Over 1 million tech questions and answers.

Unsure if this is a virus problem

Q: Unsure if this is a virus problem

I have recently been experiencing my IE browser, firefox, and any folder i try to get into has been making a weird flicker movement. It keeps maximizing and minimizing repeatedly. I have used avast and malware bytes but both have detected no virus. Please help. Thanks!

RELEVANCY SCORE 200
Preferred Solution: Unsure if this is a virus problem

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Unsure if this is a virus problem

I am using windows 7. Everything else on the computer seems fine. I just want to be able to backup my things. At this point, i want to leave it shutdown till i find a solution.

Read other 1 answers
RELEVANCY SCORE 57.6

opened an email with a .wmv file that told me i needed to download a codec and to follow the link. my mistake because that's when the trouble started. now i get various pop-ups for porn sites. i'm running the newly released version of IE (7 i think it is) and occasionally a new window opens to a malware site offering to clean up the problems. also, i'll get a "warning" pop-up in the middle of the screen telling me that "my computer is probably infected with *some random virus* and i should click ok to fix the problem. i've run smitrem, but it didn't help. i also ran an older version of hijackthis and removed something called supercodec and three poker sites. i've followed the instructions on the "Do you have popups or other malware infecting your computer? If so, Start Here! " link and so now, here is my hijackthis log.thanks in advance for any help.Logfile of HijackThis v1.99.1Scan saved at 3:15:03 PM, on 11/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exeC:\PROGRA~1\SYMANT~1\SYMANT~1�... Read more

A:Unsure Of Virus/problem

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 6 answers
RELEVANCY SCORE 56.8

Hi, Recently I keep getting pop ups - mainly appearing in the form of the websites of shops. Also, my search results do not link to the correct site .

I downloaded a program from winrar which obviously wasn't what it said it was and i suspect this to be the cause. Tried my anti-virus but its scan showed nothing.

Completely new to such a problem so any help would be great. Please keep in mind I'm a rookie Many thanks

Heres my DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Adam at 18:21:38.52 on 26/12/2009
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3032.1409 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\msa.exe
C:\Windows\system32\taskeng.exe
... Read more

A:Virus problem - unsure which kind

Just discovered malwarebytes - solved the problem in no time :D

Please close this post :)

Read other 1 answers
RELEVANCY SCORE 56.8

Hi, I'm in need of figuring out if my laptop was infected by a trojan, the operating system went kapoot and i need to reinstall it, or if its hardware failure. I used it last night and my AVG caught a "small trojan horse" called cryptbase.dll and after removing it i believe is where it began. My computer restarted and ended up starting up with the acer splash with me able to click f2 for setup. But f8 doesn't work and causes a long beeping noise if i leave it alone it goes to a black screen with a underscore blinking at the top left. i've done some research but, im unsure which route to take without taking some advice for my own laptop. My laptop is a Acer Aspire 5741-3541, Windows 7,intel core i5-450 processor, 4 GB DDR memory, 500 GB HDD. if you need more information please ask because im unsure with what is needed to fix the problem. The solutions i've heard is reinstalling windows 7, or it might be a HDD problem. Thank you.

A:Unsure if virus, operating system problem, or hardware problem

Let ma ask someone to look here.

Read other 52 answers
RELEVANCY SCORE 54.4

Hi to all the moderators,Seems everytime I open a browser or visit another site pop ups come up even though I got pop up blocker. the pop ups are several different websites like redditty.com and a lot of other ones. I als tried ad-aware, spybot, etc. I have also have Kaspersky internet security. But nothing works. Still a lot of annoying pop-ups. Problem similar to :http://www.bleepingcomputer.com/forums/t/125316/pop-ups-everytime-i-open-a-browserunsure-of-problem-name/Thank You!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:18:46 PM, on 02/02/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\W... Read more

A:Pop Ups Everytime I Open A Browser(unsure Of Problem Name), Malware/spyware? Virus?

Hi,

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new HijackThis log and give a description of how your computer is currently running.

Read other 2 answers
RELEVANCY SCORE 46.4

Well you see, the thing is, last time, about a month or two ago, i got a nasty virus through msn (a file my fren sent). After that using bleeping computer(yay!) i managed to solve the problem and everything is ok. Its just that im a wondering whether it is ok to use my msn again. Will the virus come back or anything like that? Wondering cause i so do not want to have to go through wat i went through last time.

Thanks!

A:Got A Virus Through Msn...now Unsure Whether To Use Again

It was certainly not the MSN application that was the cause of your getting a virus, but an error in judgment about clicking on/downloading a file without carefully thinking about it and verifying its source. I am sure that, as we all do, you have learned the hard way about these files, so there is no reason not to use the IM.
Cheers,
John

Read other 3 answers
RELEVANCY SCORE 46.4

I left my laptop on last night and when I woke up this morning, there was a blue screen that stated there was a virus. I turned off the laptop and tried to restart it, but the SONY logo would pop up, and then it would say something and then say press control + alt + delete to restart computer. I would do that, but it would do the same thing again. any advice??

priti
 

A:Unsure virus?

Hi ozoinkster

Welcome to TSG!

Please do this:

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 3 answers
RELEVANCY SCORE 46.4

Alright.
I've been using Internet Explorer for sonme time now, with very few problems. However, whenever I click links after searching a topic, it redirects me to a useless page. I've also noticed that "agcp.exe has stopped working", which shows up after I start IE. I am running off of Windows Vista Basic OS and have tried malware removal.

A:Unsure if virus or not...

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

Okay, I'm not really experienced with computers so I am kind of lost on what to do. I have a windows XP and lately the windows security thing kept popping up and saying that my virus protection or firewall has been turned off every time I turn on my PC. I keep turning them back on but sometimes it goes off again. I downloaded Malwarebytes' Anti-Malware from MajorGeeks.com and it said that 5 of my files were infected. What does that mean and what am I supposed to do?

A:Unsure if I have a Virus Please help!!

Hello and welcome.. Be a new is not a problem..Please post that MBAM log.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then ... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

I just set up my brand new pc last weekend and it was running perfect untill a few days ago when I downloaded some new anti-virus/ spyware programs and such. While scanning the system with Avast 4.8 I was notified of a serious threat and it was recomended that I re boot and perform a startup scan. While scanning Avast prompted me to choose between deleting a suspicious file from the registry, sending to vault, or ignoring. I attemted to scroll down to view the rest of the options and I must have picked delete because it said file deleted. I have no memory of what the file even was and can not seem to find a log for avast start up scan. My PC started really acting up after that :very slow, no internet connection, start up programs would not run, and then it froze on me. I ended up trying a repair with a fresh Windows XP Home disc at which point I continuously got a Dis Read Error, press alt, ctrl, delete to restart. I eventually got past that by going into Bios and re-formatting the Master Drive and all that Jazz. My PC has been running a little better but not the way it was before. Below is the HiJack This logand I also added it as an attachment. Any help is greatly appreciated. I just dont know what is safe to delete and what needs to be kept. A huge thanx in advance to any and all those who can help. THANK YOU!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 19:52:58, on 7/18/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900... Read more

A:Unsure of Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 46.4

Hello airchink23jon and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps. -------------ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.With that being said, please do the following:-------------You have ComboFix running from a bad location. Please delete the following file (in bold) : F:\ComboFix.exe\Then, please download ComboFix.exe and save it to your Desktop (C:\Desktop\). Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix... Read more

A:Unsure whether or not the virus(s) is still there.

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.
If not, please let me know so I can close this topic.

-DFB

Read other 3 answers
RELEVANCY SCORE 46.4

Hi all,
 
Recently my computer has been sluggish in loading and just an overall slow performance on a quick PC
 
I have done virus scans on Avast but nothing has come up so I was looking for something a bit more powerful like Combofix but as this is not compatible with Windows 8 what do you guys suggest?
 
I have also done a Defrag and Disk cleanup!
 
Thanks,
 
Dan

A:Possible virus - Unsure

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

I want to start with the fact that I haven't downloaded the DSS program that you guys recommend. This is because I have disconnected the two windows based computers from the internet so as to avoid further incursions while I am fixing them. I am currently using my mac laptop. I'm working on them one at a time. I have a Dell, that I don't use much anymore since I go to college and so am not near it very much; which I am working on first and so will call PC 1. The other is my younger brother's custom build which was infected first and will be harder to fix, I imagine; I'll call it PC 2.

Sometimes I surprise myself how long winded I can be. Regardless, my mother who is tech savy found out that the problem with PC 2 is a virus of some sort. I don't know the name. She was recommended to get three programs: HiJack This, Super AntiSpyware, and Malwarebytes. We start up the dell to use it to download the programs and it shows symptoms of infection from the same virus. As it turns out, my brother used my dell to finish an essay for school....and apparently some other stuff.

My mother and I then downloaded the three programs on the mac and put them on a thumb drive to be put on the PC's. This rounabout process is why I haven't gotten and used your DSS program. I can if you insist, but I won't be able to copy and paste the logs anyway. Especially since even if I do reconnect the PC's to the internet the virus prevents the use of... Read more

A:Unsure virus

Correction, I went and ran that DSS program. So i have the results of those ready for whatever you might need them for.

Read other 9 answers
RELEVANCY SCORE 46.4

I downloaded the HijackThis as recommended from a previous post. I'm having the same issues they were having but I'm not seeing the same things on my log:
Logfile of HijackThis v1.98.2
Scan saved at 4:14:02 PM, on 12/27/2011
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\locator.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINNT\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINNT\system32\Wnex7DO.exe
C:\WINNT\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
C:\Documents and Settings\Lonnie Bustos\My Documents\Download... Read more

Read other answers
RELEVANCY SCORE 46

My computer seems to be infected with something though I'm not sure what.

Computer Info
Win XP SP2
Dell Latitude D630
McAfee VirusScan Enterprise 8.5.0i
If anything else needed, ask

Known problems:
-Random IE popups even while I have no IE windows open
-error message involving ddcdwxya.dll [when it happens again i will take a screenshot]
-Auto Update for windows is shown as 'ON' in settings, but not in security center or windows update website

I've run Spybot S&D and Ad-Aware and they didn't seem to help.

Thank you for any information you can give me

Here's the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:43 PM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.ex... Read more

A:Trojan/Virus, Unsure of what

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post/attach as instructed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your next reply.

------------------------------------------------------

Read other 12 answers
RELEVANCY SCORE 46

To the administrator helping me,I recently saw a message on my computer that says something about my AVG scanner being corrupted. I'm not too sure what it means, but probably a virus?Thank you for your timeHere is my HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 10:11:30 PM, on 9/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ALCXMNTR.EXEC:\WINDOWS\AGRSMMSG.exeC:\Program Files\support.com\bin\tgcmd.exeC:\WINDOWS\VdCap03C\BisonCom.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\MSN Messenger\M... Read more

A:Unsure Of Presence Of Virus

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 46

Hi, 2 days ago I ran an unknown .exe file (I know stupid, but I wasn't in a good mindset at the time), and I'm paranoid that it was a virus.  I've scanned my laptop with 3 antivirus programs in safemode (malware bytes, bitdefender, and windows defender), but have been unable to find anything (I scanned for rootkits too).  I also checked my router's DNS, and nothing seemed out of the ordinary.  I've spent at least 6 hours going through files looking for anything suspicious, but have been unable to find anything.  The only difference I noticed was my startup may be a bit slower, but that could be just my imagination.  I would be VERY grateful if someone could check the file from the website I got it below on a virtual computer.
 
http://tradownload.com/results/modaco-superboot.html
 
It's the first .rar file.  I will be seriously gratified if anyone could tell tell me if the files are malware/viruses, it's been eating at me non-stop.  I know that was an incredibly stupid thing for me to do, but I was desperate to unlock my phones bootloader, as an important file had recently been deleted, and the only way to get it back was to root my phone (which I couldn't due to a locked bootloader)  Anyways, I've given up on that now.  Please, I'd be extremely gratified for anyone's help in this.

A:I'm Unsure If the File I Ran was a Virus

That file is for rooting an android phone
 
you should ALWAYS unlock the boot loader FIRST before you try to root it, otherwise you could brick your phone (seen it happen many times).
 
and you shouldn't run your AV/AM software in safemode because safemode only starts services windows needs, you need to scan in regular mode (Disconnect from interwebz)
 
 
Boot in Regular mode and Run Rkill then you can scan normally.
 
Also that website looks odd to me, it looks.. unprofessional if that makes sense, suspicious rather.
 
 
haven't dug into the exe yet, but im pretty sure you're fine, unless you notice your system gradually slowing down and not acting the way it's supposed too

Read other 3 answers
RELEVANCY SCORE 46

Hey guys, here's the thing...

I am sharing an internet connection between 3 computers via a router [linksys wrt54g, with ddwrt firmware]


Thing is, my ISP called me and said they will disconnect my account if I refuse to remove the virus myself, or send their technician. Them sending the technician is not free, and it gives them a reason to charge an exhorhibant amount, and being the student that I am, that's not possible.


Here's what I did on all 3 pc's.

1) Update
Spybot
Adaware Se
Avg Anti Virus
Avast home edition
windows defender

2) Run Thorough scan

3) Remove items found {if any}


But my ISP is saying it is still there, azv or azs he said over the phone, was not too clear.

Please help me check this log and see if you find anything out of the norm.

Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 12:11:50 AM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\C... Read more

A:Virus? AZV? Completely unsure

bump.

Read other 13 answers
RELEVANCY SCORE 46

Hi,
I justed registered today to your forum and can't seem to determine what virus is attacking my laptop. My computer runs slow and takes a long time to open anything I try to access. Sometimes it freezes altogether and I have to shut down and reboot. I'm running XP Pro. A previous virus scan with AntoVir showed a possible Vundo issue. Running a Vundo removal tool was useless. I also scan constantly with Spybot and Adaware which removes spyware but doesn't solve the problem. I have worked with HiJackThis some time ago but for all intents I am rather new. Below is a HJT log from today. Please let me know what other info you may need to help. Thank you in advance.
Bert

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:58:49 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe ... Read more

A:Unsure of virus type

Hello and welcome to TSF.
Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please post a fresh HijackThis log and I?ll be happy to help you.

Read other 19 answers
RELEVANCY SCORE 46

It says windows shut down unexpectedly and windows will contact me when they have a solution?? Also ran malware bytes on it last night and removed 18 infected things and it still is not working I suppose its because it won't shut down or restart properly please help!
DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by Carrie at 12:00:52.33 on Sun 05/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1014.491 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\Syste... Read more

A:Virus or malware unsure of what it is please help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Greetings TheSentinel and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter p... Read more

A:Unsure if infected with Malware/virus

Hey,
 
You can call me Sent
 
My PC seems a bit sluggish when i start it up and over the past couple days has been sluggish using internet, I already contacted my ISP but they didn't find anything. I've already reviewed my msconfig and control panel>program files, but maybe i missed something.
 
Here is the info you asked for.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Ruben (administrator) on BEASTV2 on 20-01-2015 20:37:42
Running from C:\Users\Ruben\Desktop
Loaded Profiles: Ruben (Available profiles: Ruben & Guest)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Window... Read more

Read other 23 answers
RELEVANCY SCORE 45.6

Hi, I have recently found that a virus is in my virus vault in AVG free titled "trojan horse" and its titled treeawpfree? My internet company has been suspending our usage because of this virus and I need to get rid of it!
Any answers/suggestions that are FREe as im a starving student! Also because its in the virus vault as quarintined does that mean its still affecting my computer?
Thanks..any help is a HUGE benefit for me
 

A:trojan horse virus and im very unsure what to do?

"bump"
 

Read other 1 answers
RELEVANCY SCORE 45.6

Older computer running windos millenium edition- wont run microsoft malicious software removal tool, wont run spybot search and destroy- upon trying to run it says its loading, with a progress bar and gets to 99% or with 1 bar left before it should open but then doesnt, ultimately end up having to ctrl+alt+delete and end the process.cant seem to start computer in safe mode, even when i do select for it to run that way.unable to download/upload attachments in hotmail, and get a weird popup saying "downloading files" from login.live.other weird thing is prior to downloading and trying to run both the malicious software removal tool and SS&D internet pages closed fine- now they are totally lagged, closing like a curtain down the screen.here is a HJT log, i hope its ok that i post it here...if i am posting in the wrong category i sincerely apologize.otherwise, i appreciate any and all help and insight.(i am posting this from a different computer.)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:12:14, on 03/03/2010Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\WINDOWS\SYSTEM\KB918547\KB918547.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS�... Read more

A:Unsure if virus is present? Help diagnosing HJT log

Hey guys, if anyone is able to provide any tips that would be great.also, it seems like i am unable to remove messenger plus! and i am wondering if this could be part of the problem?when i try to uninstall it i get a message saying that it wasnt installed properly and to download and reinstall..even though it is listed in the add/remove programs. after closing message the website for messenger plus auto opens.i really appreciate any help, or even a response that no one is able to help.i realize there are millions of people asking for help each day, so that it is required that i be patient, so i will do that, just noticed that quite a few people did see the post, but had nothing to respond.

Read other 3 answers
RELEVANCY SCORE 45.6

I have a co-worker with a virus on her computer. The following viruses have been detected on Norton Anti-Virus Corporate. The files show up on the scan and are unable to be cleaned. We have deleted the files and they have not come back, but the computer is still acting up. In Microsoft Outlook 2000 the program will open and the users signature will be missing. The user can add a new signature and everything works. When the user restarts the computer, the new signature is gone and the old signature has been returned. The saved favorites also disappear from Outlook and when the computer is restarted they return. In Internet Explorer 8 the user is unable to log into any web based applications. The program will give the log in screen, stop working, and shut down offering a error message. I have pasted below the norton results, IE 8 error message, and a hijack this log.Norton Results: 11/2/2009 12:11 A0016344.exe Trojan Horse10/30/2009 9:46 upgrade.exe Trojan Horse10/30/2009 9:32 isqsys32.exe Trojan Horse10/30/2009 9:24 ~TM5.tmp Trojan HorseIE 8 Error Message:AppName: iexplore.exe AppVer: 8.0.6001.18702 ModName: unknownModVer: 0.0.0.0 Offset: 00140194Hijack This Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:27:54 PM, on 11/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.... Read more

A:Virus Is On My Computer - Unsure Of The Origin

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 27 answers
RELEVANCY SCORE 45.6

I AM UNABLE TO GET INTO MY TASK MANAGER SAYING THAT ITS BEEN DISABLED BY MY ADMINISTRATOR WHEN I'M THE ONLY ACCOUNT ON MY LAPTOP...

ALSO WHEN I LOOK AT THE INSTALLED PROGRAMS ON ADD/REMOVE WINDOW, THERE WERE NUMEROUS WINDOWS UPDATES THAT SHOULD NOT HAVE BEEN THERE...NONE OF WHICH HAD DATES OR HOW OFTEN THEY WERE USED...THEY NEVER USED TO BE THERE UNTIL RECENTLY....IM UNSURE IF THIS IS A VIRUS OR MALWARE...HERE IS A COPY OF MY HJT LOG...WHAT DO I DO???

THANKS
MAVERICK217

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:00 AM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\... Read more

Read other answers
RELEVANCY SCORE 45.6

I just got Starcraft 2 and it continues to tell me it needs to connect to the internet to patch and to check to make sure I am. I am currently posting on the same computer and all other internet seems to work fine. I am wondering if something possibly has set up a proxy and is messing with the connection.

HjT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:17:34 AM, on 7/27/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jeb\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR46... Read more

Read other answers
RELEVANCY SCORE 45.6

Hi to all you great helpful people!,
A few weeks ago we recieved about 10-15 emails in one day stating that we have the Klez.h virus. In response I updated my virus definition list with symantec but it did not find anything so I downloaded programs specifically designed to remove the Klez virus, still nothing! I ran these programs in safe mode so I am puzzled that they have not found anything. I do have a few symptoms, for example Outlook express is not running the same - the email account settings have been deleted; the icons for all word documents and for word itself have been changed from the W symbol to a generic symbol; and the system is a little slower (though only barely). Do you think I have a virus?

Here is my startup list:

StartupList report, 2/16/03, 8:45:21 PM
StartupList version: 1.51
Started from : C:\WINDOWS\TEMP\TD_0001.DIR\STARTUPLIST.EXE
Detected: Windows 98 Gold (Win9x 4.10.1998)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS2\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS2\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\LXDBOXCP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\... Read more

A:Cannot remove Klex.h virus. Unsure if I even have it!!

Read other 14 answers
RELEVANCY SCORE 45.6

Hi everyone:

I have a virus of some sort, I am not sure what it is. I have some redirects, my Mcafee cannot update and is blocked from the internet, even though I can still get online. occasionally my wireless connection goes down, but other times I can access it.

Anyway, I need to know how to start solving this problem. What is the first program I should run to diagnose my issues?

Thanks,

Todd

A:Virus Removal - unsure how to begin

Hello and welcome. Lets see if we can get a log like this.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after runni... Read more

Read other 11 answers
RELEVANCY SCORE 45.6

I somehow got a Snap.Do program downloaded by accident while downloading or upgrading another trusted one. You know how they are now. If you install or upgrade any known program that you fell is legit these other programs (mostly mal-ware) try to piggyback on the install. If you forget to make sure all the little extra checkboxes are uncheckecked then it will install all kinds of weird stuff you never asked for. I think I accidentally let  this Snap.Do bug on and have been having problems ever since. I thing it is more that coincidence which I don't believe in coincidences much anyway. I tried to uninstall it from control panel and no go. I tried to find it in my program files and look for a uninstall option but there is no listing. I think it is masked under another name. Anyway I've got problems coming out my ears now so I am attaching the logs and I hope you can tell me where to start. Thanks in advance for any help. 

A:Possible Snap.Do Virus, Otherwise Unsure of Infection

Hello cableman I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

The other day my brother was telling me he got blue screened multiple times while logging in. Whenever I switched to my account, everything was normal at first.Eventually, there were random redirects for Google searches that were still left in the search at the top of firefox. Basically whatever phrase I left, later it would open a new tab (maybe once every few hours) and search, randomly redirect and go to some ad site. I tried going all the way back to see if the URLs prior to what it redirected to would give any hint as to what the virus was called, but I got nothing.Finally, after a few hours "Antivirus 2010" came up on my computer and started scanning. I had experience with this before on my parent's computer and Malware Bytes got rid of it fairly quickly.The problem with this now is, it absolutely does NOT show up in Malware Bytes. I went through the AV 2010 "uninstaller" (though I'm positive it won't do anything) and tried looking through my computer for any other traces of AV2010 but I found absolutely nothing.I scanned full scans about three times, got SpyBot Search and Destroy and got this:This morning I tried logging into my computer about 12 different times, but I got blue screened every time.Sometimes it would say "IRQL_NOT_LESS_OR_EQUAL" and sometimes, it would just be normal bluescreen with some writing telling me to check BIOS or disk space (which I have plenty of) and it would restart itself.Finally, I got on a diffe... Read more

A:Unsure what this virus/malware is called.

Hello Paulabear Welcome to BleepingComputer ========================Are you still having this issue?Can you update me on the issues currently?

Read other 7 answers
RELEVANCY SCORE 45.6

So I clicked a link which then started running a Java update, which lead to my Microsoft Security Essentials to saying there was a threat. Before I could click the "Remove Threat" thing the virus shut down MSE, so I kinda panicked and pressed the restart button on my computer. After restarting, MSE picked the virus up and I was able to get rid of it this time,Trojan:Win32/Meredrop. Wanted to be safe so I brought up Malwarebytes, ran a quick scan and it found a Malware.Trace which it removed too. Restarted the computer again as requested and now whenever I go to google the page will get 80% loaded and then stall indefinitely. Am I really infected? or am I just being paranoid? Why aren't google searches loading on firefox? o.oThanks in advance to any help.________________________________________Hijackthis Logfile:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 6:59:25 PM, on 8/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSRespon... Read more

A:Unsure of virus type, but I'm definitely infected.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 12 answers
RELEVANCY SCORE 45.6

Hello all.

My problem started a little over a week ago when itunes stopped working and my internet access via google chrome, ie, opera and firefox started to slow and then not connect.

I have mcafee anti virus installed, and this has not detected any problems.

i have used spyware doctor and this has removed a few isssues, however i am not sure if these are real or not. I have heard about programs which "remove" viruses which never there.

I have used microsoft security scanner also which found the exploit Java:/cve-2010-0442.g and TROJAN:WIN32/VUNDO.GEN!AV. But these have been removed.

My computer when run in normal mode will not connect to the internet, will not allow adaware or any other system to update, and my computer is running unusually slow. It also wont shut down unless the power plug is removed.

I am having to use safe mode all the time.

I am using windows xp service pack three.

I think that is as much info as i have on the issue. Below are the logs required.
The ark.log file should be the ark.txt, however it would not let me save the file as a ..txt file.

Thanks in advance for any advice.

DDS (Ver_2011-07-14.01) - NTFS_x86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Sean at 22:54:07 on 2011-07-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.584 [GMT 1:00]
.
AV: AVG Internet Security 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-V... Read more

A:please help! unsure which virus/viruses are on my system

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 27 answers
RELEVANCY SCORE 45.6

Hi,

A short time ago my system was infected with a rootkit and now I'm having problems moving my mouse along the screen.

SOmetimes while I'm rollonig the mouse around it will hang up for about five seconds and right before it hangs up, I get a beep.

I lookked through all my files and could not find the mp3, wav or other sound file that could be causing this.

Does anyone have any recommnedations as to how to get this mouse from hanging up along with the beeper thanks!

Joe
 

A:Beep : virus???Unsure where it's coming from

Read other 6 answers
RELEVANCY SCORE 45.6

So yesterday something popped up on my fiance's computer which said that universal driver updater was unable to run. Then Avira popped up and said it had moved it to quarantine. He ran a whole scan, the program was not in the program list, nothing else seemed out of place.

Until we tried to shut down. It looked like it was shutting down and then went to the welcome screen where you log in. It did this 4 times, we tried shutting down from the welcome screen, after logging in...and then finally we had to disconnect the power.

He said to me he clicked a Facebook quiz link for fun and a new tab opened and then closed so I think he might have been hit by a driveby.....but I don't know what it was or how to find out and fix it. Any help is appreciated.

Is this the workings of a virus? How do we troubleshoot it and also how do we uninstall that driver thing (we deleted its folder in program files but it pops up saying it's trying to install)? His specs are the same as my profile except he uses windows 10 and has a different screen .

A:Unsure if we have a virus or not, shutdown failures etc

Hi.
Give this a try. Post the logs if you'd like me to evaluate.

Run these scans, in this order; if you post logs, use CODE tags (# button).

Create a restore point
RKILL
TDSSKiller (select all options - it will reboot to scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (it will reboot to clean)
RKILL (again)
Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
JRT
TempFile Cleaner
Ccleaner - run on browsers and clean out temp + cache, then run on registry

Read other 1 answers
RELEVANCY SCORE 45.6

Clicked on something that shouldn't have been clicked!  Multiple issues have occured since, including being scammed into buying a "Norton" product.
Other issues:  "an error occured" during installs/uninstalls, MBAM unresponsive, Untrusted Connections in Firefox, date/time incorrect.
 
Please help.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.0.0
Run by hank at 16:48:49 on 2011-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2173 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNe... Read more

A:Scammed, unsure of specific virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2IMPORTANT !!! Save ComboFix.exe to your Desktop1. Close any ope... Read more

Read other 9 answers
RELEVANCY SCORE 45.6

So I got a virus, used alot malwarebyts superantispyware, avira, sophos and a dozen other. I put UAC to full and other suggestions that I got, Even had to SFC /SCANNOW a few times and still having some issues. Firstly I get this image when I boot. I get the "Please wait" and then "Welcome" screens then this pops up. I can not CTL+ALT+DEL out of it. If I try then only when I click the button or the x does the screen come up allowing me to run taskman.[/IMG]when I try to log off I get this screen for about a min. It doesnt seem that anything is actually running.[/IMG]Uploaded with ImageShack.usAlso My hibernate no longer works.I had TR/PATCHED.GEN infecting explorer.exe and winnint.exe and other but I thought I had cleared it. I need some help. Here is my hijack this log. Is there any app that can log all apps/files from power on until stopped? I would like to see all that starts and then when my desktop is available I could stop and analyze.oh and it says unknown windows but it is windows 7 starter on an acer aspire 1Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:24:13 PM, on 1/19/2011Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16700)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Launch Manager\LManager.exeC:\Program Files\Realtek\Audio\HDA... Read more

A:unsure virus but many problems and fixes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 45.6

Thanks for any help with this log.

A:Help with Hijack This log- unsure of any virus or spyware

Ouch, warning from Roadrunner that my computer was sending spam email! Said it was probably because my computer was compromised and I had to click on a button stating I would see about having my computer cleaned before I could go anywhere else on the internet.

Read other 5 answers
RELEVANCY SCORE 45.6

Good Afternoon all and thank you for taking the time out to help. I'm not sure is this is in the right section. I have recently been hit with the Internet Security 2010 Virus and tired every solution possible to remove it. I was unsuccessful with many spyware/malware removals so I finally downloaded Norton Antivirus 2009 and got something good out of it. I was able to remove the problems but after I did a restart I was unable to get pass the welcome screen. I tried logging on and it would only stay on the same screen. I have been dealing with issues with this laptop for 3 days now and I am desperately in need of help. Thank You in advance.

A:Unsure if Virus fully removed

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

What are your OS details? Service Pack? 32- or 64-bit?

Do you have access to another machine with a CD/DVD drive?

------------------------------------------------------

Read other 3 answers
RELEVANCY SCORE 45.6

My problem can be found in more detail in the first entry of this topic: http://www.bleepingcomputer.com/forums/topic460153.html
I had created another topic with a DDS Log, but I think no one has read it because I had added a reply to it, not knowing that the Malware Response Team may believe I am already being helped.
Anyways, here is the DDS Log. (I have a 64-bit OS, so GMER didn't seem to work.)

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Owner at 13:40:59 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3957.2406 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Window... Read more

A:Unsure if I have Google Redirect Virus

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be the cause infiltration of an infection.Please run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad... Read more

Read other 7 answers
RELEVANCY SCORE 45.2

I have a Dell D620 running Windows XP Professional service pack 3. I am sure I mistakenly allowed a download that I obviously shouldn't have that started this problem. I believe the first issue I began having was related to downloading Antispyware Soft. After following the advice offered through other posts, I thought I had this removed using HiJack this and Malwarebytes.Initially, after having run Malwarebytes and Hijack this, when windows was trying to load, I would get 2 errors, they said that Data Execution Prevention shut down Windows Logon UI and Userinit. None of my desktop icons would load, nor would the windows taskbar. I had to manually run explorer.exe from the task manager to get them to come up. This problem is no longer happening.The second problem I am having involves having browser problems. Google Chrome will not work at all. Internet explorer does work, but will not access some web pages, and if I do a search and try to access a page by selecting the link the search provided, I will be redirected to a page completely unrelated.Finally I decided to begin my own thread here on bleepingcomputer. I was able to easily got the dds logs you needed, but had problems when trying to get the GMER log. During one of the scans, I stepped away from the pc for a minute, when I returned, it was on a blue screen that said...."A problem has been detected and windows has been shut down to prevent damage to your computer. The problem seems to be caused by the followi... Read more

A:Malware/Virus! Unsure of cause, but numerous problems

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 15 answers
RELEVANCY SCORE 45.2

I'm wondering if I have malware/virus. I use Firefox(3.6.10) and it has started to open new tabs all by itself. Pages that load have been Google and Ask pages. Nothing too dodgy, yet at least.I have run Windows clean up, CCleaner, Malwarebyte's Anti Malware and AVG virus scan. Malwarebyte's found malware which I removed however the problem remains.Here's the Hijackthis log if someone would have a look for anything nasty that would be great.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 18:21:24, on 24/09/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\svchost.exeC: ... Read more

A:Hijackthis log for laptop - Unsure of virus/malware name

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full... Read more

Read other 27 answers
RELEVANCY SCORE 45.2

Crazy day! Lost 500GB of marketing files etc... I backed up the most crucial, but the rest are history. Pictures, Music etc...Anyways, I bought Norton Antivirus and was reading around about HIJack this!Below is my log, can someone assist me with it. To me, it looks like there are a LOT of issues: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:17:32 PM, on 6/5/2009Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton 360\Engine\3.0.0.135\ccSvcHst.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\CCleaner\CCleaner.exeC:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\DllHost.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =... Read more

A:Unsure of Virus, just had a hard drive disappear

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I keeping getting re directed in my internet searches to other sites.. I have run norton and superantispyware. I have cleaned cookies and cache. I use firefox but happens on ie as well. I have run the hijack this log and attaching it hoping for some advice. I am mostly a novice so gentle please. Thanks!

A:unsure which virus/malware but started from facebook

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.=============The next log will show us any hidden files that are present.Download GMER from here:Unzip it to the desktop.Open the program and click on the Rootkit tab.Make sure all the boxes on the right of the screen are checked, EXCEPT for ?Show All?.Click on Scan.When the scan has run click Copy and paste the results (if any) into this thread.

Read other 2 answers
RELEVANCY SCORE 45.2

I am running Win XP Pro and have been fighting an infection for a few days.

Was running Symantec EndPoint Protection, but it got past that.

Uninstalled and installed AVG Free, ran full scan

Ran Malware Bytes, Super Anti Spyware, Spybot Search and Destroy, Advanced System Care, and Glary Registry Repair.

Found and removed a number of virus files:

tpsaxyd, wiwow64, pp10, and many many others.

At one point, networking wasn't working, USB ports not working, programs freezing up, system resources overloaded, low RAM, processor running forever, and one BSOD.

I've gotten everything back, but am not sure if it's completely gone or if it's still hiding somewhere and will come back. I do notice what appears to be the processor coming on and off very slightly based on the light on my laptop. That seems strange.

If someone were willing to assist me in checking if I'm truly clean via hijack this or combofix, I would sincerely appreciate it. Also, I'd love to know why my supposed "latest and greatest" Symantec Endpoint totally blew it.

Thanks again

Read other answers
RELEVANCY SCORE 45.2

My son (when I wasn't home) went on piratebay the bit torrent site and now my laptop has a virus or atleast it seems. My admin account icon is gone. The only icon is the 'guest' account and anything I try to do says 'you do not have admin rights'-log in as admin, but I cannot get the admin log in to pop up. I have tried starting the secret admin account thru command prompt but it says the same message 'you do not have admin rights' I have tried adding account only to get an error message, I tried creating a new admin account and it does not allow me to start creating one, just makes a sound with an error. I have tried installing system mechanic and other software but it says unable to do so without admin rights. It has also corrupted my wifi driver to my wireless home network so I cannot connect with the laptop. Im unsure of how I can clean this or repair it to atleast get back online so I can try to install some help. I tried a windows repair disc (created by my desktop with the same windows 7 home premium but it asks me to install drivers which im clueless of what I need. Any help is greatly appreciated. If more info is needed just let me know. Thank you.

A:A virus has taken away my windows 7 admin rights, unsure of what to do?

Hello Can you post a DDS log per this Guide?Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Include your above info in the new topic.Let me know if all went well.

Read other 9 answers
RELEVANCY SCORE 45.2

First of all, Hello! I just stumbled about this forum as i was searching for a fix to my virus. I looked at some other threads and i was amazed at the depth of the answers (very full, obiously). Now, to the point...

Call me immature, but i am only 13. I play an online internet game, and i fear for my account. I revently obtained a computer disorder that sets my Trend Micro Office Scan wetting itself, and when i leave the computer for a minute it will pop up with anything up to 4000 virus' detected. They are, all the same, having differnent names that are edited very simply, such as

"wgdoor0.dll"
"whdoor0.dll"

and the occasional

"mydoor0.dll"

They contain the TSPY and TROJ infections, though there are only 22 reports of a TROJ file out of 71000 Cookies and TSPY's in last 13 days

So.

Here is a standard example of the Virus Name within the .dll files
TSPY_(gibberish).(gibberish extension, too)
and these extensions were non executable files.

Here are actual names of a few:
TSPY_FRETHOG.WF
TSPY_FRETHOG.WP
TSPY_ONLINEG.ERY
TSPY_ONLINEG.FSZ.... other extensions as FFX, ESD,

And i cannot find a link to the warning thread about the virus.

Each file had a different virus! Some were named the same thing, but had different extensions

By that i mean

mydoor0.dll had the virus TSPY_FRETHOG.F
whdoor0.dll had the virus TSPY_FRETHOG.WF

etc, and they were 100% correct throughout all of the scans

From being a moderator on another forum for... Read more

A:Duplicating and renaming virus, unsure of source

Going to bed, won't be active until tommorow.
 

Read other 1 answers