Over 1 million tech questions and answers.

Windows Xp Pro--"spyware Threats Detected"

Q: Windows Xp Pro--"spyware Threats Detected"

Recently got this spyware threats detected. Ultimate defender ad. I don't want to buy that. I have already run AVG FREE scan, CCleaner, Spybot Search & Destroy and now Stinger is running a scan. Hopefully I will be able to extract the hijackthis setup file to run it next. I did not have it installed prior to. Whenever I try to install it, the window automatically closes so I can not continue. Also, google search for hijackthis would cause the explorer window to close. Any suggestions?

RELEVANCY SCORE 200
Preferred Solution: Windows Xp Pro--"spyware Threats Detected"

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Windows Xp Pro--"spyware Threats Detected"

Go to the Hijack This file you downloaded. Right click on it and change the name to "Lasthopescan". Now see if it will install.Rogue Remover may get rid of this for you. http://www.malwarebytes.org/rogueremover.php

Read other 1 answers
RELEVANCY SCORE 72.8

I am receiving trendmicro pc-cillin alerts of blocked attempts for the following viruses/spyware:

ADW SAHAGENT.M infected file - C:\windows\sahagent-1002.exe
SPW VT BOUNCER A infected file – C\windows\system32\ffinst.exe
ADW GAINJ infected file – C:\windows\downloaded program files\hdplugin1018.dll
ADW VITUMONDO.D infected files C\windows\system32\akcore.dll and C\windows\system32\akupd.dll

PC-Cillin & Microsoft spware scans have detected threats and cleaned them, but these keep reappearing. How can I clean them for good?
Thanks
Here’s the HijackThis log:
Logfile of HijackThis v1.99.0
Scan saved at 10:47:11 AM, on 4/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\BCMSMMSG.exe... Read more

A:Multiple spyware/virus threats detected by PC-Cillin

Read other 15 answers
RELEVANCY SCORE 64.4

Windows Defender has detected the following 3 threats on my system and I need help removing them:

Program: Win32/Winfixer
Spyware: Win32/C2Lop.A
Adware: Win32/Virtumonde.A
Can someone help me with the removal of these threats please?

Thanks SO much!

A:Windows Detected 3 Threats! Need Help Removing

Follow the instructions in How to Remove WinFixer / Virtumonde .Then download and install SUPERAntiSpyware. Run the scan in Safe Mode and allow it to quarantine whatever it finds.

Read other 7 answers
RELEVANCY SCORE 62.4

Long story short - I'm having literally the same exact problem this guy was having:

http://forums.techguy.org/malware-r...xplorer-problems-audio-video.html#post6431160

But I saw that no one answered his question, so I'm hoping maybe you'll give me a shot! This is a very important computer with my work stuck on it and I must get it working again!

I could tell my computer was asking slow for a week or so and that I had a virus. I finally decided to do something about it. Ran Malwarebytes..found viruses.. deleted.. but still it was running a little slow.. so I Purchased and ran Norton 360, it detected and deleted all kinds of files, rebooted, and immediately it seems my windows shell is corrupted! No taskbar, no startbutton, (even when I hit ctrl/esc) most windows functions are inoperable. No drag and drop.. no copy/paste.. 90% of programs won't work.. No internet, most startup items don't load... Sys restore doesn't work, it's messed up in Safe Mode and command prompt mode also.

I really must know what to do! This is horrible!
Please help!
If you need the hijack log I should be able to post it later tonight.
(if it allows me!!) It may not! It no longer lets me install or run programs without an error. I tried to reinstall Malwarebytes and I get
"failed to load vbal6grid.. vbalsgrid6.ocx"
This is one of 100 different errors I get when I try to do anything now.

Maybe corrupt dlls?

S
 

Read other answers
RELEVANCY SCORE 59.2

As the title said, AVG 2014 (free version) detected 10 threats, but I'm pretty sure they are not threats, so I want to check with someone who actually knows what he/she's doing. I tried to google them, came up with no results. I have Windows 8.1. The report is below. Thank you!
 

Scheduled Scan

 

 

 

 

 

 

 

High priority;"10";"0";"10"

 

 

 

 

 

 

Folders selected for scanning:;"Scan whole computer"

 

 

 

Started:;"2014-02-27, 11:14:00 AM"

 

 

 

 

 

Finished:;"2014-02-27, 11:33:26 AM"

 

 

 

 

 

Total object scanned:;"352504"

 

 

 

 

 

User who launched the scan:;"SYSTEM"

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Name;"Description";"Result";"Status";"Priority"

 

 

 

 

C:\Program Files\WindowsApps\Deleted\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe51269377-c1e2-42d0-ad49-aa267... Read more

A:AVG detected threats, but I'm not sure they are really threats

The JS file type is primarily associated with JavaScript.When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets (malicious Java class files) are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in Java which could be used to allow adware, phishing programs or other types of fraudulent software to be installed on a computer. For more information about Java exploits, please refer to Anti-Virus has detected a virus. Is it related to Java?.In your case, these .js files appear to be stored in the WindowsApps folder found on Windows 8.Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality.

Read other 4 answers
RELEVANCY SCORE 56.8

my computer is infected by spy-agent.bw.gen!men, a trojan. the path is c:/windows\system32\winlogom.exe ; I need to know how to remove it. thanks for any help.
 

Read other answers
RELEVANCY SCORE 56.8

I ran a full scan of AdAware and it had not even run a competed scan and it found 26 infected files. Instead of continuing or removing them I came here to have you guys take a look.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:17:54 PM, on 11/17/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Location Finder\LocationFinder.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\ProgramData\Search Protection\SearchProtection.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome... Read more

A:Threats Detected

Read other 12 answers
RELEVANCY SCORE 56.8

Hello

I have been infected and I need some help! Unfortunately I am somewhat technically challenged, so I ran out of ideas pretty fast.
I have Windows Vista and was using Internet Explorer.
I run kaspersky anti-virus software which was up to date.
I went to a legitimate site streaming video - and got an annoying pop up, and before I could get rid of it my anti-virus software detected malware (I think it said a trojan horse.)It couldn't get rid of it. Now kapersky tells me I have 3 threats - it says type: vulnerability (events 3.) So the theats are:

Type File Path C:\Windows\System32\ Name acer.exe and apparently this is 'highly dangerous.'
Type File Path c:\programfiles\quicktime\ Name quicktimeplayer.exe and this is 'very dangerous.'
Type File Path c:\programfiles\itunes\ Name itunes.exe and this is 'very dangerous.'

It also gives me links to what these mean. Apparently the acer.exe one is something to do with adobe flash player. The secunia id is SA41917.
The quicktime one secunia id is SA39259.
The itunes one is secunia id SA43582.

I wasn't running the most up to date versions of itunes and quicktime. I'm assuming the film site must have opened quicktime without me asking - and then I got infected. Obviously I won't be making this mistake again but it is too late now.

I have tried some of the solutions on this site and elsewhere for getting rid of them. I have run malwarebytes a... Read more

A:threats detected - can't get rid

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 1 answers
RELEVANCY SCORE 56

fake windows security center, stops applications from starting, etc
i ran it in safe mode, hope it still gives the right info

DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by owner at 22:57:40.28 on Thu 04/22/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3032.2653 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Users\owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uInternet Settings,ProxyOverride = <local>
uIntern... Read more

A:fake AV threats detected

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 56

Is anyone getting the pup.price.ninja threats? I get the same 4 pup threats every time Malwarebytes scans. I also noticed that I get advertisement popups while running Chrome that I don't get running Firefox. I have popups turned off but these popups continue regardless what site I am on. Only recently started getting these. May have to stop using Chrome.

A:PUP Threats Detected By Malwarebytes

The "pup" stands for "potentially unwanted program." The "price.ninja" has probably been added to your system by a site you have visited.

Read other answers
RELEVANCY SCORE 56

Hello,
 
Recently my computer began acting strangely, playing random sounds on webpages that had no sound (confirmed by a friend with an different computer accessing the same page) and now prompting me to select my profile at startup when it never did that before (and I have changed no startup settings). I ran MBAM and it came up clean, but when I ran Avast! it found one threat called
 
Threat: HTML:Iframe-inf
 
I ran a boot-time scan on Avast! right after this and it found 7 infections:
 
Threat: Java:CVE-2011-3544-AH [Expl]
Threat: Java:Agent-AIH [Expl]
Threat: Java:Agent-AIM [Expl]
Threat: Java:Agent-AIA [Expl]
Threat: Java:Agent-AIL [Expl]
Threat: Java:Agent-AIA [Expl]
Threat: Java:Agent-AHJ [Expl]
 
Avast! deleted or moved these to quarantine, but the symptoms persist, so I'm not convinced it got rid of everything. I am hoping one of you can look at this for me. Here is the DDS.txt log requested:
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.51.2
Run by Benamin at 21:09:58 on 2014-04-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12265.9786 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:... Read more

A:Recurring threats detected - please help

Hello psionictempest I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

Read other 20 answers
RELEVANCY SCORE 56

Vista 64-bit system.  Ran MBAM, SuperAntispyware, and trial version of Hitman Pro, but "no threats detected."  MSE History window shows the following detected items that continue to appear after supposed removal: 
 
TrojanDownloader:Java/Classloader
Exploit:Java/CVE-2013-1493
 
I uninstalled two old versions of Java that were in the list of applications.

A:MSE pop-up "detected threats are being cleaned"

Hello cleome Please run these next.... Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows ... Read more

Read other 7 answers
RELEVANCY SCORE 56

Hi there my father seems to be having a problem with his dell with windows xp laptop. Avg is always poping up saying multiple threats detected in c:\System Volume Information\Microsoft\smss.exe and c:\System Volume Information\Microsoft\services.exe. It seems to also have an effect on his volume control where it will mute the wave. There are also 2 of each of these services running in task manager so I can assume this is some type of infection that has gotten past AVG. I have included a log file from HijackThis.
Logfile of HijackThis v1.99.1
Scan saved at 11:19:22 AM, on 7/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\System Volume Information\Microsoft\services.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\System Volume Information\Microsoft\smss.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgw... Read more

A:Avg Multiple Threats Detected

Read other 16 answers
RELEVANCY SCORE 56

We have recently had a home PC infected (with SMART H.D.D and maybe more). After many, many anti-malware scans with various anti-malware products, registery fixes, etc., we have finally gotten the PC "cleaned" enough to boot into normal mode and appears to be stable so far.

Finally, last night, we uninstalled McAfee and installed our newly purchased Kaspersky Pure 2.0 and ran a Full Scan. The Full Scan found the following threats:

Trojan-Spy.Win32.Carberp.e (from Outlook email ... UPS_Print_label.exe) ... Reason is: Disinfection impossible

Worm.Win32.Mabezat.h (from Outlook email multiple attachments - ...e_231.zip // Gift_Certificate_231.exe // UPX) Reason is: Disinfection impossible

Trojan-Dropper.Win32.Agent.bzst (from Outlook email attachments ... iTunes_certificate_297.zip // iTunes_certificate_297.exe //UPX Reason is: Disinfection impossible
My questions are:

1. What does the Fix button actually try to do?

2. Can we even "Fix" them since Kaspersky gave reason of: Disinfection impossible (is this because they are "packed" or "zipped"?

3. What are these Trojans and the Worm we found and what is the behavior and threat description for these?

4. What is a UPX?

Thanks for your help.

A:Need help removing threats detected

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, nv87654 I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on. ---------------------------------------------------------------------------------------------------1. Not sure what Fix button you are referring to.2. Based on my first observation, I can tell that these detected items are mainly from your email attachments. You will need to delete them manually but careful not to open attachments inside.3. The behaviour of these trojans and worms generally will spread itself once executed. It will drop some files and patch system drivers to allow hackers access computer through backdoor. Kind of like some... Read more

Read other 2 answers
RELEVANCY SCORE 56

Hi, I have an Acer computer, with Avast! and Malwarebytes (free verions). I previously had infections but quarantined them on Malwarebytes. I have the updated versions and regularly do full scans on both. Started to receive virus warnings on lots of sites including a major social networking site. Downloaded STOPzilla and did a full scan and it said I had 158 infected files including a few Trojans. Just to be sure, I ran a full scan on Malwarebytes and this didn't show up any infections! Read some bad reviews re STOPzilla and uninstalled. I'm still unsure as to whether I have any infections as increasingly I can't get internet access (not my provider's fault). Any ideas as to whether I have enough security or any infections?
 

A:390 Virus Threats Detected! Please Help???

Read other 10 answers
RELEVANCY SCORE 56

Hello,

I keep receiving red alerts on my computer letting me know that my computer is infected with viruses and so on. I also receive a blue screen every 5 mins letting my know am infected and to upgrade my antivirus. I did a research on googles on this antivirus 360 and it mention this is fake. I have absolutely no idea on how to remove this threat from my computer. If someone can please assist me on doing so. I really would appreciated.

It is called antivirus 360
thanks so much

A:Antivirus 360- threats detected

Hello and welcome. Hopefully we can start here with a scan log from MBam. Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click o... Read more

Read other 14 answers
RELEVANCY SCORE 55.2

This is all new to me so please be patient if I have done something wrong, I did read all the instructions, but I could have omitted something, so apologies in advance.
I have a colleague who has been having problems with a pc, slow, unresponsive etc. It does have McAfee on it, however I ran a scan which picked up several problems. McAfee said which ones were removed, and which ones were not. Mcafee did not warn at the time.

HKLM winlogon userinit changes cleaned
ntos.exe cleaned
sdra64.exe cleaned
twex.exe cleaned
twext.exe cleaned
winlogon.exe Failed.

I have run Mcafee twice, and the same items are still errored as above

I have run a HJT, I can attach/post this, at the moment I have attached a RAR that has the DDS.txt, and the attach.txt, as per the instructions (hopefully followed correctly)

NO I HAVE NOT, RAR is not permitted! Pasted below are the files then, I must get a copy of winzip then.

Hopefully this is the correct form, I will read more tutorials in the meantime.

Thanks in advance for any assistance/pointers.
McP
DSS.txt below.

DDS (Ver_09-03-16.01) - NTFSx86
Run by maureen at 11:25:28.89 on 05/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default)... Read more

A:List of threats detected from McAfee some won't go

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

not much to say really... i scanned today with adwcleaner and 4 new threats showed up, i didnt see them in previous scans.

i joined to the post the FRST scan files and adwcleaner log file from the scan.
 

Read other answers
RELEVANCY SCORE 55.2

I just installed AVG free edition on my computer. The AVG keep detecting Win32/Heur. I keep moving it to the vault but about every 15 mins the alert pop back up saying it detected a threat. The file name is C:\DOCUM~1\ADMIN~1/LOCALS~1\TEMP\5DC.tmp.exe Process ID:440.

I scan my computer using AVG, and it also found 21 Win32/heur starting with file name C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\C.EXE THRU W.EXE.

I need help!!!

Here is the HTJ log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:05 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\dwbgfapi\pgrizazo.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1190230044\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd... Read more

Read other answers
RELEVANCY SCORE 55.2

whenever i turn on my pc, windows xp loads fine, but while startup i get a spoolsv.exe application error which is a virus, whenever i run a full scan using avg or malwarebytes usually they dont detect anything but sometimes they rarely detect few threats, avg antirootkit tool and root repeal do not detect any rootkits whenever i connect my pc to the internet sometimes my avg detects a trojan backdoor or sometimes my threatfire detects a pontentially unwanted alert (location c:/ Windows/temp/vrtc something) and my pc restarts automatically only if i open my root alyzer program provided by spybot sd whenever i run a fullscan using spybot sd it detects only 1 trojan win32.delf.uc it looks simple but still its a really serious issue for me someone plz helppppppppppppppppppppppppppppLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:02:10 PM, on 3/13/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft�... Read more

A:spoolsv.exe virus/ sometimes threats are getting detected

Hello, sachin naik.My name is aommaster and I will be helping you with your log.If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.Thanks and again sorry for the delay.Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:RSIT Log

Read other 34 answers
RELEVANCY SCORE 55.2

Recently, I downloaded an application that when installed, came with many other attached applications, and from there my computer started acting strange.  MBAM keeps on alerting me of threats including something along the lines of rootkit.kamahuda.PUA or something like that. Can somebody take a look at my FRST logs? thanks!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-04-2016
Ran by andrew (administrator) on ANDREW-PC (19-04-2016 17:42:41)
Running from C:\Users\andrew\Desktop\chemlab
Loaded Profiles: andrew (Available Profiles: andrew)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
(Qihu Software Co. Limited) C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Malwarebytes not Quarantining all detected threats

Hi azhang My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;If you d... Read more

Read other 20 answers
RELEVANCY SCORE 55.2

I read the pinned "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." I followed the instructions; however had trouble with GMER. I'm running Windows 7 64bit OS. GMER won't work with Windows 7 64 bit OS.The problem-- I did a scan with my free Avira AntiVer Personal and it detected 6 things and quarantined them.I also did a ESET scan which detect multiple threats as well and quarantine them.My computer seems to be running normally, but I'd like to make sure everything is ok. Could you please help?I do have the DDS.txt and Attatch.txt I'm also including my Avira AntiVer Personal and the ESET log files.I've subscribed to this topic FYI.Thanks in advance for your help!Avira AntiVer Scan:Avira AntiVir PersonalReport file date: Saturday, June 12, 2010 19:17Scanning for 2206493 virus strains and unwanted programs.Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows Vista 64 BitWindows version : (plain) [6.1.7600]Boot mode : Normally bootedUsername : SYSTEMComputer name : MARGEAUX-PCVersion information:BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 16:26:33AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52VBASE000.VDF ... Read more

A:Infected: Multiple Threats Detected

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run SophosPlease download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.If the scan did not start automatically, ... Read more

Read other 15 answers
RELEVANCY SCORE 55.2

I try to download iwisoft video downloader from CNET and found 2 short cuts on my desk top that was not there before , ( SYNC FOLDER & MY PC BACKUP ) Not only that but iwisoft video downloader dont work , it keep saying i need adobe flashplayer even after i install the flash player . i did a malwarebytes scan and it came up with 14 detection .
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: AMD A4-4000 APU with Radeon(tm) HD Graphics, x64 Family 21 Model 19 Stepping 1
Processor Count: 2
RAM: 2271 Mb
Graphics Card: AMD Radeon HD 7480D, 768 Mb
Hard Drives: C: Total - 319899 MB, Free - 254015 MB; D: Total - 156937 MB, Free - 156843 MB; F: Total - 49999 MB, Free - 49799 MB; G: Total - 102618 MB, Free - 102318 MB;
Motherboard: MSI, FM2-A85XMA-E35 (MS-7721)
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

A:Malwarebytes Scan Threats Detected .

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/31/2014
Scan Time: 12:51:23 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.31.05
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 259624
Time Elapsed: 5 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65daaf6f-90ac-49a4-9b47-d353c427367a}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{3d2409fc-ae09-4859-baa1-032c4af0c952}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9D842DD0-7F7D-444C-8BDD-EC9A702C62D9}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{65DAAF6F-90AC-49A4-9B47-D353C427367A}, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.AtuZi.A, HKLM\SOFTWARE\CLASSES\CLSID\{65DAAF6F-90AC-49A4-9B47-D353C427367A}\INPROCSERVER32, , [b55cf3b363185ed8ef70423e7889f20e],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

I have XP with service pack 3. When I do a google search and click on the results I am redirected to a different site. My AVG detected two threats as follows:

File: sobakozgav.net/index.php
Infection: Exploit Javascript Obuscation
process name: iexplore.exe.

File: thecheckdomain.com/news/data.html?ID=20
Infection: Exploit Neosploit Toolkit (Type 779)
process name: firefox.exe

I have Dr. Web, Spybot Search and Destroy, Malwarebytes, Super antispyware, spyware blaster, and ATF Cleaner.
It looks like I am not the only one having this problem. Thank you.

A:Redirecting firefox threats detected

Here is the latest with my computer.
I updated AVG this morning and in the middle of this I had all kinds of security alerts. Windows firewall was turned off. XP Smart security alert for all kinds of threats. The first thing I did was disconnect from the internet. I tried to turn on my firewall but could not. I ran Malwarebytes and here is the report:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3972

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/10/2010 6:42:55 AM
mbam-log-2010-04-10 (06-42-55).txt

Scan type: Quick scan
Objects scanned: 112884
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken.
C:\Documents and Settings\"my name"\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> No action taken.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.Mul... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

I am running XP and IE 6. My computer seems to have been hit by a plethora Trojans recently. I used a couple of programs to scan my computer and here is a list of what is coming up (some of these may be redundant because the programs I scanned with were different):

Trojan. ZQuest
Trojan. ZQuest Installer
Trojan. Downloader-Gen/Inst2
Trojan. Downloader-Gen/VTTC
Adware.UCMore/Search Accelerator
Adware.Web Buying

Spyware.Adxgate
Dialer.Uyelik
Backdoor.Hupigon
Spyware.BigBlue.Ol
Dialer Plug.In Movie
Trojan.Ld Pinnch
Trojan.Ragrok

Smitfraud
Sfonditalia
Media Codec.Zlob trojan
Worm_FALSU.A Trojan

I ran Hijack This and SuperAntiSpyware and will attach the logs.

I appreciate any help. And for future reference what are the best (and affordable) antispy , malware removal programs worth buying that would consistantly and thoroughly eliminate these problems and keep my PC protected.

Logfile of HijackThis v1.99.1
Scan saved at 11:17:57 AM, on 5/28/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\NAVRoam.exe
C:\Program Files\NavNT\rtvscan... Read more

A:~30 Threats Detected HJ Log, Anti Spy Log included.

Hi, Welcome to TSG!!

You need to go here and install "Service Pack 1" This will patch numerous security holes in IE and Windows. As your machine stands now it is wide open to attack from all sorts of nasties. You need to get these updates before we proceed or we will be wasting our time.

DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed. After you get SP1 installed, restart your computer. Come back here and post the new Hijack This log.
 

Read other 1 answers
RELEVANCY SCORE 55.2

Hi, am new in this forum and wonder if someone can help please? I am trying to assist a friend with his computer (whose PC will not currently connect to the Internet). He runs Win Vista and has CA antivirus installed. He also has malware: Spybot, Adaware and Win Defender. All are current versions and updated although Windows updates were blocked for some months previously but now up-to-date. These all report no infections, except Spybot did detect two problems, one a possible hijack attempt and a browser control, it successfully removed these problems. Unfortunately don’t have the details about those now. However, a popup keeps appearing stating that - CA Antivirus is protecting your PC: 4 Threats detected and removed - although I suspect those popups may not be genuine from CA? I believe that this problem is identical to that reported by another member in a thread now closed, (“12345LMH on 4th May 2008) and that problem was reported as - “Solved: AV not removing threat completely? Please assist - That member said that:

(quote)
I use CA Anti-Virus and every time I start/restart my computer and login after about 15 minutes it pops up and reports "CA Antivirus is protecting your PC: 4 Threats Detected and Removed". I am unable to identify what the threat was because is does not appear in any of the logs in CA Anti-Virus. I have not had any other symptoms that I can tell of having an infection.
I have tried snoozing CA completely so that I can scan with another sc... Read more

Read other answers
RELEVANCY SCORE 54.8

I can not get rid of the popup detected threats being removed no action neccessary.  Please help.  I have run the security essentials ,  Malware bytes and ccleanner.  no luck. *Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

A:detected threats are being cleaned no action neccessary

As I am not qualified to answer your question, I would recommend posting in the Am I infected? What do I do? area of the forums.

If the popup is not coming from a valid security software, you are likely infected with a rogue A/V scanner. These infections are common and have varying degrees of complexity.

Some possible solutions off the top of my head would be run a cloud scanner (e.g. HitmanPro) to see if it picks up anything. In the event it was not you may need to run HijackThis and/or GMR to flush out the malicious application.

Read other 3 answers
RELEVANCY SCORE 54.8

Hello there,This is my first post and unfortunately its a request for help.I started off with virtumonde problem and followed the initial instructions I found here to remove what I could.I am at the least left with what I think may be an ultimate fixer issue. I have "Integrity threats detected" balloon that pops up in the notification area of the taskbar.I wonder if you can help.Thanks in advanceI have included the hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:01:17, on 09/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPB... Read more

A:Ultimate Fixer And "integrity Threats Detected"

Hi Bins,

Sorry for the delay, this forum is very busy right now.

If you still require help, please run a fresh HijackThis scan and post the log to a reply here. I am subscribed to this topic now and will reply within 24 hours.

Dave

Read other 2 answers
RELEVANCY SCORE 54.8

I dont know what happened or when. Im not having any issues with my PC but all this came up today. My malwarebytes found nothing. I CCleaned..defraged.. dusted & waxed. What is this junk? Do I have a virus or is Vista just forcing me to upgrade? "";"Locked file. Not tested., C:\Program Files (x86)\Google\CrashReports\";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\1033\EXPTOOWS.XLA";"Infected""";"Contains macros, C:\Program Files (x86)\Microsoft Office\Office12\Library\HTML.XLAM";"Infected""";"Password-protected, C:\ProgramData\AVG2013\IDS\config\quarantinedList.zip";"Infected""";"Locked file. Not tested., C:\ProgramData\Desktop\";"Infected""";"Locked file. Not tested., C:\ProgramData\Documents\";"Infected""";"Locked file. Not tested., C:\ProgramData\Favorites\";"Infected""";"Locked file. Not tested., C:\ProgramData\MFAData\msistorg.dat";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\02598c934385f330a935bda28d42b3c0_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03432f824cd17880cacbee7982c6a378_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03e3ea7301a61d2c42e69d0dbf7f91f6_6d5b2038-4853-410b-ae52-70f22458b034";"Infected""";"Locked file. Not tested., C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\083c634a2c3bea98e06057470b4a945a_6d5b2038-... Read more

A:AVG detected 267 potentially dangerous threats- not all were removed.

Hello, these are "Locked" files and cannot be modified by malware. They should NOT be unlocked. If you feel the need to scan these, use the AVG Rescue CD 
You may want to disable locked files reporting I AVG so they won't report these.

Read other 5 answers
RELEVANCY SCORE 54

My problem with the audio is recurring again, meaning I got another virus or never fully wiped out the one I'd posted about long ago.

I ran MalwareBytes and found 12 threats and allowed the program to fix all of them.

Malwarebytes' Anti-Malware 1.41
Database version: 3173
Windows 5.1.2600 Service Pack 3

11/15/2009 8:40:14 AM
mbam-log-2009-11-15 (08-40-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154473
Time elapsed: 1 hour(s), 10 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSe... Read more

A:threats detected, audio issues, slow start-up, etc.

Read other 6 answers
RELEVANCY SCORE 54

Hello,Somewhere in December, Kaspersky stopped updating the database, but I thought this was something temporary and probably due to poor internet connection. Having no time whatsoever to investigate further, I did not alarm until perhaps 4 days ago when I started having this error message displayed every minute or so, saying something like "xdshd.exe has encountered an error and needs to close". Kaspersky didn't pick up anything while scanning but the situation became even more weird when I tried to visit Kaspersky's site to update the database manually and Firefox said it can't find a server while all other sites I tried to visit then were ok. I got Avast, ComboFix, RegCure, Malwarebyte's Anti-Malware and Ad-Aware and they all picked up different kind of threats. After this, Kaspersky reacted too and found 71 infections + 80 or so found by Malwarebyte's + 8 (unable to fix) infections at boot scan. During these last 4 days, the computer acted in all sorts of ways:- Kaspersky kept on crashing before it ended it's scan; even in safe mode, Kaspersky never once finished scanning.- around 4 error messages at startup, 1 even before Windows logon screen- a few times windows logon was terminated by windows, while saying it's protecting the computer- both Avast and Kaspersky detected, among other infections, this certain file that could not be repaired, removed, quarantined, renamed: user32.dll- Most important: NetActivator - a program I never understood the purpose of, ins... Read more

A:Unsure what type of infection, multiple threats detected

Hello, NoStatic to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to create an OTListIt2 ReportPlease download OTListIt2 from one of the following mirrors:This is a MirrorThis is another MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedWe need to scan for Rootkits with GMERPlease download GMER from one of the following mirrors:This is the Primary mirrorThis is a Secondary mirrorThis is a Secondary mirrorClose any and all open programs, as this process may crash your computer.Un... Read more

Read other 10 answers
RELEVANCY SCORE 54

Hello. I'm desperate that is why i'm posting here. I wanted to point out at first that while I am good at following direction, i'm not all that good with computers. I was surfing on Google today and pictures, and I clicked on one and when the site popped up there was no picture it was just a blank page, then a window popped up for AVG. I have AVG free. It said that there was a threat, I can't remember the exact name of the threat but I think it was a Trojan called "cryptic.wwf" I moved it to a vault, and it asked for a restart, and I did that, but when I did another pop up came from AVG saying the was a threat from a trojan called "crypt" or something. I moved to vault again, and as soon as that cleared another pop up came up, which is still up because I haven't clicked on move to vault yet. Here's what this one says:

File name is ~!#9C64.TMP
Threat name: Win32/Fareit.A
Security Level: ----
Category: Password-stealer [I do banking from this PC D:]

I did notice two new processes running, one with the file name that came up now on AVG. Earlier I had stopped those processes, and they don't show up in the list anymore. >.< I have done a scan with AVG, and it didn't find anything, i've done scans also with CCleaner, Spybot, and Malwarebytes, with no results.

Help would be much appreciated.

Anyway here's the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:05 PM, on 09/12/2011
Platfor... Read more

Read other answers
RELEVANCY SCORE 54

Hello,  I friend brought me his pc which original ran slow and wouldn't let him download files.   He had no AV or AM software installed at the time.  Finally got Avast installed thru safe mode.  Scanned and cleaned.  Now, scans come back negative but as soon as the computer is connected to the net,  all hell breaks loose.  URL threats detected constantly.  Help?  Thanks!
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Robert W. Stone (administrator) on DELL-1 on 15-02-2015 14:36:40
Running from C:\Users\Robert W. Stone\Desktop
Loaded Profiles: Robert W. Stone (Available profiles: Robert W. Stone)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipat... Read more

A:Win 7, clean scans, Threats detected when connected to internet

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. 
start

CloseProcesses:

HKU\S-1-5-21-3276769357-4003064666-2680311057-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-3276769357-4003064666-2680311057-1000 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=adk_14_18&cd=2XzuyEtN2Y1L1QzuzzyEtB0BtB0B0A0F0C0EtByBtB0D0B0BtN0D0Tzu0SzzzyzytN1L2XzutBtFtBtCtFyEtFtCtN1L1Czu1T1Q1J1VtCyE1VtCzztN1L1G1B1V1N2Y1L1Qzu2StD0C0AtCyDyB0AyDtG0BtAtDyBtGtB0FzzyCtG0C0E0F0CtGtDtC0BtCtC0FyD0ByCyC0Fzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtDtD0BtCzz0DtCtG0EyBtB0FtGyB0CtD0DtG0FzzzztAtGyB0FtDtAyE0EtAyB0C0AyDtB2Q&cr=284165636&ir=
BHO: Google Toolbar Helper -&g... Read more

Read other 7 answers
RELEVANCY SCORE 54

I was browsing the internet when all of a sudden, this little blue symbol in the System Tray appeared and a program called Outerinfo started downloading without my consent. I've heard that this program will give you unwanted popups and I recieved one or two when it finished downloading. One of the popups was for something called web buying. I immediately went to Add or Remove Programs and uninstalled this program.

I then went to Norton AntiVirus and started to scan my computer for viruses:

"WARNING! 21 Severe System Threats Detected!"

This is the list of the 21 system threats:
BackWeb - AdWare
Virtumonde.C - AdWare
winlogon\gebyv.dll - Unknown
Media Tickets - HiJacker
Starware - HiJacker
Hi-wire -AdWare
PowerStrip - AdWare
BlueStream - AdWare
Comet Systems - Adware
DSSAgent - AdWare
web buying - AdWare
Imserver.Aurora - AdWare
Adware.Ovmon - AdWare
SerG.SearchBar - HiJacker
visfix - AdWare
Adware.retadpu - AdWare
InLookExperss 1.00 - KeyLogger
Bookedspace - AdWare
core adware - AdWare
Mirar Toolbar - HiJacker
Media access - AdWare

Also, when I opened up Recycle Bin, this box for WinAntiSpyware popped up:

Attention! Activity by Unknown Process has been detected!
Browser ActiveX control trying to be insalled
Name: rhxhesl.dll
Path: C:\WINDOWS\system32\rhxhesl.dll

WinAntiSpyware 2007 is not registered on my computer, so it says that I need to register to "cure these infections" and "eliminate these security hazards."

Will registering fo... Read more

A:Solved: outerinfo & 21 severe system threats detected

Read other 15 answers
RELEVANCY SCORE 54

Hi guys.

Sorry to dump this on you, but I have tried everything myself and I can't seem to figure this out. About 2 days ago, I turned on my laptop and suddenly everything seems to take forever. It takes 15 seconds from when I click on the volume icon for it to show up. Usually it is instantaneous.

I run Windows Vista Premium, SP1.
My laptop is an HP Pavillion dv9000.
Firewall: COMODO
Anti Virus: AVG Free v8.
Others: CCleaner, Spybot SD, Ad-aware 2008.

All my scanners report everything is working perfectly. I see no unusual processes or services in my Task Manager, and my CPU usage level is at an all time low. :/

I seriously have no clue what could have happened. I was looking for lyrics to songs and that is the only time I could have entered an infected site. I believe that has something to do with it.

Anyway, here is my log. PLLLEEAASSEEE help me. This is EXTREMELY irritating. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 3:13:53 PM, on 9/24/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP... Read more

A:HJT Log - Comp. suddenly unusually slow, No threats detected.

Hello, SinkingHigher
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and past... Read more

Read other 19 answers
RELEVANCY SCORE 54

I threw the kitchen sink at this problem, and I'm not sure I really got it. It behaves normally at the moment, but I was wondering if someone else could take a look for me. At some point, like an idiot, I allowed something I truly didn't know the nature of to have administrative access to my computer. It was some sort of command line program. I looked at its location, noticed it was in my league of legends folder, figured it just was performing some sort of update as I happened to be running LoL at the moment. I then started noticing runaway google chrome process. I traced to a folder which I deleted in safe mode, which stopped that from popping up repeatedly. More recently, I started noticing a lot of dllhost.exe *32 COM Surrogate processes. Norton also periodically notified me that the COM surrogate was using a lot of memory and about how it just thwarted poweliks and adclicker. This is the point where I commenced kitchen sink lobbing; I ran Spybot, Windows Defender, Norton Power Eraser, MalwareBytes Antimalware, adwcleaner, Sophos, JRT, MSRT, probably some others I can't remember off hand and the problem still wasn't going away. I came up with several 'hits' as far as threats go. Malwarebytes noticed PUP.OptionalOutbrowse and Sophos detected a Trojan-PXO and a Troj.peeacmem-a, and even after cleaning, I still was being attacked by the army of COM Surrogates. At this point, I happened to read somewhere that dllhost.exe does not need a netw... Read more

A:multiple dllhost.exe *32, several threats detected in DIY repair attempts

Hi & to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.
Before we move on, please read the following points carefully:
My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
If I don't reply within 24 hours please PM me!
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
SpyBot S&D WarningMVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this pro... Read more

Read other 10 answers
RELEVANCY SCORE 54

I have been having issues installing windows updates, updating Microsoft security essentials, and even uninstalling certain programs.  I did a system restore and was then able to do updates and uninstall programs.  Just in case MSE was overlooking threats I uninstalled it and installed Avast! and it detected several rootkit threats.  Any help would be appreciated.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Kevin at 21:54:05 on 2014-08-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8097.5854 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Progra... Read more

A:Avast! has detected several threats/rootkit:hidden file

Hello needinghelpplease I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "t... Read more

Read other 43 answers
RELEVANCY SCORE 54

System particulars: Win 7 Professional, SP1, 64 bit, 4GB ram, MicroElectronics
 
I am helping a friend with his computer.  It started with a virus that appeared.  After booting up and logging in, things would seem to startup normally and then the screen would get taken over by a large splash screen.  The taskbar and desktop were gone.  The screen had a lot of official text about national security and gave his IP address and quoted a lot of threatening legalese.  It provided a link to go to in order to pay money to unlock the computer.  I switched user to another account on his system with admin privs and this account did not have this problem.  His main account also has admin privs  I used Norton (which was already installed) to scan his computer and it found no problems.
 
I then installed and ran Spybot.  It found and removed a few things but they didn't appear to be very serious.
 
I then installed and ran Malwarebytes and it found some serious things which I removed.
 
I then installed and ran AVG (whole system scan) and it found many serious things... 73. some of which it seemed to be able to handle and fix (green check marks) but others remained as threats and had X instead of checkmarks.  The nature of these threats  were Object name : idle  and all were identified by Anti-rootkit.  I clicked the button to 'remove all' and it said this required a reboot. 
 
After rebooting an... Read more

A:AVG finds 59 threats detected by auto-rootkit; can't remove them

Hello wordplay and Welcome -
Do you recall the exact wording of the screen "FAKE" ransomware problem.
Although 99% can be fixed the same way, some are a bit altered -
 
http://www.bleepingcomputer.com/virus-removal/remove-your-browser-has-been-locked-ransomware
The above is only 1 version that includes FBI / Police / Porn / and others.
 
If you do recall the name I can link specific directions for you -
 
Thank You -

Read other 32 answers
RELEVANCY SCORE 53.6

Hello.
 
Last month, I posted a topic here about AVG detecting two medium severity infections. Unfortunately, the problem seems to have increased as now AVG has detected 50 of them, and they all seem to be related to anti-rootkit. Please help
 
Here is the link to my earlier topic if interested:-
 
http://www.bleepingcomputer.com/forums/t/505611/atapisys-and-i8042prtsys-detected-by-avg-and-return-after-reboot/
 
==
 
And this is the AVG Scan result:
 
"";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> spzu.sys +0x2042, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spzu.sys +0x213E, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spzu.sys +0x11B90, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_CREATE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_CLOSE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_READ -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_WRITE -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IRP hook, \FileSystem\Fastfat IRP_MJ_QUERY_INFORMATION -> spzu.sys +0x11D40, C:\WINDOWS\system32\drivers\spzu.sys";"Infected"
"";"IR... Read more

A:50 AVG anti-rootkit threats detected (including multiple IRP Hooks)

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   CombofixDownload ComboFix from one of these locations:Link 1Link 2* IMPORTANT- Save ComboFix.exe to your Desktop====================================================Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you ar... Read more

Read other 24 answers
RELEVANCY SCORE 53.6

Hello I was surfing the web at one of my favorite sites for anime. It gave me a pop that kept coming up when hitting the close button and repeated to until i finally clicked ok on the ad. Needless to say ever since then ive been seeing pop ups on Mozilla. Google has been showing a ebay ad on the top part of the window after searching for something and avast keeps issuing warnings often that it has blocked attempts by someone trying to hijack my comp, send me malicious sites and give me a Trojan.

I have ran antimalware bites but found nothing, spybot S&D did find some spyware that keeps reappearing after I delete it and rerun it. I have downloaded the recommended programs before making a topic ; GMER and DDS, and GMER has shown a potential rootkit. The logs are attached if you need more information please dont hesitate to ask. Thank you so much for taking the time to read this!!!!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Administrator at 20:00:52.32 on Wed 05/04/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.340 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Progra... Read more

A:Constant Avast threats detected, Trojans , Malicious sites and more

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

Read other 8 answers
RELEVANCY SCORE 53.6

Hi,

I think I have a virus;

I looked at the help you gave somebody that had a virus that locked their computer claiming it was due to illegal activity and they needed to pay a fine, I followed the steps you suggested to them as I have a feeling it is the same virus but there were no threats detected. What should I do?

Thanks.

A:West Yorkshire Police Ukash Virus but no threats detected

According to this topic: http://www.bleepingcomputer.com/forums/topic454343.html/page__view__findpost__p__2722317 you're asked to create new topic in malware removal forum.

Read other 1 answers
RELEVANCY SCORE 53.6

OS: Microsoft Windows XP SP3AMD Sempron 3000+447 MB RAMNVIDIA GeForce4 MX Integrated GPUIt all started last night right after I uninstalled the game "Perfect World". The game severely slowed my computer and took up too much memory. When I rebooted after cleaning and defragging, it Blue Screened.It told me there there may be a driver issue and gave me this:"STOP: 0x0000007E (0xC0000005, 0xF7039C80, 0xF703997C)vsdatant.sys - Address F4FB168A base at F4F76000, DateStamp 48ae3075"I had no idea what it meant (still don't), so I rebooted in safe mode. When I tried to run a scan with AVG, a shutdown countdown came up and restarted the computer. AVG was completely gone now, Internet was disabled, and all my startup programs were disabled.I screwed around with msconfig and finally got the Internet and my startup programs back up, but now the Internet's acting weird. After so many pages, a "Network Timeout" page comes up and I have to restart the computer just to continue using it...I downloaded and ran SuperAntiSpyware -- it found and removed 5 threats. Nothing changed (still Blue Screened on reboot, weird Internet).I then ran Panda ActiveScan 2.0 -- it found nothing.I then downloaded LSPFix hoping it would fix the Internet, but it found nothing wrong.I ran some more scans and nothing...I don't know what else to do or what the Blue Screen's talking about, so any help please?Thanks in advance.I've attached my HighjackThis Log, DDS, and Attach.

A:Blue Screening, Network Timeouts, Slow; but no threats detected?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

Do not know what to do next.. I want to clean computer.. there are 2 xp operating systems on this computer.. One on C: Drive and One on D:Drive....
 
I get a Warning Unresponsive plug-in all the time... ?????
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by Owner at 14:04:31 on 2014-10-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.177 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\qttask.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Progr... Read more

A:Not sure whats wrong.. Computer running slow.. Malware detected 347 threats

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

Read other 6 answers
RELEVANCY SCORE 52.8

Good day all,

I have been getting trouble with my computer recently

These are the symptoms:
1) Long lags or hangups while using the system
2) An error with Windows Update (error code 80070002)
3) Roxio keeps asking me for a missing dll file called MSVCR71.dll

I have tried running Avast, Ad-Aware, Spybot, and CCcleaner but with no results.

I have some idea what the problem may be but I am a Novice at this and need some help.

there seems to be two possible suspects: something called Mirar and another thing called helpfultipstosave.dll

i am posting my Hijack This log.

Will appreciate the help guys

Thanks
~JM


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:04:52 PM, on 07/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program File... Read more

A:Possible Spyware Threats

here are the contents of dds.txt


DDS (Ver_09-12-01.01) - NTFSX64
Run by Javed Mohammed at 22:01:09.51 on 08/02/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.6134.3209 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
... Read more

Read other 3 answers
RELEVANCY SCORE 52.8

Hello I am posting this on behalf of my partners friend - He has asked me if I can get rid of all the spyware etc but I don't seem to be getting anywhere fast ! Here is the hijack this log from their laptop - Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:44 AM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\WINDOWS\system32\ctfmona.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\SecurePCCleaner\mc.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SD... Read more

Read other answers
RELEVANCY SCORE 52.8

Various spyware threats (Common Components for Claria, Advertising, Tracking Cookies) have been detected in my computer and I haven't been able to get rid of them yet. Here is my HijackThis report. Thank you for your time!


Logfile of HijackThis v1.99.1
Scan saved at 12:19:44 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\Norman\NVC\BIN\ZLH.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Norman\NVC\BIN\Zanda.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\... Read more

A:Various spyware threats

Nothing much showing in that log. I see you have Spybot, have you run Adaware? It's very effective against those issues. Let's run some tools and see what lurks.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
*Note* For Ad-AwareSE also install the VX2 Addon Cleaner To run this tool once Adaware is updated click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK" , then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.
Spybot Search & Destroy
CWShredder

Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updat... Read more

Read other 6 answers