Over 1 million tech questions and answers.

Chinese Spyware & Malware

Q: Chinese Spyware & Malware

So this is the case: I recently visited a Chinese Website on my Windows XP system. I have to admit that I had no Antivirus or Antispyware software installed on my computer at the time. Any way, with the help of Yahoo' s Antispy Scan I found out that I had quite a lot of Spyware on my system. The're names: Cinmus A, CNNIC downloader, Quiq, Sogou, Cdn helper, pctools.dll, Cinmeng among others. I used Spybot(free version), Zone Alarm Internet Suite Trial, Xcleaner(free), CWShredder, Hijackthis, AVG AntiSpyware Trial, AVG Antivirus Trial, Avast Antivirus (free), Ad-Aware SE (free) & McAfee Internet Security Suite 30 day Trial. They removed most of the junk, but were unsuccessful in removing Cinmus A, pctools.dll and some of the registry keys from those nasty buggers. I'm not sure but it seems like not much of our top rated Antispyware/Antivirus programs can handle Chinese Adware & Spyware. Please HELP! I'm currently using McAfee Internet Suite trial which really does secure my system, but doesn't detect Cinmus A, and I can't delete or shred pctools.dll. Plus, McAfee Trial ends on the 1st Of July 2007 (so if I don't come up with something quick, I'm kinda screwed: cause all that stuff will phone home to China and reinstall themselves). I'm deperate. Please someone, HELP ME!

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Chinese Spyware & Malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 64.8

Recently I started getting one line in the upper portion of the IE windows with Chinese characters:

系统检测发现您正在使用低版本IE浏览器,可能存在安全隐患,强烈推荐您在windows系统使用更快速!更安全!更稳定!的浏览器: FireFox火狐浏览器,点击下载
McAfee and Spybot scans yield nothing. Ad-Aware 2007 results in 5 registry entries but is unable to clean them. The two categories identified:
Root: HKCR Path: clsid\{385ab8c6-fb22-4d17-8834-064e2ba0a6f0}
Root: HKLM Path: software\microsoft\windows\currentversion\explorer\browser helper objects\{385ab8c6-fb22-4d17-8834-064e2ba0a0a6f0}

Hijackthis generated log which is attached. You can see that the same entries

O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll

Aside from having the aforementioned line in every IE screen, some of the sites, including this site bleepingcomputer occasionally cannot be accessed, usually when you have to drill 2-3 levels down into the website. It changes though. Occasionally it will dive... Read more

A:Win32.adware.cinmus, Chinese Spyware - Chinese Line In Ie Windows, Unable Access Some Sites

Here is the log pasted instead of being attached:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:49:37 AM, on 2/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1�... Read more

Read other 18 answers
RELEVANCY SCORE 54

A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals.

Yingmob, an advertising company based in Chongqing, China, is supposedly the group behind the YiSpecter iOS malware and the HummingBad Android malware.

Both function in the same way, meaning they infect devices to show ads and secretly install other applications, earning their creators money from pay-per-install programs.

Crooks making over $300,000 each month
Check Point estimates that HummingBad alone delivers over 20 million ads per day that achieve a click rate of 12.5 percent, which is the equivalent of 2.5 million clicks per day. Additionally, HummingBad installs over 50,000 fraudulent apps per day.

Putting all these numbers together, Yingmob earns over $3,000 per day from clicks alone and another $7,500 from fraudulent app installs. That's around $300,000 each month, or $3.6 million per year.

Check Point researchers say that HummingBad has managed to infect 85 million devices at the moment, and Yingmob has complete control over these smartphones because it illegally rooted the devices and can push any type of malware or make the devices take any action.

Read more: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware
 

Read other answers
RELEVANCY SCORE 52.8

Initially, I received an error whenever I tried opening Internet Explorer or any folders. It'll say "Windows Explorer has encountered a problem and needs to close". The details are:
faulty app: explorer.exe version 6.0.2900.2180
faulty module: kernel32.dll version 5.1.2600.2180
fault address: 0x0001eb33

Then with system restore disabled and in safe mode, ran Adaware, Spybot and Ewido, and clean whatever it threw up. Then in normal mode, I tried opening IE and this time, it opened but other chinese ad windows will pop up too and while surfing, I cannot open a 2nd IE window, it'll immediately beep and close the first IE window. And if I tried opening other folders like My Computer, it'll take awhile.

I already had SP2 installed awhile ago, but when I visited Windows Update site, there are a few additional updates I could download. However, wasn't sure if I should on an infected system, so didn't update anything yet.

Here's the HijackThis log:

Logfile of HijackThis v1.99.0
Scan saved at 12:56:37 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
... Read more

A:chinese spyware

Welcome to TSF.
http://www.nb46.com/ - is this an intentional homepage? If so, do not fix it in HJT as below.

Download and install CleanUp!. Do NOT run it yet.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following:Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the “Temporary Files” and uncheck the box for “Scan drives for file matching” if it’s checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep that are stored in these locations; Move Them Now!!!
Run HJT and fix the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nb46.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - C:\WINDOWS\system32\smflash.ocx
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Please visit this website - virusscan.jotti.org
Submit these file(s) for a comprehensive scan & then post the results back here.

C:\WINDOWS\system32\smflash.ocx

Perform an online scan with Internet Explorer with Panda ActiveScan
*... Read more

Read other 13 answers
RELEVANCY SCORE 52

Hi,

are there any tools out that can detect and kill any possible Russian and Chinese spyware (and that of other governments)?
 

Read other answers
RELEVANCY SCORE 51.6

Hi All,

For over a month now, my hotmail has been sending emails to everyone on my msn messenger buddy list. It looks like random chinese email with links to chinese website. This is really annoying since it bothers all my friends. How do I get rid of this?? It is also quite random, sometimes it sends everyday. Sometimes it stops for a couple days then does it again. I am using Windows XP. Using MSN Live Messenger 8.0, but I've tried the old versions as well.
What I've done:

Uninstalled MSN Messenger and re-installed.
Cleaned Temp Internet Files
Checked "Turn off System Restore" in My Computer->Properties
Ran like 3 of the most popular Anti-spyware programs and deleted all the infected files.

Still not fixed! What should I do??? Please help. Thanks!
 

A:MSN/Hotmail hijacked...Chinese Spyware??

Read other 15 answers
RELEVANCY SCORE 50.8

Am I in the correct place? New forumer here I have been infected with chinese malware on 1st september. My firefox will automatically connect to1. www.sdo.80809090.com2. www.873511.comMy internet explorer cannot be used at all; everytime I launch it, it will display a VB Script error and close.Using various antivirus and antispyware programs, I tried to search and destroy the virus, all having failed badly.AVG Antivirus, AVG Anti-Spyware, Kaspersky online scanner, Norton 07, ad-aware and some other.Having failed with all the antivirus programs, I turned to combofix and smitfraud. Both failed deleting the host file.Then, I formatted my pc overnight. Thought problem solved, then I connect to internet, one second later, my firefox browser is directed to www.sdo.80809090.com again...I have a HijackThis log, but its totally clean.Logfile of HijackThis v1.99.1Scan saved at 3:37 PM, on 3-Sep-07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\G... Read more

A:Chinese Malware

Hi ff7ytaPlease rename Hijackthis.exe to Iseeyou.exe. To do this navigate to:D:\zPrograms\Important\HijackThisand then right click on HijackThis.exe and select rename.Then run Iseeyou.exe (Hijackthis) and choose "Do a system scan and save a logfile".Copy/paste the text from the resultant log in a reply to this post.Demon Cleaner

Read other 2 answers
RELEVANCY SCORE 50.8

Hi,
I have this problem with my computer that it keeps on installing new programs. Some of them are chinese. There are some changes in my browsers too. For example mylucky123 as a search engine. Please find my logs attached. Thank you in advance.

Read other answers
RELEVANCY SCORE 50.8

Today, two chinese programs appeared and installed in my laptop. I am very sure that I didn't installed them
I have slightly read the post in the forum. I can't understand the content of notepad=.= 
 
Can anyone help me to check is there any malware?
If there is, how should I remove?
 
ATTACHMENT: FRST & ADDITION.TXT 
 

 Addition.txt   39.54KB
  4 downloads

 FRST.txt   39.84KB
  4 downloads

A:Chinese Malware?

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 0 answers
RELEVANCY SCORE 50.4

hi, I've been infected by some Chinese adware and trojan (mostly Chinese I think) and I ran Ad-aware, Spybot, TrendMicro's anti-virus, I also researched all lines on my HijackThis log and fixed all baddies. But many of them continues to come back when I reboot the computer. Also, there's a ad-ware folder called gentad that's in my C:\ folder and I couldn't remove it. Everytime I try to delete it, it would say gentad.dll, which is one of the items in this gentad folder, is in use and can not be removed.One problem I've been experiencing is that I CAN' BOOT INTO SAFE MODE. I would hit F8, select Safe Mode, but the computer would then boot up in normal mode no matter which Safe Mode choice I select.I have IE windows pop up every so often and I get IE pages on my desktop too. Now I'm afraid to even use my computer. I also don't have a XP recovery cd, is there anyway to clean my system without doing a complete reinstall?Anyway, below is my HijackThis log. Thanks very much for your help!Logfile of HijackThis v1.99.1Scan saved at 7:52:39 AM, on 2/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:&#... Read more

A:Adware, Spyware, Mostly Chinese Origin, Refuses To Be Deleted

Hi wcbc,

We're studying your log and will be back to you a.s.a.p.

Thanks for your patience.

Read other 17 answers
RELEVANCY SCORE 50.4

I use anti malware bytes its not helping
i have lot of chinese malware things at my pc
sometimes it changes my keybord to chinese x_X
 
I have log files from frst
please help me out
 
michael
 

A:Chinese malware spam

please help me

Read other 0 answers
RELEVANCY SCORE 50.4

My computer suddenly corrupted with a chinese malware (!) which is shown in the icon tray and desktop. I could not remove it by running AVAST antivirus software. I am attaching the log file for help.

A:I think I am infected by some chinese malware

I have done further scan with spybot. After fixing the issues with spybot, I am attaching again the log files. 

Read other 8 answers
RELEVANCY SCORE 50.4

hi im haveing a problem so i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus" not sure

Topic deleted, no log and I have replied to Dup in AII here...http://www.bleepingcomputer.com/forums/index.php?showtopic=212043&st=0&gopid=1182701&#entry1182701

Read other 1 answers
RELEVANCY SCORE 50.4

will ima post it here since they deleted my post in da other section i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus"

Hello and welcome. You're topic in the HJT forum wasn't deleted. i will tho since it doesn't contain an HJT log so they will not look at it. Let's try these here first and if needed we'll makr a new one there.Please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finish... Read more

Read other 5 answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.6

So, I've heard about this happening before, but never thought it would hit me... I am very careful about adware, etc, and have never had a problem until now. The other day I purchased a new 750Gb Iomega external hard drive. It was mac-formatted, so I plugged it in and turned it on with the intention of reformatting it. However, once it was connected and installed I started getting these full-screen IE (i use firefox for browsing) popups full of advertisements in chinese. I didn't think much of it so i didn't write down the addresses. Immediately the computer started acting odd... slowing down, hanging up at odd times. Then my norton antivirus notified me of a couple viruses in the temp folder. I started to get worried so I stopped everything and did a full virus scan. The scan crashed with a BSOD and when I rebooted the computer I ran every online virus scan I could find, repeatedly, trying to get rid of all of the crap. I found a bunch of trojans, keyloggers, infostealers, rootkits, etc, could not run task manager or HijackThis, and at one point windows would not even fully boot.I've done a lot of work so far, and am almost there, but there are still a few things that keep coming back. It is for this reason that I am forced to finally ask for help. Here is my HijackThis log... hopefully you can see some things in there that I did not notice.EDIT: I read on another thread that I should list the steps I've taken so far...I have installed and run ad-aware, spybot, av... Read more

A:Infected With Nasty Chinese Malware

Hi,Welcome to BleepingComputer HijackThis Logs and Analysis forum, Peter E. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. Please rescan your computer and post a new HJT log and an Uninstall List.In the meantime, please refrain from making any changes to your computer. Thanks.Make an Uninstall List1. Start HijackThis2. Click on the Config button3. Click on the Misc Tools button4. Click on the Open Uninstall Manager button5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.7. Copy and paste the contents in your next reply and a fresh HJT log.

Read other 23 answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.6

Half of all malware originating in China during October was designed to steal usernames and passwords, an IT security firm warned today.By analysing the malware, which was written in a simplified version of Chinese, Sophos reported that 45.2 percent aimed to steal online game log-in information.A further 7.5 percent was designed to provide the hackers with username and password details for the popular Chinese QQ instant messaging client."Given the ever growing popularity of online gaming in China, this is a worrying trend," said Carole Theriault, senior security consultant at Sophos."Once hackers have stolen log-in details, they can effectively impersonate the victim in the online world.http://www.itnews.com.au/newsstory.aspx?CI...p;src=site-marq

Read other answers
RELEVANCY SCORE 49.6

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 49.2

Hello, Firstly I want to say I have learned my lesson and not downloading anything from pirate bay again.
 
I tried to download a tv show tonight. Only to discover (too late) that it's one of the worst viruses I have personally seen, It all appeared after I deleted the tv show I downloaded and went outside for a smoke, when I came back there's chinese porn, chinese dialog boxes of things I simply cannot read, IE opening by itself, adware, redirects, trojans, browsers, you name it. Fake antivirus programs specifically a fake version of rising anti virus that blocks my real programs like adwcleaner and microsoft security essentials. I have tried other antivirus programs with no effect because of the blocking issue.
 
I am accessing this forum on a different pc, because the infected pc is virtually unusable, I have had viruses in the past but nothing like this, I really need a program that I can download with this clean PC and install onto the infected one via USB.   
 
Should I just buy a 2TB drive and try to salvage what I can before it locks up completely. 
 
I am sorry if this seems a little bit rushed, the infected PC is used for some graphic design stuff I need access to for work. I am stupid I know.
 
Any help greatly appreciated.
 
 
-edit-
 
I just checked it again locked up from infinite chinese porn pages automatically loading in IE, starting to accept I've lost everything on that PC

A:Chinese Porn adware malware redirects... Got it all

Hello and welcome to BC,
 
We will try to help you with your problems.
 
Please, use that other computer to download following programs. Use USB to transfer them to infected machine. If you can't run them in normal mode, try in safe mode.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present ... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

Hi community members  i have bought a new dell vostro 3568. km spico got installed in it i dont know how that kmspico installed some chinese malware so as to remove it i installed mlware bytes it detected 538 threats especially PUPs i deleted all then i installed hitman pro that detected malware tracking cookies  deleted them on next scan those cookies appeared again like tboola.com adaptv advertising,com and many more they come again and again i  tried resetting chrome but these privacy hacking cookies appear again i am new to all this please help me 
                                      

A:Km spico attacked my pc and installed some chinese malware

One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  
Please follow the directions at http://spywarehammer.com/post-here-for-malware-removal/(new-instructions!)-what-do-i-do-first/  to register and post the requested DDS logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.
Good luck!

Read other 1 answers
RELEVANCY SCORE 49.2

Hey,

Have any of y'all seen a box that pops up with a blue border, at the top there is a penguin with 4 Chinese characters beside it. Below is another with QQ: then a box with 10000 in it, two or three more characters, another box with 10000 in it, then a small box with the image of a person in it, followed by 8 more characters.
Then below that is a larger box full of Chinese characters and some numbers. After this pops up, things deteriorate rapidly. The first thing we noticed was that the Task manager would not open. Others had other problems, eventually not being able to work at all.

I'm not asking for a solution. We have been looking High and Low, and we know how to use the tools available. I just want to know if anyone out there has come across this and if anyone knows where it came from?

Thanks!!
 

Read other answers
RELEVANCY SCORE 49.2

Dear All,

I'm having an issue with a popup in Chinese characters.
it pop up always at the start up and then few times during the day.

it looks I have not other problems on the machine but I've tryed all type of antivirus and malware.
including
Avast, spybot, on line scans,
the machine were running Antivirus,andimalware and firewall since beginning, not only after "infection"

no one finds andy issue but the popup still comes.

I'm running windows 7 64 on an ASUS noteboook, i7, with ATI card.

Does anyone have the same issue? anyone knows how to wipe out?

Thanks in advance

Best Regards

Antonio
 

Read other answers
RELEVANCY SCORE 48.4

Hello,
during exploration of various app creators for android I came across beta.appinventor.mit.edu. I'm still using IE8(sadly no more support) but have google chrome as a second option. 
I'm not sure when what happened exactly. I did a defrag, cleaned some old files. I tried to open beta.appinventor in chrome and it displays chinese characters across the screen.
Even when I log-in to my modem (portable wifi router) from chrome it displays chinese characters. Very few sites display adds in chinese the rest of the site would be ok. Also if I open a tab in incognito mode the entire window is filled with chinese characters.
Now the chinese characters are not displayed by opening 'normal' url's.
The puzzling thing is, the speed of the system is good. IE8 has no problems. I can open websites in chrome, no problem. 
I tried ccleaner, norton scan, dr.web scan, uninstalled chrome, re installed, several times, knowing I will not be able to remove all chrome instances in the reg, trying it again with revo uninstaller and re install.
Same problem chinese characters. I don't know what else to do.
 

 attach.zip   5.71KB
  0 downloads
 Untitled-1.jpg   61.33KB
  1 downloads
 
did a hijackthis as well, not sure if I should post this as well.
 
thanks in advance for taking a look
 
following the dds and attached zip file plus a screen shot of the chinese characters:
 
DDS (Ver_2012-11-20.01) - NT... Read more

A:possible malware in google chrome, displaying Chinese characters

hi everybody,
sorry for my own confusion. I kept on digging and came across a forum. It was suggested to change the encoding in chrome to autodetect, While my chrome showed unicode. Anyway I tried, the result no chinese characters anymore. Allways thought unicode was more or less universal, that would have been the last thing for me to suspect.
Strange was that a new install to my laptop which never had chrome on it came with unicode already in place. Had to change that, too.
Long story, happy ending, problem solved.

Read other 2 answers
RELEVANCY SCORE 48.4

Hello, this has been posted already, but perhaps the treatment method may vary depending on my situation and logs etc, so reposting...

XP SP3
IE 8 BETA (although using Firefox mainly)
Tried: Fullscan with KIS 2009 (kaspersky) and Adaware.
It removed some win32trojan downloader agent mkav or so, but problem remains.

Description:
I've been experiencing multiple iexplore.exe processes running freely without my control (I use Firefox mainly). While they run, there's a weird chinese speech in the background which sounds like a commercial, it may repeat itself few times and even overrun itself in sound.

The Problem:
iexplore.exe keeps on running along with the CHINESE talking in the background.

Now, if I run full scan on my system with KIS, it wouldn't detect anything, not to mention updated Lavasoft Ad-Aware 2008...

DDS LOG:

DDS (Version 1.0) - NTFSx86
Run by Idan at 22:27:53.26 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1606 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

A:Malware running multiple iexplore.exe & CHINESE talking

Hello Idanshalev,

Post the ComboFix.txt please.

Read other 2 answers
RELEVANCY SCORE 48.4

Hello! I've noticed a "Good link and associates" icon appear on my computer. When I looked online to see what the cause might be I found my way to this forum where people had helped folk like me with a similar problem.
 
Following advice from Alexstrasza to someone with a similar past problem, I have:
1) Run MiniToolBox and saved result.txt, in case that might be useful
2) Run SecurityCheck.exe and saved the checkup.txt log
 
Would it be helpful if I posted these up? Thanks so much to anyone who can help!
 
 

A:Infected with "Good link and associates" chinese malware?

Hello and welcome to BC,
 
Yes, you can post results here, but we should do some checks.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
-----
 
Kaspersky Virus Removal Tool
Please download Kaspersky Virus Removal Tool from here.
§  Right click on KVRT.ex... Read more

Read other 18 answers
RELEVANCY SCORE 48.4

Here is your SysInfo information: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit Processor: Intel(R) Pentium(R) M processor 1600MHz, x86 Family 6 Model 9 Stepping 5 Processor Count: 1 RAM: 1534 Mb Graphics Card: ATI MOBILITY RADEON 9000, 32 Mb Hard Drives: C: Total - 147929 MB, Free - 4270 MB; Motherboard: IBM, 2373NG3 Antivirus: 电脑管家系统防护, Updated: Yes, On-Demand Scanner: Enabled I actually use Symantec Endpoint Protection antivirus, but it was unable to recognize an infected .exe file claiming it was clean. Antivirus is still working and does not report any threat! But it seams the Chinese malware is already controlling its behavior. The pop-ups constantly promote something in Chinese, showing mostly images of automatic weaponry (probably Kalashnikov). The Program Files directory contains now a Tencent directory, which includes QQPCMgr with some more subdirectories. I was only able first to delete some of the contents, probably not vitally important files. All other content seems to be very well protected. I am unable to terminate the corresponding processes in the Task Manager nor uninstall the related program with Chinese name. I was also unable to perform System Restore - the system claims its inability to do so. I even could not start windows in Safe Mode. I tried to use SpyHunter, but also with negative resu... Read more

A:Chinese malware Tencent invaded my IBM T40 laptop, MS Windows XP

I tried additionally the Bitdefender online QuickScan - it was not able even to start the scanning process. There seems to be a problem with formatting, at least in my first message: the online editor of this site seems to eliminate the CR (Carriage Return) characters from my text. Is there any tip to avoid such behavior? BTW, I sent this from a different computer, not from the infected one.
 

Read other 3 answers
RELEVANCY SCORE 48

I just received delivery of a mini camera/voice recorder that has an instruction sheet in both Chinese characters and also broken English...very broken! In fact, it's basically incomprehensible. Is there anyone viewing this that may be able to help me translate the instructions, because I can't get the recorder to work yet. The colors of the light indicators on the recorder and the instructions don't even match. All that I can observe is red and blue, while the instructions refer to a yellow and green in addition to red.....go figure. And yes, I've contacted the seller about this but they haven't responded yet. I strongly suspect they don't have a clue either...they're just merchandisers, not tech folks.

I've attached a copy of of the so-called English instructions, but if you can read Chinese please contact me and I'll send you or post the instructions written in Chinese characters.

Thanks for your interest.
 

A:Solved: Can you read Chinese characters and/or Chinese broken English?

Read other 9 answers
RELEVANCY SCORE 47.6

Hi I was wondering if anyone could help me. My friend has a Chinese version of Windows XP with SP3 and an English Office 2007 installed on her computer. All worked fine until the day after Office was installed. Now some of the Chinese characters have been replaced with squares. I tried changing the settings in the Regional and Language Options but as the Chinese characters have been replaced by vertical lines.

If someone can help me resolve this problem it would be greatly appreciated.

Thanks

A:[SOLVED] Problem with Chinese text in Chinese Windows XP

Problem solved

Read other 1 answers
RELEVANCY SCORE 47.6

Yesterday, I did a scan of my network with WireShark 3.2.6  Scan was done on my hardwired Ethernet connection. I am somewhat new to advanced wireshark and I do not know everything there is to know but I am in the process of learning.
While looking at the results of a short scan I saw some unsettling IP Addresses that were appearing on my network. I do a lot of schoolwork online and I need to setup Windows 10 Professional's Firewall to block this IP Address or possibly even a range of
IP Addresses. 
Problem is: When I do searches with keywords such as "Blocking an IP Address with Windows 10 firewall" I end up receiving results that are intended for businesses or results that are meant for a Windows Server.
I need an understandable solution to this potential security problem. One that I can use Microsoft tools to fix and not some 3rd party app if possible.
My system:
Windows 10 Professional build 18363.1016
MS Office 365 Enterprise Edition subscription through my school
Dell Optiplex 790 with the latest BIOS update
16GB RAM
Dual drives  SSD system drive and Mechanical ATA drive for data storage.
WireShark 3.2.6 results
Source: 52.109.12.55    Destination: My private IP Address for my PC. 
Protocol used: TCP   Note: 3 instances.
Below is my PC sending out an 89 byte message to 52.109.2.55   4 different times.
Source: My Private IP,     Dest:
52.109.12.55,  Src Prt: vpad 1516,&nb... Read more

Read other answers
RELEVANCY SCORE 46.4

There are several post like mine out there already but none of the solutions have worked for me. When I am connected to my company LAN I can go to Google (my home page) in IE7 on an XP Corp SP3 Laptop. about every other time I click on a link I get the following error box.Whether I click ok on the error or click the X, a new browser window opens maximises and opens my home page.When I am on my home network the behavior is different, (probably because my home firewall is not blocking the site) When i click any link from my home page there is no error box but my click gets hijacked to an advertisement or fake virus protection sites.Here is what I have tried:1. Full scan and immunize with Spybot S & D (found a lot of cookies etc. didn't fix this issue)2. Full scan with Symantec Endpoint protection (finds trojans once a day, probably friends of this issue)3. Full scan with Malwarebytes (fixed other issues it found but not this one)4. Purchased full version of Spyware Dr (found and fixed 4 issues but not this one)5. Disabled all browser plugins, including those that run without permission. (did not impact the issue)6. Searched for any files or registry enties with "hpprintspool" in them (there were none)7. Installed HijackThis and created the following log -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:09 AM, on 11/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WI... Read more

A:Malware Cannot find http://(chinese characters) Make sure the path or internet address is correct

Hi jgardner,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.One or more of the identified infections is a backdoor trojan.A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still try to clean this machine but I might not be able to make sure it will be 100% secure afterward. Please tell me if you want to go on with cleaning.

Read other 2 answers
RELEVANCY SCORE 45.2

Hi!
I would like to know if there is any way to see Chinese in Chinese softwares? My english setting are all in English. I know you can change the language setting to Chinese to view softwares that are in Chinese. But I mostly use English softwares. So, it is kinda pointless to change the setting to Chinese since only a few programs I am using are in Chinese. As changing to Chinese setting will also affect fonts in some of the games.
Anyways. here is the problem:
I am able to type Chinese (such as Notepad etc) and I am also able to view Chinese on the webpage.
But, I am not able to see Chinese in softwares that are in Chinese. It will show up messy codse or just ????s marks.

Before I reformated my computer, I was able to see Chinese in Chinese softwares without changing the language setting into English. But after I reformated, I am not able to do it anymore. Can someone please help me out. Thanks a lot!

(P.S. I do not have the installation CD for my desktop (this computer that can't read Chinese in Chinese software. I had to use my laptop's installation CD to reformat the computer.) So, my laptop and desktop both have the same problem: unable to read Chinese in Chinese software.)

Thanks in advance!
Yuki
 

A:Unable to see Chinese in Chinese software

If you are running Windows XP ...

Start Menu -> Settings -> Control Panel -> Regional & Language Options

Select the "Languages" tab and make sure there is a checkmark for, "Install files for East Asian languages." I do not recall if you will be prompted for the Windows installation CD.
 

Read other 2 answers
RELEVANCY SCORE 43.6

When i run a search on ZoneAlarm it comes up with the folders it is searching. It stops on one folder called "Current Data:" for the majority of the search and it comes up with things like "Current Data: Win32. Trojan" and all sorts of file names under those folders like "secret crush". There is thousands of file names but when i run a search of C: it comes up with nothing as though the file doesnt exist but its coming up on zonealarm?????? wat is going on?? how do i find and delete these files. Thanks in advance,
Andrew
 

Read other answers
RELEVANCY SCORE 43.6

Hey guys, my other computer is infected with the Vista Anti-Spyware 2011 rouge anti spyware. I have tried to run MBAM with no luck (the malware opens up instead of MBAM) I am currently trying to see if it will work in Safe Mode. Also, this is my other computer and because of the virus it has no internet access (anytime I try to navigate to a page the malware pops up) so please keep that in mind as you're giving instructions.

Thanks a lot guys
 

A:Virus/Malware: Vista Anti-Spyware 2011 (rouge spyware)

Alright, so this is just and update and a bump since I haven't had any replies in 24 hours

I tried to run MBAM in safe mode and the virus still popped up so this thing is pretty entrenched. Help me out here guys, thanks
Thanks
 

Read other 2 answers
RELEVANCY SCORE 43.6

Here is the Hijack this log. I tried to use malwarebytes but it is being disabled. Please help me remove this. Also I am on another computer as I cannot go online as it keeps redirecting me somewhere else.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:00 PM, on 12/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Interneta Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6080226
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IES... Read more

A:Contracted Spyware Guard 2008 spyware/malware. Please help, disabling my Malwarebyte

Read other 16 answers
RELEVANCY SCORE 43.6

no specific sites coming up so unable to provide any more specific information - sorry!!
DDS (Ver_09-02-01.01) - NTFSx86
Run by Vince at 23:14:04.04 on 06/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.250 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\Samsung�... Read more

A:Malware/Spyware Problem - webpages being redirected + unable to download AVG updates, spyware removal etc

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more

Read other 10 answers
RELEVANCY SCORE 43.6

Two days ago I tried to open a video and downloaded an active x program that contained malware. I instantly started receiving warnings that my computer was infected and redirects toward several different spyware removal webpages. My computer was running so slow and kept locking up. I also lost my wireless internet connection. Though I still have connection through an ethernet. It seems that many of my services were shut off. I found your website and followed your instructions for preparing my computer before I post a hijack this log, and that seems to have removed most of the spyware. Still, when I boot back up and run spyware doctor scan there is one redirect program left - though I am not receiving any popups or redirects anymore. My wireless connection is non-existant. Wireless networks are detected, but when I click on the icon none show up. Nothing shows up in my wireless properties either. Other computers in the house use the same wireless. Any help you guys can give me is greatly appreciated.Regards,BethLogfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:03 PM, on 11/21/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5346.0005)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 ... Read more

A:Infected With Fake Spyware/malware That Redirects Me To Purchase Spyware

Hello Beth, NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. Th... Read more

Read other 4 answers
RELEVANCY SCORE 42.8

I have read several posts regarding Ucleaner and spyware. I am having similar problems:

-- There are three new icons on my desktop: (1) Error Cleaner (2) Privacy Protector (3) Spyware&Malware Protection. When mousing over these icons, the popup window indicates that they lead to "http://viruswebprotect.com/shandler/php?..."

-- I periodically get pop up icons that say "someone is trying to attack my computer" and there was a message that stated "Win32.netsky worm has infected my computer"

I have completed the five steps listed in the "before you post" thread. The only deviation from that is that I already have Windows XP SP2 installed. Any help would be much appreciated. Thanks.

A:uCleaner Malware / Error Cleaner, Privacy Protector, Spyware&Malware Icons

Bump Bump Bump

Read other 1 answers
RELEVANCY SCORE 42.4

Privacy Protector, Error Cleaner and Spyware&Malware protection, it pops up a message saying my computer is infected and keeps opening internet windows even when i change the homepage away from the site it wants to go to. it is really slowing my laptop down, and when u attemp to close the pop ups or delete the desktop icons, it frezzes the laptop and the only way to resolve it is to restart but it just comes back no matter what, norton will not pick it up either. it is causing my laptop start up and loading time to be epic and is making it unusable, this topic has been fixed before by RichieUK on: http://www.bleepingcomputer.com/forums/t/105116/privacy-protector-error-cleaner-spyware-malware-protection/ i have the exact same thing. should i just follow those steps or wait for specific advice for my system? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:00:05, on 03/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\S... Read more

A:Malware, Privacy Protector, Error Cleaner And Spyware&malware Protection

Hello,* Download Combofix to your desktop.Doubleclick combofix.exeFollow the prompts.Don't click on the window while the fix is running, because that will cause your system to hang.When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt. Post the contents of this log in your next reply together with a new hijackthislog.Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Read other 27 answers
RELEVANCY SCORE 42.4

This showed up when i started up my computer last night (I'm running XP). My desktop background changed to red with biohazard type logo, windows keep popping up trying to sell me protection, etc. when it first showed up some of my desktop icons dispeared and i couldn't get into my c drive, but that seems to have stopped for the moment.I've run my Kasperskys Antivirus, which says it can't delete it, disinfects it, but doesn't seem to change anything.I've also used System Mechanic 5, Spybot Search and Destroy, Smitfraudfix (i saw this suggested to someone else veiwing another forum- and it seems to work and everything looks good for 5 minutes, but then low and behold it comes right back) plus RegClean, RegistryFix, Tracks Eraser Pro, BugDoctor- to try and clean stuff out- some things seem to get rid of it, but then it returns. I've been looking it up on google to see what other people did, and trying these things, but obviously this strategy hasn't worked. its just given me a headache.I'm out of my depth. I really need help! Thankyou in advance for your wisdom.Here are my dss reports:Deckard's System Scanner v20071014.68Run by Aqua Dragon on 2008-06-08 11:54:45Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-08 15:54:53 UTC - RP230 - Deck... Read more

A:I Have An Error Cleaner, Privacy Protector, Spyware And Malware Protection Problem (virus? Malware? Trojan?)

Hi,Please uninstall the following programs since they are known to cause more damage than anything else:RegistryFix v6.2Bug Doctor 3.0.3.8Reboot afterwards.After reboot, * Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 42.4

My PC at home has suddenly been attacked. I had been using CA Anti-trust successfully for a few years, but it appears it was overpowered. I did some research on a laptop to try to narrow the list of suspects and it looks like Conficker or Downadup are suspects, but using some online removal tools, the scans are showing up negative. I still think I'm on the right track, though. I purchased Panda Internet Security 2009, but couldn't get it to update the definitions via the update wizrd, getting an error message that I needed an open internet connection and that the server was unavailable (error msg 12007). Online Panda support attributes that to Conficker and says to go to Start/Settings/Network Connections/Properties, scroll to TCP/IP and click the "Obtain DNS settings automatically", which I've done without any success. I saw a post on this forum that a virus called DNS_Changer may impact on this. I purchased PCTools Spyware Doctor with virus protection with the intention of getting my Panda purchase refunded due to lousy support. I disable Panda, installed PCTools Spyware Doctor, updated the definitions without a problem and ran the scanner. It picked up 90 infections, mostly cookies, but 10 medium threat trojans, including DNS_Changer. I selected the remove all and re-ran the scanner (I overlooked the re-boot, accidentally) and left for work (where I remain now) and am anxious to see what progress I find on my return home.

Your forum, by far, seems... Read more

A:Malware sites redirected, no spyware/malware updates - Recycler

Read other 16 answers
RELEVANCY SCORE 40.8

Hello,

After my computer booted up last night, I saw frightening messages and all kinds of pop up notification saying that my system has been infected. It turned out that these messages were being reported by "Spyware Quake".

I DID NOT INSTALL THIS SOFTWARE (Spyware Quake). Somehow, it was installed on my computer without my knowledge. The only other way I know it could have gotten to my system would be thru a monitor that I borrowed from a friend, but I don't even know if that's possible.

It seemed as somebody was watching my activities. I was able to go online. But when I tried going online, explorer or firefox will be filled with information about winantivirus and things like that. Telling me that nothing else I have is good enough to clean it up.

Spybot wasn't able to find all the spywares that 'spyware quake' claimed to have in my system. Adaware SE found a couple virus. They were all in 'spyware quake'.

I need help dealing with this stuff.

I run win 2000
brower: explorer and firefox

THanks.

A:spyware Quake, a spyware/malware?

To begin helping you, we would need to look at a HijackThis log. If your system is so disabled that you can't perform the download, download it on an uninfected machine and carry it to the infected machine via USB stick drive, Floppy, or CDR. Once you have it on the machine, unzip it as the instructions below indicate, and perform a scan, then post it back here in this thread.

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

Read other 7 answers
RELEVANCY SCORE 40.4

What ever I have started out by changing my Explorer home page and making it go to www.securityuptoday.com (After running the programs suggested---my home page now always changes to "about: blank") I also have a fake balloon pop-up on the lower right of my screen that reads "System Alert: Adware & Spyware Your computer iperformance slowed down. Your Internet connection connection speed has decreased. You receive more spand emails than ever. Use Spyware scan to find out the reason." I also have random pop-up ads for either adult entertainment or some sort of spyware/malware/adware programs.Any help you can provide is MUCH appreciated! Thank you! Steve Logfile of HijackThis v1.99.1Scan saved at 3:28:03 PM, on 5/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWi... Read more

A:Fake Balloon Tries To Sell Me Adware/malware/spyware : "system Alert: Adware & Spyware"

Hello Steve, I am SifuMike and I will be helping you. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ______________________________ Please download the trial version of Ewido anti-malware 3.5 from here: http://www.ewido.net/en/download/ Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. Do not run it yet!If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates. Make sure to close Ewido before installing the update. ______________________________ Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results ... Read more

Read other 8 answers
RELEVANCY SCORE 37.6

Donna over at Calendar of Updates has posted a second test regarding the viability of free anti-malware and free anti-spyware programs - Malware Detections of Free Anti-Malware/Anti-Spyware

see Malware Detections of Free Anti-Malware/Anti-Spyware - Calendar Of Updates

For those who don't know, Donna also previously posted another test, Rogue Detections: Old, Not So Old and New Threats
see Rogue Detections (old, not so old, new threats) by malware scanners - Calendar Of Updates

A:Malware Detections of Free Anti-Malware/Anti-Spyware

Hi John

Looks like a fairly good test, unfortunately it's on an XP box. Do you know if they plan on running one on a Vista system, since the way that many malware works will affect it's viability on Vista systems?

Thanx for the link! Still lots of good info there for our members.

Read other 7 answers
RELEVANCY SCORE 37.2

Well I went on vacation and I called my mom and she said she had gotten a virus on the computer and that it was one of those ones that pop up telling you to pay for some fake antivirus program. I really would like to clear out all my spyware/malware and that is why I have come here Well I'm 14... I'm more tech savvy then my parents/siblings... Well I have had a few years of experience working to get rid of viruses when we get them so I can follow good instructions well. Now I will say my computers Specs...

System: Microsoft Windows XP ,
Media Center Edition,
Version 2002,
Service Pack 3 (Is there an update for this?)

Computer: AMD Athlon(tm) 64 X2 Dual
Core Processor 3800+ 2.00 GHz, 2GB of RAM
Physical Adress Extension

I use the last version of Avast! Internet Security as my Antivirus.
Well I'm wondering which of these may be malware/spyware so I'm posting the processes from the Task Manager. Also Please keep in mind the 280 K process was because I was running a Full Scan with Spyware Doctor (pctsvc.exe) I have ran full scans with malwarebytes, spyhunter, spybot s&d, Spyware Doctor, Microsoft Windows Malicious Software Removal Tool, and all have pretty much found stuff but none have found all the same stuff. I'm sure i'm still infected. Avast also finds NOTHING!!! I'm looking for a program that can find it all! please help me..

This image has been resized. Click this bar to view the full image. The original image is sized 102... Read more

A:HJT Log, Malware, Spyware Help please?

bump... Also It's not letting me open my taskmgr (was able to yesterday) I had 2 infected files after scanning with malwarebytes... isn't there someone who can help please?
 

Read other 1 answers
RELEVANCY SCORE 37.2

I followed the instructions and list the DDS.txt and Attach.zip
So lemme explain whats going on

I have Win XP sp3, running fine nothing wrong til this happened

1. Automatic Updates turned off and is not turning back on
(i did every step to turn it back on not working)

2.pop ups from antivirus 2009 and registry cleaner opened in IE (IE wasnt even Running)

3.12/24/08 I opened Mozilla today and this popped up Twice

file:///C:/Documents%20and%20Settings/Owner/

4. AVG & Windows defender scans detection list Below 12/22-12/24/08

Windows Defender detected these and were REMOVED:
===========================================================
Trojan:Win:32/Vundo.gen!Y (Which kept coming back)

file:
C:\WINDOWS\system32\oifyjomj.dll->(UPX)

containerfile:
C:\WINDOWS\system32\oifyjomj.dll
--------------------------------------------------

Trojan:Win:32/Vundo.gen!J (Which kept coming back)

file:
C:\WINDOWS\system32\wutplu.dll->(UPX)

containerfile:
C:\WINDOWS\system32\wutplu.dll
-------------------------------------------------------

Trojan:Win:32/Vundo.gen!C (Which kept coming back)

file:
C:\WINDOWS\system32\yayaAqPH.dll->(UPX)

file:
C:\System Volume Information\_restore{D684ADD8-48A9-4206-9B37-B9033D69500B}\RP286\A0039497.dll->(UPX)

containerfile:
C:\WINDOWS\system32\yayaAqPH.dll

containerfile:
C:\System Volume Information\_restore{D684ADD8-48A9-4206-9B37-B9033D69500B}\RP286\A0039497.dll

--------------------... Read more

A:Help! I think i got Malware/Spyware

And just to add i looked at my Trusted Zones from the DDS file and i never put any of those there

Read other 3 answers