Over 1 million tech questions and answers.

Virus, Spyware, Malware, etc. defined

Q: Virus, Spyware, Malware, etc. defined

Spyware
Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. ...
Adware
While not necessarily malware, adware is considered to go beyond the reasonable advertising that one might expect from freeware or shareware. Typically a separate program that is installed at the same time as a shareware or similar program, adware will usually continue to generate advertising even when the user is not running the originally desired program.
Virus
A software program capable of reproducing itself and usually capable of causing great harm to files or other programs on the same computer; "a true virus cannot spread to another computer without human assistance"
Trojan Horse
A Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table or hard disk. A Trojan horse may be widely redistributed as part of a computer virus.

RELEVANCY SCORE 200
Preferred Solution: Virus, Spyware, Malware, etc. defined

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Virus, Spyware, Malware, etc. defined

Thanks for the explanation
One question, what's your opinion, is trojan, or virus more dangerous, I mean, can make more damage? From your experience that is, or that you heard of.
cheers

Read other 4 answers
RELEVANCY SCORE 56

Hey guys, my other computer is infected with the Vista Anti-Spyware 2011 rouge anti spyware. I have tried to run MBAM with no luck (the malware opens up instead of MBAM) I am currently trying to see if it will work in Safe Mode. Also, this is my other computer and because of the virus it has no internet access (anytime I try to navigate to a page the malware pops up) so please keep that in mind as you're giving instructions.

Thanks a lot guys
 

A:Virus/Malware: Vista Anti-Spyware 2011 (rouge spyware)

Alright, so this is just and update and a bump since I haven't had any replies in 24 hours

I tried to run MBAM in safe mode and the virus still popped up so this thing is pretty entrenched. Help me out here guys, thanks
Thanks
 

Read other 2 answers
RELEVANCY SCORE 54.4

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor 3.0.3.8Reboot afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 52.8

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

A:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

Hello again.

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? I found this running when I entered msconfig on the Run field.
 

Read other 1 answers
RELEVANCY SCORE 52

Hello,

I hope you will be able to help me with this.

I seem to have a virus of some sort that's preventing me from running any of my Anti-Virus, Anti-Malware or Anti-Spyware programs

Whenever I try to run one of them, the program will just close half way through without any warning messages. If I try to open to open the program again, I get an error message saying

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.Click to expand...

The programs that I have tried to run and have had this problem with are:

AVG AntiVirus
MalwareBytes' Anti-Malware
GMER
SuperAntiSpyware
HiJackThis

Because HiJackThis has been affected as well, I'm unable to provide you with a log. I'm hoping it won't be a problem when it comes to helping me get rid of the virus.

Many thanks

Roz
 

Read other answers
RELEVANCY SCORE 51.6

I am continually getting the error "Run Time error 1004: Application defined or object defined error," each time a user clicks one of the cells within this excel file. It comes up as apparently a visual basic error. I've search other sites and unfortunately do not know enough about macros or excel formulas to know what to do next, so I thought I would post about it here. One user apparently has no trouble opening it while every other user has the same issue. Here is the debug code:

Private Sub Worksheet_Deactivate()

End Sub

Sub Worksheet_SelectionChange(ByVal Target As Excel.Range)
Cells.Interior.ColorIndex = -4142
Target.EntireRow.Interior.ColorIndex = 8
Target.EntireColumn.Interior.ColorIndex = 8
End Sub

The "Cells.Interior.ColorIndex = -4142" portion is highlighted in yellow, so I assume that's where the error is. From there, I'm not sure what to do to change it. Please let me know as soon as possible what direction I should take.

Thanks

A:run time error 1004 application defined or object defined error

To be honest...I would assume that the file is corrupt and try to replace it. All seemingly meaningful links on this error involve VBA coding and things that can go wrong with it...way overhead my head and out of my interest arena .

If it truly is a coding error (as seems implied), I would take it to the originator of that file, since it throws an error.

Very strange that e pluribus unum...manages to use it without problems .

Louis

Read other 1 answers
RELEVANCY SCORE 50.8

hello TSF, my computer is acting up again. need your expertise on which files to delete. here is a copy of my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 8:19:46 PM, on 11/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\{58977969-0710-1033-0401-050311130001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\FNTS~1\wuaclt.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\Program Files\Conquer 2.0\Conquer.exe
C:\WINDOWS\system32\F?nts\w?crtupd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jeff\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.... Read more

A:spyware/malware virus help

Hello, and welcome to the HijackThis Help Forum.

Apologies for any delay in replying, but we have been rather busy lately.


HijackThis Is In Temp Folder
You are running HijackThis from a temporary directory. It needs to be in a permanent folder. Please go into Windows Explorer, click on C: then click on File > New > Folder and call it HJT, or another name of your choice. Extract HijackThis from the archive and move it to this folder. The program creates backup files that we may need to use later. If the program is in a Temporary folder, files may be deleted by you or automatically if your system is set to empty temp files.


Unpatched Operating System
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Before we can proceed any further, please visit the Microsoft's Windows Update Page and install ALL Critical Updates for your system except Service Pack 2 (SP2). SP2 should only be installed on a fully disinfected system. At the minimum install at least Service Pack 1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Pleas... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Celeron(R) CPU N2820 @ 2.13GHz, Intel64 Family 6 Model 55 Stepping 3
Processor Count: 2
RAM: 3979 Mb
Graphics Card: Intel(R) HD Graphics, -2042 Mb
Hard Drives: C: Total - 936131 MB, Free - 802701 MB;
Motherboard: Packard Bell, Easynote TE69BM
Antivirus: Windows Defender, Disabled
Web page - homepage-web.com/?s=acer&m=tab, I think my laptop been infected.
Also sometimes no internet as wifi connection stops on this laptop but not on other devices.

Thanks
 

A:May have virus/spyware/malware...

Can anyone help please?
 

Read other 1 answers
RELEVANCY SCORE 50.8

I can't get to Facebook or MSN.com :(

Whenever I try to go to www.facebook.com, all it does is gives me the server not found page. And whenever I go to MSN.com, it does the same thing, however I can go to hotmail.com and log into my email, but the page doesn't load properly at all, and I can't even open any emails.

I've tried different browsers, and I've tried different computers, it's not Facebook or MSN I don't think. I really need access to both of these sites. :S

Here's the DDS log.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Markus at 19:42:33.78 on Fri 12/31/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3037.1611 [GMT -5:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\syste... Read more

Read other answers
RELEVANCY SCORE 50.8

Edit: Read the sticky. Sorry if I posted the wrong thing before
First I want to say thank you to anyone who has taken time to read this post. I'm having some trouble with my computer right now. I was getting weird pop ups while in firefox. Sometimes they were ads but most of the time it was just a blank window. I tried running Spybot and I got a blue screen error message so I ran Spybot again in safe mode and it ran all the way through. It found problems and fixed them and them right after that I ran Anti-Malware and it also found threats and fixed them. I thought my computer would be fine but when I started up in regular mode, I got alerts from windows that said this process jgxxsfa.exe had encountered an error. This process is one I've never seen before and I'm pretty sure it's not a good one. I think it prevents my Trend Micro PC-cillin from starting, it prevents my wireless card from starting too. Please help me out.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Jorge Groenke at 12:05:43.46 on Thu 04/23/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.418 [GMT -4:00]

AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k n... Read more

A:Possible Malware/Spyware/Virus

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....Please download The Comedian.exe to your desktopDouble click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedNEXTPlease download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you wi... Read more

Read other 15 answers
RELEVANCY SCORE 50.8

As I log into windows about 20 command prompt windows open/close instantly. Everytime I try to launch a program command prompt opens and closes my program fast.

A:Virus/Malware/Spyware Help Please!!!

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 50.8

I have some sort of virus or malware problem with popups from Ultimate Cleaner 2007. Spyware alert also pops up saying I have a trojan detected on my machine. Ultimate Defender website pops up unknowingly. Also it changes my homepage to its website and it wont let me change it through internet options. Have ran Avira, Ad-aware, spybot-search and destroy and the bit defender. Nothing seems to work to get rid of these popups. Went through add/remove programs and had nothing bad compared to your list.Please help. I dont know what to do anymore!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:57:22 PM, on 9/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Yahoo!\A... Read more

A:Malware/spyware/virus

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 3 answers
RELEVANCY SCORE 50.8

Hello all!!

I currently have detected the following while scanning with SUPERAntiSpyware Free....

Adware.Vundo/Variant-SR
Trojan.Downloader-NewJuan/VM
among other. How can I fix this? I am running AVG Anti-Virus Free, Adaware 2009 Free edition...please help.

A:Virus or Malware or Spyware

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".C... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

Well, the other day I had a big, big problem. About 50+ peices of Spyware on my PC. I've got rid of the majority, however, all is still not well. I'v notice in my Task Manager theirs a process called 'IEXPLORE.EXE', i've not even touched Internet Explorer in about ~5months. When I turn my PC on AVG spots atleast 5 Viruses, so I move them to teh Vault, reboot and what do you guess, they're back!

Heres my HijackThis log the second I turn my PC on. Please help where others have failed.

hijackThis Log:
****************************************************************​Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:13:01, on 19/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\program files\steam\steam.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\B... Read more

A:Spyware/Malware/Virus?!

Read other 11 answers
RELEVANCY SCORE 50.8

I got all kinds of spyware/malware. Please help me to get rid off it. Thank YOU

1. I did norton 360 scan found 55 threats removed it. however, everytime I do a scan I still get
the same message.
2. Did pctools scan found following
1.adware.huntbar 2. spyware.known_bad_sites 3. applications.trackingcookies 4. heurengine.zerodaythreat 5.application.whitesmoke
So, I did hijack this. here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:18 PM, on 1/22/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Con... Read more

Read other answers
RELEVANCY SCORE 50.8

I keep on getting pop ups about having a virus, or spyware, malware and so on. Also my computer is running slower than usual, and when I go to any website it keeps popping up to another site.. If anyone can help me get rid of this, I'd greatly appreciate it.

I'm on an hp laptop, running windows 7 and ie11.

Thanks again!
Michele

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3893 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 461963 MB, Free - 228275 MB; D: Total - 14671 MB, Free - 1501 MB; F: Total - 97 MB, Free - 82 MB;
Motherboard: Hewlett-Packard, 1693
Antivirus: Microsoft Security Essentials, Updated and Enabled
 

A:Please help.. May have virus/spyware/malware

Hi,

Does the problem still exist?
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hi My PC is running Windows XPSP3 and is having a lot of problems I know have been caused by virus. I have been having problems with pop ups and have been able to mostly contain them with Exterminate It and Malwarebytes, but now its gotten worse. When I try to boot into safe mode to run Exterminate It or Malwarebytes it wont boot into safe mode anymore. It comes up to the prompt to choose which Safe Mode you want, then when I choose any Safe Mode it scrolls through some files and then reboots. I can boot up Normal but when it does boot up normal to the Deskop it comes up with a Windows error message saying Generic Host Process for Win32 Services has encountered a problem and needs to close. If I connect up to the internet, Windows Antivirus Pro immediately pops up. Any help is much appreciated! Thanks!
 

A:Need help with virus/spyware/malware

Here is the log file from Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:45 PM, on 8/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\MI3AA1~... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

Hey everyone. what a great forum you have.
 
is this a sign/leftover/registry entry of a virus/malware/spyware?
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=hp%20assistat&form=WNSGPH&qs=SW&cvid=abee8ac32569465895bba270caef994f&pq=hp%20assistat&nclid=0ED39ADB9642D6A945440994DFD21348&ts=1462992234518&nclidts=1462992234&tsms=518
 
Thank you all.

A:is this a virus/malware/spyware?

Hello, very possible.. Lets do these now,MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potentia... Read more

Read other 0 answers
RELEVANCY SCORE 50.8

I am running XP home with Mcafee.
Last week I Got the redirect spyware in my comp, that was redirecting my searches to Asklots.

I looked it up here, and dl'ed ATF and SuperAntiSpyware.

They found 4 infected files and removed them.

Yesterday, I started getting a window popping up saying Generic host process for win32 has performed an illegal function and must close.

Also got a DEP message.

I looked those up, Dl'd Malwarebytes and found 2 infected files.

Now Mcafee is popping up every 5 minutes with found trojans.

Artemis!45D5D8D52216 (Trojan), Artemis!45D5D8D52216 (Trojan)
Location: C:\WINDOWS\TEMP\khfp.tmp

I've emptied all my cookies and TIF's but it's still happening.
what's next?

A:Malware, Spyware, Virus? I don't know

Also, Here is a screencap of my temp folder.

Read other 11 answers
RELEVANCY SCORE 50.8

i dont know whas wrong with my comp, it keeeps on saying virus alrert, critical system error, pops ups,and malwareheres my hjt logLogfile of HijackThis v1.99.1Scan saved at 3:02:19 PM, on 6/19/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microsoft Office\Office\FINDFAST.EXEC:\Program Files\Microsoft Office\Office\MSOFFICE.EXEC:\Program Files\Microsoft Office\Office\OSA.EXEC:\APACHE\Apache.exeC:\APACHE\Apache.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\wuauclt.exeC:\WINDOWS\System32\atmclk.exeC:\WINDOWS\System32\dcomcfg.exeC:\WIN... Read more

A:Virus, Spyware, And Malware!

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctlyClick here to download HJTsetup.exe: http://www.thespykiller.co.uk/forum/index....=tpmod;dl=item5Save HJTsetup.exe to your desktop.Double click on the HJTsetup.exe icon on your desktop.By default it will install to C:\Program Files\Hijack This.Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.Put a check by Create a desktop icon then click Next again.Continue to follow the rest of the prompts from there.At the final dialogue box click Finish and it will launch Hijack This.Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer bee... Read more

Read other 5 answers
RELEVANCY SCORE 50.8

Last week, I noticed that my 60 gig hard drive was almost full. I have very little on my computer except Microsoft Office and a few other programs. I also noticed that while my computer was just idling, the disk space was going down. I'm talking like a MB every 10 seconds. After rebooting it went back up to about 80 MB, but then starting going down again. I downloaded SpaceMonger to see where all my space was being used and noticed that 50.8 Gigs was all in a folder called Aol\AOLDiag\AOl\ServiceHostUSGM\Win32\1.5.6.1
This folder alone is using 50.8 gigabytes of my hard drive. This cannot be right. Any help would be graetly appreciated.
 

Read other answers
RELEVANCY SCORE 50.8

Hi, I installed Blubster on my computer and after reboot I started getting these error messages:1. RUNDLL Error loading C:\Progra-1\NEWDOT-1\NEWDOT-1.DLL A dynamic link library (DLL) initialization routine failed.
2. Error starting program - The OLEAUT32.DLL file cannot start. Check the file to determine the problem. 3. HPQGALRY.EXE-MSCOREE.DLL Failed to delay load library OLEAUT32.DLL (win 32 error 114) This program can no longer run and will now terminate.
Now my computer won't do anything! I can't open any of my programs, some of them tell me there are files missing. I can't reinstall windows or install any programs at all. HELP!!!!!!!!!!!!How do I fix this? I don't want to throw away my computer.Please tell me there's help out there for me.
Baby Boom

A:malware, spyware, or virus?

Hello baby boom, sorry for this delayed reply. To properly treat your problem we need to see your HJT log. Follow the next set of instructions:

Please download HijackThis . This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\ Run a scan and save the log file. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

Then copy-paste this log in this thread and one of our analysts will take care of your problem earliest.

Read other 4 answers
RELEVANCY SCORE 50.8

Hi...

I did a HJT scan and found a few things that I think look suspicious... like the 'fusstub' cab file, and some weird AOL things that just don't look right. I don't have aol on my computer...

Can you guys give me a hand? I'm stumped, but my computer's been slow and acting weird.



Logfile of HijackThis v1.99.1
Scan saved at 12:36:45 AM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\SmartWi Connection Utility\WCULauncher.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Prog... Read more

A:More spyware, malware? Virus? :(

Read other 6 answers
RELEVANCY SCORE 50.8

HEY GUYS I NEED HELP I TURN ON MY COMPUTER AND I HAVE FOUND OUT THAT MY BROTHER HAD DOWNLOADED SOMETHING  AND THIS VIRUS CALLED WINPC LICENSES WONT LEAVE MY SCREEN AT ALL I NEED HELP TRYING TO FIND THIS FILE BC ITS NO WHERE TO BE FOUND ON ANY OF THE COMPUTER FILES I HAVE I CHECKED ALL THE FILES IN MY DRIVER AND I CANT FIND IT AT ALL WHAT SHOULD I DOOOOEdit: Moved topic from Windows 10 to the more appropriate forum. ~ Animal

A:VIRUS / SPYWARE/MALWARE

http://www.bleepingcomputer.com/virus-removal/remove-winpc-antivirus
 
Pretty good guide it seems.

Read other 1 answers
RELEVANCY SCORE 50.8

I have been getting help in the chat area. Now I have done everything that the prepguide told me. Now could someone look at my HJT log and tell me if everything looks okay? THanks.Logfile of HijackThis v1.99.1Scan saved at 2:13:18 AM, on 7/16/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\WINNT\ehome\ehtray.exeC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\WINNT\System32\CTHELPER.EXEC:\Program Files\Lexmark X74-X75\lxbbbmgr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\Program Files\Lexmark X74-X75\lxbbbmon.exeC:\Progr... Read more

A:Virus/spyware/malware? Please Look At My Log

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 7 answers
RELEVANCY SCORE 50.8

Don't exactly know where to start this one. I connected to the internet this morning and it seemed that the connection was slower than usual (I live in the boonies and still have dial-up so I expect it to be slow, but not this slow). Pulled up a command window and ran netstat with -a and -b options. The first listing for the foreign address was goatse.cx (and yes, I know what that is reference to). I haven't been to any questionable sites but my room mate was back home for his two weeks off and may have (can't find anything questionable in the history). Searched the registry for 'goatse' and found an entry, deleted it, restarted the computer, checked the registry again and it's gone. Ran netstat again and it's still there. I'm attaching my HJT log and my netstat log. My Advanced Spyware Remover didn't find anything, My PC Tools Firewall hasn't asked me about outgoing or incoming connections. Spybot doesn't find anything unusual. Checked the permissions page on PC Tools and there isn't anything new there. Thanks for the help
 

A:Malware? Spyware? Virus? Not sure

Did you configure your hosts file?
 

Read other 3 answers
RELEVANCY SCORE 50.8

I appear to have gotten a virus on my computer. I have McAfee on my computer, but there are 2 viruses it said it was not able to quarantine or delete. I tried to delete them myself, but I am not able to get online and am unable to get to my 'add/remove program' under my control panel. When I found the infected file and tried to delete, I was told it could not be deleted. I also have some new icons on my computer that keep giving me a 'Windows Security Alert' and an 'Anti-Software Alert' and try directing me to some security software (basically the only websites I can get to right now). I also keep getting a Security Warning saying 'Application cannot be executed. The file drwtsn32.exe is infected. Do you want to activate your antivirus software now.' MY McAfee scan is telling me the infected item is wscsv32.exe. If anyone can help, that would be much appreciated. Thanks.

A:Virus/spyware/malware

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

====================

It's likely that the infection may prevent our tools from running. The following tool will help running them.

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 4 different versions. If one of them won't run then download and try to run the other one. You only need to get one of them to run, ... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

What is the difference between these various infections? Is there a real difference, or is it just a marketing technique?

In my mind, everything that infects your computer and causes undesirable results is a virus.

I think you get my point already, so I will move on. Do the various security products protect against different things? Or do MSE, Avast, and Malwarebytes just protect against infections in general?

A:virus, spyware, malware?

"Malware" is a catch-all word for spyware, virus, Trojan, Rootkit, adware, worm, etc...

What Is the Difference: Viruses, Worms, Trojans, and Bots? - Cisco Systems

Read other 3 answers
RELEVANCY SCORE 50.8

Only since recently I have been getting redirected to unrelated sites when clicking on links generated by a google search. Have also been getting pop ups without even clicking on anything. I have Microsoft Security Essentials installed and scans come up empty-handed, also ran a scan on Malwarebytes and nothing...any ideas?or maybe better anti-virus/malware/spyware options?

thanx
 

A:Virus, Spyware or Malware??

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

 

Read other 1 answers
RELEVANCY SCORE 50.8

Please help me
I was on the internet viewing a movie trailer on imdb.com (thought this was safe)
all of a sudden lots of additional tabs started popping up and internet went mad.....
turned wireless off straight away i noticed an icon has apeared on my desktop called TrojanHorseGeneric2.mht
I have full (uptodate) mcafee security centre but this didn't flag up anything was trying to get in....
I have since ran a scan and all it found was PCRviewer.exe which i removed as i have never installed anything like that on my pc....
there is still something there as when i open a browser the tabs just keep opening one after another...
no other symptoms are present as far as i can tell but not sure what else i should be looking for

How can i tell what it is and how do i get rid????

thank you

A:Is it a virus, malware or spyware???

Hello please run this next and we can see what is on here.run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan ... Read more

Read other 13 answers
RELEVANCY SCORE 50.8

I have updated and ran spybot search and destroy and malwarebytes in safe mode several times. when I run msconfig I now see, in the start up menu xygio at the top then ifocSrv then ifocSrvSrv this is repeated about 50 times each with another Srv added to each item progressivly then ocbuiSrv 8 times with another Srv added to each new item then TameSrv with another Srv added to the next item about 30 more times. I have saved the logs that are suggested if anyone is familiar with this problem please let me know what to post. Thank you for the helpLogfile of Trend Micro HijackThis v2.0.4Scan saved at 11:56:48 PM, on 10/18/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32&... Read more

A:not sure if virus or spyware or malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 32 answers
RELEVANCY SCORE 50.8

I noticed I had a few ODD .dlls in system32 file recently after pop ups/windows saying to download this and that appeared. I manually deleted some but some aren't able to be simply deleted. I ran ComboFix before the HijackThis log.Help anyone?

ComboFix Log
ComboFix 07-11-08.3 - Sng 2007-11-17 21:25:12.1 - NTFSx86
Running from: C:\Documents and Settings\Sng\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\__c001D149.dat

.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.

2007-11-17 18:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 17:40 <DIR> d-------- C:\VundoFix Backups
2007-11-17 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-17 02:36 <DIR> d-------- C:\Documents and Settings\Sng\Application Data\Grisoft
2007-11-17 02:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-17 02:36 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 02:04 <DIR> d-------- C:\WINDOWS\pss
2007-11-17 00:44 81,984 --a------ C:\WINDOWS\system32\tdaceokm.dll
2007-10-26 20:34 10,752 -r-hs---- C:\WINDOWS\system32\vbdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-1... Read more

A:Spyware, Malware, Virus?

Read other 13 answers
RELEVANCY SCORE 50.8

Hi I have a Windows XP Home and I'm having multiple problems, including pop-ups of software install, internet explorer opening on its own, getting system alerts etc...

Here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:19 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump... Read more

A:Virus, Malware or Spyware in PC

Hi 021Gamer and welcome to the TechSupportForums

My name is Trevuren and I will be helping you with your problem.

In order for us to be able to properly asses your situation and provide the necessary corrective measures, we need you to first follow Microbell's 5-Step Procedure as requested in the above "sticky".

Once you have completed these steps, please return to this topic and post the required reports/logs.

Thank you,

Trevuren

Read other 1 answers
RELEVANCY SCORE 50.8

Hi,

I have a Win 2000 w/ a linksys wireless adapter. Everything seemed fine since Feb of this year. Some how, all of the sudden, as of yesterday, it is super slow and has constant popups. I quess my son installedsomething? I tried to find a free spyware/antivirus solution and somehow installed " AG2009" it's looks like a Microsoft Security thing or is it?...I CANNOT disable it or uninstall it. It constantly pops up keeps telling me to register and pops itself up evey few minutes, making it impossible to do anything. I can't even get onto the web to download anything to help! There (2) icons on the task bar showing a multi colored shield and a red shield with a white x, you cannot do anything with these It keeps asking me to register. I don't see the Microsoft name anywhere either. I even tried to reinstall Win 2000 thinking it would wipe out everything...but....everything came back? So, how can I get rid of this "AG2009" and why isn't a reinstall of Win 2000 wipeing things out. I've spent so many hours on this...It's an older Pc, but it's for my 4 year old son who loves it. I appreciate any help.

Read other answers
RELEVANCY SCORE 50.8

Got windows alerts coming up saying stuff which isn't true, found spyware and trojans on pc, this is my hijack log, what you think?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:45:28, on 11/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\WINDOWS\system32\HDDSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\oodag.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\QuickTime\qttask.exeC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\Lexma... Read more

A:Got virus/spyware/malware etc

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable ... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

I have spyware etc that I can not remove with norton in safe mode please help!!
 

A:Spyware malware virus

Hi and welcome

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 50.8

Upon start up i get the error message saying giriwofo.dll wont start or something and im getting popups all the time out of no where if anyone can help please!! thanks.

A:spyware/malware/virus Need help!

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 50.8

I am running symantec corporate anti virus and I keep getting Backdoor.tidserv that is partial remove needing a reboot and the file says tdss01gh.dll and I also get Trojan horse with file tdssmqlt.sys. It doesn't get deleted .

I had a real problem with spyware and ran malwarebytes and ccleaner. These files seem to be what's left.

should the get deleted and how?

A:malware / spyware/ virus

You have a log that needs to be properly posted, see this link, therefore, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log in the thr... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

My HJT gives a warning that goes: For some reason your system denied write access to host files. Heres my HJT log anyway:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Progra... Read more

Read other answers
RELEVANCY SCORE 50.8

Hey guys. So I'm new here, but I've found many helpful answers so here's my problem and I hope someone can help.

When I turn on my computer, sometimes it won't even get to the log-in when you type your password and log-in to Windows. I have XP on my IBM desktop. The computer is 1 year old. Lately, when I turn it on, these colored bar code-type pixelized lines fill my screen in a grid-like pattern, and everything freezes. I have to re-boot. i just recently removed lzx32/PE386 off my machine and it was fine for the last 2 months. These symptoms occurred back then but had stopped after PE386/lzx32 was removed. I am wondering if I did not remove all the damn streams/files associated with that . So now these symptoms have come back again and as you can imagine I am so irritated. I have to re-start sometimes 35-50 times just to get Windows on. Then, after 10-75 minutes (you never know when) that pixel stuff starts and it locks up. Then it just won't come on after awhile of rebooting because re-starting it 30 times is probably overwhelming it..then the keyboard lights blink, I can hear a fan clicking in the CPU and that's the end of that. It loops in half-boot sequence until I take it apart.

When I opened the CPU, the fan on the videocard was looping, I removed the card but the sound was still there. I listened, and it's coming from the box of wires in the CPU. However, it's not overheating or power supply because it works on every other machine. ... Read more

A:Possible Virus/malware/spyware

Rootkits can hide themselves very good, eventhough looking atthe sympons they could very wel be hardware related. Let's try the following :

Can you connect another monitor to your pc and try to start?

Read other 8 answers
RELEVANCY SCORE 50.8

Hello "Again"!!!!

My problem consist of no pictures showing up on internet explorer. They will show up once I go to internet options, advanced and recheck the "show pictures" field. After rebooting it reverts back to not showing pictures. I've done spyware checks with adaware but I don't think they fully delete the problem.

Here is my DDS text:


DDS (Version 1.0) - NTFSx86
Run by HP_Administrator at 18:40:55.39 on 12/17/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2304 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\winloggn.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\arservice.exe
... Read more

A:Malware,Spyware,Virus....Oh My!

How did you manage to reinfect yourself with the same infections that were just cleaned for you less than a month ago?

Since it's been more than a week since you posted, please run dds again and post a fresh dds.txt

Read other 2 answers
RELEVANCY SCORE 50.8

Hello,

Recently, my browser has been getting several pop-ups. Additionally, when I search for something, like on Google, several pages of advertisements come up as opposed to legitimate links. A friend of mine had me download AVG and Bazooka (I think that's what it was called). I ran several scans on each. They both found threats, contained them, etc. but I am still having the same problems. Now, when I open Explorer or FireFox, AVG pops up and says that it's detected a threat from /Windows/explorer.exe (something like that). Lastly, lately about 2 out of 3 times I turn on my computer and log on, my screen is white and Vista informs me that Windows Explorer has encountered a problem and has closed, which of course means that I have nothing on my screen but a cursor. Please help me. My computer is totally temperamental in the state that it's in so I may not be able to copy and paste a lot. I will try anything you tell me!!!!

Thank You,

Lauren
 

A:HELP :D Possible Malware/Spyware/Virus?

Here's one of the pop-ups I get:

http://www.pcsecurityshield.com/lp/shield-deluxe-27.aspx?trk=WTK&affid=508
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hello, new user here. Having problems eliminating a threat my computer shows known as Boot.TidServe.B. Is this serious? I do know it is annoying as it pops up comntinuously. Ran several Norton scans and can't find anything. Ran something else like Powerwipe ? Nothing.... Computer runs fine...maybe slow but.... Anycan help is appreciated.

A:Spyware / Malware / Virus?

Good evening gitbob & welcome to the forums! Sorry to hear of the problem you are experiencing & YES...the infection you have is quite significant. I am a little puzzled by the info you've provided. You mentioned the specific name of the malware infecting your computer & the "popups" were annoying, but indicate you have run several scans with Norton and it has found nothing. WHICH security program did you use to ascertain the name of the malware infection, or is the infection itself generating those annoying popups? (Can you also indicate WHAT information is being shown when the popup occurs)?Do you currently have an anti-malware program, such as, Malwarebytes or SuperAntispyware installed on your infected computer? If so, have you tried running a full scan with either or both of them (not at the same time though)?There is some additional information on the specific infection you have (and removal instructions too) which can be viewed on the Kaspersky website at the link below:http://support.kaspersky.com/faq/?qid=208280684Please post back when you have the information I asked about and/or when you've been able to try the remedial measures suggested as well! Hopefully, some of our distinguished, other more experienced forum members will review your post in the interim time and can provide more effective help to you!

Read other 4 answers
RELEVANCY SCORE 50.8

My name is Dan, please help! I have several virus/malware/spyware programs that might be running, any help is truly appreciated. Thanks. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:19:48 PM, on 10/9/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS2\System32\smss.exeC:\WINDOWS2\system32\winlogon.exeC:\WINDOWS2\system32\services.exeC:\WINDOWS2\system32\lsass.exeC:\WINDOWS2\system32\svchost.exeC:\WINDOWS2\System32\svchost.exeC:\WINDOWS2\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS2\Explorer.EXEC:\Program Files\Winamp\winampa.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS2\RTHDCPL.EXEC:\WINDOWS2\system32\igfxpers.exeC:\Program Files\LogMeIn\x86\LogMeInSystray.exeC:\Updater.exeC:\WINDOWS2\system32\igfxtray.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\LogMeIn\x86\LMIGuardian.exeC:\WINDOWS2\system32\hkcmd.exeC:\Program Files\iTunes\iTunesHelper.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS2\system32\ctfmon.exeC:\Program Files\aph\Book Por... Read more

A:please help! I think I have a virus or malware or spyware.

Hello dan2008Welcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 2 answers
RELEVANCY SCORE 50.8

Hi,

My laptop has been excessively slow recently, and today I noticed two instances of avp.exe running, one of which uses memory from 170,000 k to 300,00 k. Computer basically won't do much while that's running.

Browsers all excruciatingly slow (FF, IE, Chrome), computer takes an eternity to load everything at startup.

Most of the time this happens at startup, but it's not been this way all along. I've been using Kaspersky for several years and have never encountered this problem before.... not the memory usage, nor the two instances of avp.exe running.

I did a HJT scan and the results are below. I'm noticing that there is something STILL from symantec in there, even though I've not used their avp program in a few years. But I'm no expert by any stretch and really need some help on figuring out why this is happening.

HJT log below. THank you guys SO much in advance for any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:25 AM, on 6/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 50.4

Hi! I'm going crazy here!! I'm running at least 4 different programs for virus/malware/spyware/etc.. My family has two desktops, A Gateway 560GE, and a custom PC i pieced together for gaming. Also an old Dell Inspiron 1100 laptop, It appears no matter how much i do to keep them running fast, something allways goes wrong. We've had many viruses, worms, etc. I am able to quarantine them, but would like to totaly remove them and even stop them from being installed. Even when all shows clean we still have misc. problems here and there on all 3 computers! I'm running a purchased version of "Advanced System Care Pro", A purchased version of "Malwarebytes anti-malware", A free version of "Avir AntiVir Personal - free Antivirus", and A free version of "Dr.Web Anti-virus First Aid". Also purchase "Driver Detective" and many other freebies have come and gone.. Which ones are worth buying, or using for free in combination or an all in one? I'm more than willing to pay for software, but am now some what gun-shy about what to use.. Thanks!!!

A:Virus/malware/spyware protection

if you already have the full version of MBAM, then use that with the free version of avira you have and you will be good. With MBAMs ip protection, its very hard to get an infection in the first place unless you purposely try to get one.

You can also use Dr. Web if you want as it is very good with rootkits, but i wouldnt worry about that until you actually have one.

Read other 3 answers