8(sadly no more support) but have google chrome as a second option. 
I'm not sure when what happened exactly. I did a defrag, cleaned some old files. I tried to open beta.appinventor in chrome and it displays chinese characters across the screen.
Even when I log-in to my modem (portable wifi router) from chrome it displays chinese characters. Very few sites display adds in chinese the rest of the site would be ok. Also if I open a tab in incognito mode the entire window is filled with chinese characters.
Now the chinese characters are not displayed by opening 'normal' url's.
The puzzling thing is, the speed of the system is good. IE8 has no problems. I can open websites in chrome, no problem. 
I tried ccleaner, norton scan, dr.web scan, uninstalled chrome, re installed, several times, knowing I will not be able to remove all chrome instances in the reg, trying it again with revo uninstaller and re install.
Same problem chinese characters. I don't know what else to do.
 

 attach.zip   5.71KB
  0 downloads
 Untitled-1.jpg   61.33KB
  1 downloads
 
did a hijackthis as well, not sure if I should post this as well.
 
thanks in advance for taking a look
 
following the dds and attached zip file plus a screen shot of the chinese characters:
 
DDS (Ver_2012-11-20.01) - NT... Read more

A:possible malware in google chrome, displaying Chinese characters

hi everybody,
sorry for my own confusion. I kept on digging and came across a forum. It was suggested to change the encoding in chrome to autodetect, While my chrome showed unicode. Anyway I tried, the result no chinese characters anymore. Allways thought unicode was more or less universal, that would have been the last thing for me to suspect.
Strange was that a new install to my laptop which never had chrome on it came with unicode already in place. Had to change that, too.
Long story, happy ending, problem solved.

Read other 2 answers
RELEVANCY SCORE 48.4

Here is your SysInfo information: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit Processor: Intel(R) Pentium(R) M processor 1600MHz, x86 Family 6 Model 9 Stepping 5 Processor Count: 1 RAM: 1534 Mb Graphics Card: ATI MOBILITY RADEON 9000, 32 Mb Hard Drives: C: Total - 147929 MB, Free - 4270 MB; Motherboard: IBM, 2373NG3 Antivirus: &#30005;&#33041;&#31649;&#23478;&#31995;&#32479;&#38450;&#25252;, Updated: Yes, On-Demand Scanner: Enabled I actually use Symantec Endpoint Protection antivirus, but it was unable to recognize an infected .exe file claiming it was clean. Antivirus is still working and does not report any threat! But it seams the Chinese malware is already controlling its behavior. The pop-ups constantly promote something in Chinese, showing mostly images of automatic weaponry (probably Kalashnikov). The Program Files directory contains now a Tencent directory, which includes QQPCMgr with some more subdirectories. I was only able first to delete some of the contents, probably not vitally important files. All other content seems to be very well protected. I am unable to terminate the corresponding processes in the Task Manager nor uninstall the related program with Chinese name. I was also unable to perform System Restore - the system claims its inability to do so. I even could not start windows in Safe Mode. I tried to use SpyHunter, but also with negative resu... Read more

A:Chinese malware Tencent invaded my IBM T40 laptop, MS Windows XP

I tried additionally the Bitdefender online QuickScan - it was not able even to start the scanning process. There seems to be a problem with formatting, at least in my first message: the online editor of this site seems to eliminate the CR (Carriage Return) characters from my text. Is there any tip to avoid such behavior? BTW, I sent this from a different computer, not from the infected one.
 

Read other 3 answers
RELEVANCY SCORE 48.4

Hello, this has been posted already, but perhaps the treatment method may vary depending on my situation and logs etc, so reposting...

XP SP3
IE 8 BETA (although using Firefox mainly)
Tried: Fullscan with KIS 2009 (kaspersky) and Adaware.
It removed some win32trojan downloader agent mkav or so, but problem remains.

Description:
I've been experiencing multiple iexplore.exe processes running freely without my control (I use Firefox mainly). While they run, there's a weird chinese speech in the background which sounds like a commercial, it may repeat itself few times and even overrun itself in sound.

The Problem:
iexplore.exe keeps on running along with the CHINESE talking in the background.

Now, if I run full scan on my system with KIS, it wouldn't detect anything, not to mention updated Lavasoft Ad-Aware 2008...

DDS LOG:

DDS (Version 1.0) - NTFSx86
Run by Idan at 22:27:53.26 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1606 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

A:Malware running multiple iexplore.exe & CHINESE talking

Hello Idanshalev,

Post the ComboFix.txt please.

Read other 2 answers
RELEVANCY SCORE 48

Recently I started getting one line in the upper portion of the IE windows with Chinese characters:

系统检测发现您正在使用低版本IE浏览器,可能存在安全隐患,强烈推荐您在windows系统使用更快速!更安全!更稳定!的浏览器: FireFox火狐浏览器,点击下载
McAfee and Spybot scans yield nothing. Ad-Aware 2007 results in 5 registry entries but is unable to clean them. The two categories identified:
Root: HKCR Path: clsid\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{385ab8c6-fb22-4d17-8834-064e2ba0a0a6f0}

Hijackthis generated log which is attached. You can see that the same entries

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll

Aside from having the aforementioned line in every IE screen, some of the sites, including this site bleepingcomputer occasionally cannot be accessed, usually when you have to drill 2-3 levels down into the website. It changes though. Occasionally it will dive... Read more

A:Win32.adware.cinmus, Chinese Spyware - Chinese Line In Ie Windows, Unable Access Some Sites

Here is the log pasted instead of being attached:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:37 AM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1�... Read more

Read other 18 answers
RELEVANCY SCORE 48

I just received delivery of a mini camera/voice recorder that has an instruction sheet in both Chinese characters and also broken English...very broken! In fact, it's basically incomprehensible. Is there anyone viewing this that may be able to help me translate the instructions, because I can't get the recorder to work yet. The colors of the light indicators on the recorder and the instructions don't even match. All that I can observe is red and blue, while the instructions refer to a yellow and green in addition to red.....go figure. And yes, I've contacted the seller about this but they haven't responded yet. I strongly suspect they don't have a clue either...they're just merchandisers, not tech folks.

I've attached a copy of of the so-called English instructions, but if you can read Chinese please contact me and I'll send you or post the instructions written in Chinese characters.

Thanks for your interest.
 

A:Solved: Can you read Chinese characters and/or Chinese broken English?

Read other 9 answers
RELEVANCY SCORE 47.6

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

A:infected displaying ads in chinese on web browser and disable antivirus software

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Read other 2 answers
RELEVANCY SCORE 47.6

Hi I was wondering if anyone could help me. My friend has a Chinese version of Windows XP with SP3 and an English Office 2007 installed on her computer. All worked fine until the day after Office was installed. Now some of the Chinese characters have been replaced with squares. I tried changing the settings in the Regional and Language Options but as the Chinese characters have been replaced by vertical lines.

If someone can help me resolve this problem it would be greatly appreciated.

Thanks

A:[SOLVED] Problem with Chinese text in Chinese Windows XP

Problem solved

Read other 1 answers
RELEVANCY SCORE 47.6

Yesterday, I did a scan of my network with WireShark 3.2.6  Scan was done on my hardwired Ethernet connection. I am somewhat new to advanced wireshark and I do not know everything there is to know but I am in the process of learning.
While looking at the results of a short scan I saw some unsettling IP Addresses that were appearing on my network. I do a lot of schoolwork online and I need to setup Windows 10 Professional's Firewall to block this IP Address or possibly even a range of
IP Addresses. 
Problem is: When I do searches with keywords such as "Blocking an IP Address with Windows 10 firewall" I end up receiving results that are intended for businesses or results that are meant for a Windows Server.
I need an understandable solution to this potential security problem. One that I can use Microsoft tools to fix and not some 3rd party app if possible.
My system:
Windows 10 Professional build 18363.1016
MS Office 365 Enterprise Edition subscription through my school
Dell Optiplex 790 with the latest BIOS update
16GB RAM
Dual drives  SSD system drive and Mechanical ATA drive for data storage.
WireShark 3.2.6 results
Source: 52.109.12.55    Destination: My private IP Address for my PC. 
Protocol used: TCP   Note: 3 instances.
Below is my PC sending out an 89 byte message to 52.109.2.55   4 different times.
Source: My Private IP,     Dest:
52.109.12.55,  Src Prt: vpad 1516,&nb... Read more

Read other answers
RELEVANCY SCORE 46.4

There are several post like mine out there already but none of the solutions have worked for me. When I am connected to my company LAN I can go to Google (my home page) in IE7 on an XP Corp SP3 Laptop. about every other time I click on a link I get the following error box.Whether I click ok on the error or click the X, a new browser window opens maximises and opens my home page.When I am on my home network the behavior is different, (probably because my home firewall is not blocking the site) When i click any link from my home page there is no error box but my click gets hijacked to an advertisement or fake virus protection sites.Here is what I have tried:1. Full scan and immunize with Spybot S & D (found a lot of cookies etc. didn't fix this issue)2. Full scan with Symantec Endpoint protection (finds trojans once a day, probably friends of this issue)3. Full scan with Malwarebytes (fixed other issues it found but not this one)4. Purchased full version of Spyware Dr (found and fixed 4 issues but not this one)5. Disabled all browser plugins, including those that run without permission. (did not impact the issue)6. Searched for any files or registry enties with "hpprintspool" in them (there were none)7. Installed HijackThis and created the following log -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:09 AM, on 11/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WI... Read more

A:Malware Cannot find http://(chinese characters) Make sure the path or internet address is correct

Hi jgardner,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.One or more of the identified infections is a backdoor trojan.A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still try to clean this machine but I might not be able to make sure it will be 100% secure afterward. Please tell me if you want to go on with cleaning.

Read other 2 answers
RELEVANCY SCORE 45.2

Hi!
I would like to know if there is any way to see Chinese in Chinese softwares? My english setting are all in English. I know you can change the language setting to Chinese to view softwares that are in Chinese. But I mostly use English softwares. So, it is kinda pointless to change the setting to Chinese since only a few programs I am using are in Chinese. As changing to Chinese setting will also affect fonts in some of the games.
Anyways. here is the problem:
I am able to type Chinese (such as Notepad etc) and I am also able to view Chinese on the webpage.
But, I am not able to see Chinese in softwares that are in Chinese. It will show up messy codse or just ????s marks.

Before I reformated my computer, I was able to see Chinese in Chinese softwares without changing the language setting into English. But after I reformated, I am not able to do it anymore. Can someone please help me out. Thanks a lot!

(P.S. I do not have the installation CD for my desktop (this computer that can't read Chinese in Chinese software. I had to use my laptop's installation CD to reformat the computer.) So, my laptop and desktop both have the same problem: unable to read Chinese in Chinese software.)

Thanks in advance!
Yuki
 

A:Unable to see Chinese in Chinese software

If you are running Windows XP ...

Start Menu -> Settings -> Control Panel -> Regional & Language Options

Select the "Languages" tab and make sure there is a checkmark for, "Install files for East Asian languages." I do not recall if you will be prompted for the Windows installation CD.
 

Read other 2 answers
RELEVANCY SCORE 40.4

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

Read other answers
RELEVANCY SCORE 40.4

Please reopen the case:http://www.bleepingcomputer.com/forums/t/278792/infected-by-various-malware-help/ Original message, posted on December 14, 2009:My computer is infected by malwares. Earlier I got help from bleepingcomputer staff under topic malware and has tried to use these software to clean my infected computer but still to no avail. The volunteer who helped me earlier asked me to use hijackthis and paste the logs on this forum.Malwarebytes Anti-Malware (v1.41)TFC by Old TimerKaspersky Virus Removal ToolEset Online Antiivirus Scanner.Kaspersky Online Virus Scanner.Sophos Anti-rootkitNorman Malware CleanerThe problems are:- When I use Internet Explorer or Mozilla, sometimes another window open automatically that mentions google hiring, websurvey, etc- When I use search engine to find something, I could not click the link to bring me to the shown result that I want, instead it brings me to an unfamiliar site. I have to copy and paste the web address to open it. If I click the link, sometimes it brings me to an anti-virus ad that force me to download the software (it would not allow me to close the browser) so I have to end the whole internet session forcefully.----------------------------------------------------------------------------------------------------------------------------------------------LOGFILE IS ATTACHEDLogfile of random's system information tool 1.06 (written by random/random)Run by USER1 at 2010-01-07 19:27:45Microsoft Windows XP Professional Service Pa... Read more

A:Closed TopicStart new topic > Infected by various malware. Help !!, Malware pop ups and could not open link from se...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 17 answers
RELEVANCY SCORE 40.4

I have run into a terrible problem and can no longer use my computer. It started a few days ago when I believe I was infected by malware...I noticed a program running in my task manager...one of those short 3 letter exe programs, so I decided to run malware bytes. Malware bytes succesfully found that program and I think called it a rootkit or something else. I chose to remove the found problems and then it asked me to restart. Following restart, I get a blue screen of death shortly after the windows XP title comes on. When I choose any of the options (Safe Mode, Safe mode with networking, Safe mode with command prompt, or normal windows) I always get the blue screen and cannot log into windows.

The error message reads:
A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this stop error screen restart your computer. If this screen appears again follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical Information:
STOP: 0x0000007B (0xBA4C7524, 0XC0000034, 0x00000000, 0x00000000)

So at this point I ordered startup/recovery CDs from dell. I am using a dell computer with OEM installed windows XP home edition. I got the recovery CD today, and can now boot from CD.... Read more

A:Blue screen after running malware bytes - infected with malware

Hello, lets see if we can find the cause of this problem. I will move this topic to the malware removal forum.Try this please. You will need a USB drive.Download GETxPUD.exe to the desktop of your clean computerRun GETxPUD.exeA new folder will appear on the desktop.Open the GETxPUD folder and click on the get&burn.batThe program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.Click on Start and follow the prompts to burn the image to a CD.Remove the USB & CD and insert it in the sick computerBoot the Sick computer with the CD you just burnedThe computer must be set to boot from the CDGently tap F12 and choose to boot from the CDFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Press Tool at the topChoose Open TerminalType the following and press enter:

dd if=/dev/sda of=mbr.bin bs=512 count=1

Press EnterAfter it has finished a file will be located on your USB drive named mbr.binRemove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Read other 4 answers
RELEVANCY SCORE 40.4

It is so similar to MaxGen's problem that I have used some of his description of what is happening to me(us).I got infected by a nasty malware while surfing the internet. popups were created immediately so I knew right away something was happening. I wasted no time in running Norton AV and Ad-aware. Norton says it had found and removed the problem (Trojan.Vundo and Trojan.Metajuan)and I should restart. But everything got worse after first restart. No programs wanted to work. I even tried to backup personal files to Cd/Dvd and Nero did not recognize my burner. Now my situation is:1. Even in safe mode, I cannot run any anti-spyware software: Spybot and Spyeraser do not show up even though they are seen running in windows task manager. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access he specified device, path, or file. You may not have the appropriate permission to access the item."2. Cannot connect to any website, it always shows trying to connect. (The connection itself shows OK). - I downloaded AVG after the first restart and it found and fixed 8 of 12 problems found. I rebooted and was then unable to get on internet and AVG does not work anymore. 3. Worst of all, I can't even post the HijackThis logs. It does not start - telling me I do not have permissionsLike MaxGen there could be other symptoms I have yet to discover. I too have never seen this kind of nasty stuff. Please help!... Read more

A:ME TOO!! Infected by extremley nasty malware, can't even run HJT, please help, Unknown malware, windows XP

If you cannot get DDS to work, please try this instead.Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automatically open in Notepad.Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.If RSIT did not work, then reply back here.

Read other 6 answers
RELEVANCY SCORE 40.4

Already did some scans with tdsskiller and hitmanpro and they detected Trojan-Spy.Win32.Zbot, Rootkit.Win32.PMax.gen, and rootkit boot.cidox.b, I'm not sure how this machine got so badly infected. The user may have opened a link or some file by accident.
 
The infected svchost.exe is causing the most problems, creating multiple various connections and slowing down the internet connection. Explorer.exe would also crash and would create connections as well. Internet explorer would pop up to back-linking websites.
 
No restore cd for this computer. Although I do have a copy of xp meant for dell machines and this is a dell.
 
Just need to know how i can stop the svchost.exe from creating connections.
 
dds attached

 dds1.txt   9.67KB
  1 downloads

A:Infected with mutliple malware, Cidox,Trojan-Spy.Win32.Zbot,Infected svchost.exe

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your re... Read more

Read other 15 answers
RELEVANCY SCORE 40.4

I have a mild adware infection that is affecting every computer that goes through my network. Superantispyware can find and remove ONE file(no active, no registry) that is associated with this attack and the problem is resolved (ie. it does not come back unless i log into this particular network, it's still gone when I restart the computer, etc). The adware does not affect any of my cleaned computers unless I am logged into MY network. A clean load of windows XP with service packs loaded will immediately be infected on my network without so much as going anywhere aside from google.com.

As best I can tell my hijack this log is clean, but here it is for those of you who are far superior at this than I am. This is from the machine I am using which is currently infected.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:43:09 AM, on 12/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJ... Read more

Read other answers
RELEVANCY SCORE 40.4

Hello,

I was contacted by some friends last Sunday who said they received lots of wierd emails from my email account. The emails contained nothing but a link. I did not send any emails over the weekend so I don't know how this happened. This must be a virus, right? I noticed my antivirus (avast!) began (a few days back) blocking a couple of malwares when downloading emails to Outlook 2007 on my laptop. It identified a infection called "Win32-Malware-gen". It now does this everytime I try to download emails and I now have duplicate emails in my Inbox. My antivirus identified the infected emails having subject "DHL Express Delivery" or "FedEx Service Notification" and a document.zip attachment which I think contained document.exe if I'm reading the Avast! log correctly. I did not open any of these emails. The antivirus moved them to chest but it seems the problem wasn't resolved. I then get a microsoft message saying Outlook encountered a problem and cannot exit. It offers me an "End Now" button, but it seems to get into a loop and the whole scenario happens again whereby Outlook reloads and I get the malware messages again.

Another problem I noticed which might be connected is that in IE8, whenever I attempt to login to any site it blocks and reloads webpage with "This tab has been recovered - A problem with this website caused Internet Explorer to close and reopen tab" message. Then it asks me t... Read more

A:Infected with Win32-Malware-gen - Emails (Infected?) spammed from my email account to many recipients without my knowledge etc.

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 13 answers
RELEVANCY SCORE 40.4

I was at a hotel a few weeks ago, and afterwards firefox kept redirecting me to ad sites. I ran Microsoft Security Essentials and detected and removed (partially?) a program called Nimda, but the redirects continued. None of my security software indicated any other problem, and the redirects seemed to be to fairly harmless sites, so I figured I'd wait for my programmer brother to get home for thanksgiving to fix the issue. Today, firefox redirected to a site with the words "please wait, loading." I immediately closed out but my computer was already infected. A program called "privacy.exe" in taskmanager started up- it's your typical faux-security program that prompts you to "clean your computer" presumably by downloading all kinds of other awful crap. This particular program kept closing down taskmanager after a couple seconds every time I tried to open it, automatically closed security essentials, closed all my other background programs, and wouldn't let me open hijackthis or firefox. I restarted in safe mode and ran security essentials, which found and removed something called "VirTool:JS/Obfuscator.CE," then restarted normally, but the situation hadn't changed. After some trying, I was able to open taskmanager and manually shut down "privacy.exe" before it shut me out, and that's as far as I've gotten. Keep in mind when reading my DDS log that I shut this program down already, because it prevents me ... Read more

A:Infected with unknown trojan/malware, has infected pc with rogue:win32/fakerean, VirTool:JS/Obfuscator.CE, and others so far

Hi,BitTorrentAbove listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.Please visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully first.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew dds log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 2 answers
RELEVANCY SCORE 40

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

A:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

Read other 0 answers
RELEVANCY SCORE 40

Hello members (: Thanks in advance for helping me.
 
So, the first time I realised something was amiss was when searches in the Chrome Omnibar were redirecting to Yahoo. If I went to google.com to conduct a search, the ads at the top of the results page would flicker, and then seemed to change (font, size etc.).
 
I uninstalled and reinstalled Chrome, I signed out, I removed all my addons and extensions before reintroducing each one. I couldn't get to the root of the problem. After a quick search, it was suggested to use SpyHunter or Malwarebytes to resolve the problem. 
SpyHunter dropped a massive list of threats after scanning only 1%. When it finally finished, there were many Red Threats, but there was the stinger: I would have to pay for the advanced version, or a license, or whatever it wanted, before removing these threats. As a poor student, I turned to an alternative. That's where Malwarebytes came in. I did a scan, it found some problems and asked me to proceed, which I did, and it claimed the problem was fixed.
Certainly, Chrome doesn't redirect at the minute, but I managed to stop it redirecting it before now; only for it to start again. I ran another SpyHunter scan, and it found all the same threats as before, which, it would seem, Malwarebytes had missed. Now, I haven't bequest any windfall since yesterday, and still can't afford SpuHunter's ransom.
So far (6%), SpyHunter has found 216 threats including Blekko (192 infections), searchinternet-a.aka... Read more

A:Infected with Malware which redirects from omnibar, plus other found malware

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first ti... Read more

Read other 2 answers
RELEVANCY SCORE 40

 Hi all,
 
 I am Pousoidis and I would like to thank you for the services you provide. I am pretty sure that I have a virus in my laptop. My system is an Ideapad U410 with Intel® core ™ i5-3317u 1.70ghz, 8gb ram memory, 64 operating, with windows 7.
 
 At some point I could not click on my start menu button without windows explorer notifying me that it had stopped working and that it was checking for a solution to the problem. I went online trying to read about what I could do. Eventually, I restarted my pc with the option of cheking for disk errors and that seemed to fix the start menu problem; now the windows explorer does not crash. But after that I noticed that I could not open certain programs such as skype and picasa 3 (and μtorrent which since then it has been uninstalled from my pc).
 
 It is then that I became more suspicious and decided to download and run anti-malware programs such as mabm and spybot. None of these can install itself on my pc, always some error message such as "privileged instruction". Was not sure how to proceed from that, so i searched online and came across your site. Thank you again for your help. I apologize in advance, I am not really well versed in the ways of technology. I did run 1 system restore before I visited this site.
 
so I am copy pasting my dds files: 
 
Run by Pousoidis at 13:46:22 on 2014-02-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8053.5... Read more

A:Infected with some malware. Not allowed to install and run anti-malware.

Hello Pousoidis I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same... Read more

Read other 16 answers
RELEVANCY SCORE 40

Hello,

I have malware that prevents me from running anti-malware programs (unless their names are changed to aliases). It also makes its presence known when I am NOT connected to the Internet. In that instance, a message box informs me that "Generic Host Process for Win32 Services" is not working, and gives me the option of sending or not sending the relevant information.

I attach to this thread the "Attach" output from DDS and the .log file from GMER. Unfortunately, I was unable to save the Scan results from GMER in any format other than .log, and when I tried to use the "Copy" function within GMER, my machine froze.

I have also run (in safe mode) MBAM, SpybotSD, SUPERAntiSpyware and the Windows kb890830 malware-detection apps. The first three DID find infected files, which I removed/quarantined in each of the respective apps. Perhaps not surprisingly, the Windows malware detection scan did not pick up anything.

I apologise for the dreadful formatting of the GMER output; the .log file is (I hope) uploaded.

Kind regards,
Adam

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:58:53, on 04/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Safe mode

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\Explo... Read more

A:Infected w/Malware that doesn't let you run anti-malware apps etc.

Read other 16 answers
RELEVANCY SCORE 39.6

Hi,My Dell Inspirion N400 notebook Running Windows 7 64 bit (Pro), [OS Version: 6.1.7601 ServicePack: 1.0] has become a playground of miscreants from four courners of earth and time is running out. It all started 2 months ago when I opened an email with title that my teenage daughter daughter sex video is on internet. I never would click such a link but it was forwarded by my mother so I was in distress, so I clicked a link in it. It was luckily daughter of someone else and not mine since I never been or had relations with anyone from Nigeria.But from that day slowly everything breaks. My virus killers (Kaspersky then Bit Defender, and Windows Defender and Titanium Trend Micro) get turned off or stop responding. Before I had 36 processes after starting up and now I have 60, and a half hour later over 100 processes that take 100% cpu, 100% of my 8gig memory, and 100% hard drive activity.I reinstalled operating system 3 times on C drive but I have on D drive all my things in storage and in matter of a day after reformatting C and reinstalling, the ghost in machine is back. I have sometimes 10-30 errors in my event logs on a good hour, and 2-3 critical errors every few days. My external monitor port on laptop stopped working, my network cable port (looks like telephone jack) stopped working and I use usb connection to adsl modem. My camera can not be found and is unknown device accepting no drivers but sometimes it turns on and looks at me.Criminal hacker gangs are locked in bat... Read more

A:Infected by 36 Viruses/Trojans/Malware - Infected My Professor

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 1 answers
RELEVANCY SCORE 39.2

Hiya,This computer started being very slow all of a sudden yesterday. And today, I have "Malware Defender" messages popping up at me. It's pretending to be AVG, which I do have installed, by using the same colored logo.After running RRT v4.8.0.3, got a message saying "system restrictions and/or r-media malware detected! RRT needs your urgent attention!" Yup.The DDS is pasted below, and I've attached the "Attach" file. Sure do appreciate your help! - Barbaraa.k.a. WidgetWomanDDS (Ver_09-03-16.01) - NTFSx86 Run by Owner at 22:03:05.60 on Tue 03/31/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.74 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\Drivers\WTSRV.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\AVG\AVG8... Read more

A:Infected with Malware Defender (and r-media malware?)

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers