Over 1 million tech questions and answers.

Antivirus Xp 2008, Antispyware 2008 Xp

Q: Antivirus Xp 2008, Antispyware 2008 Xp

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37: VIRUS ALERT!, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Sandboxie\SandboxieServer.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\WINDOWS\shell.exeC:\WINDOWS\system32\printer.exeC:\DOCUME~1\johnd\LOCALS~1\Temp\lsass.exeC:\WINDOWS\system32\lphce15j0e18g.exeC:\Documents and Settings\johnd\Local Settings\Temp\.tt417.tmp.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\webHancer\Programs\whagent.exeC:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Documents and Settings\johnd\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exeC:\Documents and Settings\All Users.WINDOWS\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exeC:\Program Files\Common Files\Teleca Shared\Generic.exeC:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeC:\Documents and Settings\johnd\Desktop\spyware\HiJackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: BhoApp Class - {28A73C97-A538-08EE-FA8A-1CF3009DB0D0} - C:\Program Files\altcmd\altcmd32.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dllO2 - BHO: QXK Olive - {CF36791A-1847-4059-8BB4-89C28E514C6D} - C:\WINDOWS\rodqgpvlkmb.dllO2 - BHO: (no name) - {DD861218-A2AC-46EA-AD5A-6E97F48ACA50} - C:\WINDOWS\system32\pmnljijI.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: qalkfxor - {D15D9083-1F4E-406F-B1EA-F38E43FBC59D} - C:\WINDOWS\qalkfxor.dllO4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [SYSTEM.rt32] C:\DOCUME~1\johnd\LOCALS~1\Temp\lsass.exeO4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exeO4 - HKLM\..\Run: [lphce15j0e18g] C:\WINDOWS\system32\lphce15j0e18g.exeO4 - HKLM\..\Run: [inrhca15j0e18g] C:\Documents and Settings\johnd\Local Settings\Temp\.tt417.tmp.exeO4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\johnd\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrunO4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exeO4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users.WINDOWS\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe" /autorunO4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: findfast.exeO4 - Global Startup: autorun.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (file missing)O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO15 - Trusted Zone: *.wpcuds.usace.army.mil (HKLM)O15 - ESC Trusted Zone: *.wpcuds.usace.army.mil (HKLM)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = eis.ds.usace.army.milO17 - HKLM\Software\..\Telephony: DomainName = eis.ds.usace.army.milO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = eis.ds.usace.army.milO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = eis.ds.usace.army.milO20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dllO20 - Winlogon Notify: pmnljijI - C:\WINDOWS\SYSTEM32\pmnljijI.dllO21 - SSODL: rqbmvpso - {2991936D-761D-4A67-9012-04AD0988D443} - C:\WINDOWS\rqbmvpso.dllO21 - SSODL: pdoskegl - {D1C2ED7C-BEB7-415A-BC9F-C8DF3AA194FE} - C:\WINDOWS\pdoskegl.dllO23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: QCONSVC - Lenovo - C:\WINDOWS\System32\QCONSVC.EXEO23 - Service: Sandboxie Service (SandboxU) - tzuk - C:\Program Files\Sandboxie\SandboxieServer.exeO23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exeO24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm--End of file - 10503 bytes

RELEVANCY SCORE 200
Preferred Solution: Antivirus Xp 2008, Antispyware 2008 Xp

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Antivirus Xp 2008, Antispyware 2008 Xp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.With Regards,The PandaImportant Note to Other Users Reading this Topic: The instructions provided in this topic are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

Read other 9 answers
RELEVANCY SCORE 98.8

These are just a few things that were found on my computer, have no idea how it got so out of control.
I worked all day trying to get rid of all of these and finally succeeded by running and updating antivirus/Spyware detector and then rebooting in safe mode, while doing this many times I recieved "blue screen" and sometimes it was fake and sometimes it was real, if I pressed ESC I knew it was a fake screen.
Eventually it let me stay on long enough to get rid of everything
But I'm still getting the FAKE blue screen so could someone take a look at my highjackthis log please


Logfile of HijackThis v1.99.1
Scan saved at 10:33:46 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Rogers\Update Manager\RogersUpdate... Read more

Read other answers
RELEVANCY SCORE 96.4

Hello, my wife was downloading a "David Cook Video" from some unknown website. She screamed when all of these pop-ups came up. I closed them out and ran AVG 8. It was unable to remove the virus. Then the desktop went blue and the system kept trying to restart but could not, another blue screen came up with white text. I was able to restart in safe mode. I have 2 new items on my desktop XP antivirus 2008 and Malware Protector 2008. Thanks in advance for your help.

I have posted my System Scanner file below and will attach my Active Scan and Extra.txt file.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 09:04:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-08 13:04:04 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2008-07-08 11:41:55 UTC - RP3 - Last good restore point
1: 2008-07-08 11:41:33 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:20 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Run... Read more

A:Antivirus XP 2008 and Malware Protector 2008

Bump.

Read other 12 answers
RELEVANCY SCORE 92.8

I am in need of some MAJOR help.... this is my daughters computer and is majorlly infected....


ComboFix 08-06-20.4 - Cat 2008-06-25 19:49:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -4:00]
Running from: C:\Documents and Settings\Cat\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\b\Favorites\Online Security Test.url
C:\Documents and Settings\Cat\Application Data\AXPDefender
C:\Documents and Settings\Cat\Application... Read more

A:Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Deckard's System Scanner v20071014.68
Run by Cat on 2008-06-25 20:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 20:23:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\syste... Read more

Read other 17 answers
RELEVANCY SCORE 88

Hi Moderators,

I got infected with the CNN pop-up even though I had McAfee. Thanks to your site I was able to remove it and a host of others that McAfee ' so called Security Centre could not.

My first question is -
What does the term" quarintine" on the display log?

How can I now remove the Antivirus XO 2008 and Register Antivirus 2008 Icons from my Start - Logon/Off window?

I have Windows XP and a "Compaq" computer.

Thanks you.

A:Antivirus Xp 2008/register Antivirus 2008

When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive". If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be bad, you can delete it at any time.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download th... Read more

Read other 1 answers
RELEVANCY SCORE 88

Got some new rogue anti-spyware dropped on my machine through what appeared to be a PDF exploit this morning, "Zinaps Antispyware 2008". I can't find anything useful through searching, but since most of these apps are just re-skins with minor modifications, I thought I'd post a screenshot in hopes that someone would recognize the UI and be able to give me the name of a related program so I can use the steps to clean that as a guideline.

Behavior so far is just constant reminders from the tray that "MY COMPUTER IS INFECTED!". At boot, the "Reminder" program, currently "qxyfr.exe", pops up as well as the Zinaps program itself, "zinaps7.exe". "zinaps7.exe" just hangs as soon as it's brought onto the screen, not sure if it always works that way or if that behavior is just because my wireless card has been turned off.


Here's a screenshot of the Zinaps program...


And here are the two tray icons.


Any help is much appreciated.

A:New Rogue Antispyware - Zinaps Antispyware 2008

Problem appears to be solved. The process name 'qxyfr.exe' may be different on each machine, if yours is different just replace every instance of 'qxyfr' with whatever it is named on yours.

1. Killed the processes in this order: zinaps7.exe, qxyfr.exe.
2. Removed entry from startup using msconfig: qxyfr.exe
3. Removed the following files:
C:\Documents and settings\USERNAME\installer.exe
C:\Documents and settings\USERNAME\Application Data\qxyfr.exe
C:\Documents and settings\USERNAME\Application Data\Zinaps 7\*

There are still traces in the registry, but the warnings have stopped and the application hasn't opened since reboot.

Read other 2 answers
RELEVANCY SCORE 85.2

I have run:ad-aware - shows computer as cleanspybot search and destroy - shows computer as cleanMcAfee stinger - shows no results (assuming this means clean) However I still am having a problem with this rogue spyware.I have installed and ran HJT, will include a log below.My operating OS is XP.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:34:34 PM, on 9/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\userinit.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF... Read more

A:Can Not Get Rid Of "antispyware 2008"

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

Read other 2 answers
RELEVANCY SCORE 84.4

I got infected with Antispyware 2008 yesterday and it performs fake scans and popups to try and make me buy there product. I used spyhunter and spyware doctor they picked up a lot of viruses and problems but when i reset the computer they reappear and nothing changes..

This virus blocked my task manager and lots of my start menu options + hides my drive c and many more things. I used a program called security task manager to look threw my processes and found several unknown things and scanned them and they had Zlob malware or something in them and I removed and quarantined.

Im not getting any pop ups anymore or error things but i still dont have access to my task manager because it says its been disabled by the administrator, i cant use start run either... and were my clock/time is on my desktop it says VIRUS ALERT and anywhere else were time shows up!

I'd appreciate any help, sorry for the bad grammar.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:20: VIRUS ALERT!, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Fil... Read more

A:Antispyware 2008 Attack!

Bump

(No viruses or spyware shows up anymore on any of my scanners)

Read other 2 answers
RELEVANCY SCORE 84.4

Hi guys and gals

My wife D/L a free song from somewhere (she does not remember) and next we know we have Antispyware 2008 XP alert popping up all the time. Once I click no it will disappear only to reappear later. What do I need to do to get rid of this little bugger. We have Norton Protection Center and nothing is showing up on their system. I just downloaded Spyhunter so trying that. Any other suggestions? Why would I need Spyhunter if I have Norton? I have Vista if that helps.

Thanks,
TM
 

Read other answers
RELEVANCY SCORE 84.4

I was unfortunate enough to get the antispyware xp 2008 virus. I used Super antispyware and it shows that it removed a couple trojans I had. I was able to get rid of the blue screen background and can now access my task manager, but I am not able to use system restore to go back previous to the infection this morning. I am not computer litterate, I just dont know what to do to clean my system. Any help would be great. Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:11 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.ex... Read more

Read other answers
RELEVANCY SCORE 84.4

Hey, experts!Here is a gullible girl who was stupid enough and installed the activeX control from a music website when I was searching for some lyrics. I am sincerely looking for some help from you experts, and any help will be appreciated with an innocent heart! The followings are what happens after I turn on my computer in orders: http://img169.imageshack.us/img169/2844/97533162ad2.jpghttp://img403.imageshack.us/img403/8813/19706664jq6.jpghttp://img175.imageshack.us/img175/1949/28900297ku7.jpghttp://img175.imageshack.us/img175/8453/99185058wi4.jpghttp://img88.imageshack.us/img88/6903/75907166mh3.jpghttp://img217.imageshack.us/img217/928/60179199xq4.jpghttp://img382.imageshack.us/img382/3651/38354222jw3.jpgedited some of these screenshots (Thunder) The log I got from HJhackThis is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:22:06 PM, on 8/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Applications�... Read more

A:Infected With Antispyware 2008

Hello Burnice and welcome to BleepingComputer,Quite a load of crap you have there 1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove S... Read more

Read other 2 answers
RELEVANCY SCORE 84.4

Followed all the renaming tips given in response to another troubled person posted elsewhere but remain unable to get MBAM to run. I have a Vista Antispyware 2008 problem I am trying to help my granddaughter unload from her laptop.

Read other answers
RELEVANCY SCORE 84.4

i have this virus thats so hard to remove can someone help me in removing it.it disables task manager and does other things it changes the homepage to ANTISPYWARE 2008 and makes that antispyware pops up on the screen.i cant even acces the intenet with that pc.
Logfile of HijackThis v1.99.1
Scan saved at 17:32: VIRUS ALERT!, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Antispyware 2008\Antispyware-2008.exe
F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc... Read more

Read other answers
RELEVANCY SCORE 84.4

Below is my HJT. Please give help. ThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:22:56 PM, on 10/22/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18241)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\PROGRA~1\AVG\AVG8\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Verizon\McciTrayApp.exeC:\PROGRA~1\Yahoo!\YOP\yop.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.e... Read more

A:Antispyware 2008 w/ Smitfraud-C

Hello DB Cooper,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 83.2

First time poster. I was attacked by some maleware called Antispyware 2008 XP. I was able to remove it using this bleepingcomputer tutorial (http://www.bleepingcomputer.com/malware-removal/uninstall-antispyware-2008). I was able to remove the program and am no longer blasted with fake Spyware warnings, but I am still having issues with my wallpaper being stuck as a blank image and some other residual effects of the spyware. Was hoping someone could help me out with my HiJackThis Log and let me know if there is anything that jumps out and how to fix. Thanks in advance.--------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:11:46 PM, on 8/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Aventail\Connect\as32svc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\AccessManager\Client\AMBroker.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:&... Read more

A:Antispyware 2008 Xp Problems - Hijack This Log

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

{{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.

While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

o... Read more

A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t...

There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum

Read other 1 answers
RELEVANCY SCORE 82.4

Hi, my computer was raided by a whole slew of viruses, trojans, and whatnots.

Apparently my pc had been attacked by the "worm.win32.netbooster" so I searched online and managed, through a yahoo answers forum, to remove it using Smitfraudfix and Bitdefender's online scan (on both Safe and Normal mode). That cleared the red background, unwanted icons on my desktop, the "virus alert" next to my clock, restored my Task Manager and Start Up Menu to normal, but I still continued to get popups about a Antispyware 2008 XP almost every second and had problems with my search engines (could not display antispyware sites and search results). By then I also cleared my System Restore and made a new Restore Point.

So I searched online for cures using my Opera browser after both Firefox and IE failed and downloaded CCleaner, SUPERAntiSpyware, Spyware Doctor, AVG, Malwarebytes' Anti-Malware and RogueRemover. After running everything and deleting all that was detected, I ran Bitdefender's online scan and Trendmicro Housecall.
Everything seems to be okay now with MBAM and SUPERAntiSpyware detecting nothing except for some tracking cookies now and then.

However, I'm still a little skeptical as to whether my PC's completely safe for login to banking sites. Still worried that there may be keyloggers hidden somewhere.

Can anyone advise me what to do from here on? =x

Thanks,
Ruthe

A:Antispyware 2008 Xp, "worm.win32.netbooster"

Would you post the Malware bytes and Superantipyware logs. Determioning the current trustworthyness of the PC can be best known by what malware was in existence.

Read other 2 answers
RELEVANCY SCORE 81.6

Hello,

I am helping a friend clean up her Toshiba notebook, XP Pro SP2, that got infected with Spyware Guard 2008 and MS AntiSpyware 2009 which seemed to bring in a bunch of other malware. I found BleepingComputer while Googling for removal clues. After reading several forum articles, I downloaded Malwarebytes? Anti-Malware free version and SUPERAntiSpyware. I also downloaded the latest version of the Microsoft Malicious Software Removal utility. I burned all these to a CD on another computer, then installed them on the infected computer from the CD with having it connected to the Internet. After several scans and quarantining sessions with each tool, I got it down to the point that there were only a few errors that kept coming up on a full scan. At this point I connect the computer to the Internet, updated Malwarebytes? Anti-Malware and SUPERAntiSpyware and did complete scans and quarantines. After a couple of rounds of this, all three tools report no infections after multple shutdown/startup cycles and rescans. The system boots much faster and has not displayed any evidence of the infection(s).

The malware had turned off the Windows firewall, Windows Update, and the Symantec Antivirus settings. I have gotten the Windows Firewall and Update re-activated, but I am having trouble with getting the Symantec AntiVirus to act right.

When the system boots I get a balloon that says:
Your computer might be at risk
Symantec AntiVirus Corporate Edition is turned off
Click this ballo... Read more

A:Was Infected with Spyware Guard 2008 and MS AntiSpyware 2009

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 81.2

Hello,
In the DISA Security Technical Implementation Guides (STIGS) there is a test for event tracing (#V31026). 
The STIG indicates that if you are running Win 2008 the absence of etwenable = false is not a 'finding' because event tracing is enabled by default (on 2008 servers) and it should be enabled and running.
Is this the same for windows 2008 R2 Enterprise Server?
I cannot find the element etwenable in my 2008 R2 Enterprise server test system, it does not exist.
Does that mean the requirement for the STIG is met, and event tracing IS enabled by default on Win 2008 R2 Enterprise Servers?  No further action is required to enable? 

Is there an easy way to verify it actually is enabled?  Check registry value, run script?

Excerpt from the STIG:
Microsoft Dot Net Framework 4.0 STIG
Rule Title:  Event tracing for Windows (ETW) for Common Language Runtime events must be enabled.
STIG ID: APPNET0067  Rule ID: SV-41075r1_rule 
Vuln ID: V-31026
Severity: CAT II Class: Unclass
NOTE:
Beginning with Windows Vista and Windows Server 2008, ETW Tracing is enabled by default and the "etwEnable" setting is not required in order for Event Tracing to be enabled. 
An etwEnable setting of "true" IS required in earlier versions of Windows as ETW is disabled by default.
Thank you,
V/R
Bill
William C. ?BC? Davis PMP, CISSP, IASO
Lead Infosec Engineer/Scientist
Comm:   781.271.5221
DSN: ... Read more

Read other answers
RELEVANCY SCORE 80.8

Thread title should read Antivirus xp 2008. Hi, new here but I discovered your site via google search and you guys really seem to know your stuff. So, I got a bug browsing the net recently called Antivirus xp 2008. After a quick search at your site it seems like its a pretty popular problem so I hope you can help. I was able to clear up the antivirus xp 2008 via scans and reboots but I still have windows security alerts popping up on me every so often and I have connectivity issues through my wireless network.I used Ad Aware 2008, AVG Antispyware, Spybot Search and Destroy, and Malawarebytes before posting to clear things up a bit. I also used Defrag, CCleaner, and AVG Antivirus as well.These are the different pops ups that come up in the Windows Security Alert:Trojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfruad.dqTrojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqHere is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:09:15 AM, on 8/23/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\P... Read more

A:Windows Security Alert Popups - Post Antispyware Xp 2008

HiDisable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log. Make sure notepad's word wrap is disabled to make logs appear in better readable format.A word of warning: Neither I nor sUBs are responsible... Read more

Read other 16 answers
RELEVANCY SCORE 80.4

how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection 

A:how to remove window server 2008 2008 sp1,sp2 vista,sp1,sp2,...

chuck5014 wrote:how can i remove all my old computer programs from my new hp slimline desktop260-po26 . mircosoft keeps loading all my old computer stuff everytime i hook up my att internet connection Could you clarify what you're having a problem with?   Post a screenshot if possible.

Read other 1 answers
RELEVANCY SCORE 78.8

I have tried to stop this spyware xp2008 with no sucess. It has stopped me from doing anything on my computer. I have Spywear Doctor that took me 10 hours to run. It found 6 trojans and delted them but now I still get a sign saying that I have MalwareProtector 2008. A website told me to download mbam-setup. There is no way for me to get into "my computer" from "start". I did download it but now I can't open it to run it. When I click on my "start" button now, all programs are missing.

When I turn off the computer and power it on again, this is the message - RUNDLL Error loading C:\WINDOWS\system32\oljqvcfu.dll. Next line says The specified module could not be found.

Please help.

Read other answers
RELEVANCY SCORE 78

Hi all,I have a PC with a 2.6 GHZ CPU, 1.5 GB RAM, a 250 GB internal C drive, 80 GB internal D drive and 2 external drives which were detached when the virus hit. I am running Windows XP Home with SP2. I use Panda Internet Security and Spybot S&D. Last week, I was hit with Antivirus 2008 Pro which crippled my PC for a couple days until I thought I had gotten rid of it with SpyHunter. It came back the next day and morphed into XPAntivirus, which also took a couple days to get off. Panda and Spybot didn't find anything when I ran them so I ended up using both Spyhunter and Spyware Doctor as well as SmitFraudFix and a couple of websites that listed files, directories, and registry keys that had to be deleted AND doing a complete clean install of XP after transferring all my relevant files over to an external drive. I finally got it off and was clean for almost a week until the night before last. I was trying to find a free PDF converter program for a friend of mine. I found PrimoPDF (not on the maker's website, unfortunately) and when I clicked on the install program, my computer restarted. When it came back on, I had the red alert message from Windows Automatic Updates which said that my updates were not turned on. When I tried to turn them on, the control panel said they were turned on but the red alert wouldn't go away and I couldn't go to the Microsoft update site manually. Also, error messages involving DLL files came up -- ubijcvin.dll and ijjcvslw.dll -- sayi... Read more

A:Infected By Antivirus 2008 Pro, Then Xpantivirus, And Now Antivirus 2009. . .

Hello Stacy and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)In the event you already have Combofix, delete your current version and download the latest ... Read more

Read other 8 answers
RELEVANCY SCORE 76.8

Two of our computers became infected with Antivirus 2008. We had no problem loading Spy Sweeper in one and getting the computer back to normal, the other one, however; is still giving us headaches. The system is not allowing us to access anything online, through a search or by keying the website in directly, that refers to Antivirus 2008 in any way. After running a sweep on the computer, it appeared that it was found and removed. Unfortunately that was not the case. Although we no longer have the billboard announcement of spyware being on our computer... it still prevents accessing any information online about Antivirus 2008 and internet access on the whole is sporadic. Help?!?!????

A:Antivirus 2008

JKZN - There are many ways to remove XP Antivirus, both manually and through programs. After being infected with this myself, I had the exact same problem as you....XP Antivirus was blocking my access to any and all websites that mentioned anything about XP Antivirus 2008.What you need to do is download Malwarebytes Anti-Malware 1.28 from hereSave it to your PC and then install. At the beginning of the install, make sure you have 'Launch Program' and 'Update Program' boxes ticked. Once installed, perform a 'quick scan' and then follow the directions. If the program asks you to restart your computer, then please do so.If XP Antivirus blocks access to the page I linked above, then go to an unaffected computer, download the program, and then burn it to a cd and install manually on the infected pc.This was the easiest way I found for removal and it completely removed all traces of XP Antivirus. After my PC was disinfected, I couldn't believe the performance gains I got back....XP Antivirus is the worst of the worst.*Edited to include that preliminary use of this program is free...as I used it last night to disinfect my machine. As it is 'shareware' I'm not sure when it 'locks' and starts prompting you to buy it, but it won't cost you anything if you want to use it to remove XP Antivirus.

Read other 6 answers
RELEVANCY SCORE 76.8

Hi

I've been infected with antivirus xp 2008 and maybe some other malware. I think this machine is mostly clean but became aware that this machine or another pc on the network is relaying mail, and complaint has been report to my isp. I'm trying to identify if this machine is the one that is hosting this smtp relay sotware.

Here is the HJT log.

Thanks in advance.

A:antivirus xp 2008 and others

Hello genOne,I apologise for the delay, the forum is busy.If you still need help, post a new HijackThis log.Please do not post it as attachment.

Read other 2 answers
RELEVANCY SCORE 76.8

I have downloaded and used the malware bytes program to get rid of antivirus xp 2008.
what I need help with is the desktop. I don't have all of the options for changing my destop and was wondering
if anyone here could help me with this.

A:Antivirus Xp 2008

Hello.please post the scan log so we may review it,just in case.What issues are you having on the desktop? Blue screen, Icons???Skating away ..............to the Am I Infected forum from XP

Read other 1 answers
RELEVANCY SCORE 76.8

Hi,

I run Window XP home

I ran Malwarebytes AntiMalware, but I still have Antivirus XP 2008.

I have a blue screen and constant warnng messages from AV XP 2008.

Please help me remove this.

Malwarebytes' Anti-Malware 1.28
Database version: 1147
Windows 5.1.2600 Service Pack 3

9/13/2008 11:09:14 PM
mbam-log-2008-09-13 (23-09-14).txt

Scan type: Quick Scan
Objects scanned: 72845
Time elapsed: 46 minute(s), 7 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 25
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\SYSTEM32\lphc7jsj0ea03.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3jsj0ea03 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quar... Read more

A:I Still Have Antivirus Xp 2008

Hi getridofit123,It may take a few tools to completely kill this bug. Let's continue with this procedure:Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet. Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates". (If you encounter
any problems while downloading the updates, manually download them from
here and
unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but befor... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

I have been attacked by the virus "antivirus xp 2008" and can't get rid of it! I have downloaded the following programs but none have been able to remove it: spyware doctor, spyhunter, superantispyware, malwarebytes' and ad-aware 2007. I get the typical pop-ups saying I have viruses and need to download the "anitvirus xp 2008" program. My background is also a blue screen that says " you have a virus and need to download a program" I also get the horrible blue screen. I have also tried to manual remove it, but can't get it to work. When I do start-run-cmd i get the prompt C:/document and settings/owner. I can get it to c:/ but it won't find any of the .dll i need to delete. Please help with this problem...i am at a complete loss!!!

A:Antivirus Xp 2008

Welcome to bleeping computer cowgurlPardon me I was a 2 stepper long ago and far awaySpyhunter and adaware are pretty ineffective with these newer infectionsWould you run MBAM, ATF cleaner and SAS in the exact order specified in this postMake sure you update and install according to the directionshttp://www.bleepingcomputer.com/forums/ind...mp;#entry839950

Read other 1 answers
RELEVANCY SCORE 76.8

A week ago my computer was taken over and a screen that looked like a Windows screen popped up wanting me to install this XP Antivirus saying that my computer was under attack by Virtumonde and some other WIn32. I ran the AdAware and Spybot and McAfee on several occasions. I've rebooted and tried to get this off my computer without avail. Initially I had no internet connection but have gotten that back after several runs of the AdAware and Spybot. But I think there still may be something on this. Here is the HJT logfile. Can someone please let me know if there is anything that looks like remnants of whatever got me? Help is greatly appreciated and thank you in advance..Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:15:03 PM, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system... Read more

A:I Think Its The Xp Antivirus 2008

Hi wenzelj I apologize for the delay in response to your thread.If you have since resolved the original problem you were having, I would appreciate you letting us know.. If not please post a new Hjt log so i can see the current condition of your system.Thanks.

Read other 2 answers
RELEVANCY SCORE 76.8

I am trying to get ride of antivirus 2008

A:Get rid of antivirus 2008

Hello and welcome. I have split your post to it's own topic. Although things appear the same replying to 2 people in the same thread can become confusing.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all o... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

I have Windows XP with SP3 and have had the antivirus 2008 bug about 2 months ago. I believe I have removed it by following some tutorials in the forums. Now, when logging into EBAY it asks me to validate my account and asks for SSN, bank account number, etc, etc. It just doesn't seem legit. I can log onto EBAY from 2 diff't computers without problems.

If my problem are not fixable, I do not have the XP recovery CD or anything else along those lines.

Any help would be greatly appreciated!

A:Antivirus 2008

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 7 answers
RELEVANCY SCORE 76.8

Hi guys. I clicked on a link to download the H.264 driver for Flash and it was a spyware. My screen went blue and Mcafee detected the joke.bluescreen virus. I think I may have gotten rid of it all, but would like an expert to check. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:20 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Anonymizer\Anonymizer Software\AnonASW\AnonAswSvc.exe
C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonMgmtSvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\S... Read more

A:XP Antivirus 2008

Read other 12 answers
RELEVANCY SCORE 76.8

i've been having problems with these fake programs who claim to clean out viruses from your computer but end up pestering you and giving you annoying messages about viruses present in the computer. The annoying part about it is that the virus i currently have (Antivirus XP 2008) cannot be removed with the Add/Remove programs.This is really difficult to remove and i need advice on what to do to completely remove it since it keeps on installing itself and it has gotten to the point that it interrupts me internet browsing to tell me to buy the product because i have many viruses on my computer. Also, i would like to know if there are any SAFE virus removing programs out there that i can download for free.HELP. i've been reading blogs and websites but the removal instructions are very complicated. i dont want to damage my computer ever more by making the wrong move while attempting to remove this virus!!!please i need help!

A:How Do I Get Rid Of Antivirus Xp 2008? Help

Hello and welcome, i have deleted the duplicate post you made in the antivirus forum as you will be helped here.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the messa... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

I ran full scan of MalwareBytes' Anti-Malware that was 2 hours and I clicked remove. I am having problems in my desktop settings and the Antivirus XP 2008 shortcuts are still listed in my start menu. It has slipped by McAfee (Comcast), Comcast Spyware,and Firewall??? I am already running low on my RAM and I have all the usual you would expect: slow speed, crashes etc. Please Help... I am trying my best?? Any help is greatly appreciated! Thank you so much!!!!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:38 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Dialer\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C... Read more

Read other answers
RELEVANCY SCORE 76.8

My buddy just dropped his laptop off for me to look at. At power up it goes into this virus checker. Is there a Free removal tool to download and run. I haven't done anything else at this point.ThanksMod Edit: Topic moved from HJT to more appropriate forum~ TMacK

A:Antivirus Xp 2008

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 18 answers
RELEVANCY SCORE 76.8

I'm not really sure exactly what I'm doing, but my sister directed me to this site (and is allowing me to post using her account, in fact.)

I have a new computer and had neglected fully installing software for virus protection. Unfortunately, something called "Antivirus XP 2008" installed itself when I was browsing the web. There is an icon for it in my taskbar and I get System Information notifications stating "Antivirus has found 567 viruses on your computer. It is recommended to disinfect files as soon as possible."

I downloaded AVG Anti-Virus, the Free Edition, and ran a full scan of my computer. It's been removing things, for sure, but not the main problem.

Now I have a "Antivirus XP 2008 demo mode notice" that overlays on top of all of my windows that can't be diminished.

I'm not sure how much of that information is helpful, but I would really appreciate any advice on what to do in order to get rid of it. Thank you, thank you, thank you for taking the time to look into it!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:44 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec... Read more

A:Antivirus XP 2008

Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on th... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

Please help.. i have recurring BSOD in result of this virusPlease help as i need this lappy for college Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:27:11, on 02/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Documents and Settings\Marie\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Interne... Read more

A:Antivirus Xp 2008 And More

HiWhat is the EXACT wording on the blue screen ? Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.* Copy and Paste the entire report in your next reply.THEN ...Please follow these directions to run Combofix & post a log.http://www.bleepingcomputer.com/combofix/how-to-use-combofixsteam

Read other 8 answers
RELEVANCY SCORE 76.8

I went to the McAfee forums and have tried everything including Malwarebyte's to get rid of the trojans on my computer but they keep coming back. Here is my hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:15:46, on 9/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Memeo\AutoBackup\MemeoService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\... Read more

A:Antivirus Xp 2008....have Tried Everything To Get Rid Of It.

Anyone?? I have so much work I need to be doing but I can't do it with this trojan.

Read other 8 answers
RELEVANCY SCORE 76.8

Made a mistake of clicking on this program and now I can't get rid of it.

Could you please have a look at the log and advice me what to do.

Thank you very much.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:22 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\... Read more

Read other answers
RELEVANCY SCORE 76.8

Hi,
I have a computer infected with Antivirus 2008. I can't get on line with this computer. This rogue program will not let me. I am sure I can download to another computer. My question is, how do I get Malwarebytes' Anti- Malware loaded onto the infected computer. I am running Windows XP on both computers. Please help!
DW

A:Antivirus 2008

You can use a USB Pen drive or a CD to collect the exe and the updates on the clean machine then do the transfer but be sure to disinfect the Pen or the CD AFTER it has been in the infected computer else BOTH will be infected ( or if worried, even chuck it ) Hope that helps you

Read other 3 answers
RELEVANCY SCORE 76.8

HiI've taken temporary ownership of a friends PC in an effort to get rid of Antivirus XP 2008! I've successfully run malwarebytes but there's still traces of the problem. On startup I get a fake license agreement asking me to agree to install the program. There's also shortcut entries on the start menu.Prior to running malwarebytes I couldn't run any programs except internet explorer, which was taken over and was pointing me towards buying their fake software.I've pasted a hijack this log below.Thanks in advance for any helpDaveLogfile of Trend Micro HijackThis v2.0.2Scan saved at 02:10:15, on 01/01/2003Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\zip3.tmpc:\program files\mcafee.com\agent\mcdetect.exec:\PROG... Read more

A:Antivirus Xp 2008

Hi dave_unrealI have to point out that this system is a long way out of date.This is not helping..... and this is why the system is getting infected.After it's cleaned up, you'll need to do a lot of updating.Can you check to see if the McAfee product installed is an Anti-Virus protector.If it is... you will need to remove either McAfee or Avast.You can't run 2 AV programs together.Step 1Please disable Spybot S&D?s TeaTimer protection, because it is known to interfere with our fixes.You can enable it again after you're clean.Open Spybot and click on 'Mode' then click 'Advanced Mode'.Click on 'Tools' in bottom left hand corner.Click on the 'System Startup' icon.Uncheck 'Teatimer' box and/or uncheck 'Resident'.Then, check next to the computer clock to see if the icon for Spybot is still there.If it is, right click it and choose 'exit Spybot-S&D Resident'.Reboot the computer.Step 2Run Hijackthis again, click scan, and Put a checkmark next to each of these items.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankO4 - HKLM\..\Run: [inrhcp3ej0el5r] C:\WINDOWS\Temp\.tt8.tmp.exe /CR=34015803198DE9F11EE8495C41DD2D883E1E027F8120EB71503F516FE44C0BB8F5665B5D8153A73E5CC303C477740097868844D9D6CA18E150E10C18EAC8D49D9868AF7651F1000094D93AC589C6CE1083B4C6O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00a... Read more

Read other 6 answers
RELEVANCY SCORE 76.8

HiI have lost my recycle bin and most of the programs in the start menu. If I try to search for a program, I get a message box saying that windows is installing and to insert cd rom. I have to click close a number of times before it actually closes. I have an acer laptop & have tried to use the start up discs I was prompted to create after the purchase but not having any luck. I do not have an original windows disc as it came pre loaded. If I have to re install windows(XP) how do I do that without the disc? Also, I am unable to get into the system restore menu and all that pops up is IE explorer task bar...ThanksJohnLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:51:09, on 22/08/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32... Read more

A:Antivirus Xp 2008

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 76.8

Hi

Laptop taken over by pop-ups and Antivirus XP 2008 keeps telling me I have loads of errors.

Please help - I have HJT - do I need to post a log

Thanks

Cacker
 

A:Antivirus XP 2008 - please help

Read other 11 answers
RELEVANCY SCORE 76.8

Hi everyone!
Just a quick reply to say thanks to everyone who post here. I has Antivirus 2008 insatall on one of my PCs so I knew what to do and came straight here for help. A quick search found the solution and all was fixed.
So thanks again and keep up the good work.

A:Antivirus 2008

Thanks for the kind words and you're welcome on behalf of the Bleeping Computer community.Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. Then use Disk Cleanup to remove all but the most recently created Restore Point.Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read: ? "Simple and easy ways to keep your computer safe".? "How did I get infected?, With steps so it does not happen again!". ? "Best Practices - Internet Safety for 2008".? "Hardening Windows Security - Part 1 & Part 2".? "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".? Avoid online gaming sites and peer-to-peer (P2P) or file sharing programs as they are a security risk which can make your system susceptible to a sm?rg?sbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans target and spread across P2P files sharing networks and gaming sites. In some in... Read more

Read other 1 answers
RELEVANCY SCORE 76.8

My desktop is infected with antivirus 2008. I had a friend try to manually uninstall it but he was unable to do so. I know the re are a number of sites that offer removal but I don't know which one to try. Unfortunately I can't get on the new with the infected computer. I did try to download a viruis removal tool from this site and saved it to a thumb drive but was unable to open it on the infected computer. I'm am not that proficient with computers so please try to keep it simple. Thanks in advance

A:antivirus 2008

Can you download anything from the internet?If you can, please do the following.Please follow the instructions in the link below for Malwarebytes, as posted by Quietman7, then post the log in your next reply.http://www.bleepingcomputer.com/forums/ind...t&p=1001350If you can't download anything onto that computer, please notify in your next post.

Read other 4 answers
RELEVANCY SCORE 76.8

Hello!

I was trying to watch something online when suddenly my computer background went blue and this Antivirus XP 2008 popped up and told me that I had over one thousand virus' infecting my PC.

First of all, I believed it but when I got onto the page where it said to pay with your credit card, I stopped and exited out. It was still on my computer and I attempted to uninstall it through Add/Remove Programs.

Unfortunately that didn't work and so I heightened my Norton Internet Security and started a complete scan of my computer using SUPER antispyware that was previously recommended to me.

After the complete scan, I quarantined my computer and then after that, it rebooted and when I logged in again, it was still the same. So I went onto a forum, and looked up what to do and downloaded Malwarebytes Anti Malware and started to scan my computer using that, whilst also using SUPER at the same time.

After quarantining using both complete scans, everything seems ok, but I'm still worried on whether or not my computer is free from it.

HELP ME PLEASE!
 

Read other answers