Over 1 million tech questions and answers.

virus on http:// but not on http://www. - any advice

Q: virus on http:// but not on http://www. - any advice

Hi,

One of my sites had a virus (code injection) but I have managed to remove it.:

http://www.gavindouglasfashion.com/

However, on Google webmaster tools there is a message saying that it is still present on http://gavindouglasfashion.com/ (i.e. without the www. after the two slashes //)

Is anyone able to advise as to how I can resolve this as there is no virus present any more but I can't get a successful review from Google.

Thanks.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: virus on http:// but not on http://www. - any advice

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 93.6

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers
RELEVANCY SCORE 78.8

Yesterday I got this threat HTTP Malicious Toolkit Variant Activity 2 and my Norton Internet Security blocked them. I installed Malwarebytes and SuperAntiSpyware, updated them, restarted in safe mode, disconnected from the internet and did a full system scan for both and didnt detect anything. Today I got this threat HTTP SurfAccuracy Config Request.

So I was wondering if my computer is infected with malawares and if someone could give me a hand here.

Any help would be appreciated!

Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:03 AM, on 11/17/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Windows\s... Read more

A:HTTP Malicious Toolkit Variant Activity 2 & HTTP SurfAccuracy Config Request

Hello, gunnersluver
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .
We need to run a Scan with DDSPlease download DDS, and save it to your desktop, from one of the following mirrors:This is a mirror
This is another mirror

Disable any type of "Script Blockers" or "Script Protection" installed on ... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\... Read more

A:Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Read other 7 answers
RELEVANCY SCORE 78.8

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLAY ANTI SEEK\IDOLDEAD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

A:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

Read other 9 answers
RELEVANCY SCORE 78.4

After putting an usb drive that i use for printing avast started notifyng me of wscript.exe  trying to access this sites: (http://etpsoprc.ru/a/, http://specrtop.org/a/).
 
i dont know what to do and i cant initiate a lot of the cleaning tools mentioned on other sites. any help will be aprecciated.

A:problem URL: Mal Avast warnings - http://etpsoprc.ru/a/, http://specrtop.org/a/

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/500601 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 77.6

Hi, When i am trying to record and web application which is launched on Sharepoint i have below scriptweb_custom_request("ProcessQuery",         "URL=http://vc1cgr01cgi006:9090/_vti_bin/client.svc/ProcessQuery",         "Method=POST",         "Resource=0",         "RecContentType=application/json",         "Referer=http://vc1cgr01cgi006:9090/Lists/DSPortalBase/Home.aspx#",         "Snapshot=t2.inf",         "Mode=HTML",         "EncType=text/xml",         "Body=<Request xmlns=\"http://schemas.microsoft.com/sharepoint/clientquery/2009\" SchemaVersion=\"15.0.0.0\" LibraryVersion=\"15.0.0.0\" ApplicationName=\"Javascript Library\"><Actions><Query Id=\"23\" ObjectPathId=\"2\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query><Query Id=\"24\" ObjectPathId=\"5\"><Query SelectAllProperties=\"true\"><Properties /></Query></Query></Actions><ObjectPaths><Property Id=\"2\" ParentId=\"0\" Name=\"Site\" /><Property Id=\"5\" ParentId=\"... Read more

A:HTTP Status-Code=403 (FORBIDDEN) for "http://vc1cgr01cgi006:...

hi ! Same problem here, have you find a solution?

Read other 6 answers
RELEVANCY SCORE 77.6

This is one of the pop-ups that I consistently have. The following is my log file. Every time my internet explorer loads, it pops up. I hardly every use it - I mostly use Mozilla Firefox. I also get a popup from Smashhits, but I don't know the url to that one. Thanks for your help!



Logfile of HijackThis v1.99.1
Scan saved at 5:58:24 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Alarm\AlarmMonitor.exe
C:\Program Files\Alarm\Alar... Read more

A:http://newads1.com/cmapp/zx-adredirect.php?target=http%3A

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 2 answers
RELEVANCY SCORE 76

Is this considered a good maleware removal program? Even better than malwarebytes?

I ask because I have 2 suspicious items on my startup list that neither Mcafee nor malewarebytes have caught :
wtta
netd32

I was told that iobit would catch them and remove them..Need some advice,

Thanks!
 

Read other answers
RELEVANCY SCORE 76

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:48 PM, on 11/13/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exec:\PROGRA~1\mcafee.com\ag... Read more

A:Getting re-routed to http://alphawipe.com/ and http://destroytracks.com/

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 12 answers
RELEVANCY SCORE 73.2

i have a problem call redirect virus in my firefox need help i try everything

A:Need Help Removing Scour (http://63.209.69.107, http://8.26.70.252)

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 26 answers
RELEVANCY SCORE 72.8

HTTP Fake Antivirus Install Request 4Intrusion Attempt - High Risk - BlockedNetwork Traffic - 69.42.67.204 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\INTERNETEXPLORER\IEXPLORE.EXEHTTP Malicious IFrame Image RequestIntrusion Attempt - High Risk - BlockedNetwork Traffic - 89.248.179.94 ,80Attack Resulted from \DEVICE\HARDWAREVOLUME1\PROGRAMFILES\MOZILLA\FIREFOX\FIREFOX.EXEDo these events require investigation. Is my system clean.No unusual behavior to report.(May I run DDS and GMER from any user account)Edit > I was pointed to Bleeping by the Norton Community Forum. The Severity Risk for both Attempts is HIGH. HIGH is very unusual for me and Norton wanted me to investigate further at BC as to maybe Rootkit got in DDS (Ver_10-03-17.01) - NTFSx86 Run by BJMS at 17:18:36.39 on Thu 06/03/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.1709 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\... Read more

A:HTTP Fake Antivirus Install Request 4 | HTTP Malicious IFrame Image Request

bjm_ OP edit I hope my post to Norton Community Forum does not violate bleepingcomputer rules. I did not follow any instructions @ Norton Forum...other than "go to bleepingcomputer" to investigate / post Topic re this issue. ThanksEdit > Does bleeping send automated response by email that my Topic has been received .... and to wait for reply ....and what if no reply after X days ? Expected automated response Topic received with what to do if no reply after X days...understand Forum gets swamped ... just don't know if after 100 reviews I should have received automated response or any response or just too soon. Only one day...so may be too soon for even automated response.

Read other 31 answers
RELEVANCY SCORE 68

My systm is windws xp. I can't get to my browser (Comcast)because i am always directed to "HTTP//8/". I then must type in Comcast to get to their site. BUT, the real problem is that i get a beep every 10 seconds or so and that stops my ability to type. Then after 5 seconds or so i can type again. You can imagine the fun of typing this! Have run Norton and Lavasoft to no avail. Guy who built our system says he has never seen anything like it. Anyone out there with any ideas?? Thanks
 

A:HTTP//8/ Virus?

Looks like your browser is hijacked. Go to this site and download the HijackThis, post the log here, and wait for an expert to help you. Make sure that you save it in a separate folder of its own.

http://thespykiller.co.uk/files/hijackthis_sfx.exe
 

Read other 1 answers
RELEVANCY SCORE 68

Hello guys,I've gotten numerous alerts from Norton telling me that I have attempted intrusions from HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2. I have turned off my System Restore, continued to allow Norton to continue blocking the attacks, and have NOT rebooted my computer since first receiving the intrusion alerts.. so far I haven't seen any damage to my computer. I do, however, have sensitive information saved into my browser which I am worried about (I have since wiped out the master password). Here are my logs below:DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 15:00:37.71 on 07/06/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.149 [GMT -7:00]AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBC... Read more

A:HTTP Suspicious Executable Image Download, HTTP Tidserv Request & HTTPS Tidserv Request 2

GreetingsOne or more of the identified infections is a Backdoor Trojan.This could allow hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC could be compromised and there is no way to be sure that your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. "If you would like to continue, then follow the steps below, otherwise please let me know"I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit th... Read more

Read other 17 answers
RELEVANCY SCORE 67.6

Running XP home and inadvertently typed:

http://http://abc.com or whatever
http://http://forums.techguy.org

In Firefox, I get redirected back to Microsoft (!) while in I/E, Opera, I get an error (as does a Mac system).

Why does Firefox redirect to Microsoft on this obvious error?

Just curious, yet puzzled Ivan
 

A:Double http://http://

For what it is worth, Mozilla also returns an error page. Seems obvious. But Firefox, the browser redirects me to Microsoft when I click on any double http, ie

http://http://google.com

Right back to Uncle Bill's. How come, Ivan
 

Read other 1 answers
RELEVANCY SCORE 67.6

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?
 

A:What is the difference between 'http://www.**.com' and 'http://**.com

lagopi said:

Guys, Can anyone explain the difference between 'http://www.**.com' and 'http://**.com??

does it make a big difference?Click to expand...

What's the point? THey both open Google.
 

Read other 2 answers
RELEVANCY SCORE 67.6

Hi, A friend of mine gets an error when trying to connect to a website I host. If he types in www.website.com it says that the address is not valid. In the address bar it displays http:///?%20www instead of http://www. This only seems to happen when he tries to connect to my website. Other websites connect fine. I have run Norton, ccleaner and Spy Sweeper with no luck. Anyway, I saw someone else had a similar problem here and posted a HijackThis log. So heres his:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:26:29 PM, on 12/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\LogMeIn\x86\RaMaint.exeC:\Program Files\LogMeIn\x86\LogMeIn.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS ... Read more

A:Getting Http:///?%20www Instead Of Http://www

Anyone?

Read other 2 answers
RELEVANCY SCORE 67.2

I use Mozzilla but my internet explorer keeps on opening up and going to: http://bontrafic.org/s/in.cgi?9&key=cursos+finanzas by it's self

also none of my virus protection will update and I can not go to any virus protection website.

I have windows vista and I also have a hijackthis log but am not sure if Im suppose to post it.

Thanks so much!!!!!!

A:I have a virus IE keeps on going to http://bontrafic.org

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 67.2

I have a http.sys that is bigger than it should be (736k instead of 502k).
 
I ran Combofix today (as the system was running slower than normal).  After if had finished I could not get an IP address from the DHCP server.  Looking at the event logs, I was getting 7000 and 7001 errors on lost of services including the DHCP Client.  The Server Service would not start (dependency error like all the others).  The HTTP PNP driver showed an error in the device manager.
 
Tried every trick on the net without luck, including a 'sfc /scannow', and deleting dependsons.  ComboFix's restore point got me back to a working system again, but I'm guessing the http.sys is the root cause.
 
First Question:  How do I overwrite the http.sys file.  I have a good one but can not work out how to get access to delete and replace (tried stopping with 'net stop http' but still get access denied)
 
Second Question:  If it is a new virus, how do I report it.
 
TIA 

A:http.sys possible virus - how to report

If you suspect a malware issue...follow Steps 6-8 of Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html and then post the requested DDS log, along with your ComboFix log, as a new topic initiated in the forum which contains the Prep Guide.
 
After doing that, please come back to this topic and post the link to the new topic which you have initiated.  At that time, this topic will be closed to avoid confusion.
 
Louis

Read other 1 answers
RELEVANCY SCORE 67.2

I have this virus for a while now on MSN... it sends it to people I am having a conversation to, without me typing it. It comes up as http://xxxxxxx:8180 and if you click on it thats how you get the virus. It goes around very quickly because the virus makes it look like you are typing to send the person you are having a converasion with a website. By the way I am using Win.98... thank you very much

[I have edited the url to avoid temptation of others to test. -rr]
 

A:http://24.141.60.138:8180 (MSN Virus) please help!

You need to run an up to date virus scanner. You have JS/Exploit-Messenger. Take a look here http://zdnet.com.com/2100-1105-837525.html

Then go here http://housecall.trendmicro.com/
to do a free online scan.

Let us know
 

Read other 1 answers
RELEVANCY SCORE 67.2

just started getting http 400 errors and i keep getting this trojan and can't get rid of it. downloader.small.27.k trojan

here is a copy of my hjt log

thanks in advance for your help

Logfile of HijackThis v1.99.1
Scan saved at 4:13:45 PM, on 5/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Time Sync\time.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Lavasoft\AD-AWA~3\Ad-Watch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Pr... Read more

A:http 400 errors and other virus's

bump
 

Read other 2 answers
RELEVANCY SCORE 67.2

Hi all,
I've just signed up to this forum in desperation as I just clicked on a link that was sent to me in a personal message on facebook. I didn't even think twice about it and it took me to this video site that looked like some variation on youtube. It said I needed to download flash player 10 which I did........I'm guessing that's when the virus kicked in because now everytime I use my internet browser, it redirects to this damned website DO NOT CLICK (lots of other rubbish after this) and informs me that My pc needs to install antivurs sofrwarre. "Personal security can perform fast and free scan of your computer" it says. It then transfers to a webpage that is a picture of my 'my computer' page where it shows scanning the computer.

In addition to this, my facebook status changed to the url of this website which I quickly changed to prevent anyone else from getting the virus.

I need to get rid of it because I have a lot of important data on my laptop, not least all my dissertation work and composition portfolio for finals of my music degree. If anyone could help me out I'd be much obliged! I ran a spybot check which identified two Trojan entries under the name 'virumonde.sdn' although I have no idea whether this is related. Suffice to say even when I ran a spybot check, the virus still remained
Many thanks to anyone who can help me, apologies for the lengthy description!

Dan

P.S I have a screen print of the page ... Read more

A:http://bigthreem.com virus

First off delete that malware link.You say you are infected with personal security.Try the self help guide here http://www.bleepingcomputer.com/virus-remo...rsonal-security

Read other 1 answers
RELEVANCY SCORE 67.2

I have tried multiple scans and other options that ive found on the internet but they have not worked. I need help fixing this problem. The browser i use is google chrome and when i search for things and click on a link i get redirected to a search from this ip "http://8.26.70.252". any help is appreciated!

A:http://8.26.70.252 redirect virus

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 15 answers
RELEVANCY SCORE 67.2

I ran the HijackThis program and here is a list of files that were found. I am not sure which ones to delete, and I was told to post the files found, and I could recieve some knowledgable help as to which ones are creating this home page problem. Everytime I open up Internet Explorer, http://t.swapx.cc/h.php?aid=31403, comes up as my home page. Here are the files found, which ones do I delete?Logfile of HijackThis v1.98.2Scan saved at 11:48:11 AM, on 11/28/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\WINDOWS\System32\17jtevt1mhthd.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\DownloadWare\dw.exeC:\PROGRA~1\COMMON~1\WinTools\WToolsA.exeC:\PROGRA~1\Toolbar\TBPS.exeC:\Program Files\Common Files ... Read more

A:VIRUS HELP! http://t.swapx.cc/

Put HijackThis in a Permanent folder:Click My Computer / C: / File / New / Folder / name the folder; HijackThisPut HijackThis.exe, in this folder.This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.Read the pinned post in the HJT forum, hereFollow the directions, EXACTLY! This is important!Then, run a log, and post it in the HJT forum here. Do not, fix anything, yet.A member, of the HJT Team, will help you out.Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Read other 1 answers
RELEVANCY SCORE 67.2

ok I am having problems with this computer trying to get rid of this virus.
when I connect it to the internet it pops up with

http://(numbers are here(random)).ds.nac.net and so on and so on.

here is my hijack this file
Logfile of HijackThis v1.99.1
Scan saved at 4:49:59 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Debug\aolspysw.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ixvmzstffj.exe
C:\P... Read more

A:Unknown Http Virus

Read other 7 answers
RELEVANCY SCORE 66.8

Hi, As per New Instructions, [I hope I did it right,] here are my logfiles. The problem I am having is all clicks of links from searches produced by Google Yahoo-etc are redirecting to:
__________________________________

clickker.cn
Extremely sorry for posting that but thats what shows in my address bar [not in its entirety-thank heaven!
________________________________________________

Files requested:
--------------------------------------
DDS (Ver_09-09-24.01) - NTFSx86
Run by Rebecca Jefferson at 16:31:21.43 on Fri 09/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.502 [GMT -4:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Rebecca Jefferson\Desktop\dds.scr

============== P... Read more

A:Logfiles requested for problem of >http://clickker.cn Virus-kungsf virus

hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's any... Read more

Read other 6 answers
RELEVANCY SCORE 66.8

Don't know why my earlier thread was closed so I can't reply to "amateur".

Whatapp virus in e-mail and Facebook virus


I did follow before what your tech support usually posted to get a log file. Using GMER. After using Gmer was a disaster .

I restart the computer the screen freezes after loading desktop and never restart normally again. So I had to do a system restore to an earlier date on my P.C. to not get desktop freezing after I reboot. So since this experience I never follow what is posted here to do it again to get logs.

I reckon it was the Gmer program which altered the settings on my computer
and frozen my desktop screen whenever it booted up.
The Gmer scanning obviously made it worse.

After I did system restore everything started nomally again.

Thanks

A:http://www.techsupportforum.com/forums/f50/whatapp-virus-in-e-mail-and-facebook-virus

amateur closed it because he gave you a link to the malware removal forum where he'll work on your problem provided you supply the information requested.

Read other 1 answers
RELEVANCY SCORE 66.8
A:http://forums.techguy.org/virus-other-malware-remo val/930967-virus-trouble-help.html

hello instant000 and welcome to TSG.

The reason you couldn't post there is that you are required to have a gold shield (or green or blue, dependent upon your status) in order to post in the malware forums.

If you are interested, let me know, and I'll see if I can get one of the security experts to start you on your path to malware removal.

thanks,

v
 

Read other 3 answers
RELEVANCY SCORE 66.8

I was hoping I wouldn't have to resort to this, but I guess I've no other choice. I've looked up this thing and from what it sounds like, I'm in deep. Like an abyss.This whole fiasco started about a week ago when my parents found a charge from McAfee on their card. None of us ever purchased anything, and called McAfee and had them remove the charge which (according to my Dad), simply removed the LiveUpdate thing McAfee had.Not long after that, Google Chrome started acting weird and some program called "pbupdate.exe" had to be closed. My computer subsequently froze and I had to manually shut down.I rebooted my computer only to find that Chrome had been completely fried and would not load any web pages at all. Resorting to Firefox, I Googled "pbupdate.exe" and clicked the first link, allowing "Top PC Defender" onto my computer (and maybe some other things).As such, I ran Malwarebytes, SUPERAntiSpyware, McAfee, AVG, and Spybot to rid myself of the problem. When this yielded no results, I ended up using System Restore which seemed to get rid of the problem.Not long after, we switched over to Norton due to Comcast preparing a move, and uninstalled McAfee. Norton ended up having to uninstall AVG in order for it to install.And ever since then I've had these messages popping up repeatedly on my computer from Norton, telling me an attack was blocked but not allowing any action to be taken. The fact that I'm still getting these mess... Read more

A:HTTP Tidserv Request, HTTPS Tidserv Request 2, and HTTP Trojan Sasfis Activity

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 17 answers
RELEVANCY SCORE 66.8

Hello,On July 18th, as I was watching a streaming TV show, my computer apparently picked up Antimalware Doctor, which kept telling me that my computer was infected and that I needed to pay them money to get rid of all these infections. I managed to get rid of that with MalwareBytes. Shortly after though, my Norton Antivirus started regularly informing me (every 20 minutes to half hour) that it had blocked an intrusion attempt from either HTTP Tidserv Request (most common) or HTTPS Tidserv Request 2 (2nd most), and every once in a while some oddball like HTTP Fake Scan Webpage 5 or some Trojan (Vundo or Ad.Clicker). It seems like it's always been blocked, but as these Norton alerts keep coming, even when I don't have a browser open, I am upset and concerned. Also seems as if the attacks are coming from several different computers.I tried running Malwarebytes a few more times. It usually leaves me with 8 or so pieces of malware, identified as Rootkit or Trojan agents, which it tells me will be deleted upon reboot. However, after I reboot and run Malwarebytes immediately thereafter, there are still 8 pieces of Malware. I tried updating my Norton and running a scan, but that didn't fix the problem. I also ran Norman Malware Cleaner, with no real results.Again, though the alerts always classify the threat level as high, it seems like they are being blocked. I haven't entered any passwords into my computer since this came up, and I never save any on a regu... Read more

A:HTTP Tidserv Request; HTTPS Tidserv Request 2; HTTP Fake Scan Webpage 5

Very sorry about the multiple posts. Firefox had gone grey, and I didn't think any had gone through. Sorry.

Read other 21 answers
RELEVANCY SCORE 66.4

hello,

i am very new to this whole posting thing, but i have a problem and was wondering if you could help me out. everytime i open internet explorer, i get sent to http://teenhqpics.com/?homepage.com and then a website dialer pops up and eventually my internet connection gets disconnected if i dont close the page quickly enough, please help,

Josh
 

A:http://teenhqpics.com/?homepage.com .. virus

Read other 9 answers
RELEVANCY SCORE 66.4

Ok so i first noticed a problem with my computer from my MSN Live messenger. When i click oh my new inbox msg's it used to direct me to my hotmail account. Now all it directs me to this site http://g.msn.com/5meen_au/11 before finally ending up at my inbox.

Lately I've been receiving numerous emails which seem to be scams and spam related, and PC performance is slow and un-usual.

I've installed and run anti-virus/spyware/malware software. It has removed a few things. But I'm still have an unusual feeling about the re-direct through MSN Messenger.

Any help would be much appreciated.

Thanks, Rhys.
 

A:Malware?Virus? : http://g.msn.com/5meen_au/11

Please do not create multiple threads for the same problem.
Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/889093-malware-http-g-msn-com.html
 

Read other 1 answers
RELEVANCY SCORE 66.4

my freind recently downloaded a virus from this site http://www.ianpeterson.com/photos.pif as a trick, im wonder how u can get rid of it without d.lin programs fer it.. (hes a noob on comps)
 

A:http://www.ianpeterson.com/photos.pif virus

Why not run a Virus Removal Program, such as AVG:

http://free.grisoft.com/doc/1


 

Read other 1 answers
RELEVANCY SCORE 66.4

Kids got this message in AIM
HAHA LOOK AT HER (potentially harmful link removed)
And it repeats it self to all in bubby list
 

A:PIF Virus http://www.bennett.cc/pictures.pif

I have removed the link so no one clicks on it. Do you need help cleaning up? If so, please do this. Click here: http://www.thespykiller.co.uk/files/hijackthis_sfx.exe
to download HijackThis.

Close all open windows and open HijackThis. Click “Scan”. When the scan is finished, the scan button will change to “Save Log”. Click on “Save Log” and then save it to Notepad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

Read other 1 answers
RELEVANCY SCORE 66.4

Hello everyone,

I managed to get the above on Sunday the 16th of August

Hereunder, you will find the first log file of DDS which I ran. Could you please help in letting me know of what ought to be deleted (and how it should be)?

The .txt file is the second log file of DDS results.

I look forward to your help as I am stuck for the time being.
With all my thanks

Shaanou
.......................

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17457 BrowserJavaVersion: 10.67.2
Run by User at 21:48:39 on 2015-08-18
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\TechSmith\SnagIt 9\SnagIt32.exe... Read more

A:Virus/trojan/malware - http://hi.ru/?44

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

Read other 9 answers
RELEVANCY SCORE 66.4

I have a virtumonde virus whereby my internet explorer repeated opens by itself and goes to "http://url.adtrgt.com/." I've used SpyDoctor, AVG, Spybot, Adaware, FixVundo, VundoFix, nothing has working. I'm about to post my HijackThis and ComboFix log. Any help would be greatly appreciated.
 

A:Vundo Virus, HELP! -- IE Pop ups to http://url.adtrgt.com/

Here's my Log from HiJack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:15 PM, on 4/19/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
E:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Wi... Read more

Read other 1 answers
RELEVANCY SCORE 66.4

Hi guy, here's a tip for you all, free of charge: never accept a link that a pal on msn calls "really hot". I did accept and now a Trojan virus has nested itself in my computer. my PC has become slower and when I open my start-page, I immediately get re-directed to porn, porn and more porn. And when I manage to open a new page and type in something like www.yahoo.com, the url is automatically changed into: http://www.microsoit.com/direct.php?url=www.yahoo.com. I wanna get rid of this but don't want to re-install windows '98. Please help me!
O, and maybe this will sound stupid, but is it possible (hey, what do I know about virusses, this is my first one) that my internet-connection is now directed through pay-per-view porno or something?

I have a IBM Pentium 2 computer and a broadband internet connection (DHCP). I ran Norton (is it my inexperience or does Norton suck?), Ad-Aware but maybe I did something wrong, but it doesn't work.
 

A:virus: http://www.microsoit.com/direct.php?url= ?????????????

Please do this. Click here: http://www.sherrylynn.us/HijackThis.exe to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and then save it to NotePad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the log and advise.
 

Read other 3 answers
RELEVANCY SCORE 66.4

Got this bloody msn virus! web4links one! so annoyed! heres my hijackthis log, can any of you please tell me how i can get it rid of it. Many thanks in advance guys!

Logfile of HijackThis v1.99.1
Scan saved at 23:56:22, on 29/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\winstall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\{D4E3309C-077B-1033-0710-03060203002c}\Update.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mic... Read more

A:http://web.links4all.biz/ MSN Mesenger Virus Please Help

Read other 12 answers
RELEVANCY SCORE 66.4

My moms computer had a http://www.searchnu.com/406 virus that I removed yesterday along with other trojan virus. I am now able to set Yahoo as a homepage again and the new virus scan does not show any new viruses. The problem is that now she tries to go online to sites like Ancestory.com or MyLife and her keyboard can not type in the information that she wants to search for. The keyboard is making a different noise then it ever did before and it will not type anything. Can some help me?

A:After removing http://www.searchnu.com/406 virus

Hello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us Please do NOT run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post. Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification... Read more

Read other 12 answers
RELEVANCY SCORE 66.4

Hello, I am new to this so.... I have these messages come up that say there is a Trojan, but everytime I delete it, or "Move to Chest", it seems to come up in a new area. What I mean by that is, one time it was in: C:\Windows\Temp\nerq.tmp\svchost.exe and then, about 2 mins later, it was in C:\Windows\Temp\kxii.tmp\svchost.exe . I have run AVG and it found it once, but I was told to restart my computer (By AVG) and then AVG hasn't seen it any other time I run the scan. Now, I have run 2 other Anti-Virus scans, and they have not found anything, but I am getting pop-ups from Avast! Anti-Virus, AVG, and ESET Nod32 Anti-Virus. I have also tried to reformat, but when I run my install disc, it says "Couldn't find BOOTMGR", if someone could please help me, I would greatly appreciate it.

P.S. - I am going on a trip tomorrow, leaving at around 4 p.m. EST, if anyone could please help me before then, it would be very helpful.

A:Please Help - "http://bevaccine.com/loaderadv799.exe" virus

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 14 answers
RELEVANCY SCORE 65.6

Hi! I'm new to this forum. Thanks for accepting me!

I really need help in removing some viruses from my computer. I have been getting the same 3 Trojan horses in the couple of months, and have managed to get rid of them. But this really weird thing happened about a month ago. I was just on Google not doing anything when 3 random Java popups and requests to let the Trojan horses mentioned above run appeared. I naturally clicked no but then the computer froze so I had to hard reset it. When the computer booted up again, Norton removed these Trojan horses but was reporting 20 attacks a minute and still is (HTTP Phoenix Toolkit Activity 1 and 3, I believe). At first, other computers were attacking me, but now my computer is attacking itself. Also, I have been redirected on Google to random websites. I believe a rootkit has gotten into the computer. ComboFix could probably remove this rootkit, but I do not want to run it as it seems very risky. Also, I have tried many other anti viruses and anti rootkits, but to no avail. If possible, I would like to avoid using ComboFix to remove this virus.

Thanks in advance. Please reply quickly.
AA500

Read other answers
RELEVANCY SCORE 65.6

I am running windows 7 64bit. I somehow have a redirect virus in both chrome and firefox. I ran malware-bytes and it did not find anything. Norton Shows nothing as well. I disabled the CD-emulation and here is a copy of the logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Owner at 22:35:54 on 2012-01-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4162 [GMT -7:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:&... Read more

A:http://www.searchqu.com/406 virus/ Seacrh-results.com

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 3 answers
RELEVANCY SCORE 65.6

Hi everyone... I have a virtumonde virus that directs me to [<hxxp://url.adtrgt.com> from internet explorer. I've tried Adaware, spybot, avg, spydoctor, fixvundo, vundofix, nothing seems to work. Please advise me on this issue. Below is my log from HiJack This. Shall I go ahead and post my log from ComboFix?---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:15 PM, on 4/19/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeE:\PROGRA~1\AVG\AVG8\avgwdsvc.exeE:\SmartPCTools\Registry Repair Wizard\RCHelper.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Users\Roger Jin\AppData\Local\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exeE:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Spyware Doctor\pctsAuxs.exeC:\Program Files (x86)\Spyware Doctor\pctsSvc.exeC:\Program Files\Sony\VAIO Care\listener.exeC:\Program Fi... Read more

A:Virtumonde Virus -- Pop-ups directing me to http://url.adtrgt.com

I have another problem relating to this... Tried to run combo fix but said that it was incompatible with my system. I use a Windows Vista, 64 bit system... what can I do?

Read other 3 answers
RELEVANCY SCORE 65.6

Hi!

I've had problems cleaning both the vundo juan virus and there has also been an annoying adware which is from http://topinfo.c.la/ which keeps appearing on IE.

I have tried various tools including Spybot, Superantispyware, XoftSpySE. Every time it detects and removes it when I restart my machine the virus keeps coming back. The Vundo Juan virus keeps on appearing on my registry key.

Here is also a copy of my latest log file below.

These two bugs are driving me mad and would be grateful for some help to remove them permanently!

A million thanks!

<Meta info="XoftSpySE-SP1 Tech-Support Log" time="03-07-2007-10-40-54" />
<SysInfo Operating-System="Win XP" Service-Pack="Service Pack 2" XoftSpy-Version="4.31" DB-Version="245" DB-Date="2007/6/27" Working-Dir="C:\Program Files\XoftSpySE\" License-Key="2D802-EE520-822C0-EC8A4" Vendor-ID="1" Product-ID="1" Auto-DB-Update="on" Auto-Program-Update="on" Auto-Removal="on" Exit-When-Finished="on" />
<ScanSettings scanActive="true" scanRegistry="true" scanSysFolders="true" scanDrives="true" scanHosts="true" scanAdvScan="true" />
- <Processes>
<Process name="C:\WINDOWS\system32\services.exe" md5="c6ce6eec82f187615d1002bb3bb50ed4" />
<Process name="C:\WINDOWS\sy... Read more

Read other answers
RELEVANCY SCORE 65.6

i found this page here
http://benosullivan.co.uk/windows/how-to-fix-http67-201-36-16nolink-redirect-virus/
It says atapi.sys is infected (Numerous scans cant detect it, but im relying on this info), I went to my drivers folder and I found atapi.sys along with atapi(638).sys

Is atapi(638).sys required?
and is it safe for me to copy the atapi.sys from My vista Basic laptop to my Vista Home Premium Driver folder?
 

A:http://67.201.36.16/nolink.html Redirect Virus

Read other 16 answers
RELEVANCY SCORE 65.6

Hello Ive just been on chat to Norton for 3 hours trying to rid my computer of the "http fakeAV Redirect request 9" bug. The man tried several things to remove it, but in the end was unsuccessful and needs to research it.

Is anyone familiar with this problem and know of the solution? Google keeps redirecting to pages and i am worked about my accounts getting hacked.

Help much appreciated

jill

A:virus: http fakeAV Redirect request 9

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 1 answers