Over 1 million tech questions and answers.

Tango Mallware (?)

Q: Tango Mallware (?)

I can?t remove a software called Tango trough windows control pannel. It redirects to a site/message as in Tango.doc attached.I followed the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' but had problems with the gmer.exe file - it opens, but windows generated error message as showed in gmer-error.doc attached. I attached also the .txt log files from DDS.Any help on this topic?Thanks,Gustavo

RELEVANCY SCORE 200
Preferred Solution: Tango Mallware (?)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Tango Mallware (?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 3 answers
RELEVANCY SCORE 44.4

I noticed tango on my laptop and tried uninstalling the toolbar but it wont, I have windows vista. I really know nothing about computers, so i could really use some help. thanks
 

Read other answers
RELEVANCY SCORE 44.4

Everytime I run Spybot, I get Tango. I delete Tango every time, and it shows up again with the next scan. How do I get rid of it, and what is it? Thanks.
 

A:What's Tango, and why won't it go away?

Does it give you a location?

Click here to download Hijack This: http://thespykiller.co.uk/files/hijackthis_sfx.exe

Let it extract to C:\Program Files

Close out any open browsers
Launch the program
Hit "do a system scan only"
When that finishes, hit "save log"
The log will open in Notepad
Copy & paste that log into this thread

Do not fix anything yet
 

Read other 1 answers
RELEVANCY SCORE 44.4

I'm trying to find the best speed/price method for linking two PC's.
What sort of tranfer rates do you get from a null modem?
Is it possible to link via USB? What hard/soft ware is required?
Or would a network card would work best for this? If so, what type?
 

A:Two to tango?

Read other 8 answers
RELEVANCY SCORE 44.4

Went to add/remove programs from control panel & found something called Tango. However, when I tried to remove it, a blank page came up as follows: http://remove.gettango.com. Nothing else happens. I closed out the blank page & then could not close out add/remove. My os is XP. Any assistance would be greatly appreciated. Thank you.

A:What is Tango?

Download, install, update and run MalwareBytes AntiMalwareThat should remove it.

Read other 1 answers
RELEVANCY SCORE 44.4

Another puzzle for the IT wiz.

We are 2 on a laptop - Win Xp HE + Office XP Prof:

when "switching "from one to another user, layouts are COMPLETELY different. I can't get my OE icon on to desktop nor on the menu bar at the bottom of the screen. All our icons on the sart menu had disppeared which I managed to recover but not onto the Äll Programs "menu.

Also, most urgently:
I used to right click on icons in order to opt for the: send to: and choose from a number of options including: send to> email recipient ,etc. I now only have ONE option > to "DVD/CD Drive E:" ????????????????????

and my husband still has the normal ones when prompting the send to

what is going on here? any idea? or am I just too confusing for words?

thanks again and again.

dd
 

Read other answers
RELEVANCY SCORE 44.4

here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\aswUpdSv.exe
D:\Program Files\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\ashMaiSv.exe
D:\Program Files\Alwil Software\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\ashDisp.exe
D:\Program Files\Ace Explorer\Ace Explorer\Aexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Alwil Software\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmsandwich.com.ph/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\ashDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast!... Read more

Read other answers
RELEVANCY SCORE 44.4

Hello,
a few days ago i got some virus, which took all of my memory slowly and after 15 min. it releases it slowly. Ot prevents me to instal any mallware software, and use of it when i+m logged on.
It does allow me to go to safe mode and clean stuff from there, which doesn't help when i log on normally again. System is Win XP professional SP3. Please see my comboFix log below if anyone can help me to solve my problem.
Thank you in advance,
Matjaz
ComboFix 11-10-08.01 - Matja? 08.10.2011 20:27:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.959.659 [GMT 2:00]
Running from: c:\documents and settings\Matja?\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matja?\My Documents\HijackThis.exe
c:\windows\$NtUninstallKB14177$\2256817183
c:\windows\$NtUninstallKB14177$\3265923636\@
c:\windows\$NtUninstallKB14177$\3265923636\click.tlb
c:\windows\$NtUninstallKB14177$\3265923636\L\hznbllxz
c:\windows\$NtUninstallKB14177$\3265923636\loader.tlb
c:\windows\$NtUninstallKB14177$\3265923636\U\@00000001
c:\windows\$NtUninstallKB14177$\3265923636\U\@000000c0
c:\windows\$NtUnins... Read more

A:some mallware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422516 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

http://ad.yieldmanager.com/st%3Fad_type

How do I get rid of this off of my computer...Someone please help me

Read other answers
RELEVANCY SCORE 44

Hey, I have an extra toolbar by the name of tango toolbar that just popped up in my internet explorer a few days ago. I figured something wasnt right so i tried deleting it in my control panel but i just get this message:

Hello, If you were sent to this page then it is likely that you have downloaded some sort of adware or malware. We have recently begun to receive reports from individuals who have installed a toolbar that includes the name ‘tango’ and tells them to go to here to remove it. Our company, Brand Tango, has no association with this software and we do not create any software for individual use. The reported toolbar is attempting to mislead people by sending them to a domain that they don’t own and that can’t help them. We recommend that you ensure your internet security software (anti-virus, firewall, malware/adware protection, etc…) is up to date and then contact their technical support for help removing the toolbar. For your convenience, links to some of the more popular internet security companies are listed below.

Sincerely,
Brand Tango

http://usa.kaspersky.com/
http://www.symantec.com/norton/index.jsp
http://www.mcafee.com/us/default.asp
So its obviously malware since when you try to delete it, it just says,"this isnt malware so why are you deleting it?" I did the HJT report like it said in the post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:12 PM, on 5/18/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet ... Read more

Read other answers
RELEVANCY SCORE 44

Hello i have windows xp yup i know time is almost up but i wanted to clean up the system b4 i update. I went through the steps and when i got to step to UNHIDE my flies they are GONE. how do i get them back?

A:Security Tango

Hello to Bleeping Computer! 
 
When you say unhide, how were you going about unhiding them? Are these files system files or documents/pictures etc.? 

Read other 2 answers
RELEVANCY SCORE 44

Can't get rid of the Tango program in my control panel options... Not sure if it's what's causing slow browsing, but there's a 10 second pause before each web page load up that wasn't there before... I've updated and run my Spybot program but it didn't detect it

I know you guys normally want a Hijackthis log so I'm going to post one after this... I use Google Chrome because it was a lighter program than the Internet Explorer I was using... I have a fairly dated computer so I have to go as lightweight as possible...

Here's what it found... It also brought up a window saying

For some reason your system has denied write access to the hosts file. If any hijacked domains are in this file Hijackthis may NOT be able to fix them.

If that happens, you need to edit the file yourself... ... etc... What does this mean?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:33 AM, on 6/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Danielle\AppData\Local\Google\Chrome\Application\c... Read more

Read other answers
RELEVANCY SCORE 44

I have found this thing called Tango on my programs list i did hijackthis toolbar.

If I can post the file log on here would someone help me please? i have no idea what to do.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:09, on 03/06/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\BatteryMonitor\BatteryMonitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Users\Martyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Martyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Martyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Martyn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx... Read more

A:Tango Toolbar

Read other 16 answers
RELEVANCY SCORE 44

Does anyone know what tango dialer is? I have an old computer that is running windows me. I ran a spybot scan and it showed tango dialer. Should I remove it?fredMod Edit - Moved to appropriate forum - Leurgy

A:Tango Dialer

TangoI'd let Spybot remove it.

Read other 1 answers
RELEVANCY SCORE 44

Hi!
I have a malware and I'm not able to delete him. I have in my Internet page a toolbar call tanto toolbar. I delete it from my internet page but it steel in my control pannel and I'm note able to delete him. (excuse me english, I'm french!) That's what I do:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Version de la base de données: 5219
Windows 5.1.2600 Service Pack 3, v.5512
Internet Explorer 7.0.5730.13
2010-11-30 10:51:19
mbam-log-2010-11-30 (10-51-11).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 125334
Temps écoulé: 8 minute(s), 11 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B2C7C9D-716D-4E9E-9358-B9C80A81B7ED} (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\Software\IEBarProperties (Adware.Mirar) -> No action taken.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> No action taken.
Valeur(s) du Registre infectée(s):
HKE... Read more

Read other answers
RELEVANCY SCORE 43.6

Here is the log from HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:39 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\1E\SMSNomad\SMSNomadP2P.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WQ8FEE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\AccelerometerSt.... Read more

Read other answers
RELEVANCY SCORE 43.6

Having problems with program wanting me to buy an antispyware to fix my computer and I have a program already.

A:Mallware and Adware

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

I get every five seconds a message on my computer with the text : Your computer is infected! Dangerous infection was detected on your pc. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats. -> But it don't help at all and when i remove SpywareStrike 2.5 it comes back when i restart my computer. He goes very slow to Logfile of HijackThis v1.99.1Scan saved at 14:28:17, on 3/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEC:\WINDOW... Read more

A:Spywarestrike 2.5 And Mallware

Hi,Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.Open Ad-aware and do a full scan. Remove all it finds.Run Ewido:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to c... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

can someone please help me remove tango from my pc.
I have tried most of the solution seen in other threads, nothing has worked so far.

malwarebytes and SuperAntiSpyware did not find it.

I havnt noticed if tango is doing any harm to my pc, i just know its not suposed to be there.
 

Read other answers
RELEVANCY SCORE 43.2

I am not a computer person and have the tango tool bar on my laptop and need help removing it. Here is what I came uLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:12 PM, on 10/5/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\Users\User\Documents\RCA Detective\RCADetective.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\YouTube Downloader Toolbar\SearchSettings.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.tangotoolbar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tangosearch.com/?useie5=1&q=
R... Read more

Read other answers
RELEVANCY SCORE 43.2

This is my first time posting anything on your site. I am a beginner on the computer, so everything I go about doing I have to learn the meaning of first. Several weeks ago I noticed the Tango Toolbar on my screen and when I clicked on IE the Tango came up as my homepage instead of Yahoo. Lately when I sign in to my mail and click on inbox or spam the screen goes back to desktop with all my icons. It totally removes me from the internet. Therefore I am unable to get any of my emails except at the library. I was able to download TSG SysInfo to word, but I don't have it here with me at the library. My computer is 2-4 years old - windows vista - designed for windows xp - amd64 athion x2- I believe. I read a post from "cookiegal" that said one should backup all files on disk or external hard drive. I have a Seagate manager (1000 GIG) and Staples said that everything was backed up for me, but I can't seem to find all the files that should be in it. I'm not too familiar with it yet.
I already downloaded Hi-Jack this. Where do I go from here? I don't want to do the wrong thing. I did already run the scan before I read "cookiegals" recomendation not to, and Tango did show up several places, so I copied the report to Word and then closed it out without further ado.
Please Help soon--Desperate! Thanks sooo much for your help, Pi-co
 

A:Tango Toolbar installed itself somehow--please help!

Hiya Pi-co,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.

Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then clic... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

My computer is a Dell Dimension C521 with XP and Yesterday a blue screen with a message of fatal error showed up. I now have a tool bar by Tango that I don't know how it showed up. Before all of this my Antiviris showed a virus on my computer so I ran a scan and I thought I removed it but now all my icons on my desk top are gone, I have no start Menu and I have to try to run anything by pushing Ctrl, Alt, and Delete. What can I do?
 

Read other answers
RELEVANCY SCORE 43.2

Ok, so I own a Gateway, and have had it since '98. Acient, I know. Just recently it's began to freeze up on me, but that's not the problem. A few nights ago it froze, upon restarting the computer, I tried opening up some music on my computer, but I got an error.

"Bad DirectSound driver. Please install proper drivers or select another divice in configuration. Error code: 88780078."

Now, what specs do you need from me to help fix the problem? And the computer freezing on me every now and then means what?

Thanks in advance,
LLyno
 

A:Sound Divice Tango

Read other 6 answers
RELEVANCY SCORE 43.2

Hi, had some troubles last night..must have picked up a virus as the video driver went (reverting me to what reminded me of my old school computer days...LOL) and, then I got the blue screen of death. I started Windows in Safe Mode with Network Support and, ran Malwarebytes, Ad-Aware and Spybot and removed everything found. Tango no longer shows in my listing of Add/Remove programs but, my browser (Chrome) is still re-directing me to Tazinga every once in a while so, I'm guessing there is something that remained after all of my efforts. I also notice, not sure if this is anything but, in Task Manager, chrome.exe is showing 13 times even tho I only have the browser open once with tabs. So weird.

Any help would be greatly appreciated!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:34:37 AM, on 3/10/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Se... Read more

A:Uggg Tango - soo messed up...

Just bumping this up in hopes of some HELP as my computer is still REALLY wonky!!!

New Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:46 PM, on 3/15/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Suzanne Quinn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\U... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

I am infected with Trojan Dialer-269. I tried everything i new. In safe mode i tried: stinger, spybot, Ad-aware, Macafee Virus Scan, etc.. Nothing seems to work. I have attached my hijackthis log file. Any assistance appreciated !
 

A:Dialer - 269 Trojan (Tried every tango i could ..please help)

Read other 10 answers
RELEVANCY SCORE 43.2

Some days ago I posted a problem wherein the CD Rom tray took up the Tango and decided it has a mind of its own. Just likes to boogie occasionally Acacandy answered the thread with advice but by that time my tech guy here had popped round and solved the problem ..... ahh so we thought Now it's off again in four four time doing the salsa My wife is intent on bringing in a priest friend to do an exorcism

My support chappie is trying to recall the name of a virus that's on a "timer" and plays these funny tricks on poor ole timers like myself

A full scan with Norton gives an all clear !!!

Thanks - Oldie
 

A:Gremlins again - CD Tray doing the Tango!!!

Post a HJT log, but I suspect it's the latest CWS hijack that tries to sell spywiper to you
 

Read other 2 answers
RELEVANCY SCORE 43.2

I am new to this forum so I hope I am doing this rightWell where to start. I have run countless different malware adware and antivirus programs and they all catch some problems and Remove them but they keep coming back. When I restarted my computer the other night I got an error message saying error loading c\eindows\ststem 32\kodoebu.dll I have looked for the file but it does not exisit. When I try to delete it in my startup manager it keeps coming back. I have ran all the programs that I have In safe mode and for the most part come up clean, but as soon as I restart and run them It catches more problems I am going to post my Hijack this log in hopes of getting this fixed. Thank you In advance. malwarebytes find 3 things called trojan vondo or somethingit deletes the one with the HKLM\..\Run: [dipehifage] Rundll32.exe " but it comes back after restart the other 2 say they will be deleted upon restart but arent. i am going to also post my malwarebytes log file.thank you in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:06 AM, on 12/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\s... Read more

A:Mallware Keeps comeing back

Hello makemoney11 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Click the Scan All Users checkbox on the toolbar.Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the re... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Setting: Family members PC (Dell, WinXP, round 2 years old, specs ?)

Problem: Was running slow/partial lockups, had no AV, no AntiSpy, no software firewall for DSL (yeah perfect cluter-fudge waiting right there).

What I did: First ran Ad-Aware in safe mode (cause Normal was too slow/lockups). AW found bout 500 various unpleasantries & removed them (Note: it is a year old version thats on a disc i burnt, so it could'nt find all the newer "stuff" but should have helped enough to be able to d/l new version and scan in Normal mode). Then ran Registry Mechanic found some 500 "problems" and fixed them. Booted to Normal was still slow; with WMI errors every some 10 secs, and MS Money trying to "install" (ended up uninstaling that one). Attempted to install Norton AV '04 but opted not run pre-install scan. Norton then failed to install shortly after starting, so I rebooted, began install again but did the pre-install scan. Now the fun begins: after a 1 1/2 hour scan it found some 8000 files infected with W32.Pinfi virus . Norton repaired 3000 some files and deleted some 5000 files, installed rebooted, finished install, and then I updated Norton, rebooted and then after going into the main account, it kicked me out imedately to the select user account screen. I tried other accounts, same. Even tried safe mode, same. Its almost like i'm locked out of the comp. Was thinking of ERD commander and see if some of its tools could repair it ... Read more

A:Virus/Mallware Issue

Well my friend... Norton is not a good idea.

If norton hasn't totally corrupted windows yet by improperly removing files (or lack of), then you can try un-installing it and the old version of ad-aware and try running the latest version of kaspersky anti-virus personal pro + latest updates, in safe mode with no internet connection.
This will get rid of all the viruses / spyware / malware. Some files may still be corrupted from all the viruses but chances are most will be ok. After you've finished that put a proper firewall on it. I recomend Kaspersky Anti-Hacker, or ProtoWall + BlockList Manager.
 

Read other 1 answers
RELEVANCY SCORE 43.2

Windows XP.

I have tried to scan my computer numerous times for both virus/mallware trying different software programs AVG, Ad-aware, etc.. However every time I try, the scan after freezes, or computer dies (blue screen). It doesn't matter what software I use. It could freeze anywhere between 10 minutes and an hour after starting the scan. I currently just have AVG virus only on my computer. I would be nice to be able to scan my computer. Any ideas? This has been going on for quite sometime now.

I don't know if this is related or not but I also cannot get a security update (Excel) installed on my computer. All other windows updates were completed.
 

A:cannot scan for virus/mallware

Read other 9 answers
RELEVANCY SCORE 43.2

Newbie Here

After Several Virus scans, and anti spy software runs I am still getting browser hijacks from party poker. what can i do next Help.

This is my Log from Symantec,
Date Filename Threat Threat Type
6/18/2007 16:31 retadpu77.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 func.exe Trojan.Adclicker File

here is my hijack this log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:59 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files... Read more

A:Help Virus, Mallware, Hijacks

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {B39780D1-0EB1-43DA-B4AE-664E9732D345} - C:\Program Files\Windows Media Player\hokep43855.dll
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"



---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 19 answers
RELEVANCY SCORE 42.8

Somehow Tango installed on my vista and I can not get it off. Anyone know how to remove it? . .Tried the PCTools download that says it will remove it automatically, but HA HA! No go.

Thanks
 

A:Tango toolbar and a bunch of other junk

Read other 16 answers
RELEVANCY SCORE 42.8

I have mistakenly downloaded a tango program along the same lines as this thread:

http://forums.techguy.org/windows-vista/922535-tango-toolbar-bunch-other-junk.html#post7462903

I cannot remove it from the Control Panel as it takes me to a webpage instead of removing it.

Super AntiSpyware did not remove it in quick or full scan.

These are the results of my HiJackThis Device Manager report:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIM 7
Apple Application Support
Apple Software Update
Ares 2.1.4
BitTorrent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
FLV Player 2.0 (build 25)
Google Earth
Google Update Helper
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet TV for Windows Media Center
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.6.4)
Norton AntiVirus
Norton Safe Web Lite
PlayReady PC Runtime x86
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.5... Read more

A:Tango program in control panel

Read other 16 answers
RELEVANCY SCORE 42.8

I have this Tango Toolbar installed on my computer. I'm not 100% sure how it got there but it did. When I try to remove it from the add/remove programs it gives me a pop up that says

"Tango Toolbar is 100% spyware free"
"If You're seeing pop ups while browsing the internet its NOT because of Tango"

And a bunch of other crap. Then wants me to download some uninstaller thing. Pretty much its a hunk of junk.

Now. I need help getting rid of the damn thing. Please and Thank you
 

Read other answers
RELEVANCY SCORE 42.8

I have mistakenly downloaded a tango program along the same lines as this thread:

http://forums.techguy.org/windows-vi...ml#post7462903

I cannot remove it from the Control Panel as it takes me to a webpage instead of removing it.

Super AntiSpyware did not remove it in quick or full scan.

These are the results of my HiJackThis Device Manager report:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIM 7
Apple Application Support
Apple Software Update
Ares 2.1.4
BitTorrent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Conexant HDA D330 MDC V.92 Modem
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
FLV Player 2.0 (build 25)
Google Earth
Google Update Helper
HiJackThis
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet TV for Windows Media Center
Java(TM) 6 Update 20
Java(TM) 6 Update 3
Linksys EasyLink Advisor
Linksys EasyLink Advisor
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox (3.6.4)
Norton AntiVirus
Norton Safe Web Lite
PlayReady PC Runtime x86
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SigmaTel Audio
SUPERAntiSpyware
Tang... Read more

Read other answers
RELEVANCY SCORE 42.8

Dear Techs,

Please can you help me to remove Down Tango Toolbar.

SO far, I have tried system restore... paid for PC Pro 2012 and scanned computer/ removed irregularities, downloaded and scanned with Superantispyware.

I have blocked it using my Norton 360, and deleted it from chrome toolbar.

However, it still reappears each time I log onto Chrome.

Please please help!
Cazzy
 

A:Unable to remove Down Tango Toolbar

Read other 16 answers
RELEVANCY SCORE 42.8

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-10 21:19:16
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{886DD... Read more

A:Wallpaper Locked! Bugs! Mallware! Help!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 42.8

Thanks in advance!

Problem seemed to manifest after I download a torrent of an .avi file.

- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java... Read more

A:Help Needed W/ Trojan/Mallware Infection.

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now an... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

Hi All,

I am hoping to get help with a problem a recently discovered. I am using Windows XP SP3 (Media Center Edition). I recently noticed my computer misbehaving, slowness, occasional pop-up from Super Anti-Spyware when browsing IE7. I started to look in the usual places like msconfig and current processes running and found a suspicious dll in the startup menu. The line in msconfig currently reads O4 - HKLM\..\Run: [Jrobibere] rundll32.exe "C:\WINDOWS\atadavakul.dll",e. I have tried several utilities to erradicate the dll without success. Here are the steps I have taken so far (both in standard and safe mode):

- Run CCLeaner
- Run AD-Aware
- Run Search & Destroy
- Run Avira AnitVir
- Run SUPERAntispyware
- Run HijackThis

Running the above utilities does not get rid of the dll. The only app that seems to locate it is HijackThis. I try removing it via Hijack, but it comes immediately back after a re-scan. I also ran ProcessExplorer to look up the dll relation, and it seems to be hooked into Explorer.exe. I even went as far as running through a suggested Vundo fix solution, I saw on here months back. Still no luck. I am able to rename the dll, reboot, and successfully remove the dll. However the dll gets randomly renamed. The only things that seems to stay the same is the "Jrobibere" name. Also I tried to remove the run key from the regisrty and it immediately comes back, even if Windows Restore is turned off. Below is my DDS resu... Read more

A:Possible virus/trojan/mallware in explorer.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 22 answers
RELEVANCY SCORE 42.8

Hi,I am in a bit of a bind here... Leave it to dumb luck to get hijacked my malware as i am writing my thesis... due in ten short days... it is manageable but really slowing my machine down.. i tried to first run a kapersky scan but IE gets hijacked when it is running...any help would be very very very appreciated...thanks you all for devoting your time to help people like me...- joshs Deckard's System Scanner v20071014.68Run by Josh on 2008-04-18 11:05:40Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Josh.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:56 AM, on 4/18/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee\MPS\mpsevh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\sttray.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\PowerISO\PWRISO... Read more

A:Hi... Please Help... Writing Thesis.. Mallware Hijack

Hi jotamon Sorry for the delay in answering your post. Things are very busy here at the moment.If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.Thanks

Read other 14 answers
RELEVANCY SCORE 42.8

i can't install sp2 or access my msn home page, only hotmail. mywebsearch, funweb search, isearch keep showing up on scans, also clean my pc and bestoffers won't let me uninstall. here is my hijack this log. i have run the suggested scans and anti virus- thaLogfile of HijackThis v1.99.1Scan saved at 2:51:53 PM, on 10/1/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\runservice.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS\System32\Rscmpt.exeC:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PE... Read more

A:Can;t Install Sp2 Or Access Msn- Suspect Mallware

Hello johnnyw and welcome to the BC HijackThis forum. I do not see any of the items mentioned above in the log. Let's do a little cleaning and then go from there.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {6FB72287-7980-4777-BF0C-1242A4CF3908} - C:\Program Files\ComPlus Applications\mebovik.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in. Also run whatever scanner is showing the items mentioned in your post and post that log back here as well so I can see what is being reported and where it is being found.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 42.8

hello i downloaded ytd downloader and got a few hits in the registery by adwcleaner.Mcafee also picked up 2 trojans.
i scanned with tdss killer,malwarebyes antiroot kit,malwarebytes and zero infections.i have uninstalled new.net toolbar and ytd download from the system.

A:ytd download mallware and news.net toolbar

Were the hits related to YTD Video Downloader? YTD Video Downloader is a legitimate program hosted by popular download sites.In some cases AdwCleaner may detect items related to legitimate programs...a search should always be performed first so the detections can be reviewed.If the hits were related to News.Net Toolbar, ignore the above.Did Mcafee provide a log or a specific file(s) name associated with the malware threat(s) detected? If so, what was that name and where was it located (full file path) at on your system?

Read other 12 answers
RELEVANCY SCORE 42.8

Hello guys. I encountered this malware yesterday as I was browsing what I thought was a normal news site. I wonder if this is a "Christmas Present" others are receiving? It started giving me conflicting "virus detected" reports which I didn't know were real or AVG-related. I have AVG on my machine and ran it and it detected no problems. I have HijackThis software which I ran but am not knowledgeable enough to interpret the results. I've read several threads with this same topic but not sure if I should just follow those instructions or start a new thread. I'm running NT on a Compaq machine. Can someone help me please?

Edit: I should also mention that I had to run the System Restore option on my machine since when I attempted to boot it, and start windows, it immediately started some applications indicating that virus were present on my machine. I restored it to the previous day and this eliminated that problem but the google redirect problem is still on my machine.

Thanks!

A:Google redirect mallware on my machine

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 42.8

Hello,

I was having an issue with mallware called "Mallware Doctor." So I ran Malware Bytes and after the scan it found 2 Trojans. I removed them and it asked to restart my computer to complete the process. I clicked ok, then when it restarted the normal screen came up then just went black.

I have tried rebooting several times, I am able to hit F2 and get to setup. I can also hit F8, but when I make any selection after hitting F8 it either starts again with the black screen or if i select to start it in safe mode I get a bunch of white text saying That stops halfway through the screen.

Rob

Read other answers
RELEVANCY SCORE 42.8

Hello this is my first post.
symptoms are, mouse out of control, random pop ups, programs wont start.

The following is my logs;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:02 PM, on 15/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

A:Windows 7 Mallware/virus issue

Hello crusher101048, and Welcome to the forum!
My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
Absence of symptoms does not mean that everything is clear.
I am currently reviewing your l... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Referred from here: http://www.bleepingcomputer.com/forums/t/298223/ive-been-hacked-i-think/ ~ OB I'm sure I screwed up somewhere. Give me hell. I deserve it. Was I supposed to have uninstalled AVG?

A:Unknown Culprit Mallware or Virus etc.

hi,I looked at your other post. It looks like your blog may have been compromised, not your machine. Web sites can be hacked to dish out malware and/or redirects etc.

Read other 13 answers
RELEVANCY SCORE 42.4

I removed spyware/malware using a variety of software yet still have a Trojan Downloader. Malwarebytes detects it and 'supposedly' removes it but it is still present. I also have a file called Tango embedded on my HD located in System Files. I am unable to uninstall it.
My registry keys were also compromised.

My operating system is still extremeley slow and/or unresponsive at times. I also blue screened two days ago.

I have attached a copy of those infections found and quarantined using Malwarebytes.

Can anyone provide me with a removal tool(s) or steps?
Thank you!

Read other answers