Over 1 million tech questions and answers.

Popup After Healing Infected File

Q: Popup After Healing Infected File

I'm currently disturbed by this popup every time i open my computer. Whatever user I log-in the same popup appears. The title of the popup is "C:\WINDOWS\system32\keyboard\services.exe" Below that, a message says that Windows cannot find 'C:\WINDOWS\system32\keyboard\services.exe'.This started when I transferred video clips from an mp4(ipod). Of coarse, I scanned it first using my updated AVG free edition and found no threat. After that i downloaded a free realplayer11 from cnet (here's the url: http://download.cnet.com/RealPlayer/3000-1...-10073040.html). It was saved to my desktop so as the video clips that I transferred. Then I tried to install realplayer but upon running the downloaded installer, it warned me that the computer will be restarted after the installation. So, I decided to cancel it first and remove first the mp4(ipod) and the flash drive of my cousin (which was already there when I used the computer). I failed in safely removing the mp4(ipod) but succeeded in removing the flash drive. I then, decided to forcefully remove the mp4(ipod) and started a computer scan. As expected, I found 1 trojan and successfully healed it. AVG asked for a restart and I clicked 'yes'. From that time, this annoying popup shows.The incident happened while I'm using the Administrator Account.I'm using Windows XP Professional SP2Please help me with this problem....

RELEVANCY SCORE 200
Preferred Solution: Popup After Healing Infected File

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Popup After Healing Infected File

Hi and welcome..Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list of any malware that was found.Make sure that everything is checked, and click Remove Selected.When removal is completed, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Read other 17 answers
RELEVANCY SCORE 54

Panda


Incident Status Location

Adware:adware/ilookup Not disinfected c:\windows\iLookup
Adware:adware/comet Not disinfected c:\documents and settings\all users\application data\Starware
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\FunWebProducts
Adware:adware/s... Read more

A:Weird "can't find file" message on startup, viruses not deleting or healing

Please go HERE and carry out the instructions that are posted.Thankyou..

Read other 19 answers
RELEVANCY SCORE 51.2

I have scanned with ad-aware, norton anti-virus (which says it is unable to fix virus), spy-bot search & destroy, as well as msn anti-spyware beta. I continue to get a virus notification from Norton when I turn on my computer. I have had this problem about 7-10 days. The first time I got one of the winfixer pop-ups I had just opened an email from someone I have had emails from before. Thank you for your assistance.Logfile of HijackThis v1.99.1Scan saved at 3:30:57 PM, on 11/19/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXEC:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WI... Read more

A:Winfixer Popup & Sexbuddies Popup/infected W/trojan.vundo Per Norton

I forgot to add this above in my first post - Norton says that the virus is in c:windows\system32\ddaya.dll.

Read other 6 answers
RELEVANCY SCORE 50.8

The "Driver Cure" popup comes up everytime I turn on or restart my computer. Also, I constantly have advertisement popups. Recently there has been one that says I have won a walmart giftcard. Also, sometimes when I click on something in a website, I am redirected to another unwanted website. Please help!

- Unislynntastic

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Eunice Lin at 23:44:22 on 2012-02-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.121 [GMT -5:00]
.
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:&#... Read more

A:Infected with "DriverCure" popup, "quick scan" popup, and advertisements

Hello Unislynntastic , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and gi... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Hi,

I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.
 

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.
 

Read other 2 answers
RELEVANCY SCORE 46.4

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
 
New message
 
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
 
As I would expect, Phoenix Techno... Read more

Read other answers
RELEVANCY SCORE 46.4

Listen, guys,
MY OS: WinXP
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers
RELEVANCY SCORE 46

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

A:Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\fscagent.exe
C:\WINDOWS\System32\update\1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\update\7.exe
C:\WINDOWS\System32\8.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers
RELEVANCY SCORE 45.6

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers
RELEVANCY SCORE 45.6

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??

-EDIT

I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

A:Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make... Read more

Read other 1 answers
RELEVANCY SCORE 45.6

I spent the night at my sister's the other day. She was agitated while using her laptop. Typical complaints, it is slow to respond, some programs won't open at all, and pop ups. I ran a few of the scans that I've used in the past and it's more responsive, there aren't any more popups flashing, but it still lags. I am hoping some wise soul on here can take it to the next level.

Thanks in advance!
 

A:Healing my sister's slow laptop

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Cyndy (administrator) on SANDERS on 24-04-2015 11:28:21
Running from C:\Users\Cyndy\Downloads
Loaded Profiles: Cyndy (Available profiles: Cyndy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Sear... Read more

Read other 20 answers
RELEVANCY SCORE 45.6

I have had this issue for many months, now. I loaded Vista x64 Home Premium to run in a dual-boot configuration with my XP Pro. I do critical work so I didn't trust going to Vista exclusively. I mainly wanted it to see if I could utilize all my RAM and speed up Photoshop processing.
I have had it working three or four times, (except for tablet functionality) then when I must re-boot because of SP1 and other security updates or in one case, I installed Office 2007, it does nothing on restart; black screens and just sits there, totally unresponsive. No blinking of the LED which shows drive activity. When re-booting, F8 isn't working (nothing happens). Regarding the previous instances, I gave up trying to get it to respond and went back to booting into XP, which always works fine. Then after a period (usually a month or more) I will try booting into Vista, on restart, and viola, it works again!
WTF is going on?

ASUS A8N32-SLI Deluxe motherboard
AMD Athlon 64 X2 4400+ Toledo: 2,400 Mhz on air (10% OC)
Thermalright XP-90C with 92MM Thermoflow temperature sensing fan
4 Gig of OCZ Titanium DDR400 (PC3200) dual channel, unbuffered RAM
MSI NX6600-TD256E video card & dual 24? wide screen LCDs setup
2X - WD 250Gb 7200RPM SATA main drive, w. 16Mb cache
(one for XP Pro and one for Vista x64 Home Premium)
2X - Fujitsu MAU3036NP (15K RPM hard drives running SCSI 0 [striped])
Lian 7077A - full tower case with optional 120mm fan in top,
90mm fan (stock AMD-CPU) angled facing MB chips... Read more

A:No reboot after updates and then mystery healing

How did you set up the dual boot?

Read other 8 answers
RELEVANCY SCORE 45.2

Quote:
We?ve covered how to use the old school CHKDSK command check on disk in Windows 7 yesterday but what we didn?t touch is actually even better. It?s a nice new feature that I didn?t realize its existed either until very recently.

Basically, once the feature is turned on, Window will detect a physical file system error and automatically fix it on the fly without you even noticing it happened. Because of this, you actually have a lot less chances having to run CHKDSK to check the disk manually because most likely the errors you suspected may have been fixed by this self-healing process already.

NTFS Self-healing is turned on by default in Windows 7 but if you are not sure you can use the following command to make sure. Note that the command has to be run as Administrator.

fsutil repair query c:



However, there is a possible downside that you may have already been thinking and wondering. Yes, the data may potentially be removed silently without user?s knowledge during the self-healing process. To address this issue, Microsoft added BugCheckOnCorrupt option that does something you may think it?s crazy.

It throws a BSOD (blue screen of death) and shuts everything down instead of attempting to fix the error, if the system discovers any NTFS corruptions.

Yes, not every BSOD is bad. Some of them happened in purpose, just like this as designed. It does sound crazy because why you would want the system crash, but from the data safety perspective, this att... Read more

A:NTFS Self-Healing is An Overlooked but Useful Feature in Windows 7

Thanks Nick, interesting read.

Read other 2 answers
RELEVANCY SCORE 45.2

Xi'an Double Road Import and Export Co., Ltd. is the production and sales of biotechnology products, has always focused on high quality, is China's biotechnology industry's leading enterprises supply.
Since 2010, China in production and sales of our products have been ranked first in the industry, has become a silver antimicrobial technology and products, including silver antibacterial agent 1-MCP preservation of professional manufacturers, the company has a complete and scientific quality management system, integrity, strength and quality of being recognized products, welcome friends from all walks of life come to visit and negotiate business.Skin Wound Healing Cream suppliers
website:http://www.zgxianbilu.com/
 

Read other answers
RELEVANCY SCORE 44.4

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers
RELEVANCY SCORE 43.6

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSch... Read more

Read other answers
RELEVANCY SCORE 42

Hello and thanks in advance for any help you can offer.

Recently I attempted to go to a website I thought was legitimate and Malwarebytes blocked the connection. I quickly updated AVG, Malwarebytes anti-malware, and Ad-Aware and ran all three, though nothing was found.

Unfortunately now a"Run As" popup which asks which user I want to run "this" program pops up every so often and continues to pop up unless I click to run it. Malwarebytes prompts me that it stopped a program the first time the run as popup appears. When I boot the computer into safe mode AVG continues to consume ram until the computer shuts down, I tried terminating the program (through the task manager) but the computer still shuts down after a minute or two in safe mode; it works fine in regular bootup.

I'm running Windows XP Pro and use Firefox.

Thanks!

A:Infected - "Run As" popup

For some reason I couldn't find the edit button.. New, sporadic symptom, when I click a link from a Google search it will occasionally open a google ads result, rather than the one I clicked.

Read other 9 answers
RELEVANCY SCORE 42

hi everyone and thanks in advance for the help. i am from italy.
i am not sure if i have a malware or something just see this: screenshot uploaded it's italian,i called the picture virus.
someone suggested me i could have a virus because i couldn't access the internet in "safe mode with internet". so i did scan with malwarbyte adwcleaner roguekiller junkremovaltool and kaspersky tools.. then i discovered i can access the internet in "safemode with internet" but just with ethernet.

anyway i don't know about that pop up.
when i surf the net with sandboxie nothing strange appears

thank you
 

Read other answers
RELEVANCY SCORE 42

The McAfee AV scan programme has been blocked from working though an update was allowed to perform. Since the downloading of Limewire the internet has become slower and there are ads that pop up all the time labelled Conceptads. When I look at my history there are a lot more sites that I have apparently visited but these have not been entered by me nor have they necessarily appeared. Thank you very much for you time and help.
DDS (Ver_09-05-14.01) - NTFSx86
Run by 041413 at 12:27:09.43 on 29/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.342 [GMT 1:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\AppleOSSMgr.exe
C:\WINDOWS\system32\AppleTimeSrv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\... Read more

A:Infected with PopUp Ads

Hello, theo4.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.ThanksAlso, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

Read other 18 answers
RELEVANCY SCORE 42

I'm usually very good about keeping my computer clean, or I thought so. I have AVG Free, AVG-Anti Spyware 7.5, Spybot, and Ad-Aware. Today, however, my computer started hitting me with popup windows and fake warning boxes from Empire Poker, Unlimited PSP downloads, Anti-virus, Systemdoctor etc.

I've run all these programs to try to clear out the problem, but can somene take a look at my HJT log and see if there's anything else I can remove, change, or fix to clean up my computer. I'm worried these popups might be symptomatic of a larger problem I don't see. I'd be in your debt.

Logfile of HijackThis v1.99.1
Scan saved at 3:39:07 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\hkcmd.exe
C:\... Read more

A:Infected with popup ads, maybe more...please help

Read other 16 answers
RELEVANCY SCORE 42

hello,I followed your tips to remove the CID popup but unfortunately it always appear.Can you help meThank youJackLogfile of HijackThis v1.99.1Scan saved at 9:14:08 PM, on 4/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\Program Files\Spyware Doctor\svcntaux.exeC:\Program Files\Spyware Doctor\sw... Read more

A:Infected By Cid Popup

Welcome to the BleepingComputer HijackThis forum jbetito Click on Start>Control Panel>Add/Remove Programs.Uninstall/remove any of the following programs if listed:NetpumperBitrollBitgrabberCiD Help / CiD ManagerDownload Plugin for Internet ExplorerZone MediaThis is because they are often bundled with the malware you are dealing with.Don't worry if none of them are present.If you happened to remove any of them please restart your pc.******************************Download NoLop.exe to your desktop. * First close any other programs you have running as this will require a reboot. * Double click NoLop.exe to run it. * Then click the button labelled "Search and Destroy". * When scanning is finished you will be prompted to reboot only if infected,click 'OK'. * Now click the "REBOOT" Button. * A Message should popup from NoLop, if not,double click the program again and it will finish. Post the contents of C:\NoLop.log and a new Hijack This log into your next reply.If you receive the error,that mscomctl.ocx or one of its dependencies are not correctly registered, please download this file to your 'System32' folder then rerun the program: http://www.boletrice.com/downloads/mscomctl.ocx

Read other 2 answers
RELEVANCY SCORE 42

some how i got infected by the Cid pop up again. this was like half a year ago when i got infected. can someone please help guide me through the removal again. many thanks

A:Infected By Cid Popup.. Again

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. They are often bundled with the malware causing your problems. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.NetpumperBitRollBitgrabberCiD Help / CiD ManagerDownload Plugin for Internet ExplorerZone MediaIf none of these programs were listed, then continue with the next step.If you removed any of these programs, reboot before continuing.Please download NoLop and save it to your desktop.alternate download link 1alternate download link 2Now close any other programs you have running as this step will require a reboot.Double click NoLop.exe to run it.Click the button labeled "Search and Destroy"
<>When scanning is finished you will be prompted to reboot only if infected. Click OK.Click the "REBOOT" button.--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Y... Read more

Read other 1 answers
RELEVANCY SCORE 42

my computer started hitting me with popup windows and fake warning boxes. i have trying
to clean it up for for a few days now but it still there. its annoying and slowing down my computer please help me thank you very much
Logfile of HijackThis v1.99.1
Scan saved at 10:23:35 PM, on 4/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\Pro... Read more

A:Infected with popup ads, please help

Read other 13 answers
RELEVANCY SCORE 42

The recent days I have had many popups on my computer. I tried many different things to stop them, like Ad-Aware and the online scan-engine at www.bitdefender.com.Today my problems reached at climax when SpySheriff was installed. I got this warning about a dangerous spyware and tried to make it go - and then SpySheriff was installed. When I saw this new program I figured out that it had to be some kind of Spyware, so I searched the internet for help to get rid of it. Now I've followed the procedyre on your forum - and I think that Spyware is gone. But I still have this problem with popups.Logfile of HijackThis v1.99.1Scan saved at 21:50:54, on 09.10.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:Infected With Ad Popup

Hi halfdan and welcome to Bleeping Computer

Sorry for the delay, do you still have problems ?

If you do, I'll be happy to help you.

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Please post a fresh HijackThis log to here and we'll begin

Read other 13 answers
RELEVANCY SCORE 41.6

There is a thread on the first page from JoeofDoom describing almost the exact same problems that I am having with popup ads from IE, some of which include audio. I'll be on my bank's website and then when I leave, a whole new browser opens with a popup ad about my bank! Makes me very nervous...

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:12 PM, on 3/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program... Read more

A:computer infected - popup ads everywhere!

Read other 10 answers
RELEVANCY SCORE 41.6

I'm working on a Toshiba laptop with XP/SP2. Recently was on the net when I got a popup from Pest Control saying that my computer was infected and that I should clean up using their program. Since this isn't my laptop, I just assumed that this was a program she had installed and wanted used. SOOOO....I went ahead and did their scan. They "found" 101 infections and of course to clean them all I had to do was to purchase their $39.95 program. At that point I realized too late that I was being scammed. Ran a windows defender and MacAffee scan which both showed no problems.My real problems began soon after. I began to have Pest control simply popup and begin running in the middle of any internet activity. Two red balls with Xs appeared in my Taskbar and most annoyingly continuously have a popup saying " /!\ Your computer is infected!Windows has detected spyware infectionIt is recommended to use special antispyware tools to prevent data loss.Windows will now download and install the most up-to-date antispyware for you.Click here to protect your computer from spyware"When I tried to remove Pest control via Add/Remove Programs, I would get a notice saying that the program could not be removed until it was closed. Since I was not overtly running it, it was obviously hiding out in the background. I then disabled it from the startup menu and was subsequently able to delete it.Although the actual Pest Control program no longer pops up, I still have ... Read more

A:"your Computer Is Infected" Popup

Hello mpetrodoc! My name is Charles and I will be dealing with your log today. Please take note of the following: I will start working on your Malware issues, this may or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Thanks,Charles

Read other 9 answers
RELEVANCY SCORE 41.6

Hello,

I am having a real tough time with this computer. I have already run a bunch of removal tools and cleaned up quite a bit but it seems that there is still some issues =,\ Here are the main issues I can see.

1. No "administrator access" to view the proccesses, even if I log in as the administrator.
2. Random "Antivirus" pop ups telling me i've been compromised (obviously fake).
3. Random lock-ups if I am not in safe mode (All the hardware checks came out as good and bios has been updated).

Any help would be great, here are my logs!
DDS (Ver_09-01-19.01) - NTFSx86 NETWORK
Run by Kitchen at 22:38:05.21 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1737 [GMT -7:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kitchen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&a... Read more

A:Infected with "antivirus" popup

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

I have a popup that keeps saying that the computer is infected, cannot remove it with spyware removal, ran winpfind, results are below. New at this, can someone help?

by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

????????????????? Windows OS and Versions ???????????????????????????????
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

????????????????? Checking Selected Standard Folders ????????????????????

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/5/2006 7:39:36 AM 39424 C:\WINDOWS\mtuninst.exe

Checking %System% folder...
PEC2 8/4/2004 2:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 4/10/2006 1:00:34 PM 555824 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 6/8/2006 8:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 6/8/2006 8:19:50 PM 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:00:00 PM 7080... Read more

A:Popup That Says Computer Is Infected

How To Remove Spyfalcon (removal Instructions)

Read other 1 answers
RELEVANCY SCORE 41.6

I am getting the following error message intermittently on a Windows XP machine, running IE7. The error reads:

NOTICE: Your system is infected and your computer performance is not at the highest level.
Full system optimization will greatly increase your computer's performance and prevent data loss.

Download antispyware to clean your computer and increase the safety of your computer! (Recommended)

When I launch IE without Add-Ins, the message does not pop up. I went through all the Add-Ins and disabled anything I did not recognize. I checked Add/Remove programs and did not se anything that was not supposed to be there, and also ran Spybot S&D 1.5 with all updates, which came back clean. I see in a previous post that triogoogle found a resolution posted by Bleep, but I cannot find it here. Any assistance would be appreciated.

A:Ie Popup "your System Is Infected"

Please print out and follow the generic instructions for using SmitfraudFix in BC's self-help tutorial "How to remove the Smitfraud/Generic Zlob".(scroll down to where it says Removal Instructions)If you have downloaded SmitfraudFix previously, please delete that version and download it again as the tool is frequently updated!Next, download RogueRemover and save to you Desktop. (compatible with Windows 2000, NT, XP, Vista)Double-click on rr-free-setup.exe to install in C:\Program Files\RogueRemover and follow the prompts.During installation an icon will automatically be created on your Desktop.If the program does not open after installation, double-click on the RogueRemover icon to launch.Select "Check for Updates" and click Download if any are found.Wait for the updates to finish downloading, then Close the update window.Select "Scan" and follow the onscreen directions to remove anything found.If nothing is found, exit RogueRemover.If RogueRemover finds something, it will present a list of detected items.Click "Remove selected", then Yes at the prompt.Wait for the removal to complete and then close RogueRemover.If using Windows Vista be sure to Run As Administrator.Then download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scann... Read more

Read other 3 answers
RELEVANCY SCORE 41.6

I've done all the preparation work suggested, plus ran my Registry Mechanic, the cwshredder, did all the spyware scans, virus scans, no luck. Nothing seems to pick it up on scans.The popup ads are driving me nuts and slowing things down., I really need help removing this. Keep in mind, I'm a senior and don't have a lot of experience with a PCThank you, for any suggestions. Carole/toleladyLogfile of HijackThis v1.99.1Scan saved at 7:18:55 PM, on 3/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\EPSON\ESM2\eEBSVC.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\netdde.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Outlook Exp... Read more

A:Infected With Hooowah/popup Ads

Hello Carole, Welcome to BleepingComputer!My name is Nick and I will be checking over your log.Let's get started.You will want to print or save these instructions.Moving HijackThis to a permanent folderSince HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.Click Start.Open My Computer.Double-Click on C:/.Select the File menu and select New > FolderName the folder "HijackThis" or "HJT"Move the HijackThis.exe exacutable into the new folderPlease re-open HiJackThis and scan. Check the boxes next to all the entries listed below. O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmebbf.dllO2 - BHO: Glitch - {C3F699FD-5F86-451B-8150-81979857047E} - C:\WINDOWS\system32\nsd23.dllO4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exeNow close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Please delete these files using Windows Explorer(if present):C:\WINDOWS\system32\irsmebbf.dllC:\WINDOWS\system32\nsd23.dllC:\WINDOWS\system32\irssyncd.exeAfter that, Reboot.Please go HERE to run Pand... Read more

Read other 5 answers
RELEVANCY SCORE 41.6

I have searched on yahoo about this popup and it directed me to this site. it has showed many people having the exact same problems and they are helped here on how to remove it with success. i have tried to follow their guide but it doesn't work for me. i have downloaded nolop and ad-aware and ran them in safe mode as it instructed but doesn't help me. maybe we all have different solutions depending on computer?

not sure if i posted in the right section because it says to not post hijackthis logs in this section.

please help me.

many thanks

munkz

A:Infected By Cid Popup, Need Help To Remove.

Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.NetpumperBitRollCiD HelpCiD ManagerDownload Plugin for Internet ExplorerZone MediaBe sure to reboot when done.Please download NoLop and save it to your desktop.alternate download link 1alternate download link 2First close any other programs you have running as this will require a reboot.Double click NoLop.exe to run it.Now click the button labeled "Search and Destroy"
<>When scanning is finished you will be prompted to reboot only if infected. Click OK.Now click the "REBOOT" button.A Message should popup from NoLop. If not, double click the program again and it will finish.Please post the contents of C:\NoLop.log along with a fresh HijackThis log in your next reply.--If you receive an error: "mscomctl.ocx or one of its dependencies are not correctly registered", please download mscomctl.ocx to your system32 folder then rerun NoLop..

Read other 2 answers
RELEVANCY SCORE 41.6

I run Ad-Aware, Spybot, Ewido, Symantec Antivirus, Qoofix, HijackThis, smitRem, and McAfee Avert Stinger. But the internet explorers keep pop-up every 10 or 15 minutes. Can someone tell me how to fix the problems. smitRem:Registry Pseudo-Format Mode (Not a valid reg file):[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]@="%SystemRoot%\System32\browseui.dll"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD keyShudderLTD key not present! checking for PSGuard.com keyPSGuard.com key not present! checking for WinHound.com keyWinHound.com key not present!spyaxe uninstaller NOT presentWinhound uninstaller NOT presentSpywareStrike uninstaller NOT present~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Fi... Read more

A:I'm Infected With Adware And Popup, Please Help!

Hi toeboo1. Download this file - combofix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it shall produce a log for you. Post that log in your next replyNote:Do not mouseclick combofix's window whilst it's running. That may cause it to stallLook in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.Reboot and delete this folder if found:C:\Program Files\PurityScanIf not listed, download and run this uninstaller:UninstallerTutorial for the uninstaller if neededReboot when done and delete this folder if found:C:\Program Files\PurityScanTo access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button.You will now be presented with a screen similar to the one below: 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.Send:- a fresh HijackThis log- combofix log- uninstall list

Read other 12 answers
RELEVANCY SCORE 41.6

My computer is infected with the cpv feed popup virus and probably more. I've tried all the spyware programs I could find. Nothing works. In searching for answers, I came across a post on this site. I did run Hijackthis as well as combofix. The results from combofix are listed below. Can anyone please help me remove this?

"Mom" - 2007-05-25 14:41:18 Service Pack 2
ComboFix 07-05.26.V - Running from: "C:\Documents and Settings\Mom\Desktop\"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\bund1\temp.txt"
"C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt"
"C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt"
"C:\Program Files\install.log"
"C:\WINDOWS\system32\drivers\fad.sys"
"C:\install.log"
"C:\Program Files\outlook"
"C:\WINDOWS\system32\bund1"
"C:\Temp\tn3"
"C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon"
"C:\WINDOWS\system32\drivers\core.sys"

Purity Folders:

C:\WINDOWS\SYSTEM32\SMANTE~1
C:\WINDOWS\SYSTEM32\WNSXS~1
C:\WINDOWS\SYSTEM32\STEM~1
C:\WINDOWS\SYSTEM32\STEM32~1
C:\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\WINDOWS\SYSTEM32\SKS~1
C:\WINDOWS\SSTEM~1
C:\WINDOWS\YSTEM3~1
C:\WINDOWS\MBOLS~1
C:\Program Files\Common Files\FNTS~1
C:\Program Files\Common Files\WNSXS~1
C:\Program Files\Common Files\YSTEM~1
C:\Program Files\Common Files\ICROSO~1

(((((((((((((((((((((((((((((((((... Read more

Read other answers
RELEVANCY SCORE 41.6

_________________________________________DDS log:DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26Run by Mister Awesome at 18:12:03 on 2011-11-01Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1516 [GMT 0:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32&#... Read more

A:Possibly infected after popup

I only managed to get gmer to run in safe mode, also my Norton security just ran out. I have a working Avast trial and I'm putting Kaspersky on ASAP.

Read other 13 answers
RELEVANCY SCORE 41.6

Hi guys can someone help me out please. I keep getting this window popup saying i have multiple infected files on my pc when i start browsing. I close that window and then it shows me what looks like my computer contents. I have eset smart security and it did not pick this up. Can you please help me find out what this spyware is and how to remove it. Here is my hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:12:59 PM, on 13/06/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Logitech\SetPoint\LBTWiz.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Windows\System32\CtHelper.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:... Read more

A:Please HELP! with annoying popup saying i am infected

Hello DJ_Inferno,You've not posted the requested logs. Additionally, you've posted this same request at 3 different forums. As noted in item #8 in the pre-posting guideline, this topic shall be closed.Do not post at another site asking for the same help for the same computer unless you previously have asked us to close your topic. If we find that you have posted for help at another site regarding the same problem, we will be forced to close your topic here. This is because two different sites can give conflicting advice, which makes it harder for our helpers to provide quality help.

Read other 1 answers
RELEVANCY SCORE 41.6

I have read other postings on this topic so have done the following:

Deleted old version of Malwarebytes
Downloaded latest version
Run Scan

Here are the results, however still have anykuy popups happening, any help appreciated

Cheers
Mike

Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/03/2009 11:35:59 a.m.
mbam-log-2009-03-03 (11-35-59).txt

Scan type: Quick Scan
Objects scanned: 97010
Time elapsed: 20 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32�... Read more

A:Infected with anykuy popup

Hi,welcome! PLease run part 1 of S!Ri's SmitfraudFix Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

Read other 5 answers
RELEVANCY SCORE 41.6

I think this is more than a popup. I found some files in the temp internet folder that were name "thanks" and most had the web url of the site: hxxp://www.siro.eroexpres.com or hxxp://www.siro.eroexpres.com/reg2php.cid=0 The file types are JPEG and PNG at least the ones I found which I deleted. I have tried tree or four spyware programs. I was able to get rid of the popup and IE explorer opening but when I restarted my computer the same problem is back again. It is always the same place and the same JPEG on my desk top. I cannot grab the JPEG and drag it but IE Explorer functions fine.DDS (Ver_10-10-10.03) - NTFS_AMD64 Run by Jim Grice at 16:49:59.19 on Tue 10/12/2010Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_21Microsoft? Windows Vista???? Home Premium 6.0.6002.2.1252.1.1033.18.3964.1958 [GMT -7:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\... Read more

A:Infected With IE Popup and JPEG

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 32 answers
RELEVANCY SCORE 41.6

I have the exactly same problem in this link: http://www.bleepingcomputer.com/forums/t/570814/infected-with-pop-up-ads/
But I cant find any solution, I tried almost every adware/malware remover. still problem is there.

A:Im infected with a Popup which has no solution

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 41.6

Below is listed my Hijack This log. I've run the Microsoft Antispyware Beta Version, Ad-Aware, Spybot, and Mcafee Stinger and can't seem to remove this stuff from my system. Any help would be appreciated. Thanks. Sean Strong. Logfile of HijackThis v1.99.1Scan saved at 3:08:24 PM, on 08/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nkozl.dll/sp.html#88449%resultposition.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nkozl.dll/sp.html#88449%resultposition.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\nkozl.dll/sp.html#88449%resultposition.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\nkozl.dll/sp.html#88449%resultposition.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\nkozl.dll/sp.html#88449%resultposition.netR1 - HKCU\Software\Microsoft\Intern... Read more

A:Infected With Winfixer Ad Popup, & Others

Hi Seanstrong,

If you still need help,please post a fresh HijackThis log.

Read other 1 answers
RELEVANCY SCORE 41.6

Last Friday while browsing the Groove Shark website I was infected by multiple virus. I installed Microsoft essentials virus scanner which detected and removed various viruses and I also installed and malwarebytes anti malware software which detected and removed some malware.

MS essentials detected the following:
Trojan:Win32/Hiloti.gen!A
Program:Win32/PowerRegScheduler
Trojan:Win32/Oficla.E

Malwarebytes detected the following:
Files Infected:
C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
Unfortunately I am still getting a problem where by IE keeps opening random popup adverts when I am browsing. Note that popups can appear at any time even when clicking on innocuous sites like the bbc news website in google search results.

DDS (Ver_09-10-26.01) - NTFSx86
Run by Chris Hesketh at 15:26:36.48 on 03/11/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1265 [GMT 0:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Microsoft Sec... Read more

A:Infected with IE advert Popup

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

Hi There,

Thanks in advance for reading.

Here are my specs: XP Home / SP2 / Comodo FP v3 / AVG Free / Firefox

* * * * * * * * * * * * * * * *

Very early Friday morning, I was prompted by my Comodo Firewall to upgrade to v3. The upgrade, so far as I could tell, went smoothly (other than completely wiping out my v2 settings--Grrrr). I played with it a little, then powered down and went to bed.

However, when I got up later that morning and started my computer, the following popup appeared at the very end of the boot process (e.g., I could see my desktop and all expected icons in my systray, etc.):


16 bit MS-DOS Subsystem : C:\\WINDOWS\system32\cmd.exe

The ntvdm cpu has encountered an illegal instruction.
CS:05c7 IP:026d OP:63 65 6e 74 65 Choose 'Close' to terminate the application

(I had a choice between 'close' or 'ignore'; I chose 'close'.)


Concerned it could be a virus, I Google'd and found varying opinions, but decided to run my two anti-virus programs. SUPERAnitiSpyware didn't pick-up anything, but AVG did: Downloader.Delf.AMK. (My own fault. I have no one to blame but myself. Moving on... ) AVG quarantined the trojan. I uninstalled the program that likely brought it on and deleted as many of the relevant registry items that I could find.

I also ran online virus scans from Kaspersky (yesterday) and BitDefender (today). Kaspersky didn't find anything, but BitDefender found a keygen.exe in my IE7 folder.

I deleted the keygen file, uninsta... Read more

Read other answers
RELEVANCY SCORE 41.6

\It seems Secure PC Cleaner has infected my computer and I cannot get rid of it. Whenever I am trying to browse most sites with stream videos this would always pop up.I am also getting an error that says that Hijack my system has denied access to my host files and that if that happens I need to edit the file myself. And another error that says: "An unexpected error has occured at procedure:modMain_CheckOther1Item() Error #75 - Path/File access error..."The rest of the message says to email Merjin, Also I have noticed it does not say my correct windows version, it says:"Windows NT 6.00.1904"Logfile of HijackThis v1.99.1Scan saved at 8:20:42 PM, on 8/26/2007Platform: Unknown Windows (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\WLTRAY.EXEC:\Windows\sttray.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Trend Micro\Internet Security 14\pccguide.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\QuickTime\QTTask.exeC... Read more

A:Infected With Securepccleaner Popup, Help Please

Welcome to the BleepingComputer HijackThis Logs and Analysis forum qwert555 My name is Richie and i'll be helping you to fix your problems.First enable the viewing of hidden files follow these steps: 1. Close all programs so that you are at your desktop. 2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner. 3. Click on the Control Panel menu option. 4. When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: 1. Double-click on the Folder Options icon. 2. Click on the View tab. 3. Go to step 5. If you are in the Control Panel Home view do the following: 1. Click on the Appearance and Personalization link . 2. Click on Show Hidden Files or Folders. 3. Go to step 5. 5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders. 6. Remove the checkmark from the checkbox labeled Hide extensions for known file types. 7. Remove the checkmark from the checkbox labeled Hide protected operating system files. 8. Press the Apply button and then the OK button and shutdown My Computer. 9. Now Windows Vista is configured to show all hidden files.We now need to flush System Restore.Turn off Windows Vista System Restore:1. Click Start.2. Right-click the Computer icon, and then click Properties.3. Click on System Protection under the Tasks column on the left side4. Click on Cont... Read more

Read other 3 answers
RELEVANCY SCORE 41.6

Hello;
I am getting a Popup in the lower right hand corner of my screen entitled "Your Computer is infected" (including a yellow triangle with an exclamination point). It is telling me to "Click here to protect your computer from spyware". Discussion groups online say that this is mailware so I have not clicked on it. It will not go away. I updated Symantic Anti Virus 10.1.4.4 and ran a full system scan. I ran Ad-Aware 2007 and AVG Anti-Spyware in Safe Mode. The Popup still appears. I am running Window XP Professional Version 2002 with Service Pack 2. Any assistance you can give me would be greatly appreciated.

Thank you;
george27

A:"your Computer Is Infected" Popup

http://www.bleepingcomputer.com/forums/f/55/spyware-and-malware-removal-guides-and-reading-room/there are a lot of nice self-help guides here by Grinlerknowing which one of the rogues you have is the tricky part

Read other 1 answers
RELEVANCY SCORE 41.6

I am running windows 8

 

In all of my web browsers I get popup ads that open in other tabs.

These popup adds range from me needing an update and to ones saying I am infected.

I installed ad block and try to look for any suspicious programs installed on my system or web browser.

I could not find any thing and the ads still persisted.

I also have no plugins installed in my browser that would cause ads

 

I have used the recommended Adwcleaner which also did not work.

 

I used the following tools to try and get rid of it.

 

Malwarebytes

Avast

Hitmanpro

Spybot

Ccleaner

 

None of these got rid of the ads

 

So I took things to somewhat extreme measures and did a basic reset with my system. I did not do a factory reset because that would have taken too long and I thought it would have the same result.

 

The rootkit still remained after the reset.

 

Any help given I will greatly appreciated.

A:Infected with a Rootkit that causes popup ads

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 13 answers
RELEVANCY SCORE 41.6

I randomly get popup ads that I can't always get rid of. They show up on my desktop and when I use the Windows task manager to end task it often closes Internet Explorer as well. The one I have on my desktop now is "Contectual ads by Snappyads - Windows Internet Explorer". I have Mcafee Security Center installed and running but it doesn't show any problems. I have my popup blocker turned on. My CPU usage is often at 100% with nothing open except Internet Explorer and the popup ad. My kids use AIM IM and various internet video games. I'm guessing something's gotten in through one of those things. I think it's malware but I'm a novice when it comes to these things.

DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 15:18:44.45 on Sat 04/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1051 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\... Read more

A:Infected with popup malware

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you wi... Read more

Read other 15 answers