Over 1 million tech questions and answers.

zperm virus

Q: zperm virus

i keep getting a virus called zperm. i ran AVG and ad-aware. here is a copy of hijackthis. do i need to do anything else?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:41 PM, on 2/7/2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
c:\PROGRA~1\AVG\AVG2015\avgrsx.exe
C:\Program Files\AVG\AVG2015\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2015\avgidsagent.exe
C:\Program Files\AVG\AVG2015\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2015\avgnsx.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\loggingserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.2.0.829\AVG SafeGuard toolbar_toolbar.dll
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-21-2342698487-1329037420-3596670359-500\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'Administrator')
O4 - HKUS\S-1-5-21-2342698487-1329037420-3596670359-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - Startup: Nikon Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.8.0_31\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.8.0_31\bin\jp2iexp.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://66.133.171.94/rcm/VMRCActiveXClient1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1371693433752
O16 - DPF: {8B0F07E1-00F9-4B1B-9A2F-456DC0F54EBF} (PortDetector Control) - http://vlab1se-ekt2.elementk.com/vlab/ax/PortTester.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://jp-appserver.jeffparish.net/webmap/acgm/Acgm.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: vToolbarUpdater18.2.0 - AVG Secure Search - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe

--
End of file - 7124 bytes

RELEVANCY SCORE 200
Preferred Solution: zperm virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: zperm virus

Read other 6 answers
RELEVANCY SCORE 60.4

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.


I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0 BrowserJavaVersion: 11.91.2
Run by Nicholas at 12:28:54 on 2016-12-22
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.8102.2929 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: Spybot - Search and Destroy *Enabled/Outdated* {A16C3F68-9280-E053-1818-342707FECF4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG ... Read more

A:Win32/Zperm virus & popups.

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.Run AdwCleaner and select Scan
Once the Scan is done, select Clean
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
It also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 11 answers
RELEVANCY SCORE 60.4

My AVG anti virus has been periodically flagging with a 'threat' called win32/zperm. It appears to be in C:\Windows\temp\ I always click remove it and it says its successful but periodically it returns.

I also have the issue of various popups while browsing the internet in Firefox (Its the only browser I use). Anything from this computer has been locked due to suspicious activity call this number to reactivate to various random popups.

Before coming here I've tried updating + running in safe mode AVG Anti Virus. Malware bytes, Spybot S&D and Adaware. They either don't find a threat or one of them find 'tracking cookies' which it removes but doesn't fix the problem.



I ran DDS and attached the two required text files. I've moved since I purchased this computers so I'm not entirely sure where my Window's disk is. I'm on Windows 10 Home 64bit if it matters. Any help would be appreciated, thanks.

Read other answers
RELEVANCY SCORE 59.2

This topic has a bit of history, if you would like to see it, the thread is
 
http://www.bleepingcomputer.com/forums/t/512145/strange-disk-behavior-and-win32zperm/
 
I had been using AVG internet security as my primary defense and Ad-aware anti-virus in its compatibility setting which Ad-aware says is okay with AVG.  I also use WinPatrol and SpybodSD's tea timer.
 
There was an infection a month or so ago that I thought we had delt with but now I am not so sure.
http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
About a week ago my primary hard drive started giving a "boot disk not found error".  I ran chkdsk and it seemed okay.  I got the error a second time the next day, powered down the computer and rebooted and have had no problem since.
 
However, yesterday I got a recurring virus detection of win32/zperm from AVG.  I cleaned it several times and it came back.
 
Next, WinPatrol gave me messages that AdAware AV, WinPatrol, Spybot Search and Destroy Tea Timer, AVG Toolbar and RTHDCPL.exe had been removed from my startup.  Since that time I have had no virus detections.
 
On instruction by the previous person, I removed AdAware AV, Gomez Peer, Antimalware engine (a part of AdAware), uTorrent and some other things.
 
The AdAware AV. I had a tremendous amount of trouble removing.  I uninstalled, deleted the folder, scoured the system every way I could th... Read more

A:Virus scanner probably not working and have detected zperm in the past

Your previous logs are clean.Totally uninstall [Ad-Aware], using the Revo Uninstaller.Download and run the free version of Revo Uninstaller.Select [Ad-Aware] and click Uninstall.Set it to 'Advanced' and click Scan.Revo will do this:Step 1. Create restore point.Step 2. Run the official [Ad-Aware] uninstaller.Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).Reboot if asked to.===Please download ComboFix from one of these locations:Link 1Link 2IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.Some Rookit infection may damage your boot sector. The Windows Re... Read more

Read other 13 answers
RELEVANCY SCORE 47.6

Hello!
 
I have had an internet connectivity problem for about a week now. First off, my internet connection randomly disconnects, goes silent for 5-10 seconds every few minutes, and then reconnects. Secondly, and I don't know if this is related, but I have two active connections now, which I never noticed before. My first connection is to my wireless router, and other than the aforementioned problems it behaves normally. My second connection is to Network 3, which I don't remember ever having and cannot control; it acts kind of like a hard line connection from a router in that I can't turn it off, but has no network access and serves no known purpose - I have no wired connection.
 
I ran AVG free, which detected win32/zperm, quaranteened it and removed it. I ran it again and it found it again. I then ran Ad-Aware which found and removed it several more times. Then I ran AdwCleaner, Junkware Removal Tool and finally ComboFix. The problem seemed to go away for about two days, then the internet connectivity issues returned, and now AVG nor Adaware can seem to find win32/zperm, but the problem persists.

A:win32/zperm

Hello having run ComboFix on your own we will need to see that log to determine what it removed. Please repost here ....Virus, Trojan, Spyware, and Malware Removal Logs. Include your above info and the CF log.

Read other 5 answers
RELEVANCY SCORE 47.2

Hi,
I ve been wrestling with the removal of the win32/Zperm virus and came across the posting from Gabrielrock nov12 2013 that seems to be a similar problem to mine. see http://www.bleepingcomputer.com/forum/t/513821/infected-with-win32/zperm
As with above, Ad-Aware detects the win32/Zperm virus and appears to deal with it only for it to re-instates itself in a windows/temp/file. Please advise how I can get rid of it.
I am operating on windows Vista and being relatively PC niave would appreciate guidance.
Many Thanks
 

A:Infected with win32/Zperm

Hello DaidaftI'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.Note:There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.If you are unsure what you're system bit type is..... click Here for help.For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt).... Read more

Read other 21 answers
RELEVANCY SCORE 47.2

I have a pretty similar problem like another user, but decided to post here, because I am not sure if the same fix applies to me (his thread was: http://www.bleepingcomputer.com/forums/t/480470/avg-quarantined-win32zperm/)
 
My problem is same or similar. I have an AVG and ad-aware. Whenever I scan with AVG alone (even in safe mode), it doesn't  find anything, but whenever I scan with ad-aware, my AVG finds win32/zperm, detects it as a virus and quarantines it. However, each time I scan, each time I find it there, so it keeps on being there. The file, which gets quarantined is in C:\Windows\Temp\(folder with many numbers, which every time are different)\(folder tmp with more numbers)\(tmp with more numbers). 
 
I am not sure if it's a false positive or not, but I'd rather hear the opinion of professionals. Another thing is that my videos online also freeze from time to time. Maybe this might be the cause... Issue started just a few days ago.
 
 
My DDS log:
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by home-pc at 17:51:08 on 2013-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1257.370.1033.18.16259.14133 [GMT 0:00]
.
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D56... Read more

A:Infected with Win32/Zperm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 47.2

ComboFix 14-08-19.01 - repeat 08/20/2014  21:24:48.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29329 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-21 to 2014-08-21  )))))))))))))))))))))))))))))))
.
.
2014-08-21 02:28 . 2014-08-21 02:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-18 03:37 . 2014-08-18 03:37    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieUserList
2014-08-17 00:29 . 2014-08-17 00:29    --------    d-sh--w-    c:\users\repeat\AppData\Local\EmieSiteList
2014-08-16 23:55 . 2014-08-1... Read more

A:win32/zperm Combofix Log

ComboFix 14-08-15.01 - repeat 08/16/2014  18:36:07.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32719.29682 [GMT -5:00]
Running from: c:\users\repeat\Downloads\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp5AEB.tmp
c:\windows\SysWow64\tmp5BD6.tmp
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-16 to 2014-08-16  )))))))))))))))))))))))))))))))
.
.
2014-08-16 23:39 . 2014-08-16 23:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-08-16 23:30 . 2014-08-16 23:30    --------    d-----w-    c:\windows\ERUNT
2014-08-16 23:28 . 2010-08-30 13:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-08-16 23:15 . 2014-08-16 2... Read more

Read other 12 answers
RELEVANCY SCORE 47.2

Hello everyone. Recently AVG quarantined a file called Win32\Zperm. Should i be worried about this? Also, i noticed that when i watch a video online, it's not uncommon for the video to freeze. I than have to close the program and restart internet explorer to get it to work. I orginally started another thread with a Rkill log and was kindly directed, to the proper procedure of starting a thread.

This is the original post: http://www.bleepingcomputer.com/forums/topic480398.html/page__pid__2937102#entry2937102

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Elan at 21:23:28 on 2013-01-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1711 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestric... Read more

A:AVG quarantined Win32\Zperm

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 16 answers
RELEVANCY SCORE 46.4

A few weeks ago you aided me in cleaning an infection off my computer and I thought it was clean.  However, the last week strange things have been happening.  Here is the original thread http://www.bleepingcomputer.com/forums/t/508728/dds-and-combofix-logs-as-requested/?hl=requested#entry3174075
 
I am running Windows XP Pro SP3, AVG internet security, Ad-Aware antivirus in compatibility mode and from time to time I run I-obit antivirus and Mal-warebytes free version.
 
Within the last week,

1.  I several times got a boot disk not found error while booting.  I thought it was the hard drive going bad but after a couple of days it was fine.
 
2.  AVG has several times detected and quarentined Win32/Zperm.  It seems to come back.
 
The last full system virus scans with I-Obit picked up a few things, I think Trojans, most of which I think are false positive, in old data files in an external backup.   These files have not been accessed for years except for copying them from one place to another.
 
3 This morning WinPatrol informed me that a number of things had been removed from my startup.  These included WinPatrol, AVG Toolbar, RTHDCPL.exe, Ad-Aware AV (set in compatiblity mode), spybot search and destroy's tea timer and maybe some more that I can't remember.
 
The programs were still in my system tray but I am reinstalling them just in case now.
 
Any help would be appreciated.
Thank you in advance... Read more

A:Strange disk behavior and Win32\Zperm

Hi -
Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.
 
 
Download MiniToolBox, Save it to your desktop and run it.
Checkmark the following boxes:
•Flush DNS
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).
 
 
Please download Malwarebytes Anti-Malware Free (a.k.a. MBAM) and save it to your desktop.NOTE : Do not accept the Free Trial Version at this time
* Follow these instructions for doing a Quick Scan in Normal Mode.
* Check for database Updates through the program's interface before scanning.
* Click on Scanner > Place a dot in Perform Quick Scan > Click Scan
* After completing the scan, a log report will open in Notepad.
* The log is automatically saved and can be viewed by clicking the Logs tab .
* Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
* Exit Malwarebytes when done.
* Note: If Malwarebytes encounters a file that is difficult to remove, y... Read more

Read other 11 answers
RELEVANCY SCORE 46.4

Hello,
 
I have both AVG and Ad-Aware installed (Ad-Aware is in compatibility mode so the real-time protection is off). AVG resident shield keeps reporting that Win32/Zperm has been found in the temp folder and this is due to the Ad-Aware Service. I choose the action to remove it, which it says is successful but then it reports the same thing again a little while later. An actual scan by AVG does not find anything, neither does a scan by Ad-Aware.
 
AVG resident shield report: Virus found Win32/Zperm, c:\Windows\Temp\... (actual folder and file changes every time)
 
The process name: C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.0.4555.0\AdAwareService.exe
 
I have also tried scanning with Malwarebytes Anti-Malware and that too doesn't give any postives. Could you help me remove it please or is it a compatabilty issue between AVG and Ad-Aware?
 
Thanks
 
My DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Paulette at 13:17:06 on 2013-11-22
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2038.701 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/... Read more

A:AVG keeps finding Win32/Zperm in temp folder

Actually, I forgot that Malwarebytes did find some PUPs which I deleted but ir didn't seem to have any affect.
 
Here is the log:
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.11.20.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Paulette :: PAULETTE-PC [administrator]
Protection: Enabled
20/11/2013 10:50:45
mbam-log-2013-11-20 (10-50-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201716
Time elapsed: 13 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\Users\Paulette\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
Files Detected: 9
C:\ProgramData\YouTube Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD Video Downloader\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Paulette\Local Settings\Tempo... Read more

Read other 22 answers
RELEVANCY SCORE 23.2

Topic Title edited to show original Post Title ~KoanYorelHi I posted original post on the 6th July and have not had a replyThanks for any help that may come my wayCheers Johttp://www.bleepingcomputer.com/forums/t/98897/w32-alcra-f-virus-trojan-popper-virus-with-2-downloader-viruss/I am so sorry for double posting for some reason I cant post in the ' havent had a reply in 5 days ?'I have also tried to clean up my computer since the original post so I will put my new HiJack This log in this posting..... hope that isnt a problem.ThanksLogfile of HijackThis v1.99.1Scan saved at 6:22:43 PM, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\NMSAccess.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP... Read more

A:W32 Alcra F. Virus + Trojan Popper Virus With 2 Downloader Virus's,

Welcome to the BleepingComputer HijackThis Logs and Analysis forum magic23My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 9 answers
RELEVANCY SCORE 23.2

Hey!!! Please help me. About two days ago, my computer got infected with Vista Anti-virus 2011. I spent the whole day trying to remove it, I finally did with the help of Malwarebytes. Its seems to wipe it out until today when Vista Anti-virus emerged again. I ran Malwarebytes and removed it again. Rebooted and ran it again and came up clean. I also ran systematic antivirus and it also came up clean. The only problem now is that about every minute a commercial audio plays without anything else running. Nothing pops up or anything, just the audio file. Also when I try to go in the internet either with internet explorer or firefox, I get alot of redirects. Please help me!!!Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs..DDS (Ver_11-03-05.01) - NTFSx86 Run by Garrett N at 0:51:43.25 on Sat 05/07/2011Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_22Microsoft? Windo... Read more

A:Vista anti-virus (virus) and Commercial Audio virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 28 answers
RELEVANCY SCORE 22.8

Hello,

Well today my brother and his wife were using my computer and when I got on the first thing I was met with was this little problem. A black rectangular box in the middle of my desktop with red lettering stating:

YOUR SYSTEM IS INFECTED!

The program that suddenly showed up on my hard drive is called Advanced Virus Remover. The desktop background has been changed to a plain blue background and the task manager has been blocked by the so called "administrator" even though I am logged into the default admin account.

For an anti-virus on my system I currently use Avast Home Edition but it seems to have been unsuccessful at removing the entire virus and it just keeps coming back. I have not personally had a virus like this in some years now. I want to find a method that is going to COMPLETELY eliminate everything that has been placed onto my PC 100%.

I do have a complete backup of my system made. When I first installed windows XP on my machine I made a complete backup witch I can use if all else fails to completely wipe out this situation. However since I did a complete recovery to my system about a week ago just before I got internet hooked up to it again I really do not want to do everything all over yet again.

Any recommendations to completely rid myself of this garbage is much appreciated.

A:Virus alterting me of a virus - Advanced Virus Remover

I appears as if I have removed it completely, but I am always a bit worried whenever something like this happens even it seems to be gone. Any pointers would still be helpful.

Read other 2 answers
RELEVANCY SCORE 22.8

I have recently purchased a HP All-In-One computer running Windows 7. This past Friday I chose a link from Google news thinking I was going to a news article. Instead, I was taken to a website that appeared to be a virus scanner. I recognized that this was a scam and X'ed out of the screen. Now the computer is slow when navigating the web and periodically returns to the virus scan scam. The virus shows as AVG8 virus scan.

I've run both Avast virus scan and Malwarebytes malware scanner and both show up with 0 infections.

Can anyone provide me a direction that would eliminate this browsing re-direct problem?

(Ironically, I have an old dell laptop running Windows XP that has the same problem. Since it is old and I got so frustrated I just stopped using it. I bought the All-In-One for my wife for Christmas and now it's doing the same thing.)

Thanks

A:AVG Anti-Virus Virus or browser redirect virus

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 22.8

I have an HP running XP.All microsoft updates are current. Adobe Reader is the latest version.I have started in safe mode removed proxy and run both Malware and Super Anti Virus multiple times. Infections included multiple trojans and rogues.Some but not limited to AV, Wireshark, trojan dropper etc.I get pop ups that state "overstack" i also get other pop ups with 000000000000000000000.0000I also had redirect issues on google search but went away when i went in and cleared out the ip it was directing it to. Trojans and rogues keep coming back.Please help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:11:57 AM, on 8/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exec:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CheckPoint\ZAForceField\ForceField... Read more

A:AV Virus then WireShark Virus now Google redirect Virus

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

Read other 2 answers
RELEVANCY SCORE 22.4

Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean

A:Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windo... Read more

Read other 1 answers
RELEVANCY SCORE 21.6

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at ... Read more

A:XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 17 answers
RELEVANCY SCORE 21.6

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 21.2

Hi,

Please help!

I have a Fake Virus Alert Visus on my PC.

When booting the machine it comes up as:
" Application cannot be started - the file wltuser is damaged. Do you want to activate Antivirus now?"

Internet Explorer will then be locked and will only link to the Fake AntiVirus software.

Can someone please help? I have ran Malewarebytes a few times but it has not worked. I am currently in Safemode and re-running once again.

Thank you very much!

A:Virus - false Virus Protection Virus

Lots of people have been getting this recently. Is it similar to Vista Internet Security 2011? Thats the one i got. Dunno if it matters if urs is windows 7 or xp. When it pops up and the the shield icon shows up in the taskbar tray, open task manager. Look for .exe's pw.exe and MSASCui.exe. For me it was uuj.exe.

Right click on it and then click open file location. If you cant see it, then go into folder options and click show hidden files and show system files too. Once u can see it, u can delete it.

The pop up should be gone now but you still wont be able to load you .exes. You can only use them by running as admin.

So click start and type in regedit. Right click on it and run as admin.

In regedit look for these entries;
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

For me, i could only find the third one. I deleted replaced it with "%1" %*

Then i downloaded and used that vista/windows7 exe fix from this site and fixed the problem
http://www.winhelponline.com/articles/105/1/Fil... Read more

Read other 2 answers
RELEVANCY SCORE 21.2

so i have registry cleaner installed because ive been getting the blue screen of death and i heard it helps ( no help)
i have Malwarebytes' Anti-Malware and its pretty good,removes viruses and all
and i JUST installed Safereturner

ok so everytime i run MAM it says only 1 infected (torjan.bubnix) remove and restart. i restart and run again...still there! so i install safe Returner and it found viruses in dell and quicktime and stuff but no malware found no bubnix found....so i restart and run MAM AGAIN and still have Trojan.bubnix.
i think that has been the reason for my re-occuring blue screens of death and looooads of spam e-mail! i really am sick and tired and i need it installed fast,easy and free,pleeeeeeeeeeeeease help!

A:apparently i have a virus? one virus and two virus removers...help!

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 21.2

My anti-virus said it removed a trojan. When I restarted my computer my anti-virus was turned off and it won't turn back on. I ran MalwareBytes and I didn't find anything, so I need some help.

A:Anti-virus removed virus now anti-virus won't turn back on.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 11 answers
RELEVANCY SCORE 20.8

Hello
I have been experiencing some problems with my computer recently. Firstly, my virus scanner (AVG) keeps on finding a virus called 'not-a-virus:RemoteAdmin.Win32.WinVNC-based.f' and some trojans called 'Trojan.JavaClass'. I have also been getting random pop-ups whenever I have been browsing the internet, and my computer seems to be running very sluggish, especially at startup.

I also believe that, last week, someone gained remote access to my computer, as all of a sudden, my mouse wouldn't move properly and the computer became really slow. This only stopped when I engaged the internet lock on my Zonealarm firewall.

Today, I was asked by Zonealarm to give a program called spoolsv.exe "access to privileged rights" which I have never seen before for this program. When I looked at the properties of spoolsv.exe, it said that it was created in 2006 but modified in 2005 (???), and so therefore didn't allow the program access. (I don't know if that has anything to do with the problems that I am having but thought I would mention it)

I have done "the 5 things you need to do" before posting a blog; here are the files requested:

Panda Scan:

Incident Status Location ... Read more

A:[SOLVED] &quot;not-a-virus&quot; virus and &quot;javaclass&quot; trojan keep appearing on virus scans

Bump.

Read other 4 answers
RELEVANCY SCORE 20.4

Hi seem something got into my computer!!!
  Noticed yesterday my Norton’s popup said it caused an error and had to close. I rebooted the computer and ran a scan, came up fine? I notice my pointer would blink back and forth to the hourglass. I opened my task manager and it seems to be switching with the CSRSS.EXE & N360.EXE (CPU) counter jumping up and down, FAST! Never saw anything like it before, usually what just system idle, maybe Firefox??? I tried running Norton's again, I really forget if it crashed or didn't do anything. Tried the standard online virus scans and ran into all kinds of troubles. Some seem to start to load and then the popup window disappeared? Think it was Kasp., when I reloaded it, it ran and found nothing! Others froze or crashed, restarted the computer, without finishing. It seems to have gotten worse, the last few time I looked at the Task Manager and I see
 
CSRSS.exe       KSS.EXE       N360.EXE       AVG***.exe
 
All these (CPU) counts are jumping up and down I have never seen my task manager list jumping so much! It seems so much worse now that I tried all these scans, even with the computer freezing and crashing now. I rebooted in safe mode and came right here. You help me once so long ago and hope you can again! One thing, now when I look at the Task Manager, all those virus program names are gone, list is very short.  Plus (C... Read more

A:virus chk, no run! Task Manager show CSRSS.EXE & Virus prgs crazy switching??

Are you really surprised? You have kaspersky, norton, and AVG installed. There I was thinking that I like a bit of tin foil head gear. The executable CSRSS.exe as you typed it has reputation for being exploited, and although it should be a legit bit of XP, it could also be a trojan according to some of the webz? This support article from Micro$oft may be more practical/applicable use to you, and they suggest that it's caused by a corrupt user profile. The suggested remedy is to delete your user account after backing up stuff, and then restart followed by re-creating your user account.
 
PS
 
Being a Linux user I'd have to chip in as to why don't you try a linux live DVD/USB, there is no need to make changes to your hard drive or computer with the possible exception of changing the BIOS boot order. If you cannot afford a hardware/software upgrade then just boot into free linux, and try it out. There is no obligation to buy, and little/no risk of damage. Visit the BC linux forums, where people are very friendly and helpful.
 
windows XP ==
 
Linux ==

Read other 22 answers
RELEVANCY SCORE 20.4

Operating System: Windows XP

I'm hoping that someone can help me! I am also getting three pop-up messages on my system. One is to download anti-virus software, another is a warning about the Blackworm virus, and the third is an Adult Friend Finder pop-up. My hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 5:05:45 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Clarisys\Claritel-i750\Ipnappgw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite... Read more

A:Solved: Blackworm virus, anti-virus software and Adult Friend Finder pop ups

Read other 9 answers
RELEVANCY SCORE 20.4

Received a link to clik from business colleague. I started receiving messages from friends on my Facebook buddy list asking me why I would send them a link to clik on. Apparently, the links are different but my McAfee said it blocked it when I tried to download whatever he sent me. I started getting virus alerts to download programs to clean it, which I knew was not from McAfee. I performed a manual scan and it found 6 virus and malwares which were quarantined. One of my friends said that her McAfee didn't even detect anything and had to pay them to get deep into her computer to get rid of it. Today, I awoke to find a similiar ploy to download a virus and malware program to rid my problems. I print screened and am posting that. I again ran a McAfee virus scan and it found 4 which again were quarantined.

How can we get rid of whatever is causing this?

I ran a Lavasoft Ad Aware scan which detected 2 cookies and were removed. I also ran Spybot Search & Destroy which found 25 Ask toolbar which I removed. It is 1 day after rerunning the McAfee scan above and so far no recurrence of the virus. But is it still in my computer?
 

Read other answers
RELEVANCY SCORE 20.4

Here is teh log, I think I have a redirect virus, it seems like every uyahoo or google search I do the links take me to random places, I also cannot access my virus scanner or its update. Also teh computer is running very slow. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:28 AM, on 4/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Java\jre6\bin\jqs.exeE:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeE:\WINDOWS\system32\nvsvc32.exeE:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeE:\WINDOWS\system32\HPZipm12.exeE:\WINDOWS\system32\svchost.exeE:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeE:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeE:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exeE:\WINDOWS\Explorer.EXEE:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exeE:\Program Files\Java\jre6\bin\jusched.exeE:\Program Files\Sharp\Shar... Read more

A:Hijackthis log I have a redirecting virus that wont allow virus scanners or internet explorer to work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Please can anyone help me clear my laptop of whatever has hijacked it. It blue screens on me and will only access the internet with add ons disabled. It completely locked me out at first but used malware removal and found yura 94.exe I have tried using several malware removal tools since but think I need to leave it to you experts as it really seems to be in a mess and i can't fix it !!!!
Thank You in anticipation.
Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:12, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NCH Software\Fling\fling.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Pro... Read more

Read other answers
RELEVANCY SCORE 20.4

Accidental double post.  Here is the link to my real thread: http://www.bleepingcomputer.com/forums/t/524143/virus-possibly-paladin-virus-avoids-all-scanners-and-crashes-desktop-on-start/Edit: Merged two topics for continuity of context and MR Team topic management.~ Animal

A:Virus (possibly Paladin virus) avoids all scanners and crashes desktop on start

Computer: Windows Vista 64 bit / / Dell XPS 420
 
Problems started occurring out of the blue when I tried to resume my computer from sleep mode and it froze. I had not downloaded anything recently, not anything I was aware of anyway. My computer has had several corrupted files that contained error messages on start up. I have been able to fix these but my computer freezes soon after I start up. I am only able to access safe mode. 
 
I have been able to remove 42 entries of malware via Spybot. And 1 virus via Avast. The virus was called Paladin. However, in my virus chest there are multiple entries each named unknown, all with the same date of quarantine. Despite my quarantining of this virus, a [Paladin] program still pops up very briefly in normal mode in my start-up tray. 
 
I have been able to install and update a number of anti-virus and malware removal programs despite being infected. Although initially, the virus had somehow removed Adwcleaner, I was able to reinstall it and scan my registry. The problem, however, was not fixed. For some reason, despite downloading them, I have been unable to fully install Avira Anti-virus and am unable to get AVG to run.
 
Everything else comes up with zero results despite continuing problems. MRT says I have 1 infected file on a Full Scan, however, it always locks up when attempting to scan: D:\dell\Image\Factory.wim\Windows\Help\Windows\en-US\mail.wmv
Custom and quick scans yield no results.
 
... Read more

Read other 41 answers
RELEVANCY SCORE 20.4

OK i just got into the Econo Lodge hotel i got my computer and i started to realize it would keep getting hot. So sometimes it would crash or go into hibernation. But now its worse the computer keeps shutting down like in sleep mode where the screen dims and the wireless button becomes red accept now it shuts off is my harddrive shot or is there a remote accesser or worm in this. Let me note i do download ROMS and emulators but are these the cause. Even when my computer is just 34 or 48 degrees Faranheit it will do shall i call it a "sleep-mode shutdown" is this my BIOS doing a fail-safe worm by someone or is my hard-drive shot or is someone invading my computer and infecting it or remotely hacking and shutting it off with a .BAT i should also tell you i am in Safe Mode with Networking while i post this and my computer is Windows 7 Ultimate bought in 2007 and upgraded to Win7 2009.

Thank you. Ryan

- I will post a log as soon as i get a reply with what to do.

EDIT: I also get my ROMs from Emuparadise.com and since i use a hotel wireless access point i get a lot of pop-ups.

A:Weird virus??? (Remote access/WIN32.Worm/file virus/SHUTDOWN.exe PLEASE HELP)

My guess is your computer is getting to hot and being shutdown to protect it.

Read other 1 answers
RELEVANCY SCORE 20.4

Hello,I'm usually good enough with my computer to avoid and/or repair these kinds of things on my own, but have never had this.It changed my desktop background from a picture to text warning me about malicious content, and at the same time my Windows Update icon flashed red, and my AVG anti-virus warned me about the bugs.Ad-Aware found and removed/quarantined some of them. AVG found and removed others.My task manager still runs properly and found a few programs that looked suspicious "fff.exe", "msctrl.exe", "16627184.exe", & "EtEngineU.exe".I run daily scans for all of my anti-virus and ad-aware, and nothing has come up previous to this stuff today, so I know it's new.One pop-up that looked like it came with a new Windows XP update I downloaded claimed it was "Windows Total Security" and that it would clean up malicious content, but that I'd have to pay.Thankfully I wasn't stupid enough to fall for that, just stupid enough to get it on my computer.I deleted a bunch of those programs from my task manager (ended the process tree completely), removed the programs from the control panel, searched out the files in "My computer" > "C:" > "System", etc.However, there are items in "startup" when I run "MSCONFIG" with the same names that claim they're going to run as soon as I start the program up again.I ran HJT, and the other scans this site recommends before posting a new ... Read more

A:Total Security virus - FFF.exe virus, 16627184.exe, EtEngineU.exe, perdm32.exe, msctrl.exe, & other viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:03 PM, on 9/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\BRMFRSMG.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\DMXLauncher.... Read more

A:Please diagnose Hijackthis log: Personal Guard 2009 virus (fake anti-virus)

DDS (Ver_09-07-30.01) - NTFSx86
Run by Admin at 14:22:35.14 on Wed 09/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.580 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Progra... Read more

Read other 3 answers
RELEVANCY SCORE 20.4

Hello,I've been figthing with this for some time now, with no joy. I found that somebody has an identical problem here: http://www.bleepingcomputer.com/forums/topic279534.html So in any broswer (MSIE8, Firefox, Chrome etc), google search results are hijacked to searchwebnet.info, and then redirected to various other locations - e.g. it seems the first point is searchwebnet.info, and then my browser makes a couple of other hops, before it eventually lands on some dodgy site. Results from search engines other than Google (e.g. Yahoo! or Bing), are not hijacked.Also, same as described in the topic above, MSIE sometimes doesn't start, or sometimes bluescreens my machine when I attempt to run it.One thing I noticed, whether is relevant or not, when the redirection happens, in windows task manager I see SearchProtocolHost.exe process starting up. And staying there, running..Interestingly, my problem also started happening around 17th Dec 2009, which is the date when the above topic was posted. Any help is greatly appreciated!

A:Unknown redirect virus(es?), A virus that often redirects to searchwebnet.info from google results 2

Please find my DDS.txt pasted below (created with AV & AS software off, and with network off). I've attached DDS' Attach.txt zipped, and NT Boot Log, if it's of any help.Many thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 23:32:13.41 on 29/12/2009Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.1021.296 [GMT 0:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\syste... Read more

Read other 3 answers
RELEVANCY SCORE 20.4

I got this nasty virus but I have no idea how to get it out, I can't run into safe mode because it restarts my computer and it keeps doing that. Ill post up a HiJackThis log PLEASE HELP! I am still a beginner so please bare with it. The problems that I know/see on my computer is that, I have restricted admin rights so I cant use System Restore or the task manager, Also my anti-virus keeps disabling and its Macafee if you want to know.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.... Read more

Read other answers
RELEVANCY SCORE 20.4

hello guys/gals. this is my first post here. wonderful helpful site you have here ! thanks !
alright i may provide too much info, but i figure too much is better than not enough.
for starters, my wife's cousin was using my laptop to do online school work when the screen went blank, then changed to a solid red screen. all of those fake "windows restore" type error messages started popping up saying things such as failed hard drive, etc. then it started doing this scan and showed all of these problems that it detected. it prompted you to purchase their "bogus" program. luckily i was home and told her that was not legit and to avoid that. i grabbed the laptop from her, closed all of these 60 or so error messages, closed out this fake scan screen, and rebooted my pc. after reboot, everything appeared to be gone. my desktop icons were gone, my desktop image was gone and replaced with a solid red screen, everything in my start menu was gone.

i quickly realized that everything was not gone, but whatever had infected my computer had "hid" everything. i shut down again and hit my f8 key to reboot into safe mode. i have windows xp professional (5.1,build 2600) 32-bit. after hitting my f8 key, it pulled up the "windows advanced options menu" where i selected "safe mode with networking" so that i could troubleshoot and research the internet from the safety of safe mode. after selecting "safe mode with networking", i... Read more

A:possibly had / have root kit virus or restore / recovery virus that hid EVERYTHING and would not allow me access to safe mode

adding update. following your "remove system restore (uninstall guide)" in the exact order it was listed, after posting my initial post as suggested, i continued on to the next steps. i downloaded malwarebytes and ran a full system scan. here is a copy of the notepad txt file created with threats detected placed here as an attachment. i removed these threats as directed and restarted pc when malwarebytes prompted me to. my question is do i still need to run your step 19 which is to run the unhide.exe program ? i'm asking that because it APPEARS that everything is working like it should after me running the "pc recovery". i am now going to leave safe mode and reboot into normal mode without running unhide.exe, hopefully that will be ok. thanks again.

Read other 17 answers
RELEVANCY SCORE 20.4

My computer: Dell Inspiron 15inch Windows 8 64bit 500gb hardisk
 
 
I have this virus that will established connection to remote hacker and download virus etc. Currently Im using Sterjo Netstalker to block suspicous connection and its many. I believe its a rootkit virus that hide inside hard disk if not anything else. I have only 1 harddisk attach and I even flash bios and format hardisk. I use to format using DBAN nuke despite not finish (it takes 20 hour) though have gone 1 round and 2 pass but the virus is back after fresh Windows 8 install.
 
Its annoying as it slow down internet and keep use up my hard disk and its getting hot. I wish to remove this virus or had to buy new PC. I attach GMER scan here
 
Too bad though I take prevention step by using AVG and disabled my laptop wireless device and using external usb wireless instead. In the attachment you cant see the real original virus before like its infected svchost and create "auxiliaryseed..." inside the value something like that. But now maybe just ignore the AVG and see around if you can find anything in the attachment. Help much appreciated.
 
Thank you

A:rootkit virus csrss, svchost spyware virus hidden in hardisk even reformat

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus definit... Read more

Read other 16 answers
RELEVANCY SCORE 20.4

Hello, I have some weird chinese "anti-virus" virus that I cannot delete, also Malwarebytes Quarantine doesnt let me press the finish button.
Some weird chinese programs tend to appear out of nowhere.
Please help.

A:Weird chinese "anti-virus" virus + malwarebytes quarantine doesnt let me finish

Hi Snajpi My name is Aura and I'll be assisting you with this issue. Please give me a few hours to review your logs and prepare a reply.Thank you!

Read other 15 answers
RELEVANCY SCORE 20.4

Hi, my computer was struck with that hideous virus AntiMalware and its various forms such as Trojan-Downloader.JS.Multi.ca and Virus.Win32.Gpcode.ak. I kept getting frequent messages or Security Center alerts whenever I used my computer saying those trojans were present and I had to install their program. I managed to stop getting those alerts by deleting some entries from a HijackThis scan such as -ex_08.exe and others stored in the temp folder in the scan that seemed suspicious and those that I verified on Google as trojans. But I still can't use system restore, malwarebytes antimalware program or super anti spyware. I went into safe mode and everything I described above as well trying to install Malware bytes but it's stuck at finishing installation. It just doesn't work so I cant remove all the malware. Im posting a Hijackthis log. Please help.

A:AntiMalware program infection and virus disabled all antispyware/virus/malware programs

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Windows XP Machine IE 7
Noticed a few days ago that whenever I was doing google searches I would find my item, click the hyperlink and was supposed to go to the intended website, but instead would hit a variety of Porn, Healthcare, Pharmacy etc website having nothing to do with my search criteria.

I had McAfee installed at the time but found that it had not updated itself in a few days and when I tried to run it for virus scans it wouldnt work. Finally removed the program and tried a number of others: Kasperia, Ad Aware, etc. The same problem exists in all of them.....I install it, I try to start a scan and either it starts scanning and then just disappears from my screen a few seconds later (program stopped and is gone from screen - try to restart and either it crashes instantly or does the same each time) or I cannot even click the scan button (it just doesnt do anything when you press it over and over again).

Have been for last few days reading through website help forums and downloading various programs to ID, fix etc...with little results.

Hijack installs and when I click the .exe file it gives me a popup error saying:

Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item.
I have managed to get Win32kDiag.exe to work with a log.....I currently have Erunt, HijackThis, SysRestorePoint, TFC, MGADiag, and Malware Bytes programs on my desktop.

Maleware is doing same as all other scanners....Either star... Read more

Read other answers
RELEVANCY SCORE 20.4

Hi. I am new here. I have had constant problems with my computer crashing for over two weeks. Also I have noticed that I haven't been able to update my anti virus software...both ad aware se personal and avg 7 free have not been able to update for some 16 days now.
I have run your recommended online scanners, pandasoftware, housecall, and macafee. I believe macafee discovered the WIN32.ATAK.B and NEW POLYWIN 32 viruses, but said it could not remove them.
something seems to be eating up my ram, simple rendering tasks cause my computer to crash now.

I have updated to windows sp1a. I am running windows xp pro. I would appreciate any help.

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 18:47:14, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\sv... Read more

A:virus WIN32.ATAK.B, NEW POLYWIN 32 viruses, can't update anti-virus software

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
F3 - REG:win.ini: load=???
??? ???
?
? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1402.exe

Please remember to close all other windows, including browsers then click Fix checked.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.
At the end of the scan click on see report. Then click Save report
Please post that log in your next reply.

In your next post please include:Panda Activescan Log
A new Hijackthis! Log

Read other 19 answers
RELEVANCY SCORE 20.4

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

A:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

Read other 9 answers
RELEVANCY SCORE 20.4

Hi,

Virus doesn't allow me to startup my computer, apparently even if safe mode.

Symptoms were:
- Pseudo-anti virus program launched itself, and gave spurious results
- Messages were displayed in red over the screen background
- I rebooted, and could no longer run browsers or other programs, including Norton
- Rebooted again, and no screen display
- Tried to reboot in safe mode, but that appears not to work also
Help!
 

Read other answers
RELEVANCY SCORE 20.4

Hello, i'm new to this site, so if i say something stupid please be understanding.
(i'm running vista to clarify)

I had a while ago gotten a virus which would play sounds randomly, and i was able to temporarily fix it by going to task manager and killing the process. after a while the virus stopped bugging me (i guess the antivirus software caught the culprit.)

recently i downloaded an installer, and it happened again. this time i hit ctrl alt del, and task manager had been removed from the list. i tried accessing it through control panel and it told me it had been blocked by the administrator (me) i then looked up how to re-enable it, and went to run REGEDIT and that was blocked too. i've tried several scripts to re-enable regedit, all to no avail.

whenever the sound stops playing i get a message saying:
"Host Process for Windows Services stopped working and was closed

A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

i also found these 2 files in system configuration: BtwSrv (by Microsoft Corporation) and fastnetsrv Service (by Sigma Designs Inc)

I googled the second one, and found it to be a virus (yayy google!)
I am unsure about how to remove these, and i also found several remote applications which i would like to disable... help would be appreciated

McAfee identified a virus and removed it, however it keeps re-appearing

Detected: Artemis!F245638D7283 (Trojan),
Artemis... Read more

A:Random Sound Virus + Registry editor and task manager disabled by virus

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for malware removal assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 20.4

my computer recently got a virus or worm or malware or something...anyways there was a huge amount of pop ups and executables going off, I shut down windows and they haven't reemerged, but there is about a 50% drop in speed.

Running Windows XP Pro SP3

Heres what I scans I ran(thorough scans)
-Avast
-Symantec Antivirus(installed after lag remained and removed avast)
-Spybot Search and Destroy
-A-Squared Free
-CCleaner

basically when I ran any of the above(excluding CCleaner) it turned off my computer...I booted up in Safemode and tried the scans again, and it shuts down at some point during the scan....im guessing its a virus that shuts down the computer when scanned....so any hints? I don't really want to reinstall Windows, since I got this CD Key cheaply from my school, but its only a one time install key supposedly....Im guessing this is possibly a bad worm, since my computer is semi-laggy...and I tried installing WoTLK and it took 2 hours to do on a machine I bought 1 year ago which was considered high end then

HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:03 PM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEn... Read more

Read other answers
RELEVANCY SCORE 20.4

hello i was wondering if i can get help with my situation it has been frustrating me this whole time because there is a redirecting virus that is on my computer that i cannot seem to get rid of even with tdsskiller and following the tutorial. it seems like every five minutes i am getting a windows 7 internet security 2012 virus and if its not that then once a day i get a system fix virus which blackens my screen and hides everything so i was wondering if anyone can help with my predicament. thank you.Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

A:redirecting virus combined with windows 7 internet security and system fix virus

Take a look here: Remove Win 7 Internet Security 2012 (Uninstall Guide)

Read other 2 answers
RELEVANCY SCORE 20.4

Hi,

My desktop PC running on Windows XP Professional with SP3 is infected with some kind of virus/spyware that prevents access to anti virus sites.

The virus has also corrupted McAfee virus scan binary and prevents access to sites which clean spyware/malware. I have Malwarebytes' Anti-Malware and SuperAnti Spyware installed. But they cannot update their definitions since the virus attack started about 1 week ago.

I have tried several attempts to clean the virus/malware using the above anti spyware (McAfee scan is corrupted and won't start). The anti spyware finds a few worms and trojans and says that it cleaned them, but they keep coming back. I ran the scan in Safe mode with/without internet connection but that didn't help.

I have Zone Alarm installed but think that it is also infected.

Following are the main symptoms I see

1. No visible error messages/pop ups during bootup.

2. After booting I see quite a few new programs, mainly from the "C:/windows/system32/temp" dir trying to access the internet. Zone Alarm blocks them.

3. After doing a Google search in IE, if I click any website link, it is redirected to another random site. Sometimes opening the link in another IE window helps. (right click -> "open in new window")
Cannot access Microsoft or any anti virus/spyware related website.

4. Many times a pop up message saying "my computer may be infected with spyware" shows up and asks for running a scan. Initial... Read more

A:Virus/Spyware preventing access to Anti-Virus/Microsoft files

Hi there,

* Go here to run an online scanner from ESET.Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked.
Click Scan
Wait for the scan to finish
Copy and paste report as a reply to this topic.

Read other 10 answers