Over 1 million tech questions and answers.

Spywear Xp 2008 And Malware Protector 2008

Q: Spywear Xp 2008 And Malware Protector 2008

I have tried to stop this spyware xp2008 with no sucess. It has stopped me from doing anything on my computer. I have Spywear Doctor that took me 10 hours to run. It found 6 trojans and delted them but now I still get a sign saying that I have MalwareProtector 2008. A website told me to download mbam-setup. There is no way for me to get into "my computer" from "start". I did download it but now I can't open it to run it. When I click on my "start" button now, all programs are missing.

When I turn off the computer and power it on again, this is the message - RUNDLL Error loading C:\WINDOWS\system32\oljqvcfu.dll. Next line says The specified module could not be found.

Please help.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Spywear Xp 2008 And Malware Protector 2008

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 121.2

Hello, my wife was downloading a "David Cook Video" from some unknown website. She screamed when all of these pop-ups came up. I closed them out and ran AVG 8. It was unable to remove the virus. Then the desktop went blue and the system kept trying to restart but could not, another blue screen came up with white text. I was able to restart in safe mode. I have 2 new items on my desktop XP antivirus 2008 and Malware Protector 2008. Thanks in advance for your help.

I have posted my System Scanner file below and will attach my Active Scan and Extra.txt file.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 09:04:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-08 13:04:04 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2008-07-08 11:41:55 UTC - RP3 - Last good restore point
1: 2008-07-08 11:41:33 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:20 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Run... Read more

A:Antivirus XP 2008 and Malware Protector 2008

Bump.

Read other 12 answers
RELEVANCY SCORE 105.2

I woke up this morning to see bugs eating my desktop. I was furious to say the least. With a whole lot of searching and trying random things, I have yet to rid of the Malware Protector 2008. I followed all your guides and have come with this:Deckard's System Scanner v20071014.68Run by Owner on 2008-06-11 17:48:49Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; System Restore is disabled (service is not running).Backed up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:49:15, on 6/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spools... Read more

A:Malware Protector 2008...

Hi and Welcome to the forums.Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yetO4 - HKLM\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exeO4 - HKLM\..\Run: [lphclunj0ea1a] C:\WINDOWS\system32\lphclunj0ea1a.exeO4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [Xerng] C:\WINDOWS\system32\?ssembly\?hkntfs.exeO4 - HKCU\..\Run: [Kzhvig] C:\WINDOWS\system32\??pPatch\t?skmgr.exeO4 - HKCU\..\Run: [Lorlc] C:\WINDOWS\system32\?ssembly\w?nspool.exeO4 - HKCU\..\Run: [Yewmwa] "C:\Documents and Settings\Owner\Application Data\?ssembly\w?auboot.exe"O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked ButtonNext,update MBAM and run a quickscan,remove all it finds and reboot if needed.Once thats complete,Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackt... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

Looks like Malware Protector 2008 made its way onto my computer. Not sure if I was successful in getting rid of it. It wiped out my background screen to a plain blue screen and am still getting booted to an error message screen stating I must shut down my computer to avoid permanent damage.Can someone take a look at my log and let me know if I need to do something else? Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:14:48 PM, on 6/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\winlogon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Hel... Read more

A:Malware Protector 2008

Hello Pors and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

i don't know what i must doing... attacked my computer malware 2008 and I installed more porgrams...but he still is on! pls help me
(Mod edit: Moved to a more appropriate forum ~ rigel Win XP => Am I Infected)

A:Malware Protector 2008 Wtf?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to se... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

Hi,Malware Protector is constantly popping up after I login to my laptop as well my desktop background reads, "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer. I used Malwarebytes' Anti-Malware to no avail. As you've requested, a copy of "main.txt" from DSS will be included in the body of this email, but the other txt file (extra.txt) didn't display. If you need that file as well, let me know another way to get that file and I'll try again. ThanksDeckard's System Scanner v20071014.68Run by TrombetD on 2008-06-16 20:37:00Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 86% (more than 75%).Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as TrombetD.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:05 PM, on 6/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\Novell\XTAgent.exeC:\WINNT\system32\ibmpmsvc.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32 ... Read more

A:Malware Protector 2008

Hello Troms and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, ... Read more

Read other 5 answers
RELEVANCY SCORE 105.2

Hello all. This is my third time making this thread, so I assume that I am doing something wrong. If so, please let me know what it is so I can receive help.

I am having a problem with the Malware Protector 2008 malware. It causes bugs to appear when idle, sends me popups, and placed a tray icon in the corner that wont leave.

I followed all 5 steps, but I had trouble with 2 and 5. With 2, the scan found nothing and will not give me a chance to save the log. With step 5, only the main.txt file shows after the DSS scan. No extra.txt file appears. Here is the DSS scan.

Deckard's System Scanner v20071014.68
Run by Tashaun on 2008-06-09 12:19:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 9.72 GiB (less than 15%) free.


-- HijackThis (run as Tashaun.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:06 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\syste... Read more

A:Please Help, Malware Protector 2008

Hello -

Part of the problem is, we're just very busy in this section. Creating new threads is not the solution.

The first thread, you asked to be deleted, so it was. You've now created a third thread, when we ask that all members be patient, and if no reply is received after 3 days, to bump their thread once.

This thread is closed.

Read other 1 answers
RELEVANCY SCORE 105.2

Hi,

I've been reading through these forums for a couple of days trying to figure out some more options for myself.

I appear to be yet another victim of Malware Protector 2008; I've read up quite a bit on-line and have followed most of the automatic removal instructions;

I've restarted in safe mode, run SmitFraudFix, let it do it's thing and emptied out my temp folder.
I've also tried Malwarebyte's Anti-Malware,
Spybot Search & Destroy,
and AVG.

When I remove the files in Safe mode, it appears that my computer is clean. The second I restart in normal mode, the program reasserts itself.

It has changed my clock to read in military time, and has made my desktop a blue screen with a warning that have Spyware which must be removed; Also, occasionally a window named "BluScreen Screen Save Configure" pops up and reads:
Sysinterals; with an option to check "Fake disk activity".

I've bee attempting to get rid of this for two days now, so any help would be much appreciated.

A:Malware Protector 2008

Hello, Klmnumbers.Download Ad-ware this may find it, update it then go into safemode then scan with it: heres the link: Ad-wareIf Ad-ware doesnt pick anything up then please download SuperantispywareAnd run this in safemodeGet back to us and let us know the results.

Read other 29 answers
RELEVANCY SCORE 105.2

I have been infected with this program and I am very computer dumb.

I could not understand instructions on other websites on how to remove things.

I think I have deleted most the stuff but the biggest annoyance still there is this screensaver with bugs crawling on screen and also i found that the option to change my screensaver is not there anymore.

Like I right click the desktop and go to properties and only tabs up top are theme appearance and settings.
Sorry if I didn't post right and for being dumb but i can't seem to figure this out.

A:Malware Protector 2008

Hello Tony99 and welcome to BC I see that you have a HiJack This log posted here: http://www.bleepingcomputer.com/forums/t/151189/combofix-log-blue-screen-problem/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you an... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

I have been infected by this fake Spyware Remover program and there is a box on my desktop that says, "Warning! Spyware detected on your computer! Install an anti-virus or spyware remover to clean your computer." Every now and then I get a blue screen saying my computer has to shut down but it doesn't. I found some sites that say they have solutions to this, but I suspect they may also be fake. What can I do to remove this from my computer and restore it fully? Please help. Thank you.

A:Malware Protector 2008

G'Day Powerpunk5000, Welcome to TSF!

Please read this article? "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 1 answers
RELEVANCY SCORE 105.2

I can't get rid of this, please help.Deckard's System Scanner v20071014.68Run by Compaq_Administrator on 2008-06-08 17:15:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-08 21:15:48 UTC - RP6 - Deckard's System Scanner Restore Point1: 2008-06-08 21:04:00 UTC - RP5 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Compaq_Administrator.exe) --------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:17:39, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EX... Read more

A:Malware Protector 2008

Hello Ianmaybeme and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comple... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

Hello, Yesterday Maware protector 2008 was inadvertantly downloaded onto our computer. I used our Norton Anti Virus, your Anti Malware and even went into the Registry to manually remove but have had no success in removing it. Before attempting removal - when turned on there would be a blue windows generated screen stating a security risk was found by windows and it would want to restart. Also Malware auto started. Then every 10-15 minutes the blue windows warning would pop up and the computer would want to restart but could be stopped by pressing the space bar. After deleting some of the registry entries and running Norton (found 1 virus) we no longer received the blue warning window at start up but still had all the malware problems. Today I used your Anti Malware. It has removed more of the program the it still auto starts and gives pop ups requesting we pay for the program. All links and icons remain. Also there is a blue wallpaper with a yellow box stating Warning! Sptware Detected on Your Computer. Install an anti virus or spyware remover to clean your computer. One other thing I've noticed ... the associated registry info contains ... your website it says shclkrj0etfg and Symantec says shcev9j0e1b1 However in my registry the folder where the malware files are located is shc585j0ej91 I can't delete this folder (tried but it won't let me)however I can the contents. Once the computer is restarted the contents reappear after the malware program restarts. After... Read more

A:Malware Protector 2008 Can't Remove

Hello Lisa and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

Operating system: Windows XP SP2
My son downloaded something yesterday that included this and maybe more. I thought I got rid of part of it last night but spybot keeps popping up with different things and I know part of it is still there. I have run AVG and Spybot numerous times. If anyone can help, I would really appreciate it!
Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:27 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C... Read more

A:Solved: Help getting rid of Malware Protector 2008

Hi, Welcome to TSG!!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be p... Read more

Read other 3 answers
RELEVANCY SCORE 104.4

Here's my hijack this file. Deckard's System Scanner v20071014.68Run by Jeru on 2008-06-06 10:48:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-06 17:48:41 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-06-06 08:49:36 UTC - RP2 - Software Distribution Service 3.01: 2008-06-06 06:07:19 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jeru.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:50:21 AM, on 6/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Malware Protector 2008 Problem

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. http://service1.symantec.com/SUPPORT/nav.n...000031316555206"Microsoft recommends that you have only one anti-virus program installed on your computer."http://www.washingtonpost.com/wp-dyn/conte...5120300087.htmlhttp://www.smartcomputing.com/editorial/ar...38s07/38s07.aspC:\PROGRA~1\Grisoft\AVG7\C:\Program Files\Alwil Software\Avast4\(uninstall one of those)I do not see this in the HJT log: Malware Protector 2008. If you have not resolved this issue, tell me more about it, what program is finding the rouge spyware, and where is it located? Have you tried to remove it in Add Remove programs. Post more information and complete #2 before you post.2) C:\DOCUME~1\Jeru\Desktop\Jeru.exe <... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

I believe I acquired Malware Protector 2008........amongst other things (Advanced XP Defender or Winifixer), including a popup entitled BlueScreen Screensaver Configure that resurfaces every 15 minute or so. This popup advertises Freeware Sysinternals version 3.2 (copyright Mark Russinovich) and has a box that can be checked "Fake Disk Activity".Additionally, my computer is running very slow and my internet connection was shut off........got that resolved. I have run MULTIPLE programs/scans to try and get back to "normal" but all are unsuccessful. I was able to get the majority of the Malware Protector to disappear (no more bugs on screen, but my screensaver is still blue and the program is still in my program files (can't delete it). Also, the tab to change my screensaver is gone. Also, it appears that Malware Protector 2008 has resurfaced under the name Winifixer or Advanced XP Defender? Similar popups to MProtector........I am confused, help! hahaHere are some of the scans I have run:MalwareBytesAd-AwareSpybot Search and Destoryvarious others......Edit: I also ran a Kaspersky scan:KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, June 17, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Tuesday, June 17, 2008 21:40:37Records in database: 877129 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes... Read more

A:Malware Protector 2008 (and Likely Other Problems)

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following...Please show hidden files and folders. Please visit HERE if you don't know how.Jotti File Submission:Please go to Jotti's malware scanCopy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Documents and Settings\Patrick McCabe\Local Settings\Temp\UIUCU.EXEClick on the submit buttonPlease post the results in your next reply.If Jotti server is too busy, please submit the file to VirusTotal instead.NEXTPlease re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [lphcjqwj0elea] C:\WINDOWS\system32\lphcjqwj0elea.exeO4 - HKLM\..\Run: [SMshclqwj0elea] C:\Program Files\shclqwj0elea\shclqwj0elea.exeNow close all windows other than HijackThis, then click Fix checked. Close HijackThis.NEXTPlease download the OTMoveIt2 by OldTimer.Save it to your desktop.Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\Patrick McCabe\Application Data\shclqwj0elea
C:\WINDOWS\system32�... Read more

Read other 22 answers
RELEVANCY SCORE 104.4

Hello,
Thank you right up front for you help.

I get repeated pop-ups warning that my machine is unprotected.
They seem to clone legitimate windows security center warnings.
Closing the warning window spawns a new instance of IE7 directed to <http://antispyspider.us/119>
Trying to run REGEDIT or TASK MANAGER creates a message that the Administrator has disabled that function.

The first day this all seemed to originate from Malware Protector 2008. It downloaded with what I thought was a legitimate ActiveX update.
Today a program called Advanced XP Defender showed up. I killed it with Process Explorer and have not seen it since. But the Malware Protector 2008 pop-ups are constant.
I kept them at bay while performing your 5 step process to get to this point. (7 hours so far)

I went through several steps from other websites yesterday to get rid of MP2008.
I deleted .exe files, .dll files, and cleaned registry entries.
I downloaded Process Explorer to circumvent the trouble with Task Manager and I found that immediately after a Sybot Search & Destroy scan, I was able to get into Regedit, but I had to get in quick.

So now I can no longer see the files I cleaned up yesterday, yet the script continues to repeat

Below is the DSS Main.txt
Attached are the DSS Extra.txt
and the Panda ActiveScan.txt as requested


Deckard's System Scanner v20071014.68
Run by Maloy on 2008-06-17 13:40:20
Computer is in Normal Mode.
-------------------------------... Read more

A:Malware Protector 2008 has taken over my machine

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will o... Read more

Read other 1 answers
RELEVANCY SCORE 104.4

Hi,Have been infected wsith Antivirus XP 2008 & Malware Protector 2008. Have the dreaded blue screen and a "warning Spyware detected on your computer"Restore points have been removed, ran virus scan, Malwarebytes Anti-Malware, Ad-Aware, Spybot, have cleaned outtemp files, internet files, sysclean, and numerous other things. Have done this repeatedly in regular and safe mode, still no luck.What am I missing? Any help will be greatly appreciated...Here is my Hijackthis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:49:51 PM, on 6/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\... Read more

A:Antivirusxp & Malware Protector 2008

Hi, welcome to BC. Unfortunately, one or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Read other 22 answers
RELEVANCY SCORE 104.4

Hello. I've recently been infected with Malware Protector 2008, I think just on the 21st. I have tried feverishly to remove that nasty program. I think I've gotten in, but it seems to me that I have other residents in my system! I am posting a Deckard's scan log as well as my Hijack This log. I am begging for help here! I work from home and handle confidential legal matters so I am freaking out here.

Thanks so much in advance for your help. What an invaluable service!
Janice

Deckard's System Scanner v20071014.68
Run by Mom on 2008-06-23 20:44:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-24 00:44:51 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-23 23:09:47 UTC - RP3 - System Checkpoint
2: 2008-06-22 21:19:54 UTC - RP2 - Software Distribution Service 3.0
1: 2008-06-22 19:19:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:45 PM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syste... Read more

A:Malware Protector 2008, afinding.exe and others!

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

---------------------------------------------------------------------------------------------

Thank you.

Read other 1 answers
RELEVANCY SCORE 104.4

*EDIT* *I did not attach a log or run a scan for the Panda web scanner. It was down at the time of this posting and I could not get it to respond. Sorry if that complicates things.*

As the title says, this malware got me. I'm not sure from what, I don't really do any browsing that I would consider questionable. Constand pop-ups and ad sound bytes playing in the backround, fake BSODs and it changed my desktop, homepage, clock, screensaver and probably lots of other stuff i've yet to discover. I did try to get rid of it on my own, as I am usually capable of doing so. I stopped the processes and deleted the files and registry keys associated with this malware. It helped, but didn't solve the problem.


Thanks in advance, and here are my logs:

Deckard's System Scanner v20071014.68
Run by Dan on 2008-06-20 22:20:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-21 02:21:00 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-20 23:35:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 22:22:17
Platfor... Read more

A:I am infected with Malware Protector 2008

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

I see you have WildTangent Web Driver installed on your system. Although not technically spyware, it does have built-in components to update itself and collect information about your computer. We recommend uninstalling it. Please read here for information, removal instructions, and a link to an automatic removal to... Read more

Read other 1 answers
RELEVANCY SCORE 104.4

After reading the rules, I think I wasnt informative enough with my other thread. Please delete it, I hope I followed all the rules with this one.


I have sthe same problem as another person on the front page. The Malware Protector 2008 is causing bugs to eat my screen when idle. Its also causing popups for their Malware removal program.

I have done the 5 steps. Step 2 didnt give me the export button to print it out. Here is the DSS scan info. Also, there was no extra.txt file, it just gave me the main file.

Deckard's System Scanner v20071014.68
Run by Tashaun on 2008-06-08 18:54:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 10.04 GiB (less than 15%) free.


-- HijackThis (run as Tashaun.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:52 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile... Read more

A:Problems With Malware Protector 2008

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

Read other 5 answers
RELEVANCY SCORE 104.4

My roommate's gonna kill me if I can't fix his computer! (I could say it's his fault for not having anti-virus software, yes? )I ran the Kaspersky Online Scanner and Deckard's System Scanner and it found bad stuff, but when I start up the computer I still get that blasted "Warning! Spyware detected" etc.etc. junk from Malware Protector 2008. I am also getting a warning from Windows about needing to start in safe mode, which happened after using the DSS program. I have a feeling you're going to tell me this computer is waay messed up already. Here are the maintxt and extra.txt files:Deckard's System Scanner v20071014.68Run by Lisa on 2008-06-19 15:56:18Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Lisa.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:56:22 PM, on 6/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Commo... Read more

A:Can't Remove Malware Protector 2008

I may have found the problem. The scans found bad stuff which I quarantined, but I was still getting that stupid message on my desktop. Well! I found that there was a new desktop theme added today, which, guess what, had the "Warning! Spyware detected" message as part of the lovely graphics. I changed my desktop theme to a real one and that message is gone...and I think the software itself was already removed by the scans.

Read other 8 answers
RELEVANCY SCORE 103.2

Hello!
One of my users seems to have downloaded this ugly little bugger and I'm not sure how to get rid of it. She thought it was our anti-spam/anti-virus program cleaning out her system and kept responding to it for two days!
The machine is a Windows XP Pro in a Windows 2003 Server environment. Following is the Hijack This log (I hope this is correct as I have never done this before):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:30 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\NJC2... Read more

Read other answers
RELEVANCY SCORE 103.2

I got XP antivirus 08 on 7-2-08, I tryed removing it with add/remove programs and didn't work, after 5 min I got Malware protector 2008, So I scanned my computer with AVG anti virus, Ad aware 2007, Spyware terminator, spyware doctor and malwarebytes anti malware, I also did the cleaning process with Smitfraudfix, and heres is the good thing, there's no pop ups, nothing starts when I restart the pc, theres no bugs on the screen and is not bothering me at all right now, but i still see them, the folders are still in program files (malware protector = shcl67j0e3ul , xp antivirus = rhcn67j0e3ul ) and they are in add/remove programs still. I also followed some manual instructions on how to remove them ( http://www.xp-vista.com/spyware-removal/xp...-antivirus-2008 ) and it seems like the re-produce or something, because they came back. Also the uninstall option has a red "x" on the side, I guess that means it doesn't work. I don't know what else to do, I was thinking on restoring the computer to a day before I got these viruses, but I don't want to mess my computer up and I don't have the windows cd with me. If you guys could help me I would really appreciate it. Thanks! Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 18:46:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System... Read more

A:Infected With Malware Protector 2008 And Xp Antivirus 08

Hello Jota_leslie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 5 answers
RELEVANCY SCORE 103.2

My computer became infected with Malware Protector 2008 on June 9. I have tried just about everything to get rid of it, run AVG, SmitfraudFix, Malwarebytes Anti-Malware but it always comes back when I restart my computer. I get an error box when I log in telling me that a script is missing, the script name changes when I restart. Then the little black bugs appear and eat my screen, and the Malware Protector 2008 pop ups start. Here are the results of the scans that I did as instructed.Deckard's System Scanner v20071014.68Run by raspberrysalamander on 2008-06-10 15:45:22Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-10 19:45:55 UTC - RP2 - Deckard's System Scanner Restore Point1: 2008-06-10 16:47:38 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-10 15:50:15Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\servic... Read more

A:Computer Infected With Malware Protector 2008

Hello raspberrysalamander, I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint**************************************Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop "%userprofile%\desktop\dss.exe" /daft Click on Scan. Tick the boxes which should appear for these entries: .reg .scr then Click on Fix Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.**************************************We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. ?It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastro... Read more

Read other 2 answers
RELEVANCY SCORE 103.2

I do not know very much about internet security but was refered to your forums through geeksquad at a best buy. My friend clicked on a picture off of yahoo pictures and this malware program called Malware Protector 2008 apeared without a download. It shows little bugs eating at my screen and changed my background to say "Warning spyware detected on your computer." I did not have any protection besides the default firewall to the best of my knowledge. I proceeded to buy kapersky's at best buy in hopes to get rid of the malware. I went through your 5 steps to take before posting and i have logs from deckard's.
Thank you for your help, I apreciate your time and concern.
-Garrett

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 990.42 MiB / 630.3 MiB
Pagefile Memory (total/avail): 2385.6 MiB / 2060.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.72 MiB

C: is Fixed (FAT32) - 222.59 GiB total, 208.72 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: i... Read more

A:I also have bugs on my screen( malware protector 2008)

Hello, kersplatz

You appear to have posted only the extra.txt from DSS

There should be another log, main.txt located at C:\Deckard\System Scanner\main.txt

Please post it.

The bugs are a screensaver which gets installed by the rogue. You should be able to disable it immediately by changing the screensaver to "none" or another of your choice. We'll remove the file later. It's annoying, but not malicious in and of itself.

Read other 19 answers
RELEVANCY SCORE 103.2

suddenly those programs appears at my pc!!! please help me... here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:33:59, on 10/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\wyn3.tmpC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more

A:Infected With Malware Protector 2008 And Antivirus Xp

Hello Thiago Ol?vio and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Add... Read more

Read other 5 answers
RELEVANCY SCORE 103.2

I seem to be infected with the Malware Protector 2008 virus. My desktop has a message indicating that I have spyware on my machine, and the start menu has two new menu items, "Malware Protector 2008" and "Register Malware Protector 2008". I am running Windows XP Professional SP2. Can anyone help?

Here is the log from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:55 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qt... Read more

A:Solved: Malware Protector 2008 virus

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 3 answers
RELEVANCY SCORE 102

Hello, I am having a real problem with some things on my computer. I am running OS Windows XP on a Sony Vaio.It started with clicking on a person's website, which led to my computer lagging for a few minutes and once finished lagging, Malware Protector 2008 was on my computer scanning away, combined with a Sysinternals blue background advertising "remove spyware now" which also disabled my some tabs for changing my desktop back to normal. Since I do know some things about computers, I was able to uninstall it, manually delete files and delete things in regedit. That problem was taken care of.However, Here's the fun part - there is something else residual that I found today. While trying to log into AOL Mail, Yahoo Mail and eBay, it is not allowing sign in by making you provide credit card #'s, card verification number, social security number, mother's maiden name, and bank account and routining #'s. Also on the "Start" toolbar/taskbar, the clock is in military time and cannot be switched back to normal. I don't seem to be noticing anything named too weirdly (to me atleast) running in the background but a few svchost.exe's more than normal, and in HijackThis there is WINNT\Systems32\Explorer.exe which i've read is a virus. Since I run my business from my computer this is driving. I greatly appreciate the help!Deckard's System Scanner v20071014.68Run by James on 2008-06-20 02:31:11Computer is in Normal Mode.-------------------------------------... Read more

A:Malware Protector 2008 Deleted, But Possible Virus Attatched?

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers
RELEVANCY SCORE 100

Thank you in advance for any help you can give me.

My problem is a persistent pop-up and desktop/screen saver replacement. My McAfee antivirus is also out-of-date, and I get an error when I try to update it.

The pop-up reads:

Malware Alert!
Warning!
Attention! Adware.W32.SpyShredder spyware detected. Adware.W32.SpyShredder provides REMOTE ACCESS to ... blah, blah blah, ... click yes to get all available antispyware software

(there are a couple of variations with different spyware names that are rotated through)

Of course, I never clicked yes, but I recently did it just to get the name of the bogus spyware. When I clicked yes, a program called "Malware Protector 2008" immediately appears. (way too fast to indicate a download of any kind). This program is also listed as "MProtector" under the uninstall list.

When I uninstalled it, a message comes up warning me that anything the program had fixed would go back to how it was before. When I re-confirmed the uninstall, it takes me to the Malware Protector website.

The desktop change makes it a blue background with yellow lettering warning me about spyware having been detected, and to immediately get malware and spyware protection.

The screensaver changes to bugs "chewing" black holes in the screen. Creepy.

I haven't had any problems yet since I went through the five steps prior to posting here, so the Panda Active scan may have just done the trick, but I am not taki... Read more

A:Malware Protector 2008 popups w desktop and screen saver replacement

Hi, welcome to TSF!

if you still need assistance, please post a fresh main.txt log

Read other 18 answers
RELEVANCY SCORE 96

I have been fighting to rid my Windows XP machine of this wicked Virus/Malwear, Spywear Guard 2008, for more than a week now. After many hours wasted I finally gave up and wiped the hard drive clean yesterday and reinstalled Windows

It is mostly back to normal except...

One thing that happened right after contracting the virus was that the internal soundcard (on motherboard) was not recognized anymore. The only sound it makes is a little beep through the internal speaker. On the control panel/Audio Devices tab it says "No Audio Device".

The other new issue is that it will not recognize my Netgear Wireless card. I tried all the slots to no avail. Downloaded the newest driver and installation program from Netgear. It just does not see those slots at all.

Any help would be much appreciated.
 

A:Solved: Spywear Guard 2008 aftermath

Read other 8 answers
RELEVANCY SCORE 90

I am in need of some MAJOR help.... this is my daughters computer and is majorlly infected....


ComboFix 08-06-20.4 - Cat 2008-06-25 19:49:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -4:00]
Running from: C:\Documents and Settings\Cat\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\b\Favorites\Online Security Test.url
C:\Documents and Settings\Cat\Application Data\AXPDefender
C:\Documents and Settings\Cat\Application... Read more

A:Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Deckard's System Scanner v20071014.68
Run by Cat on 2008-06-25 20:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 20:23:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\syste... Read more

Read other 17 answers
RELEVANCY SCORE 88

Hi everyone!
i had the fake program maleware protector 2008 on my computer
with the help off some spyware rpgrams i have deleted it and its gone but i have some problems now....
a part of the virrus was the fake bluescreensaver from sysinternals!
i tried to delete it but it keeps coming back!

and by the infectiont of maleware protector 2008 my tabs to change my background and screensavers are gone so i can't change them anymore!
plz help me!

P.S: sorry for the bad englisch

A:Maleware Protector 2008

Try the fix at Kelly's Korner.Restore Desktop and Screensaver Tabs - #128 on the right.Right click on it and save the .reg file to your desktop. Then, double click on the file icon (on your desktop) to merge it into your registry. You may need to reboot your computer for the changes to take affect.With any fix like this you should create a new restore point and backup the registry first. For backing up the registry I like to use ERUNT.

Read other 1 answers
RELEVANCY SCORE 86

My husband downloaded trivia mania on our toshiba satellite notebook laptop, and then all of a sudden..virus protector 2008 came up as a new program that had been installed..I cleaned it off with malwarebytes, which i love..the free version, it came with trojans...ms juan malware tracer kept coming back..finally i thought i had it cleaned. went 3 days fine then the virus protector 2008 suddenly installed itself again....my computer just started freezing up..and voila..there was the icon. I cleaned it again using malwarebytes and spybot s&d with immunizing it too...was good for 2 days....then the computer just shut itself down when it had been working fine. then as it started up..blue screen..unmountable boot volume...then it would shutdown and restart..kept doing this over and over..so i googled on this computer..desktop..powerspec with windows xp professional...intel inside pentium 4. i decided to use my recovery and applications/driver..which i had used when we first got it and got infected years before...it worked great..restarted back to out of the box state...with windows xp home edition like the day we bought it..but it didnt work this time...would do the recovery for 50 mins..then say error...then spit out the disc and shutdown...so that one is crapped..have to have it fixed. i cant get it to even come on most times..it did have the service pack 3 on it..found out from microsoft that the service pack has been doing that to toshiba satellites..yay me...and because i... Read more

A:Privacy Issues w/virus protector 2008

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through allthe steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 85.2

Hello, Bleeping Computer. To start off, a series of events led to where I am now. On Friday, I was attacked by Maleware Protector 2008. I believe it is gone now after flowing an online tutorial but of course, I am not 100% sure. When I was having this bug, a Blue screen would pop up constantly at various intervals, saying, "Your computer is in Danger..giving me different warnings. Restarting my computer, but it does not. Symantec would block it saying, We have blocked a recent WiniFixer Attack on your computer.". I also have a run32.dll error and a Windows Script error if I am not mistaken. It pops up every time on startup. I think a visual would be better.Edit: Just wanted to add. Somehow Antivirus XP 2008 downloaded itself onto my computer? I have not done anything. Just letting you guys know. Also, my Firewall keeps turning off. Yeah this is not good.Desktop: http://img502.imageshack.us/my.php?image=s...sdesktopuf4.jpgYou can also see 2 tabs are missing from my display properties.I did not do the Kaspersky Online scan, because I am limited with time. but performed the other DSS Scan properly.Here is the Main Log.Deckard's System Scanner v20071014.68Run by Owner on 2008-06-22 17:48:46Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008... Read more

A:Attempted Winfixer Attack/ Maleware Protector 2008

Hello Shevie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed,... Read more

Read other 9 answers
RELEVANCY SCORE 81.2

Hello,
In the DISA Security Technical Implementation Guides (STIGS) there is a test for event tracing (#V31026). 
The STIG indicates that if you are running Win 2008 the absence of etwenable = false is not a 'finding' because event tracing is enabled by default (on 2008 servers) and it should be enabled and running.
Is this the same for windows 2008 R2 Enterprise Server?
I cannot find the element etwenable in my 2008 R2 Enterprise server test system, it does not exist.
Does that mean the requirement for the STIG is met, and event tracing IS enabled by default on Win 2008 R2 Enterprise Servers?  No further action is required to enable? 

Is there an easy way to verify it actually is enabled?  Check registry value, run script?

Excerpt from the STIG:
Microsoft Dot Net Framework 4.0 STIG
Rule Title:  Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
STIG ID: APPNET0067  Rule ID: SV-41075r1_rule 
Vuln ID: V-31026
Severity: CAT II Class: Unclass
NOTE:
Beginning with Windows Vista and Windows Server 2008, ETW Tracing is enabled by default and the "etwEnable" setting is not required in order for Event Tracing to be enabled. 
An etwEnable setting of "true" IS required in earlier versions of Windows as ETW is disabled by default.
Thank you,
V/R
Bill
William C. ?BC? Davis PMP, CISSP, IASO
Lead Infosec Engineer/Scientist
Comm:   781.271.5221
DSN: ... Read more

Read other answers
RELEVANCY SCORE 80.4

how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection 

A:how to remove window server 2008 2008 sp1,sp2 vista,sp1,sp2,...

chuck5014 wrote:how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection Could you clarify what you're having a problem with?   Post a screenshot if possible.

Read other 1 answers
RELEVANCY SCORE 76

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37: VIRUS ALERT!, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Sandboxie\SandboxieServer.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files... Read more

A:Antivirus Xp 2008, Antispyware 2008 Xp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directl... Read more

Read other 9 answers
RELEVANCY SCORE 76

While I'm still stabilising the overclock on my PC, can I ask if anyone has installed Visual Studio 2008 & SQL Server 2008 on Windows 7 x64 7600? If you do get any hiccups during install but manage to install it, does it run alright? Any problems? I'm interested in C# and ASP.NET development only. Thanks.

A:VS 2008 & SQL Server 2008 compatibility

Get the service packs. They run just fine.

Read other 1 answers
RELEVANCY SCORE 72.4

I got all kinds of malware, I ran Super Antispyware, roguefix and cc cleaner but nothing. I can only work on safe mode as the system has been completely hijacked.

Here is the HJ log, any help is greatly appreciated. Thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:28 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\U3\000018711570704F\LaunchPad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft S... Read more

A:Antivirus XP 2008 and other malware

After reading all the related posts here and the help forum from bleeping computer, I was able to get rid of most of the issues. I still have the antivirus XP 2008 icons in the computer but I should be able to get rid of them as well.

Mods, you may close or delete this thread.

Thanks

Read other 2 answers
RELEVANCY SCORE 72.4

hi, i just got infected by the malware antivirus xp 2008, i found a removal guide here in bleepingcomputer in spyware removal and followed the instructions by using the malwarebytes anti-malware, it removed most of the malware but there were a couple that was left in my pc and i cant seem to remove it. here's my malwarebytes log:Malwarebytes' Anti-Malware 1.24Database version: 1029Windows 5.1.2600 Service Pack 23:01:28 AM 8/7/2008mbam-log-8-7-2008 (03-01-28).txtScan type: Quick ScanObjects scanned: 36927Time elapsed: 3 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\lich.dat (Stolen.Data) -> Delete on reboot.everytime i reboot and rescan using malwarebytes these 2 always comes up and whenever i start my pc theres a program that wants to run but it cant since windows do... Read more

A:Antivirus Xp 2008 Malware

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 3 answers
RELEVANCY SCORE 72.4

Hi! I am pretty certain I have some malware that I need advice how to remove. Antivirus XP 2008 or something of the sort was installed, and I thought I got rid of it. However, now I am left with adware and other stuff that I don't know how to get rid of! I have ran AVG free, adaware, spybot, and stinger. I then created the first log file. Aftewards, I ran malwarebytes' anti-malware which found more trojans, etc. I went to msconfig and edited the startup list and unchecked glove.exe, cssrss.exe, and sysrest32.exe. I still think I have adware or something because when I type a direct link in, it takes me to some ezcoolpages.com website. I would sincerely appreciate anyone's advice! Thanks so much.HJT Log File BEFORE MalwarebytesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:34:42 PM, on 8/15/2008Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WI... Read more

A:Antivirus Xp 2008-malware

Hello and welcome Cody DeanDownload Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2Link 3 **Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 72.4

I downloaded a video codec that turned out to be a trojan.
In turn for that I also got a couple of annoying supposedly helpful Antivirus programs
I tried deleting it but I just don't know how to solve it.
You guys helped me out before so it would be cool if you guys could help again.
Heres my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:49 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\wltray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Nuria... Read more

A:Antivirus 2008 Malware

Whatever this is it is really starting to act up.
The program started opening some other downloads.
Other programs like rundll32 keeps popping up.
Can some one please help
 

Read other 2 answers
RELEVANCY SCORE 71.6

I went through the first steps and it seemed to work at first but now my computer is crawling. And I still have the blue screen, I have tried everything from removing the program which seemed remove it until I restarted my computer and it came back. Also now I axp defender showing up as well. Trojan.Fakeavalert a threat according to symantec. Should I do th first steps over.

A:Malware 2008 is killing my computer

Hello Greg and welcome to TSF

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

=========
Logs Required
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt<----Attached

Read other 1 answers
RELEVANCY SCORE 71.6

Please i have the bugs crawling on my screen, and a warning sign about an infected spyware. kindly assist me on how the remove this infected virus. Your assistance will be really appreciated.

A:How to remove Malware Protection 2008.

Deckard's System Scanner v20071014.68
Run by admin on 2008-06-08 04:33:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 4 Restore Point(s) --
4: 2008-06-08 08:12:03 UTC - RP201 - Deckard's System Scanner Restore Point
3: 2008-06-08 07:37:10 UTC - RP200 - Installed Ad-Aware
2: 2008-06-08 06:59:05 UTC - RP199 - Installed SpywareStop
1: 2008-06-08 05:38:02 UTC - RP198 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 04:39:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashSe... Read more

Read other 2 answers
RELEVANCY SCORE 71.6

Hi , i just got infected with malware protection 2008. Please help me get rid of it, following is my DSS logDeckard's System Scanner v20071014.68Run by acer on 2008-06-08 20:38:11Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-09 00:38:20 UTC - RP5 - Deckard's System Scanner Restore Point1: 2008-06-09 00:08:14 UTC - RP4 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as acer.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:41:18, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WIND... Read more

A:Infected With Malware Protection 2008

Hello Sukrit01 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 7 answers
RELEVANCY SCORE 71.6

I have a client that in their infinite wisdome used their server to surf the internet and got the Windows Recovery Malware. I have removed the malware but now I am faced with the issue of all icons are hidden including in the start menu and the administrative tools. On a workstation I would have just run combofix to resolve this issue. This is not an option to my knowledge on server. Can anyone provide some insight in to how combofix is able to recover these files and how to do the process on server 2008r2? This is an Remote Desktop Services server with a very complex config making a wipe and reload not really possible. I have now disabled web browsing on the server, hindsight and all that.

A:Server 2008 r2 with recovery Malware

I have the same problem. I wish there was a way of boot from a clean boot such as a usb drive or cd and see a raid array and run combofix from there and clean if you have any solutions let me know

Read other 1 answers