Over 1 million tech questions and answers.

worm detected

Q: worm detected

mcafee detected a worm on my computer. and just to be sure that it's really clean, i scanned it with hijackthis, but i'm not sure if there's any problem. would appreciate it if someone could point out to me if there's something not right. and i've been getting alot of these worms attack lately. what can i use to guard my computer against these attacks?

Logfile of HijackThis v1.99.1
Scan saved at 10:47:21 AM, on 1/25/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\S3apphk.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\eMule\emule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Documents and Settings\Administrator\My Documents\my folder\cleaners\HijackThis.exe
C:\Documents and Settings\Administrator\My Documents\my folder\applications\ewido-setup.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.drivershq.com/UserCatch.a....0.0&z-index=1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\lexbar.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\lexbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnce
O4 - HKLM\..\RunOnce: [mcagntps.dll] rundll32.exe advpack.dll,RegisterOCX c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...3/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...20/mcgdmgr.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{95C8879B-0E85-4B67-A953-50945932A3C9}: NameServer = 165.21.83.88 165.21.100.88
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\iVasion\WinPoET\WrOS.EXE

RELEVANCY SCORE 200
Preferred Solution: worm detected

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: worm detected

i ran ewidow too. this is the results. 14 infected and cleaned.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:53:02 AM, 1/25/2006
+ Report-Checksum: 8B7293B6

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\iVasion\WinPoET\WrDialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup


::Report End

Read other 17 answers
RELEVANCY SCORE 48

This is my first post so bear with me. My laptop would boot up, icons load and then shut down.

Took it to have repaired, they did a system restore and loaded a anti virus program.

I had to re-load Aol software. Now, when I got on computer this is the message I received.

threat detected filename/user/patrick/patrick.exe
threat name virus identified worm/vb.7.a
detected on open

Details:
process name c:/program files/common files/aol/1256342570/ee/aolsoftware.exe
process id 3644

Then I have to answer this question before I can shut down or anything.
move to vault
go to file
ignore

I am totally lost as to what this means and what I need to do next.

Please help!!!
 

A:Worm detected

Read other 9 answers
RELEVANCY SCORE 48

I just ran adware scan and it detected C:/win32.p2p-wormalcan.a reg key Ihave zonealarm running
thx

A:HJT worm detected

Please read and follow the five step process outlined in this post.

Then download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it back here. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

Read other 1 answers
RELEVANCY SCORE 47.6

Hi,

I ran a program called Hitman Pro and it detected the following:

C:\Documents and Settings\Our Computer\My Documents\Downloads\FlashPlayer_V.82511273c.exe
Size . . . . . . . : 573,160 bytes
Age . . . . . . . : 85.7 days (2013-04-22 16:57:35)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 64E8843A0B26E4DF8C014F39431733ABE90F1DD20E6EF104F1C88A426983135F
RSA Key Size . . . : 2048
Authenticode . . . : Valid
> Emsisoft . . . . . : Trojan.Win32.DomaIQ.AMN!A2
Fuzzy . . . . . . : 99.0

C:\Documents and Settings\Our Computer\My Documents\Downloads\winzip setup.exe
Size . . . . . . . : 990,872 bytes
Age . . . . . . . : 48.7 days (2013-05-29 18:42:25)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 7D459DF662DB375267E74BB420E6661A53490216C3E202B160EB505B81ED63D4
Version . . . . . : 1.0.0.0
RSA Key Size . . . : 2048

Here is my HiJack This log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:57:32 PM, on 7/23/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobil... Read more

A:Trojan and Worm Detected

I'm not sure if my post was seen. Posted on July 23rd. I read the "PLEASE BE PATIENT" disclaimer, but not sure if more time is needed. If so, just let me know.

Thank you,

Tim
 

Read other 1 answers
RELEVANCY SCORE 47.6

Hello, I have recently acquired a worm through a security hole that was downloaded by shareware (My Fault). This worm Disabled - Task Manager, "Run", Control Panel, "All Programs" on the start Menu, and most links on the right side of the Start menu. From my research, i conducted that this virus (or worm) is a very high danger. It acts like a key-logger, and displays the following message and other pop-ups -(Yellow Triangle with "!" Mark (Picture))Title - "Security Warning!"Message - Worm.Win32.Netbooster detected on your machine. This virus is distributed through the internet via the e-mail and Active-X objects. This worm has its own SMTP engine which means it gathers e-mail and re-distributes them. In worst cases... (Continued)Skipped a line - "Type" - "Virus"Skipped a line - "Security Risk" 5/5Etc. These and several other messages pop-up which lead to a rouge anti-virus known as WebAnti-virus 2008. I have tried scanning Trend, Spybot S&D, Malbyte's Anti-Malware, Kaspersky, and Nortorn, but they all do NOT detect it. This virus is manually controlled, up to an extent. When i try to download an anti-virus, or any other protection file, it starts bombarding me with pop-ups, slowing the speed dramatically. The same goes with scans. This might be programmed to do that, but it looks like someone is manually controlling it. Also, 3 new icons appeared on my computer labaled - "System Error Fixer... Read more

A:(Not Detected By HJ) Unremovable Worm

Hi ,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1:The logs will be created in this folder: C:\rsit

Note 2:The tool takes not more than one minute to scan the system.Tell me if you have run any other tool other than those you have mentioned.

Tell me about the current condition of your computer.

Read other 23 answers
RELEVANCY SCORE 47.6

please help.. AVG anti-virus has detected several viruses in my computer. it has been placed in the virus vault. But after this, I have been receiving a pop-up error everytime i open any application from my computer that says "The application or DLL C:\WINDOWS\system32\kernel32.sys is not a valid Windows image. Please check this against your installation diskette." what shall i do? please help...
 

A:Solved: worm detected

Read other 11 answers
RELEVANCY SCORE 47.6

Hi Guys

I ran a Malwarebytes scan and it detected Worm.autorun.

I have run allthe necessary scansandhopeyoucan assist me in cleaning up my pc.

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:20 PM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program ... Read more

A:Worm Detected Malwarebytes

Read other 8 answers
RELEVANCY SCORE 47.6

AVG detected a few trojans, couldn't heal them, but moved them to the vault
Trojan horse downloader.Dsfica.3.AK
Trojan horse downloader.Generic.DTH
Trojan horse backdoor.Generic3.REW (3 times)

AVG also popped up with this message,
C:\SYSTEM.SAV\MSMoney\MONEY\IE\AXA.CAB:\unaxa.exe
virus identified 1-worm/generic.APW
infected, embedded object
infected, archive

Pretty sure the files are harmless now that AVG moved them to the fault, but to double check here is the hijack log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:22 PM, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Craig .OFFICE\Desktop\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...1w4FlSX+sAMtg7
R1 - HKCU\Software\Microsoft\Internet... Read more

A:Trojan and worm detected...

Bump.

Read other 12 answers
RELEVANCY SCORE 47.6

My oldest son just graced me with the computer of his finance'. With lots of applications and the Windows 2000 Professional operating system, it would be great if it did not shut down soon after turning it on.

They bought a bundled computer at Costco and claim they never had any operating system discs.

Is there anything I can do to help mend this thing so that it will stay on and remain stable?
 

A:LSASS and no Worm Detected! Now What?

If you can stay on-line long enough, please do this. Click here:

http://www.sherrylynn.us/HijackThis.exe to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the log and advise.

If you're having trouble staying on-line long enough, probably due to a virus like Sasser, you can abort the shutdown by doing this:

To stop the computer from shutting down, go to Start - Run - and type in
"shutdown /a" (no quotes)
 

Read other 2 answers
RELEVANCY SCORE 47.6

I know i have downloaded an file from my email that i shouldnt have
i scanned with ewido and it found several worms and trojans and i got rid of them
here is a highjackthis log, i dont know if i got rid of everthing please let me know
thanks
Logfile of HijackThis v1.99.1
Scan saved at 1:32:44 PM, on 9/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\ALLTEL DSL Check-... Read more

A:Solved: worm detected

Read other 9 answers
RELEVANCY SCORE 46.8

http://antivirus.about.com/library/weekly/mcurrent.htm?pid=2827&cob=home angelize56
 

A:Maxima Screensaver worm-Detected 6-27-02

Cheers for that Marlene ! hope u r well ?
 

Read other 1 answers
RELEVANCY SCORE 46.8

I just found by looking at my autorun programs, I have one with a file name %1. I read on another forum "bleepingcomputer" that it's added by the W32/protorid-AD worm. I am wondering if anyone knows how to rid myself of this. I assume I must have the worm too!

I am running the latest versions of Avast and run SpyBot, and Malwarbytes every 3-4 days. (no "adult sites" viewed) lol

I have noticed one thing...Show processes fro all users in "task manager" sometimes takes 2-3 tries to show. That's the only thing I've noticed out of the ordinary.

Do I need to worry? How can I fix this?

Read other answers
RELEVANCY SCORE 46.8

My McAfee is driving me crazy, it keeps popping up saying "Potential Worm Activity Detected" and it says that emails are being sent out. It also keeps blocking a trojan but not getting rid of it. I've done a full system scan it could not recognize it, i also did spybot s&d, lavasoft ad-aware, the trend online scan and the multi_av scan. I don't know what's going on. I'll give you my hijackthis log. I would really appreciate if someone could help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:24, on 04/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Autodesk Shared\Ser... Read more

A:Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 46.8

I am getting this popup from myy McAfee virus scan multiple times a day. But when I run virus scan, nothing is found.

Potential Worm Activity Detected
The last few sent emails contain similar subject or body content
Email Subject - Susan 5982 - Clipboard
sent to [email protected]

I haven't sent any emails with that subject and I don't know anyone with that email address.

What should I do?

Thanks,
Susan

A:Help - Potential Worm Actvity Detected

It would appear you have a keylogger or similar which is emailing your keystrokes or a record of visited sites etc to this email address.
You need to immeadiately run the following scans and fix what they find and then post a hijackthis log on the hijackthis log board.Moderators please move this to hijackthis log board


Please download
Mcafee stinger multivirus removal tool
Install and run

Spybot search and destroy
Ad aware personal form Lavasoft
Install, update,run, check for problems , fix problems.
A Squared trojan remover
Download, install, update, scan and fix.

Read other 15 answers
RELEVANCY SCORE 46.8

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:Potential Worm Activity Detected!... Please Help.

Closing duplicate thread, please continue here: http://forums.techguy.org/security/578825-my-mcafee-keeps-popping-up.html#post4766708
 

Read other 1 answers
RELEVANCY SCORE 46.8

Hi, strange emails are being sent from my computer to random email addresses with subjects advertising prescription drugs and I keep receiving alerts from McAfee saying Potential Worm Activity Detected. I ran Hijack This and have posted my log below. Any help on what to do to stop these emails would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:32:56, on 21/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spmsg2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmew... Read more

A:Potential Worm Activity Detected

If anyone could check my hijack that log I would really appreciate it.
Thanks
 

Read other 1 answers
RELEVANCY SCORE 46.8

Here is what happens:I turn on the computer (my brothers) everything is fine- shows Welcome screen. Before anything (icons or desktop) shows a pop-up appears that says the following:Spyware Alert - Security Warning - Worm.Win32.Netsky detected on your machine. This virus is distributed via the internet through email and active-x objects. The worm has its own SMTP engine which means it gathers emails from local computer and redistributes itself. In worst cases the worm can allow attaches to access your computer, stealing passwords, and personal data. Viruses can damage your confidential data and work on your computer. Continue working in unprotected mod is very dangerous.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VISTA, 7security risk: 5recommendations: It is necessary to perform full system scan.Only after i click "ok" or close the popup will the desktop, icons, and programs load.As the programs are loading during startup - Window Security Center Opens, also some AntivirusLive performing some sort of "scan"I was going to try to start this method:http://www.bleepingcomputer.com/forums/ind...3&hl=netskyI downloaded the programs on my computer (this one) saved the programs on a flash drive, then moved them to the infected computers desktop but when i tried to open the ATF Cleaner a pop-up says:Application cannot be executed. The file atf_cleaner.exe is infected. Do you want to activate the antivirus software now?Started it on safe mode to try t... Read more

A:Worm.Win32.Netsky detected

well im still here if anyone is interested in helping...

Read other 1 answers
RELEVANCY SCORE 46.8

How do I get rid of this message - can't send email at all
 

A:Possible worm activity detected with McAfee

Hi huff0623

Welcome to Tech Support Guy Forums!

Does McAfee point to an email message containing the worm?

If so, have you tried deleting the message?

Run an online antivirus check from at least one and preferably 2 of the following sites
http://housecall.trendmicro.com/
http://www.pandasoftware.com/activescan/
http://security.symantec.com/default.asp?
http://www.ravantivirus.com/scan/
Allow them to clean/delete any spyware/malware or viruses/trojans they may find.

If you do not already have these programs,
Download:
Ad-Aware SE 1.05
Spybot-S&D (ver. 1.3)

Install Ad-Aware SE and Spybot-S&D and check each of them in turn for updates.

For Ad-Aware SE click on Full System Scan and deselect Search for negligible risk entries.
Let Ad-Aware SE remove what it finds.
Run Spybot-S&D and have it fix what it finds marked in Red.

After running your online virus scans and running Ad-Aware SE and Spybot S&D,
close all programs and reboot to complete the removal process.

If you are still receiving this message and are unable to send emails, try turning off email scanning in your Anti-virus program and check your firewall to make sure it is allowing your messaging program access to the internet.

Let us know what happens.
 

Read other 2 answers
RELEVANCY SCORE 46.8

Last evening, with my machine performing nicely without any problem, whilst out prowling the Net I did a 'drive-by' scan using ewido anti-spyware 4.0 micro scan, which I have never used before. Much to my surprise (I keep all security tools & XP religiously updated and used) the ewido scan found the topic title worm and reported the path as:C:\Program Files\Fast Defrag Freeware\close.comI recognized this rather useless little RAM examiner and defrager program straight away. I had installed it long ago from one of the PC magazine offerings, but had rarely used it. I might add I do not just willy-nilly, cross my fingers, install, and hope for the best outcome. I ran two a/v scanners over the program before I installed and I would have done the same with the CD which delivered the worm before I would have opened the CD. And of course the PC magazine, per normal, assured they too had scanned the content of the CD and deemed it free of bugs. Yeah right! So it looks like this little bazza - close.com - was sitting there awaiting something to slip through my firewall and kick it into action.Rather than have ewido take care of the problem straight away, being brave, I opted to examine a bit further, which has been known to get me into trouble. I determined Worm.Warezov.fh was, as you know, a mass mailing worm. I decided to uninstall Fast Defrag Freeware and did. I re-ran the aforementioned ewido scanner and it revealed a related C:\System Volume I... Read more

A:Worm.warezov.fh Detected & Removed

Welcome Globe Roamer Jeff First i need you to do the following please: Go here:http://virusscan.jotti.org/ Using the 'Browse' button,browse to:C:\WINDOWS\system32\taskmgr.exeThen press the 'Submit' button.Wait while the file is scanned.Post the results into your next reply please.If Jotti's too busy,try here:Go here: http://www.virustotal.com/en/virustotalf.htmlUsing the 'Browse' button,browse to:C:\WINDOWS\system32\taskmgr.exeThen click on 'Send'.Post the results into your next reply please.

Read other 12 answers
RELEVANCY SCORE 46.8

I just received a popup from Windows saying that I had a MSIL/Necast.D worm and I downloaded Windows Security, however it didn't detect it. I ran screen317's check and this is what came up in the log.  Results of screen317's Security Check version 0.99.67   Windows Vista Service Pack 1 x64 (UAC is enabled)   Out of date service pack!! Internet Explorer 7 Out of date!``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!  Microsoft Security Essentials    Antivirus up to date!  `````````Anti-malware/Other Utilities Check:````````` Java™ 6 Update 12   Java version out of Date! Adobe Flash Player     11.7.700.224   Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (21.0)````````Process Check: objlist.exe by Laurent````````   Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Windows Defender MSASCui.exe Windows Defender MSASCui.exe   `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 %````````````````````End of Log`````````````````````` 

 

A:MSIL/Necast.D worm detected?

This is the Fabar Service Scanner report log....
 
Farbar Service Scanner Version: 16-06-2013
Ran by CHEF (administrator) on 20-06-2013 at 15:09:41
Running from "C:\Users\CHEF\Downloads"
Windows Vista ™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\... Read more

Read other 19 answers
RELEVANCY SCORE 46.8

Please help me. I'm running Windows XP, and McAfee VirusScan. My system won't stop sending emails

"Potential Worm Activity Detected! The last few sent emails contained similar subject or body content."

I'm given three options

1. Stop this e-mail
2. Find out more information
3. Continue what I was doing

No matter which option I choose, a similar message will subsequently appear. I can't seem to get out of this endless loop.

I ran AVG antivirus, and cleaned detected infections. but it has not solved the problem.
I then have Norton antivirus installed on the system. But similar messages of email being sent keep popping up. Please help as I am in a desparate situation.

The following is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:19 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
... Read more

Read other answers
RELEVANCY SCORE 46.8

I've seen several other members experience the same problem, where McAfee keeps telling me that "Potential Worm Activity Detected!". It goes on to say "The last few sent e-mails contained similar subject or body content." and the subjects are random, as well as the emails they are sent to. Here is a copy of my HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:21 AM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mc... Read more

A:potential worm activity detected

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

Read other 1 answers
RELEVANCY SCORE 46.8

Now that I have the "SWEN" worm... what do I do? YES, I know... all common sense was lost for a brief second as I opened that damn e-mail! I did the HouseCall scan... do I click delete while the detected worm file is highlighted? Thanks!
 

A:[Resolved] SWEN worm detected... Now what

Read other 13 answers
RELEVANCY SCORE 46.8

my desktop changed and it had a warning saying I have been infected. Also, I couldn't start Task Manager. One or several popups started telling me to download removal tools. I did not trust these and didn't download anything. I updated my windows defender and ran scans. It did detect and removed different stuff with name variations of the one above. Still my desktop had the warning and I couldn't change the desktop image. I installed Microsoft Security Essentials and ran. Again it detected and remove same virus mentioned above but desktop remained the same.

I searched online what to do if I can't change desktop and start Task Manager. Online I found instructions how to go into Regedit and delete in Policy so I can now change desktop picture and start Task Manager.

But I still get popups windows with add. I get these in Chrome and in Explorer. Problem originally started when I was browsing in Chrome.

My ISP provide a free Anti-Virus program so I downloaded that and ran it. My ISP is cbeyond and the anti-virus program is called F-secure. After running all scans several time problem still persist. Popups keep coming. Just a minute a go I was prompted to fill an online survey for BleepingComputer. It looked legit so I filled it out in an effort to give something back to this site that I hope will help me solve this. After I filled it out it offered me some products and I realized it was the virus again.

It seems the Anti-Virus program is not able to remove ... Read more

A:Worm:Win32/Emold.U detected

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log. You will also be instructed to create a Root Repeal LogWhen you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.The HJT team is very busy and it will take awhile to get to your postPlease be patient and good luck

Read other 2 answers
RELEVANCY SCORE 46.8

When I am trying to e-mail individual pictures - the e-mail in Outlook Express in the "sent" folder keeps staying in there and my computer keeps trying to send it. Then a pop-up from McAfee comes on saying:

"Potential Worm Activity Detected! The last few sent e-mails contained similar subject or body content. Then it gives the E-mail Subject and then it says I want to......
Stop this e-mail
Find out more information
or Continue what I was doing."

Even though I am just sending it to one person, not multiple addressess - that box comes up.

What is causing this and how do I correct this problem? I've never had this problem in the past. When I send pictures as "attachments" this does not happen. The only time this happens is when I try to send an e-mail with the pictures being shown in the message.
 

A:Potential Worm Activity Detected ?

Download hijackthis and do a scan then copy and post the log here for someone to analize. as well do a scan here. .
 

Read other 3 answers
RELEVANCY SCORE 46.4

Often on my computer McAfee pops up an alert saying that "5 e-mails have been sent within the last 30 seconds. This condition might indicate a worm is attempting to send e-mail." I ran a virus scan and spyware scans but they didnt turn anything up.

These emails are being sent to addresses i have never seen before and the email subject is always something "sexually-explicit"

I'm pretty sure the problem is similar to this one

Here is the HJT log i just ran...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:28:53 PM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DO... Read more

A:McAfee: Potential Worm Activity Detected

Bump, any help is appreciated!!
 

Read other 3 answers
RELEVANCY SCORE 46.4

Hi i realy need help my sony vaio laptop keeps coming up with messages saying its been effected by worm.win32.net booster. and ever time i log in to my computer three programs are on the desktop, ive never seen them before. could someone please help me

ps computer is an xp

A:Please Help My Laptops Detected Worm.win32.net Booster

Run a full system scan with Malwarebytes' Anti-Malware in Normal Mode (Instructions).

Read other 2 answers
RELEVANCY SCORE 46.4

Hello new to this forum

I recently just upgraded my Dell Inspiron E 1705 from XP to Windows 7.
When I'm searching for something on google it would send me to a random website or say that the website may contain a virus or unprotected etc.

after i restarted the computer and turned it back on, I come to this problem of only seeing my cursor on my desktop with a black black screen and could not do anything except Ctrl+Alt Delete to see my task manager and shut down. I tried restarting over and over hoping it would just go away. I am now using my work company to write this message and find a solution. I tried reinstalling my Kaspersky onto my computer after i upgraded to Windows 7 and it says I have a risk on my computer but I never could get my Kaspersky to fix the problem.

During a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. So I x'd out the warning and the computer just showed a blank black screen with just my mouse cursor.
This is where I looked online on my work computer to see if i could find a solution and found this tech support forum on google and saw someone had the same PROBLEM as me.

Only way i was able to get online from my computer is if i signed on in Safe Mode. I would appreciate the help you could give me. I am a wreck without my personal laptop at home and will go crazy. ANY help will be very appreciative. Hope you had a HAPPY NEW YEAR and HOLIDAY!!... Read more

A:Worm.Win32.NetSky detected on your machine

I suggest that you proceed to to our Security Center, Virus/Trojan/Spyware Help Forum, to have your system reviewed by a Security Analyst. Please be sure to follow THESE STEPS carefully before posting your logs in the Security Forum.

Please be patient as the Security Analysts are very busy and one will get to you as soon as possible.

Regards. . .

jcgriff2

.

Read other 1 answers
RELEVANCY SCORE 46.4

i woke uo this morning and found this was happening, i was getting pop ups saying i have this virus on my pc and now im upset, lol,

i looked at a few dif places, but all i could get was to d/l some HiJack This thing, so i did that and here is the log that i got


Deckard's System Scanner v20071014.68
Run by Administrator on 2007-11-22 11:37:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
54: 2007-11-22 01:07:57 UTC - RP68 - Deckard's System Scanner Restore Point
53: 2007-11-22 00:32:52 UTC - RP67 - Installed Symantec Technical Support Web Controls
52: 2007-11-21 03:11:54 UTC - RP66 - Printer Driver Sonic PDF Installed
51: 2007-11-20 05:55:43 UTC - RP65 - System Checkpoint
50: 2007-11-19 05:54:33 UTC - RP64 - System Checkpoint
-- First Restore Point --
1: 2007-10-18 11:03:47 UTC - RP15 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).
System Drive C: has 1.43 GiB (less than 15%) free.
-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:10 AM, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSI... Read more

A:worm.win32.skynet virus detected

Hi and welcome to TSG,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

Read other 3 answers
RELEVANCY SCORE 46.4

Been having constant pop ups of various "infected" statements. I run Sophos Anti Virus which is really good but seems these have slipped through. I run adaware every now and then as well. Being a little tech savy i tried the normal things i have done in the past. I have followed the thread about what to do in these circumstances and done the 5 steps.

Below is the log after dss.exe

Not sure what else i can do as i know these things are present. The online Pandasoftware search found several issues but was only able to fix one.


Deckard's System Scanner v20071014.68
Run by Brett on 2007-12-20 17:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
72: 2007-12-20 07:24:57 UTC - RP675 - Deckard's System Scanner Restore Point
71: 2007-12-20 02:16:36 UTC - RP674 - System Checkpoint
70: 2007-12-17 05:05:29 UTC - RP673 - Installed Sophos Anti-Virus
69: 2007-12-17 05:03:13 UTC - RP672 - Removed Sophos Anti-Virus
68: 2007-12-13 14:08:06 UTC - RP671 - System Checkpoint


-- First Restore Point --
1: 2007-10-02 09:34:52 UTC - RP604 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis Clone --------------------------... Read more

A:Constant pop ups - Windows has Detected... worm.w32.netsky....

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

--------------------------------------------------------------------------------------------- Download this file - http://download.bleepingcomputer.com...a/ComboFix.exe

* IMPORTANT !!! Place combofix.exe on your Desktop


Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Go to -> Run -> paste in the following single line command & click OK

"%userprofile%\desktop\combofix.exe" /killall


Follow the prompts. Type "1" and press Enter to begin the scan.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is no... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

Hello new to this forum

Recently purchased a new HP labtop and have recently encountered a pretty big problem

it started when computer seemed to be running fairly slow especially for a brand new computer. then internet google searches started taking me to random websites only allowing me to go to websites by directly putting the link in the address bar. i have an norton free trial for a couple months but received a McAfee antivirus as a gift so uninstalled Norton and installed McaFee. Well i had a problem once McAfee was installed i thought it was weird that it did not ask me for the Product Key that came with the CD and could find nowhere that allowed me to enter it. So tried to uninstall and reinstall and during this process during a restart of the computer i received a message telling me Worm.Win32.NetSky detected on your machine and suggested do a full system scan. so clicked ok on the warning and the computer just showed a blank black screen with windows popping up telling me a couple programs have stopped working. this is where my story ends i am stuck here and if i can get some help to resolve this problem it would be greatly appreciated thank you

Thank You

Read other answers
RELEVANCY SCORE 46.4

Hello, I m new on this forum and as you can see instantly I have a problem sad.gif Yesterday I started getting pop-ups which said this:Worm.Win32.NetSky detected on your machine. This virus is distributed via the Internt through e-mail and Active-X objects. The worm has its own SMTP engin which means it gathers e-mails from your local computer and re-distributes itself. In worst case this worm can allow attackers to access your computer, stealing passwords and personal data.This process should be removed from your system.Type: VirusSystem Affected: Windows 2000, NT, ME, XP, VistaSecurity Risk (0-5): 5Recomendations: Click Yes to remove it from your PC immediatelyand thisWindows has detected an Internet attack attempt...Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacts, hijacking attempts and spyware! Click to download spyware remover for total protectionAlso my task manager was blocked and I had to do the followingClick on Start, Run and type the following command exactly and press EnterREG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /fWindows XP is my OS and I m using Zone Alarm Pro.This is my HijackThis LogLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:00:40, on 22.2.2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning proc... Read more

A:Worm.win32.netsky Detected On Your Machine

Problem solved with Rogue Remover and HijackThis!

Read other 2 answers
RELEVANCY SCORE 46.4

I have Mcafee Internet Security 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 2 emails have been sent within the last 25 seconds. This condition might indicate a worm/virus is attempting to send email. The email subject varies from "about your health", "Your health, your care", to viagra messages. I use outlook and it is not open. I have run McAfee virus scan, CA-etrust online virus, and downloaded AVG virus software to identify this virus. But have not been able to identify it or fix it.

Windows xp professional sp2. I would appreciate any help you can offer.
I've pasted my HI Jack log below.

Logfile of HijackThis v1.99.1
Scan saved at 7:10:35 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Gri... Read more

A:Solved: Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 46.4

I use windows XP and having problem to load Firefox or Opera. Someone also manage to penetrate my Egold account and steal my money Scan with Karspersky reveal Worm & Trojan below and they are all deleted. But I still can't access Firefox or Opera. I'm alo not sure whether it is safe now to access some site with password. Pls check my HT log & advice on what should I do to eliminate all threat on my PC. Thanks.Protection----------Total scanned: 8891Detected: 12Untreated: 0Start time: 3/9/2007 9:27:17 PMDuration: 00:26:35Detected--------Status Object------ ------deleted: virus Worm.Win32.AutoIt.c File: c:\windows\system32\rvhost.exe/PE_Patch.UPX/UPX/script.au3deleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP109\A0129150.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.om File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP109\A0129178.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.om File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP112\A0129821.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-AD76-035663AFE8F5}\RP113\A0129933.0LLdeleted: Trojan program Trojan-Spy.Win32.Goldun.ow File: C:\System Volume Information\_restore{64B6130F-E872-42E5-A... Read more

A:Worm & Trojan Detected By Karspersky & Deleted

Welcome Nickkin Download ATF Cleaner by Atribune:http://www.atribune.org/ccount/click.php?id=1Double-click ATF-Cleaner.exe to run the program.Click 'Select All' found at the bottom of the list.Click the 'Empty Selected' button.If you use Firefox browser, do this also:Click Firefox at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.If you use Opera browser,do this also:Click Opera at the top and choose 'Select All' from the list.Click the 'Empty Selected' button.NOTE: If you would like to keep your saved passwords,please click 'No' at the prompt.Click 'Exit' on the Main menu to close the program.*******************************Download Killbox by Option^Explicit:http://www.killbox.net/downloads/KillBox.exeSave it to your desktop.Please double-click Killbox.exe to run it.Select: 'Delete on Reboot'. Then Click on the 'All Files' button.Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):C:\WINDOWS\SYSTEM32\flwzx.dllC:\WINDOWS\System32\msindeo.dllReturn to Killbox,go to the File menu,and choose 'Paste from Clipboard'.Click the red-and-white Delete File button. Click 'Yes' at the 'Delete on Reboot' prompt. Click OK at any 'PendingFileRenameOperations' prompt.If your computer does not restart automatically,please restart it manually.... Read more

Read other 7 answers
RELEVANCY SCORE 46.4

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by RicardoBurton at 17:48:02.19 on Mon 01/04/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.556 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\RicardoBurton\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = *.local
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US ... Read more

A:Worm.Win32.NetSky detected on your machine

Hi,

Please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ..... Read more

Read other 6 answers
RELEVANCY SCORE 46.4

My pc has been acting a bit odd for a few months. This has included icons requiring multiple depresses to open, hard drive capacity barely increasing after removing programs, and deleting files. There are also the occasional screen freezes. A scan with Malwarebytes ver. 1.44 detected "Malware.Trace, Trojan.Vundo, and Worm.Kolab" in "Category: Registry Key." Any assistance in removing these "offenders," would be appreciated.
I have provided my Attach and ark zipped files as requested.

Here is my DDS.txt Log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Lil Momma at 20:15:42.64 on Wed 01/13/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.307 [GMT -5:00]

AV: avast! antivirus 4.8.1368 [VPS 100113-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.ex... Read more

A:Malware, Trojan, and Worm Detected via Malwarebytes

BUMP, please.

Read other 1 answers
RELEVANCY SCORE 46.4

Hi can someone help me with this thing its been slowing down my computer all the time and doesn't allow me to go to anti-virus sites the spambots are kept on being added in my temp folder coming back with different names starting with win
and sometimes with different names its been deleted by malwarebytes but keeps coming back with different names.Please somebody help! This is my malwarebytes log:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

3/4/2010 12:38:01 AM
mbam-log-2010-03-04 (00-38-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 213486
Time elapsed: 3 hour(s), 50 minute(s), 54 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\mmybgv.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winrtclhp.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winhublqr.exe (Worm.Spambot) -> Unloaded process successfully.
C:\Documents and Settings\Atty. Riz Simbillo\Local Settings\Temp\winsmyjkh.exe (Worm.Spambot) -&... Read more

A:annoying worm.spambot detected by malwarebytes

Hello Your Malwarebytes' is OUTDATED.Your scan shows database version 3510. This morning, the latest database version was 3824.By the time you read this and update, there may be an even newer version.Sometimes there are Malwarebytes' updates TWICE in one day.Update your Malwarebytes' and scan again.You can also run ATF Cleaner:http://www.atribune.org/index.php?option=c...5&Itemid=25Instructions included at website.Then post your new scan results for an official staff member to help you with.Copy/paste the entire contents of the scan results log into your next reply,and advise what, if any, symptoms you are still experiencing.

Read other 22 answers
RELEVANCY SCORE 46

Here goes......i recently installed Norton Antivrus 05 and it worked totally flawless for a few days and it still is, technically. The problem is that i get about 10-15 security alerts windows stating "Internet worm detected a remote system. It is the same location every time : C:/windows/system32/svchost.exe. Microsoft generic host proccess for Win 32 services. The address is comes from and the remote port change but are frequently the same. I have the option to permit or block. I've done both but it keeps coming back. Please Help ----Geoff----
 

Read other answers
RELEVANCY SCORE 46

A few days ago, my computer suddenly slower when browsing internet, so I check the tasks manager and found that my cpu performance always hit the peak although I used the same applications which I always use. So, I used Malwarebyte's Antimalware and detected a worm called Worm.Autorun which then I already eliminated it. However, it doesn't seem better, and I think that I may get virus, worm, or trojan from my friend's usb drive which my anti-virus Panda couldn't find. So, I created the accout here and really need some help from specialist. Another problem is I can't save the GMER log. When I run GMER, it took about 6 and 12 hours to run, and then when I tried to save the log, it got "Not respond" for a few hours (as I waited) and then blue screen appeared. Please help.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dell at 22:55:30.26 on Sat 02/20/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.1014.177 [GMT 7:00]AV: Panda Endpoint Protection *On-access scanning enabled* (Updated) {3503ACDE-020C-4FD4-BD8E-D011C03E7677}FW: Panda Endpoint Protection Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Panda Security\WAC\pavFnSvr.exeC:\Program Files\Panda Security\WAC\pavsrv51.exeC:\Program Files&... Read more

A:Obviously immediate slow computer a few days ago and detected a worm from Malwarebyte's

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please add the log for the rootkit scanner GmerPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER ... Read more

Read other 31 answers
RELEVANCY SCORE 46

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:My McAfee keeps popping up with Potential Worm Activity Detected! Please help

hi, welcome to TSG.


Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-... Read more

Read other 3 answers
RELEVANCY SCORE 46

I get Symantec Endpoint Protection notifications saying "[SID: 23621] HTTP Tidserve Request detected" and occasionally (such as on booting) a notice that communication with a certain website (which traces to an apparently well-known server in Russia) is blocked for the next two hours or so. My Google searches are often (but not always) hijacked and redirected to random odd sites. I used System Restore to reset to a point in May that I am pretty sure pre-dates the first hint of infection, but the problem is only getting worse. Occasionally now a window opens all by itself and shows a strange search-like website with some oddball "result" of a search I had done minutes earlier on Google. Sometimes I can close these windows, but other times they will crash IE when I try to force them to close.Thanks for any help!DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 2:04:51.32 on Wed 07/21/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.177 [GMT -4:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLau... Read more

A:Tidserve request detected; search hijacker worm

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you.You are infected with a rootkit . Let's see what we can do.Disable Realtime ProtectionAntimalware programs can interfere with ComboFix and other tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.Download and Run ComboFixDownload Combofix by sUBs from any of the links below, and save it to your desktop. If you have already run ComboFix, delete your old copy and download a new one.Link 1, Link 2, Link 3 Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.If you did not have it installed, you will see the prompt below. Choose YES.When the Recovery Console has been installed, you will see the prompt below. Choose YES.When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.Download and Run Scan with GMERWe will use GMER to scan for rootkits.Please download G... Read more

Read other 16 answers
RELEVANCY SCORE 46

My computer noted that i was infected with worm.win32.NetSky. I continually get a pop-up that says "Windows has detected an Internet attack attempt..." Upon closing it, it launches Internet Explorer with a website such as udefender or pcsecuresystem. Also, my background changed to a red and black image saying that my privacy is in danger. I loaded spyware doctor and it continues to give me pop ups saying "Spyware Doctor blocked an application regsvr32.exe attempting to access a file. Path c:\windows\popnetdpt.dll Threat adware.agent.bn
The following is my Hijack this log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:05 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice... Read more

A:worm.win32.netsky detected. Hijack this log included.

Read other 15 answers
RELEVANCY SCORE 46

Hi, everytime I start my computer, this is the message I get from my AVG:\device\harddiskvolume1\autorun.infVirus found Worm/autorun detected on openprocess name C:\windows\Explorer.EXEProcess ID: 2444I proceed to click "Move to vault", but upon restart my computer, it comes back. here's the DDS logs. I tried to use gmer, but it kept crashing my computer (Win XP). Thanks in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Steve at 11:44:07.42 on Sun 08/29/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1199 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
google_ad_client = "ca-pub-3249370012249755";
/* Forums - Bottom */
google_ad_slot = "5165859604";
google_ad_width = 980;
google_ad_height = 120;
//9============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsc:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\agrsmsvc.exeC:\P... Read more

A:Virus found Worm/autorun detected on open

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 18 answers
RELEVANCY SCORE 45.6

Hi,

I.E shows message-gods must be creazy!!!! and worm.IM.Sohanad detected on running the Spyware Doctor .On trying to repair this through spyware doctor,it shows that it is removed,but on scanning again after re booting the system it is still getting detected.My system is too slow as well.

Moreover, my I.E. window always shows "gods must be creazy!!!! " no matter what website i try to open.
Operating system-WINDOWS XP,

Please help

Thanks,
Neha
 

Read other answers
RELEVANCY SCORE 41.2

I did a scan using NoAdware v4.0 (Unregistered version) and detected the following:

“ Backdoor.GWGhoHKEY_LOCAL_MACHINE\Software\MicRegValue “ and:
“ Worm that trys to spread itself and allows unauthorized access to your PC.“

I tried to locate this with RegEdit and didn't find it (no surprise there as I'm rather a novice at this) and with RegCleaner.

Here's the current log:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:21 AM, on 10/4/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\DJSNETCN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\SPYWARE BLOCKER\SPYWAREBLOCKER.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
C:\PROGRAM FILES\CALLWAVE\IAM.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\WINDOWS\SYSTE... Read more

A:Solved: Solved: NoAdware detected a worm NAV2005 missed

Read other 15 answers
RELEVANCY SCORE 36

I have just removed the blackmal worm from my Vaio laptop using Symantec's worm removal tool but can't reinstall / repair Norton AntiVirus as it came with my Vaio system software and I would have to do a complete wipe-and-reinstall of my hard drive to get it back on again. So I downloaded Anti-Vir which verifies that my system is now virus free but it is still running so SLOWLY that I can't do anything. Menus, taskbar, explorer, loading programs, everything takes 5-10 minutes just to pop up or start. Can I undo this damage ostensibly done by the worm without doing a complete system reinstall ?
Only one other dumb thing I did was try to run the Norton Rescue disks using floppies made on another PC running Win 98 - when I booted with floppy 1 it warned that the disks were made for another PC and could do damage to my files but I ignored the message and continued as I was so desperate (rescue disks didn't work anyway as they didn't have currentvirus definitions).
Any suggestions?
 

A:blackmal worm cleanup (kama sumtra worm, killAV.GR)

Hi, Most systems that use the Recovery type of CD also have a way to reinstall individual programs....are you absolutely sure yours does not have a way to reinstall one selected program?

Post the exact model of the PC please and I will check on some things.

Using two active antivirus programs can cause slowness and other performance problems, can you turn off one of the programs from starting when the computer does?

With Norton programs, a reinstall may not take place if it sees another installed antivirus program> when and if a reinstall can take place, you will need to disable Antivir or, uninstall it, to allow the Norton install.

Personally, I think I would just remove Norton using their removal tool> I have seen some systems completely crash though in just about your same situation, and a full recovery was needed. (The kind where you lose all files, and are back to factory settings).
Are there any files you must keep....I'm not talking music, I mean documents or personal files that you cannot replace? If so, I would consider backing them up somehow before you proceed any further. Since you have a laptop, it would be difficult to take your hard drive to another computer and simply copy files....
If there is nothing important on the system, and you do have a way to do a full recovery, you could try the Norton removal tool that assists when the program is damaged, it removes everything from the Norton Internet Security suite or a standalone version....but we... Read more

Read other 3 answers