Over 1 million tech questions and answers.

Distribution of Malware by Type

Q: Distribution of Malware by Type

The following link reports Emsisoft malware removal statistics by type (2015):

Antivirus, Anti-Malware, Anti-PUP? What is Emsisoft really?

Such data is important when crafting your security config. What it shows is that, at the time the data was collected and reported, the probability of a Trojan, Bot, Backdoor and Rootkit infection is 14 %, an exploit is only 1 % and a virus 0.2 %. On the other hand there is a 79 % chance of encountering a potentially unwanted application\program (PUA\PUP).

What the above statistics do not indicate is what proportion of the PUAs\PUPs are just mere annoyances versus the more sinister ones - those that will attempt to download and install a Trojan, Bot, Backdoor, Rootkit, VIrus, etc.

The incidence of ransomware is not specified, but more recent data suggests approximately 2 %.

It is important to understand the following:

If you do not download and install applications - or - only install applications from trusted publishers from their direct download links, use built-in system\browser protections, use safe computing habits, then the probability that your system will be infected is virtually 0 % !

For a significant portion of adult users, a security soft such as Emsisoft Anti-Malware or Emsisoft Internet Security is sufficient.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Distribution of Malware by Type

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 53.2

You have to hand it to them, it's a twist on social engineering that hadn't been attempted to spread malware, that I know of anyway.I had the opportunity to examine malware whose initial infection vector was a car windshield flier with a website address. The malicious programs were run-of-the-mill; however, the use of fliers was an innovative way of social-engineering potential victims into visiting a malicious website.Several days ago, yellow fliers were placed on the cards in Grand Forks, ND. They stated:PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to website-redactedSource: http://isc.sans.org/diary.html?storyid=5797

A:New vector for malware distribution?

Good grief!

~ OB

Read other 9 answers
RELEVANCY SCORE 52.8

Well, apparently I got this lovely thing on my desktop today:


First, I really cannot understand how someone can inject code into an executable without changing its signature and certificate. I really cannot understand. So if anybody can explain me that, I love learning new things and I really would like to know.

Second, I had been experiencing some weird things occurring for the past week or two. My windows store broke, it uninstalled itself. And with it, every software associated to it broke too. Like for example, outlook, that has quite some sensible information in my microsoft university account. Also, from time to time, my timestamp would change to 8:00 something of the actual day we were on, despite it being on auto. I'd have to manually configure it. I'm not sure if it's to do with this, but it's somewhat likely that it has.
If you're experiencing some similar symptoms, hour change or windows store uninstall, you might want to check your ccleaner install date.

Third and even more severe, I don't even know how I got it. My machine had ccleaner installed, but I was 6 months out of my country (since february, 10) and I haven't used ccleaner (and I am sure of it), since at least January of this year.
And further than that, I revoked its rights to auto update, like I do to every other software and I revoked its rights to start up on boot in the day I installed ccleaner (more than half a year ago at least). And I just checked this, it&... Read more

A:Ccleaner malware distribution. I got the jackpot!

Here What Avast Say about this - Vik -Global Moderator :
CCleaner and installing avast with out permission...
 

Read other 2 answers
RELEVANCY SCORE 52.8

HiI was on google video and clicked on a video that took me to:####WARNING - MALWARE DISTRIBUTION SITE DO NOT ENTER UNLESS YOU KNOW WHAT YOU ARE DOING####
***********http://crazymotion.net/my-ds-lite-case-mod-and-broken-hinge-fix/w1Y213qma9PIjAy.html**********
####WARNING - MALWARE DISTRIBUTION SITE DO NOT ENTER UNLESS YOU KNOW WHAT YOU ARE DOING####Upon arriving to that site a popup window opened (some kind of ad) and after that I got message that java encountered a problem and I should restart my browser - this wasn't generic windows (i'm running xp) message about program crash, it was message either from java itself or from opera web browser....Now I'm not sure if I got infected or not? I scanned my comp and found nothing... could infection occur even if I have everything up-to-date (using secunia psi)??? beside opera I have current flash, current foxit reader I also run comodo and avast! (no warning from them).THANKSP.S. I'm sure this site distributes malware: hXXp://www.google.com/support/forum/p/yout...a78ea&hl=enDisabled link ~~boopmeok, i found more:http://www.siteadvisor.com/sites/67.201.36.16/summary/this was somehow opened from original site, probably via iframe

A:Malware distribution site... am I infected???

Hello, well we better run a couple tools. Were you getting any popups,redirects or things strange?Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.46) and save it to your desktop.Before you save it rename it to say zztoy.exe alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan ... Read more

Read other 6 answers
RELEVANCY SCORE 52.8

More as an alternative to twiddling my thumbs than anything else, I tried to produce a batch file that would count up the number and size of files in a folder, as well as the number and size of files with each extension. Hence it would say how many word documents I have and how much space they're taking up, etc.

I've managed to get a vaguely working model, but the output formatting is terrible (I just wanted it to say X bytes in Y "Z" Files, none of that ugly dotted variable names) and I have failed to get it to equate .htm and .html, .jpg and .jpeg, etc.
Code:
@ECHO OFF
REM THIS BATCH FILE ITTERATES THROUGH ALL THE SUBFOLDERS AND FILES IN A FOLDER (IDEALLY A DRIVE)
REM IT TOTALS THE NUMBER OF FILES CONTAINED IN THAT FOLDER, AND THE SIZE OF THOSE FILES.
REM IT ALSO TOTALS THE NUMBER AND SIZE OF FILES WITH EACH EXTENSION IT ENCOUNTERS.
REM ALL INFORMATION IS THEN PRINTED TO THE SCREEN AND FTYPEDST.TXT

IF EXIST FTypeDst.txt ERASE FTypeDst.txt
ECHO. >FTypeDst.txt
ATTRIB +A FTypeDst.txt

ECHO SCANNING FILE TREE FOR FILE EXTENSION DISTRIBUTION
ECHO Please Wait Paitently. . .

(SET /A ALLNUMBER = 0) & (SET /A ALLSIZE = 0)

REM cycle through the current directory and subs, Increment Allnumber, Allsize, define and increment Number of * files, size of * files.
FOR /R %%F in (*) DO (
SET /A ALLNUMBER += 1
SET /A ALLSIZE += %%~ZF
IF NOT DEFINED Number.of.%%~XF.files (SET /A Number.of.%%~XF.files = 0)
IF NOT DEFINED Size.of.%%~XF.files (SET /A Size.of.%%~X... Read more

A:Solved: File Type Distribution analysis: Batch File.

Posted via Mobile Device
You would be better off using third party software that already does this. Plenty of them out there.
I personally would check the extension of each file using the cmd extensions of a for loop. then do an if statement for each file type you want to keep track of. then use a call statement to branch to a function that adds up the file sizes and number of files.
 

Read other 3 answers
RELEVANCY SCORE 52

This is personal SCCM but I need some help.

When I have msi application and want to distribute the content to SCCM and DP as distribution pons, DP received it and SCCM did not failed got this message  (Distribution Manager failed to connect to the distribution point ["Display=\\SCCM-M3N.M3N.com\"]MSWNET:["SMS_SITE=M3N"]\\SCCM-M3N.M3N.com\.
Check your network and firewall settings.)
Please help

Read other answers
RELEVANCY SCORE 52

surprised....nah
Google tops comparative review of malicious search results





Quote:
According to a newly released report by Barracuda Labs, based on a two-month study reviewing more than 25,000 trending topics and 5.5 million search results, Google remains the most popular search engine used by malicious attackers, relying on poisoned keywords. The company, which also sampled Yahoo Search, Bing, and Twitter, contributes Google?s leading position to the fact that Google remains the market share leader in online search, and consequently the most targeted search engine.
Key highlights of the study:

Overall, Google takes the crown for malware distribution ? turning up more than twice the amount of malware as Bing, Twitter and Yahoo! combined when searches on popular trending topics were performed. Google presents at 69 percent; Yahoo! at 18 percent; Bing at 12 percent; and Twitter at one percent.
The average amount of time for a trending topic to appear on one of the major search engines after appearing on Twitter varies tremendously: 1.2 days for Google, 4.3 days for Bing, and 4.8 days for Yahoo!
Over half of the malware found was between the hours of 4:00 a.m. and 10:00 a.m. GMT. The top 10 terms used by malware distributors include the name of a NFL player, three actresses, a Playboy Playmate and a college student who faked his way into Harvard.

A:hmm...Google takes the crown for malware distribution

Why am I not surprized to hear that one?! They get the first class trophy award for sure!

With the recent addition of a new av program which includes a very protective firewall the first thing noticed is that the firewall will tend to block more sites in a Google search result then with Bing, Yahoo, ask, or any other search engine when tasked.

Yet despite warnings a few people still set the Google search page as their own home page?

Google toolbar addons for browsers like FireFox are a common annoyance to uncheck.

Read other 3 answers
RELEVANCY SCORE 50.8

My computer was intected by this virus that installed and activates this file: appshat-distribution.exe
 
- I opens affiliate links everytime I make a click on a website or try to watch a video on youtube, daily motion, etc and also add banners to websites that I am visiting.
- If I make a search of the file on my windows explorer that files seems to multiply when I make a search to try to delete it.
- I have run several anti virus and anti malware but it is not recognized by them (comodo, avast, superantispyware and spyware blaster)
 
These are the logs I created:
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/18/2012 3:45:19 PM
System Uptime: 9/18/2013 7:18:20 PM (0 hours ago)
.
Motherboard: Acer |  | Aspire X1920
Processor: Pentium® Dual-Core  CPU      E6700  @ 3.20GHz | CPU 1 | 3203/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 912 GiB total, 814.318 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&2C13614F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&2C13614F&0
Service: i8042prt
.
==== System Restore Points =====... Read more

A:Infected by: appshat-distribution.exe Antivirus and Anti-Malware innefective

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the ... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

http://news.yahoo.com/s/ap/20071028/ap_on_...nTACiuYsr_q188FAfter reading the story about the Pa bigfoot, Found out it is a HOAX!!! Rick Jacobs is using his blogspot to send out trojan horse and malware! I saw this story on yahoo.com and I was curious to see the pictures to see if they were real or fake...so I did a google search on Rick Jacobs and this was what I found. When I went to this site it said to intall Active X to view video of said Bigfoot, after it installed I got quiet a shock!!! Pornography! Thankfully my children weren't watching! I am appauled that there wasn't anyone that did research before reporting this story! I have Avast antivirus software and I am getting warnings (pop-ups) that Adware was found. Win32:Agent-LTS[Trj] Malware type Trojan Horse and Win32.Adware-gen [Adw] Malware. Do you know how difficult this will be to remove from my computer!??ughhhh They need to prosecute this man for this! To see the link **Warning Proceed with Caution!!** will contain Adult content!http://rick-jacobs-bigfoot-photo-pictures.blogspot.com/Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:52:10 AM, on 11/1/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\... Read more

A:Win32:agent-lts[trj] Malware Type Trojan Horse And Win32.adware-gen [adw] Malware

Hello,I see the tool we use for this infection doesn't remove below variants yet, so do next please..* Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Where it says: "Paste List of Files/Folders to be Moved", copy and paste next bold part into that Window:

C:\WINDOWS\advreprwd.dll
C:\WINDOWS\sdrmod.dll
C:\WINDOWS\hupsrv.dll
C:\WINDOWS\msmhost.dll
Then click the red Moveit! button below.Close OTMoveItIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.. Then it will reboot your computer.Even though OTMoveIT didn't ask to reboot your computer - reboot anyway, this since moved files may still be in use.Then, after reboot, * Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)O2 - BHO: MSVPS System - {7A22D62B-562F-4D55-8B1E-3AAA6C2BA688} - C:\WINDOWS\advreprwd.dllO3 - Toolbar: The sdrmod - {521A5897-9EA7-43B4-A51D-B4C11D67BEEF} - C:\WINDOWS\sdrmod.dllO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [Button Bar] C:\Documents and Settings\Kim Robinson\Local Settings\Temporary Internet Files... Read more

Read other 8 answers
RELEVANCY SCORE 42.8

but this is ridiculous.
 
 
came across some aggressive malware that closed my browser/task manager and prevented combofix from running no matter how many times i moved/renamed/fresh downloaded it.
 
i remembered superantispyware having had some synergy with this situation before, so i downloaded it, ran a scan /log1, rebooted, and was able to update and run combofix /log (combo)
 
after running combofix, one of the invasive features popped up again a little window saying i have not backed up my system
 
seeing this i ran superantispyware again /log2 to see what it picked up. it found more, but harmless looking stuff.
 
i went to programs/features and started manually uninstalling new programs.   http://puu.sh/6npGX.png  when i got to the point in this screenshot, superantispyware blocked a trojan from excecuting with its live protection (which prevented the visualbee uninstall shortcut from activating) now i dont know what to do. will these uninstall apps install more malware? how do i remove these programs safely?
 
 
win7 ultimate 32 bit 

A:not the type to ask for malware help

/bump 

Read other 3 answers
RELEVANCY SCORE 42.8

I have run AdAware, Spybot until nothing came back, still can't get rid of the popups. Please help. If I need to I will restart my computer from factory settings but I don't know how to do that either. Thanks!Deckard's System Scanner v20071014.68Run by Compaq_Owner on 2008-04-04 22:25:21Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --129: 2008-04-05 03:25:30 UTC - RP174 - Deckard's System Scanner Restore Point128: 2008-04-05 00:19:31 UTC - RP173 - System Checkpoint127: 2008-04-03 23:13:29 UTC - RP172 - Software Distribution Service 3.0126: 2008-04-02 23:30:35 UTC - RP171 - Software Distribution Service 3.0125: 2008-03-31 01:21:33 UTC - RP170 - System Checkpoint-- First Restore Point -- 1: 2008-01-28 00:31:05 UTC - RP46 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 384 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-04-04 22:27:13Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\servic... Read more

A:Malware(not Sure What Type)

Hello tammydisharoon, Before we start, you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world. You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! **********************Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java: Download the latest version of Sun Java Runtime Environment 6 Update 5. Scroll down to where it says "Sun Java Runtime Environment 6 Update 5". Click the "Download" button to the right. Check the box that says: "Accept License Agreement". The page will refresh. Click on the link to download Windows Offline Installation, Multi-language jre-6u5-windows-i586.exe and save to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Examples of older versions ... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Hi guys hope you can help me out with this please.

Problem.

Daughters b/f laptop running very slow. Perhaps would be easier to format but dont have the HP windows disk to hand.. and also laptop contains all of Uni work and he' just taking his finals.

Symptoms.

- Takes 15 mins+ to boot into windows
- Certain types of activity cause very high CPU usage. Random background activity causing 100% CPU usage which Ive not been able to identify via the normal Windows Process manager.
- When the high CPU usage occurs sound judder becomes very obvious as does slow down of mouse movement. Applications take a while to open.

Back ground history.

Daughter having been trained (read nagged) by me over the years about malware etc attempted to fix. She said she ran all the usuals like spybot S+D /Adaware etc which cleared an awful lot of malware and infections but she didnt take note what they were, but machine is still running slow.

I dont know when the infection first started, but from the sounds of it (and one install file I found) it looks like it was possibly late last year? I do know he's been stuggling for a few months with it.

I suspect LOP type trojans. From daughters description he's also possibly had one of the Antivirus 2008 type trojan/malware.

I now have laptop for a couple of days in an attempt to fix this before he needs it back.

Removed so far

With the aid of HJT/malwarebytes etc Ive managed to clear out a few further things such as

... Read more

A:LOP type malware?

LATEST HJT REPORT

--------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:33, on 22/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

Something is lurking on my wifes laptop. Only my wife and daughter use this laptop. When you open IE7 or FireFox, the home page comes up normally. However if you try to go to the Favorites or do a Google search and click on a link the laptop may open the page normally, but the next time it may open a link like the ones below.[url=http://ylwbook.areaconnect.addresses.com/yp_results.php?ReportType=44&provider=107&qbc=Tires+Retail&qc=pittsburgh&qi=0&qk=10&qs=PA&PHPSESSID=27e908463d5fb19c9fdc21baedbbebfd]http://ylwbook.areaconnect.addresses.com/y...fdc21baedbbebfd[/url]

[url=http://scan-your-pc.org/index.php?PHPSESSID=b1cb8e87803d8df63975eda8ef96de19]http://scan-your-pc.org/index.php?PHPSESSI...975eda8ef96de19[/url]So far SuperAnti Spyware, Malwarebytes and Spybot Search and Destroy have really only found some tracking cookies, as far as I'm aware. McAfee Security Center is install and the dats are current. DDS (Ver_09-07-30.01) - NTFSx86 Run by jennifer.rodgers at 19:08:44.79 on Mon 08/10/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.383 [GMT -4:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\W... Read more

A:Malware of Some Type

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DDS logs back here

Read other 2 answers
RELEVANCY SCORE 42.8

I don't know what got me, I have run adaware, spybot, and cws shredder, I can't find what got me. My internet has slowed to a crawl. I got Zone alarm and it is stopping windows explorer from sending email every second, explorer seems to be sending out emails to a bunhc of personal email addresses personal emails, so I know my computer is being used to send out emails probably for advertisements. I also occassionally get an error message that internet explorer needs to be closed, but I am not running it! In fact I disabled it, I only use mozilla and opera. I have my Hijack this log file down here. This thing is greek to me. If anyone can help me find and eliminate this rogue program or whatever it is I owuld be enternally grateful! Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:41:33 AM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\jfatpywq.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindSer... Read more

A:Help! malware of some type got me!

Hello and Welcome to TSF!!!


Please download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.
Put a check next to Run VundoFix as a task.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.


Download Ewido Security SuiteInstall Ewido Security Suite
When installing, under "Additional Options" uncheck..Install background guard
Install scan via context menu

Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8... Read more

Read other 1 answers
RELEVANCY SCORE 42.8

Ive been poking at an HP pav for a few days here.. and Ive discovered
a worm unlike any Ive ever seen before. It is fully integrated with
the operating system and is highly defensive.

So heres what Ive found out so far..

the start method is unknown

the app lists itself as 1381454673:2930550957.exe in the task manager
the task manager points to c:/windows but cannot find the file
as the name contains an invalid character

I located a file by this name, size 0kb in the windows
directory and also in prefetch. I renamed these .old

I ran superantispyware, the worm closed it then changed
the priveledges on it so I could not run it again, the
shortcut icon was removed as well

I ran malware bytes, it wass terminated, priviledges changed
and icons removed...

I ran process view from sys internals, it was terminated
icons removed as well

I used safe mode under the hidden administrator account and
the worm was still running

I searched by modified and created date, all files.. and nothing
not one DLL or EXE was created during the time of infection.. or at least there was no date and time which corresponded

I booted to Hirens Boot CD, used Superantispyware, it found a few
things and ignored the new worm

I browsed into the users folders, and discovered a duplicate
Application Data Directory.. the path was so long it was invalid,
but read as user/jennifer/local/app data/ application data/application data/application data/application data..
and was nested like 20 times.. the file by... Read more

A:New type of Malware?

Please download the Brontok Disinfection Tool and follow the instructions posted by Sophos.When done, please download the Brontok Worm Removal Tool by sUBs and save it to your Desktop.Disconnect the computer from the Internet and close all other programs.Double-click CleanX-II.exe and follow the prompts.The tool will begin scanning your machine. Because this worm names it's files randomly, there are a series of cross-checks/verification processes to ensure that the tool does not remove legitimate files. Depending on the size of your drives, this scan may take several minutes. Please be patient during this period & allow it to complete it's task.Once the scan is complete it will provide a text log of the results. If the log shows any files remaining in the bottom portion under "POST RUN ANALYSIS" run the entire scan a second time.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation... Read more

Read other 5 answers
RELEVANCY SCORE 42.8

Thanks for the help.
My computer seems to be infected. BSOD appears and computer shuts down and restarts. Switching to SafeMode and Running Spybot, AVG, or rkill also results in the BSOD and a computer restart.

Disclosure: I ran ComboFix before I saw your directions not to.... I can attach results if you request them.

Thank You.

A:some type of malware....

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 42.8

I think that the malware is C:\WINDOWS\844533844:2876221901.exe. i cannot delete or kill the task
Here is my DDS log. I wasnt able to perform gmer because the malware kept killing the task. Please HELP!!!!
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Susan at 13:50:04 on 2011-09-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1697 [GMT -4:00]
.
AV: McAfee? Security-as-a-Service Anti-virus *Disabled/Updated* {8C354827-2F54-4E28-90DC-AD391E77808C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\844533844:2876221901.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Susan\LOCALS~1\Temp\LMIR0003.tmp\lmi_rescue.exe
C:\DOCUME~1\Susan\LOCALS~1\Temp\LMIR0003.tmp\lmi_rescue.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.membersonline.com/mol/login.aspx
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080409
uSearch Bar =
uURLSearchHooks: Yahoo... Read more

A:Not sure what type of malware i have

andy2o3,The information provided shows the characteristics of the ZeroAccess Rootkit.First, let's take care of this file:C:\WINDOWS\844533844:2876221901.exeIt throws a wrench in the works, and programs will not run successfully...Please download DummyCreator.zipUnzip the folder:?Right-click and select: Extract all??Follow the prompts to extractOpen the new folder that appears on the Desktop:?Double-click DummyCreator/DummyMaker to run the tool.?Now, copy/paste the following into the blank area:C:\WINDOWS\844533844?Press the Create button. Save the content of the Result.txt to your Desktop, and post it in your reply.Next, restart the computer!Please do not run any malware removal programs while we are in the process of malware repairs. Doing so may just make matters worse, and that, you do not want!Thanks!

Read other 1 answers
RELEVANCY SCORE 42.8

Anytime I try to visit google,yahoo,bing or any search engines I'm getting this avas alert below.I've scanned the comp with several scanners Malwarebytes & Hijack this ,Hitman ect.. all the other popular ones in safemode ect.Also avas and few online webbased scanners. Even tried that super spyware removal program on here.It does not detect any malware. Reinstalled fire fox & chrome. Cleaned java cache,flushed dns cleared any temp files and all that good stuff.Ran CCleaner.What I even found more bizarre was when I tried to do a who is search on that domain at http://who.is.SURFERS! DO NOT VISIT THIS URL BELOW http://www.who.is/whois/ppcadvertisinginfo.comI PUT IT HERE FOR THE MALWARE REMOVAL EXPERTS TO LOOK AT AND FARTHER INVESTIGATE IF NEED BE.Avas gives me a trojan alert when I do a who.is search on that domain,STRANGE.I'd like to get it removed.Sorta not sure what else to do.I thought that who.is behavior was awfully strange though. LOLAnyone have any ideas?

A:Some type of odd malware.

Welcome aboard I use Avast as well and those warnings are perfectly normal.When your Google search page pop-up some links will trigger such Avast warning.That's for your good.

Read other 1 answers
RELEVANCY SCORE 42.8

windows XP, have some type of malware. It's causing google website result redirection to various strange sites. Also getting random popups and porn icons installed on 1 of the users on the computer's desktop.

Also in Task manager, processes, a strange file with seemingly random name like 1QERX6F.exe appears constantly except the file name changes I think every time I reboot.

I've tried malware bytes full scans several times and it doesn't seem to get rid of it.

Any help would be greatly appreciated. Thank you in advance.

A:Have malware of some type, please help

Nobody can help me with this? Is there something I posted incorrectly?

Read other 3 answers
RELEVANCY SCORE 42.8

Hi.  I am using Vista Home Premium with Service Pack 1.  I had Service Pack 2, but I had uninstalled it hoping I could figure out what was wrong with my computer.   Now...I'm not able to reinstall Service Pack 2.  Do I have a virus or some other type of malware?  I have errors in the Problem Reports and Solution, Event Viewer, etc.  Thank you.

A:Do I have any type of malware?

Hello ,lets scan first...MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As AdministratorClick on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.Junkware Removal ToolPlease download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run ... Read more

Read other 30 answers
RELEVANCY SCORE 42.4

i'm not sure what kind of malware is on my computer, but i think it's a R.A.T, or KeyLogger, please help, here is the log from hijack this, please help, i will go through any measures to get my computer back to normal
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:59 PM, on 6/6/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe
C:\Users\ryan\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\ryan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\ryan\Desktop\Programs\HighJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet E... Read more

A:Not sure what type of malware, Windows 7, HELP

Hi and Welcome!! pillowcookie My name is Robybel.I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for the issues on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.Vista and Windows 7 users:These tools MUST be run from the executable. (.exe) every time you run themwith Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you ... Read more

Read other 14 answers
RELEVANCY SCORE 42.4

I have the pop up that says, Critical SysteM Error in my taskbar. It leads me to a web site to buy a antivirus. I have 2 antivirus on my computer. But they dont delete the file. The pop up is really annoying. Any help would be greatly appreciated! Thanks again!

A:Malware/ Some Type Of Virus?

Welcome to BC! Depending on your level of expertise:There is a forum here at Bleeping Computer for self help, you can find it HERE.Or, For help with removing your infection I would like to refer you to the HiJack This (HJT) forum here at BleepingComputer.com: First: Read the Preparation Guide found HERE. It is very important that you follow ALL of the instructions found within. (There are many important steps in this guide that may clean your computer.) Second: Post your system information along with a brief description of the problems you are having, and your HJT log in the HJT forum found HERE.NOTE: Please, after you post your HJT log DO NOT make another post in the HJT forum until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond. So, just make your post and let it sit there until a team member responds. The volunteers who work that forum are very busy, so please be patient and wait. It can sometimes take a few days for a response. If after 5 days you still have gotten no response, then post a link to your HJT log HERE.Third: If, after finishing your work with the folks at the HJT forum you have issues with Windows related to the removal of the infection, then come to the other forums and let us help you get your computer back ... Read more

Read other 1 answers
RELEVANCY SCORE 42.4

I am a novice. My computer is extremely slow, especially establishing internet connections. I have small kids and suspect that clicked on bad pop-ups. I have scanned and defragged it and cleared out many of the programs. I took it to a professional who ran Avast and installed ZoneAlarm, and it was better for a little while. I have run, in safe mode with system restore off, Norton, Trend Micro PC-cillin, Spybot with no improvement. I ran a hijackthis log and ran it by an IT pal at work but still do not know the nature of the problem, much less the name of it. I did all of the steps in the first post and am submitting the log from Deckard's scan. I am told that I can reformat but at this point it is a matter of pride. I am educable and would prefer to learn as much as possible from the process. I appreciate your time and effort.
Here is what I have:
Deckard's System Scanner v20071014.68
Run by Doni Holmes on 2008-04-20 00:13:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-04-20 04:13:36 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Doni Holmes.exe) -----------------------------------------

Logf... Read more

A:Malware Type Unknown.

Bump this thread please

Read other 12 answers
RELEVANCY SCORE 42.4

While on the computer today a pop up box appeared about anti-virus and my daughter couldn't close it. She turned off the computer guessing it was a virus. Since then, the computer has been running very slowly. I've tried running our Norton Antiviurs, but the program never finishes. I restored my system settings to yesterday hoping that would help, but still things are running extremely slowly. I've also completed a disk cleanup. Is there a way to determine if I have a rogue antivirus software?

A:How do I determine what type of malware I have

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 4 answers
RELEVANCY SCORE 42.4

I know absolutely nothing about malware and it's removal. i downloaded something either on utorrent or graboid that was malware. my computer runs extremely slow. When i startup it won't go to the login screen. It loads windows and then freezes at a blank screen. I have to do several hard resets before i can get the the login screen. the computer will run for a while but eventually will completely freeze. My firewall is shut off and each time i turn it back on it shuts itself off. i checked the task manager and looked at the processes and there is a process called ****3.exe that wasn't there a couple days ago and won't go away. I tried downloading Searchbot S&D but i can't get it to load up and scan. I can't afford any removal software right now but i need this computer. What can i do?

I searched google for ****3.exe and it came up with this: http://www.prevx.com/filenames/821369489994557791-X1/****32EEXE.html

I don't understand what this Hijack This log is for but here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:09 AM, on 3/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\... Read more

Read other answers
RELEVANCY SCORE 42.4

Hi new here I guess, everyone starts here with a problem I assume eh? So I think something is wrong with my IE browser. I'm getting random popups, google for some reason has a 'sponsor bar' on the left when I search now, my desktop background is being changed to this stupid politcal cartoon thing, and I got a few random advertisement icons on my desktop. I just recently got it (like 50 minutes ago), and I tried a system restore but nothing seems to be working. I haven't done any scans or anything yet, but here are my two logs. Thank you for any assistanceMy specs: AMD64 3400+ , 1gig of Ram, GeForce 7600GT, Windows XP Pro w/ SP2 Deckard's System Scanner v20071014.68Run by grantran on 2008-05-08 16:32:33Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --94: 2008-05-08 23:32:39 UTC - RP190 - Deckard's System Scanner Restore Point93: 2008-05-08 23:20:53 UTC - RP189 - Restore Operation92: 2008-05-08 23:02:49 UTC - RP188 - Last known good configuration91: 2008-05-08 23:02:42 UTC - RP187 - Installed Sony Vegas Movie Studio Platinum 8.090: 2008-05-08 23:02:42 UTC - RP186 - Installed Microsoft Visual C++ 2005 Redistributable-- First Restore Point -- 1: 2008-05-08 23:02:31 UTC - RP97 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis... Read more

A:Infected - Ie-type Malware

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.Step 1Go to start > controlpanel > software > add/remove programs and uninstall the following programs:Commanddbar Deewoo Network Manager removalEnhancement Browser Tools GooochiInternet Download ManagerMySidesearch Search Assistant BfindingNetwork Monitorwinvi (remove only)Also, You are using Download Accelerator - DAP Be informed that it delivers popup/popunder ads, and tracks your internet usage. You can find safer alternatives here: http://www.spywareinfo.com/downloads.php?cat=dlman#dlmanI suggest you remove it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove itWhy are you having so many Download Managers installed? Please uninstall the ones you don't use as well.Reboot after uninstalling each one of them! Important!Step 2After reboot, install an Antivirus!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.Step 3* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwar... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

Hi, my name is Peter.  McAfee failed to catch something that came loaded with  a hyperlink friends sent me. 
I think I have cleared it running various tools (MBAM Free, AdwCleaner, Junkware Removal Tool, McAfee RootkitRemover etc. - only MBAM found anything - log attached) but want to make sure I'm clean.
I understand you guys are really busy so I do not expect a quick answer.
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:48:25 AM, on 03/02/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16526)
FIREFOX: 26.0 (en-US)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\IE New Window Maximizer\iemaximizer.exe
C:\Users\Peter\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
C:\Program Files (x86)\Stickies\stickies.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
C:\Program Files (x86)\IncrediMail\bin\ImApp.exe
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_x86_64
C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.ex... Read more

A:May Have Had PWS-Type Malware Onboard

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523027 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 20 answers
RELEVANCY SCORE 42.4

Garmanma has asked me to post the following logs here to see if you can assist meTopic referenced is here: http://www.bleepingcomputer.com/forums/t/270277/infected-with-some-type-of-malware/ ~ OBhere goesThank you for your prompt attention... here are the logs you requestedROOTREPEAL ? AD, 2007-2009==================================================Scan Start Time: 2009/11/09 20:02Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: rootrepeal.sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal.sysAddress: 0xF794E000 Size: 49152 File Visible: No Signed: -Status: -==EOF==Volume in drive C has no label.Volume Serial Number is 109B-EE2EDirectory of C:\WINDOWS\$NtServicePackUninstall$04/08/2004 07:56 180,224 scecli.dllDirectory of C:\WINDOWS\$NtServicePackUninstall$04/08/2004 07:56 407,040 netlogon.dllDirectory of C:\WINDOWS\$NtServicePackUninstall$04/08/2004 07:56 55,808 eventlog.dll3 File(s) 643,072 bytesDirectory of C:\WINDOWS\ServicePackFiles\i38614/04/2008 00:12 181,248 scecli.dllDirectory of C:\WINDOWS\ServicePackFiles\i38614/04/2008 00:12 407,040 netlogon.dllDirectory of C:\WINDOWS\ServicePackFiles\i38614/04/2008 00:11 56,320 eventlog.dll3 File(s) 644,608 bytesDirectory of C:\WINDOWS\system3214/04/2008 00:12 181,248 scecli.dllDirectory of C:\WINDOWS\system3214/04/2008 00:12 407,040 netlogon.dllDirectory of C:\WINDOWS\system3214/04/2008 00:11 56,320 eventlog.dll3 File(s) 644,608 byt... Read more

A:infected by some type of malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

Read other 55 answers
RELEVANCY SCORE 42.4

Hello,
I am very distressed that I am infected with some type of Malware and can't get rid of it.
 
C:\Windows\sysWow64\dllhost.exe
Domain: Documentary Name
IP: 95.215.1.57
Outbound
 
Thank you for any help, Rich aka Rixar13.

A:infected with some type of Malware and can't get rid of it

Hi Rixar, lets run these and see how it is. Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed. Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows ... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

Well I ran my usual antivirus/antimalware/antispyware scans as I always do earlier today. First I ran my antivirus program...nothing was detected. Then I ran Malwarebytes...nothing was detected. I also ran SuperAntiSpyware...nothing was detected there as well except for tracking cookies.After those 3 scans came up clean, I decided to run an online virus/spyware scan on safety.live.com---which is provided by Microsoft. I run the Microsoft scan once a month. The scan detected some malware, even though none of this malware was detected in the aforementioned scans.The online Microsoft scan detected EIGHT Exploit:Java/CVE-2008-5353 infections. The name of them are as follows:Exploit:Java/CVE-2008-5353.CNExploit:Java/CVE-2008-5353.DUExploit:Java/CVE-2008-5353.GNExploit:Java/CVE-2008-5353.JBExploit:Java/CVE-2008-5353.TExploit:Java/CVE-2008-5353.AJExploit:Java/CVE-2008-5353.DRExploit:Java/CVE-2008-5353.FEThen this infection was detected: TrojanDownloader:Java/OpenConnection.CAFinally, this was also detected: BrowserModifier:Win32/ZwangiEven though I haven't noticed any changes to my system or browser, I feel that apparently my system must be infected somehow if the online Microsoft scan is detecting these infections.What shall I do? How do I get rid of this???EDIT: I took it upon myself to run the ESET Online Scan and it found and removed all of the infections I mentioned above except for the "BrowserModifier:Win32/Zwangi" infection. So now all I need help with is rem... Read more

Read other answers
RELEVANCY SCORE 42.4

Followed the Windows XP cleaning procedures laid out in forums.majorgeeks.com/showthread.php?t=13913, but not successful in installing Malwarebytes Anti-Malware. Have not run ComboFix. Hoping to receive assistance from you, to overcome my difficulties.

Events observed....
- Can read from external DVD, but not able to write to it.
- McAfee virus scan crashes the system (immediately after scanning start, not able to access certain memory location), and causes reboot.
- SuperAntiSpyware picked up a couple of Trojan virus, and successfully quaranteened it.
- Malware prevents Malwarebytes Anti-Malware from registering in the system (despite using the recommended procedure, to rename mbam-setup.exe file). The install declared completion, but would not allow the application to run (i.e. did not display "perform quick scan" button). Double click the application shortcut yields no action whatsoever.
DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 1:59:34.64 on 17/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.1526.817 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: CyberArmor Client *enabled* {E503B27E-6391-4e17-B2CA-F910AF011E23}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C: ... Read more

A:Infected with Malware- not sure type

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

Hey Bleeping Computer,I came here after learning about ComboFix, and I was hoping at this point someone could help me out. I recently contracted something that has the ability to disable McAfee Security and it restricts access to Malwarebytes and Spybot - S&D with errors. I also get redirected while searching on Google and it's agonizing. Even after attempting to scan for threats in Safe Mode, the something on my computer continues to disable all attempts to fix the problem.Any help/advice would be greatly appreciated.Thanks.P.S. I have a Dell Inspiron 1501 running Windows XP.I just realized I haven't posted the DDS file and others. Should I do that now or wait?edit: I added the DDS.txt, but I am unable to add the GMER file due to the problem stated earlier with error messages popping up when I try to utilize certain programs.EDIT: Posts merged ~Budapest

A:Some type of virus/malware - looking for help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 42.4

I'm not sure of what tool I can use to get rid of this message that pops up on a regular basis on my system. I have used Spybot S&D ver 1.4, Ad-aware SE 1.06, Spyware Blaster ver 3.5.1, and AVG ver 7.5, and yet i still get this message. I've even used HijackThis ver 1.99 to get rid of most rogue entries, but this message continues to come up. What can I do to get rid of this?

A:Type Of Malware Cleanregpro

Hello,Download a copy of HJTsetup.exe from here and save it to your Desktop. Double click HJTsetup.exe to begin installation. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the prompts from there. When HJT opens, click on the Do a system scan and save a log file button. When HJT has finished scanning, a window entitled "hijackthis.log" will open - when you close this window the log will be saved into the hijackthis folder. Copy and paste this into your next reply.

Read other 2 answers
RELEVANCY SCORE 42.4

HELP...running a Dell dimension 4400 with XP , pent 4 1024 mb ram.... On 7 Nov at about 1650 I opened an E mail and immediately lost control of computer....mouse will only work in the first few seconds after re boot after that it is random, and software opens and closes without touching anything,,, with software and help windows opening randomly with up to 200 windows open at a time that resists being closed. I have tried spybot, which recognised xp advanced keylogger, but could not get rid of it..after that all my spyware/antivirus/firewall etc are being switched off quicker than I can reinstate them..I have since tried AVG, Spybot, MalwareByte, Bit defender.F-secure Blacklight. Roothook analyser, McAfee Rootkit and systernals rootkit revealer and nothing will trace what it is. some of it not working because the computer keeps starting in safe mode, even after I have pressed f8 and asked it to start normally...I have tried to reinstall xp but I have no control over anything in the cd tray. I have tried booting from the cd and nothing happens, I have disconnected it from the internet and am currently on my standby laptop trying to fix it with software being transferred on a memory stick which is about the only thing that works. I have transferred the DDS file etc onto that in attempt to rectify the problem

A:Infected with some type of malware

Welcome to BCLoad this on the computer and run itPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it againAfter that, try theseWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan co... Read more

Read other 4 answers
RELEVANCY SCORE 42.4

Hi everyone,I am ne to this site. Hope you can help me out. I seem to have downloaded somesort of Malware. I've been all over the web and tried various programs to remove it including: Smitfraudfix, Combofix, SDfix, Smitrem, ATFCleaner. It seems like these things are removing things but then after a day or so it always comes back. Also when I search usiing google toolbar in IE I always get a 66.230.188.250 address in the window when I click a link. I'm including my Hijack this logfile. Please let me know if you see anything I'm missing. Thanks, FredLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:17:05 PM, on 10/28/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Wave Systems Corp\Common\DataServer.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin ... Read more

A:Some Type Of Malware On My Machine

Welcome to the BleepingComputer HijackThis Logs and Analysis forum frobins My name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYour version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and s... Read more

Read other 5 answers
RELEVANCY SCORE 42.4

my problem is when i use the internet,everytime i open my browser and start surfin the web my computer opens new browsers that usually direct me to red sites or some type of bogus virus scan site, so i exit out of those and continue with my web searching, and they continue to pop up randomly but there not just a pop up it opens them with my browser. does anyone have any idea how to get rid of these, thank you, i have mcafee but it does not seem to get rid of the source of the problem.. thank you any help would be much appreciated..

A:Help I Have A Problem With Some Type Of Malware

You downloaded a tool called Fake AV. It is a virus, and you need to get rid of it.

Read other 6 answers
RELEVANCY SCORE 42.4

I have run AVG Anti-Virus. I then removed it and installed McAfee Security Center and it did not find any infections. However, my mouse cursor goes out of control and windows start opening and the start menu pops up. Then a box comes up that asks if I want to close tabs. If I wait long enough, I can hit cancel on the close tabs window. Then, if I click on the start button, the start menu goes away and I am again in control of the computer. I have also run spybot and ad-aware in the past and I remove any infections they have found. Thanks for any help you can give. I am not sure what I am looking for when it comes to this log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:28:28 PM, on 26/02/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\lxdicoms.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\vmnat.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\S... Read more

A:Some type of infection/malware?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for p... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

My computer is very strange. I was infected with some viruses. I deleted all i found. I use MalwareBytes. And Avira Antivir. My Avira starts up disabled. My computer is very slow. And the Cooling fan is constantly Running.Awhile Back my IE7 was hijacked, But i reset it.My Automatic Windows Update...Doesn't update.And My Brother did somthing to the computer so now it looks like a server!RSIT Files Logfile of random's system information tool 1.05 (written by random/random)Run by Mat Account is Gone at 2008-12-23 15:18:20Microsoft Windows XP Professional Service Pack 3System drive C: has 86 GB (75%) free of 114 GBTotal RAM: 2038 MB (65% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:46 PM, on 12/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\Common Files\AOL\... Read more

A:Infected with some type of malware

hi No Virus!,

your log is several days old. If you still need help: update and run MBAM (Malwarebytes)
post the log from it. After it is finished, rescan and post a new hjt log also.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
*** Be sure that everything is checked, and click Remove Selected.***
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Read other 7 answers
RELEVANCY SCORE 42.4

Having difficulty with a keyboard error whenever I type the letters e & x - in any succession.

Ran HiJackThis as directed. My log file is as follows:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:20 AM, on 7/3/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\WinTV\Ir.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\AOL\1294629020\ee\aolsoftware.exe
C:\Program Files (x86)\FlashGet\flashget.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE... Read more

Read other answers
RELEVANCY SCORE 41.6

Hi All,
 
I've been having problems trying to fix my mom's computer; have no idea what the problem is.
 
This windows 8 computer is not allowing me to use crucial functions, and has been getting worse and worse. Most recently, the internet proxy has become blocked.
 
I can't access crucial functions such as control prompt and control panel. Also safe mode isn't a viable option. I tried using external hardware to instal some virus and malware removal software, but can't open the files on the computer.
 
My internet has also been blocked, giving me the google chrome proxy error message.
 
Many programs won't open, and my windows 8 screen has become significantlly smalled, now with black rows on each side of the screen. If anyone has a potential solution or fix for me to try/ use it would be greatly appreciated.
 
Thank you BleepingComputer Community!

A:Type of Malware, Virus unknown... Please help

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/559030 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

A couple of weeks ag0, got hit with something that disrupted my internet connection and was systematiccalt sabotaging everything on my computer. I found a folder and text file on my computer that, when I printed it out was a 37 page list of all the things it was doing. I deleted it, but it kept regenerating itself. My virus program didn't detect it. I ran some spyware scans, which seemed to help. But there's still problems. For example, my wireless card keeps getting disabled, and the onl way to get it working again is to delete and reinstall it, but that only works for a couple of days.
I ran Hijack This and have attached the log. Let me know if you spot anything.
Thanks
mm2003
 HJT_Log.txt   10.18KB
  23 downloads

A:Some Type Of Malware Is Still Affecting My Computer

Hi mm2003 and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem. I am currently a Trainee in Malware removal and, as such, ALL of my fixes will be checked by malware experts. I am sorry for the delay in answering your problem but things are pretty hectic in the anti-malware world. If you still need help then please read on.If you have not done so already, please do the initial cleanup steps in the following instructions and then post a new log: Preparation Guide For Use Before Posting a HijackThis Log To assist me in any cleanup, I would like you to produce a list of installed programs.To do this open your HijackThis Click on Open the Misc Tools section or Config? button, depending on how you are set up. If you used the Config... option then click the Misc Tools tabSelect Open Uninstall Manager , a list of your installed programs will be displayed.Select the Save List? button and save the file to your desktop.Please post in your reply. A copy of this list An up-to-date HijackThis log, please post direct to the threadPlease also advise the names of the mysterious folder and file and any further informationGT

Read other 2 answers
RELEVANCY SCORE 41.6

I cannot: Open programs, right click the task bar to open task manager, I CAN USE CTRL ALT DEL THOUGH. I have stopped all malicious process(all processes other than specific trusted ones). Malwarebytes says it has been deleting the same file but it clearly hasnt removed it. Cannot run windows explorer or any other process other than task manager.

A:Some type of malware stops win r and others from working?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/577292 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

Hi,

I brought my mother's laptop home with me because she needed help with removing whatever has infected her computer. Her grandson came to visit her for a month and she doesn't know what he did to her laptop. My mother is not computer savvy so I told her that I would take it home with me and try to get her some help for it.

She stated that when she turned the computer on that there was a screen that popped up about the FBI. She doesn't remember any exact details of the message. When she contacted her ISP they told her that it was a scam going around and that it was easy to remove but that she would need a professional to help her.

I have not personally seen the virus. Her laptop is running a bit slow especially Internet Explorer so I have to use Google Chrome. When I got her laptop I noticed that her virus program was turned off and I was not able to turn it on so I had to download AVG ANTI-VIRUS FREE EDITION 2012. I ran a full scan and it found 5 infections but was only able to remove 3 of the 5.

I downloaded Malwarebytes Anti-Malware and did a scan. I attached the report to this post. I also downloaded Spybot Search and Destroy and did a scan it turned up no results.

I followed most of the steps under Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help except for the following problems:
I was not able to Download and Run DDS. The black screen came up and I was able to click to download but the scan did not complete. The laptop... Read more

A:Infected with some type of virus and possible malware

Hi,

Please see if running DDS in safe mode works.

Read other 20 answers
RELEVANCY SCORE 41.6

Hi all,

I have encountered a pop-up adware that opens up a new window and usually transits via a ad-type.google.com url to other advertising sites.
Also, sometimes totalperformance.com

Impacts all browsers on my PC - Chrome, Firefox and IE.

Triggers - when I click on a page - anywhere, intermittently.

I have looked high and low and mostly have been directed to links that advertise SpyHunter - which i found out is a suspicious software in itself.

Other recommendations included running Malwarebytes - which I tried - but the issues still persists.

Strangely I found quite a few threads on the internet raising this same issue - but none had answers.

Is this some new, unsolved malware?

Anyone can help?

Thanks,
Hemzyy

A:Virus or malware - ad-type.google.com

Hi and welcome to SevenForums,
Review and post the information
Problems with IE8, Ran Hitman & Bleep, don't know what to delete

Read other 9 answers
RELEVANCY SCORE 41.6

I have searched the forums and uninstall list on this site and cannot get any results for "jukebox.exe"
 
The Java update tool on my Windows 7 laptop keeps asking me to allow permissions to update "Jukebox.exe."
 
I have no idea what this is (not in list of programs in control panel), and given Oracle/Java's recent history of vulnerability, I'm concerned about updating whatever it is. I did a google search, and the top couple results were sites about how it's a trojan and offer "free PC scans," so I'm unsure if it actually is maleware, or if those sites are...
 
I am running a Malwarebyte's scan right now, we will see if there are any results.
 
Anyone who knows what this is, please advise.
 
Thanks!

A:Is Jukebox.exe (Oracle) some type of malware?

Hello, do you have Slacker Software Player installed?? It should be slacker.jukebox.exe
 
If you do a search for "jukebox.exe" where does it say it is. The path looks something like C:\Windows\system32\drivers\etc... post yours.

Read other 5 answers
RELEVANCY SCORE 41.6

Hello everyone,

So about a week ago I was streaming some videos online and I fell for the old Codec-C plugin required trick. I should have known better, but I was tired and clicked it stupidly anyways. I have ran MBAM and Spybot Search & Destroy, but the adware is still there. I see it on top of Yahoo as well as "Ads not by facebook" on my page and other pages.

Moreover, random words are hyperlinked in various posts on message boards or regular websites. Getting rid of this pest would be very helpful as it is slowing down my computer.

I have attached the proper DDS log, but I can not attach a GMER log as the scan isn't working (the top 8 boxes are grayed out so I can not check them for the proper scan). Any help would be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kareem at 14:35:45 on 2012-04-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3237 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:... Read more

A:Codec C or some other type of malware/adware

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At t... Read more

Read other 38 answers