Over 1 million tech questions and answers.

Military Clock Virus Alert Trojan.agent

Q: Military Clock Virus Alert Trojan.agent

Hello, I was referred to post my problem here with a HJT log. I clicked on a file that changed my background and changed my clock to military time and it said "VIRUS ALERT" next to it. I followed the directions given to me by one of the moderators in the "Am I infected" forum. The clock is back to normal and it does not say virus alert anymore. However when I try to boot in regular mode, it usually just freezes at the desktop screen. I have run Malwarebytes, Superspy Search and destroy, installed zone alarms firewall, and avg antivirus. The Malwarebytes results with the same 4-6 infected files everytime I scan now. I will post that log along with the HiJackThis log. I appreciate any help I can get.Malwarebytes' Anti-Malware 1.28Database version: 1227Windows 5.1.2600 Service Pack 210/5/2008 4:32:12 PMmbam-log-2008-10-05 (16-32-12).txtScan type: Quick ScanObjects scanned: 54066Time elapsed: 5 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 2Registry Values Infected: 0Registry Data Items Infected: 2Folders Infected: 0Files Infected: 2Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:14:08 PM, on 10/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\system32\wuauclt.exeC:\PROGRA~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wscntfy.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeopleR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)N3 - Netscape 7: # Mozilla User Preferences// This is a generated file!user_pref("browser.bookmarks.added_static_root", true);user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");user_pref("browser.startup.homepage_override.mstone", "rv:1.0.2");user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1");user_pref("prefs.converted-to-utf8", true);user_pref("timebomb.first_launch_time", "1105683589187000");user_pref("update_notifications.provider.0.last_checked", 1106661511);user_pref("browser.helperApps.neverAsk.openFile", "application%2Fx-java-jnlp-file"); (C:\Documents and Settings\DEVANG\Application Data\Mozilla\Profiles\default\egvww1iv.slt\prefs.js)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: (no name) - {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - (no file)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exeO4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exeO4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXEO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKCU\..\Run: [Sonic RecordNow!] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Devang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTMLO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exeO16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CABO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dllO20 - AppInit_DLLs: avgrsstx.dllO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeO23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exeO23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exeO23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exeO23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exeO24 - Desktop Component 0: (no name) - http://img24.exs.cx/img24/1442/kristinkreuktbp027qp.jpg--End of file - 11854 bytesI have Windows XP Home Edition SP2. Another thing is that at certain times I am unable to access this website and any other website used for computer security. Right now it works, later it probably won't.Thanks again.

RELEVANCY SCORE 200
Preferred Solution: Military Clock Virus Alert Trojan.agent

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Military Clock Virus Alert Trojan.agent

Hello, dd198608. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.One or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.Billy3

Read other 10 answers
RELEVANCY SCORE 104

clock is in militaryie: 20:39: virus alert!can't use task manager, tried regedit, says disabled by adminitrator. I am the administrator. Went through all of the stuff on the "new" page. it's better, but not 100%. Somehow got the following programs-error cleaner, privacy protector, spyware&malware protection. All programs does not show on my start menu and my hard drive does not show in "my computer". HELP!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:36: VIRUS ALERT!, on 9/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:�... Read more

A:Can't Use Explorer-says Error And Must Close. Clock Says Time In Military And Virus Alert!

virus scan ran and found and quarantined the following trojansvundo, puper, generic.dx, ad clicker-fc, generic downloader.x, unwanted programs: generic pup.x (cannot be completely removed) and advanced cleaner (removed)This is the new logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:15: VIRUS ALERT!, on 9/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\McAfee\MBK\MBackMonitor.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeC:\Program Files\McAfee\MPF\MPFSrv.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\WINDOWS\system32&... Read more

Read other 15 answers
RELEVANCY SCORE 80.4

I opened a file I obviously should not have. The background turned red and stated "This Computer is Infected." The clock went military and next to that it says "VIRUS ALERT." All my drives are missing and the start menu only has a few options. I was able to run an anti-spy I had on my computer but it did not work and I had to reboot. After rebooting, the computer loads to the desktop at which point the mouse will be free to move for a few minutes and then the computer freezes. I tried to run the computer in safe mode but it will not go into safe mode. I read about the malware removal but since I can not do anything when the computer loads I was wondering if there was some other option.

I have Windows XP Home Edition SP2.

Thanks in advance for any helpp.

A:Military Time Virus Alert

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 11 answers
RELEVANCY SCORE 80.4

in the time slot it says virus alert and my background has a red wallpaper and says virus security or somthin and a popup for a windows security keeps come on my screen wanting me to download...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:53: VIRUS ALERT!, on 8/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\Sy... Read more

A:Virus Alert! Military Time

Hello ukkentucky,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 79.6

I'm new here and I'm trying ot get some help to this problem. A few days ago, my computer went haywire! My bf told me that the computer was invaded by a virus and I got Symantec messages about sending emails rapidly, and pop ups about a spyware killer. I ran the SmitfraudFix and I couldn't get my registry scanned during that process. I ran AVG and then the pop ups and email notices stopped. However, I still have this lingering effect, I think. Any thoughts??Here are my DSS results...Deckard's System Scanner v20071014.68Run by Owner on 2008-06-15 23:21:16Computer is in Normal Mode.--------------------------------------------------------------------------------System Drive C: has 12.26 GiB (less than 15%) free.-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:22: VIRUS ALERT!, on 6/15/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\PROGRA~1\COMMON~1\Stardock\SDMCP... Read more

A:Virus Alert!, Military Time In Taskbar

Hello Kiwimika and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 2 answers
RELEVANCY SCORE 78.8

Hi,

This is my first post here, and my computer appears to be infected.

The Symptoms:
-- The desktop has "disappeared" and is replaced by a blank blue screen. The icons on the desktop are all gone.
-- There is no "bar" at the bottom: no start button, no task bar, no clock, no indications of open programs. i.e., the entire screen is blue.

-- However, the situation is different right after I start-up.
-- At first, I see all my programs. Sometimes I see the task bar and start button, clock, etc., sometimes not.
-- But something is wrong even then. The computer is slow. And I know desktop will not last long. Sometimes if I am quick I can double click on a desktop icon before the desktop disappears.
-- Sometimes there is a "transition" period. For a few seconds I'll see the desktop, then for a few it will go "all blue".
-- When it is "all blue", I can still get into programs. If I open up the task manager, I can click on the "New Task ..." button under the "Applications" tab.
-- I can still work with documents, but thinks are slow.
-- When I start in safe mode, I still have the problem of the missing desktop.

Other Signs:
-- When I can see the clock, it says "VIRUS ALERT!" followed by the time. My google searches inform me that this is a common symptom.

What I have done so far:
-- I've done the Norton "Quick Scan" -- found something the first time, and fixed i... Read more

A:Fake Anti-virus -- No Start Menu/task Bar/clock -- Or Has "virus Alert" At Clock

Welcome to BC no_more_virusIf you're using Windows 2000/XP, please print out and follow the instructions for using SDFix in BC's self-help tutorial "How to use SDFix". This program is for Windows 2000/XP ONLY.-- When using this tool, you must use the Administrator's account or an account with "Administrative rights"-- Disconnect from the Internet and temporarily disable your anti-virus and any anti-malware real time protection before performing a scan.When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt. Please copy and paste the contents of Report.txt in your next reply. Be sure to renable you anti-virus and and other security programs before connecting to the Internet.To fix the policy restrictions created by this infection, please open the SDFix folder or download XP_CodecRepair.inf and save it to your desktop. for Windows XP ONLY. Right-click on XP_CodecRepair.inf and select Install from the Context menu.Note: To download the .inf file, go to File, choose "Save page as" All Files and save XP_CodecRepair.inf to your desktop.Then log off or reboot to apply the changes.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has f... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

Hi, I'm sure glad there are folks out there like you to help me.I had various infections that included Virtumonde and Vista Antivirus 2008. Spybot and others seem to fix most everything, but I have not been able to figure out how to remove the "VIRUS ALERT!" from the taskbar and the clock is set to military time. I also am not able to locate the C: drive from My Computer, although I can access things on it from other locations. I have seen here and other sites that I am not alone with this problem...so I am grateful to see that others seem to be able to take care of it with your help. Thank you.Here are my various reports:Deckard's System Scanner v20071014.68Run by zdk on 2008-07-27 17:23:22Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.System Drive C: has 3.05 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 17:29:56Platform: Windows 2000 Service Pack 4 (5.00.2195)MSIE: Internet Explorer (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\system32\SMSS.EXEC:\WINDOWS\system32\CSRSS.EXEC:\WINDOWS\system32\WINLOGON.EXEC:\WINDOWS\system32\SERVICES.EXEC:\WINDOWS\system32\LSASS.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS�... Read more

A:"virus Alert!" In Taskbar, Military Time, No "c:" Drive Listed In My Computer

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 3 answers
RELEVANCY SCORE 70.4

An Avast full scan detected a Trojan virus and ran a bootup scan. The bootup scan found five Java:Malware-gen [Trj] and one Jave:Agent-AXI [Expl] located in the Java temp files folder. I quarantined/removed.
 
Upon doing some research on this site, I ran rKill and then rescanned my computer with Avast and Malwarebytes. Avast looked virus free but said software update status was critical for Java, WinRAR, and a few others. I updated through Java's site but for some reason, it keeps saying the status is critical and recommends both Java and WinRAR. I should mention that as I updated software, I noticed Adware on my Firefox browser - MixiDJ - which I removed through "Uninstal a program". Also found and removed DefaultTab Search Results, LLC and getsav.in Adpeak, Inc. in "Uninstal a program". Malwarebytes found a Trojan.Fake.Alert virus which I quarantined/removed.
 
Not much slowing or suspicious behavior, but a symptom is a weird psychedelic smearing of letters in text heavy websites. It's crazy.
 
I ran ESET once and it looked clean after this. But my god, it looks like a can of freaking worms!! I'd appreciate a review of my computer's status and a recommendation. I've never seen anything this severe so I'd also like to know if I should be concerned about privacy/scammers.
 
Thank you.

A:Virus cocktail- Java:Malware-gen [Trj], Java:Agent-AXI [Expl], Trojan.Fake.Alert

Hello, I have moved this from XP to the Am I Infected forum.
 
Please run these and see how it is after.
Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again.

Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Double-click on the renamed file to install, then follow these instructionsfor doing a Quick Scan in normal mode.Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. IssuesMalwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registr... Read more

Read other 23 answers
RELEVANCY SCORE 70.4

This is an awesome forum! I decided to come here because my puter's been slow and numerous popup's lately. I read in here of Malwarebytes so I downloaded it and ran it. Here's my log, is there anything else I should do?

Malwarebytes' Anti-Malware 1.30
Database version: 1371
Windows 5.1.2600 Service Pack 2

2008-11-06 08:35:36
mbam-log-2008-11-06 (08-35-36).txt

Scan type: Quick Scan
Objects scanned: 58847
Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\O... Read more

A:Clock keeps going to military time

I thought I should add that I've gotten that antivirus "your computer is infected, run antivirus2009", noticed it had A9 installer in the address, so shut it down. Also, everyday, sometimes several times a day, I get the AOL Spyware blocking a Trojan Virus.

Am I rid of everything now that malwarebytes has quarantined and deleted the above?

Read other 14 answers
RELEVANCY SCORE 69.6

This thread has helped me as well. Had the same issues.
I still have one minor one. My clock reads military time.
i.e. 20:16 at present. I've done the basic stuff to fix it, and apply.
But it's still military.

What am I missing?

Love this forum,

IJ

A:clock reads military time

Hello ironjack, I have split you to a tpic of your own. It is always the best way as it can become confusing replying to multiple posters in the same thread. Not certain what you've tried so try this.. on an XP machine...Start> Control Panel>select Date,Time,Language and Regional Optionselect Change the Format of Numbers .....under Regional Options tab >click CustomizeClick the Time tabin the Time Format box, select .. h:mm: ss ttClck Apply then OK

Read other 8 answers
RELEVANCY SCORE 68.8

A couple of days ago, a red X icon popped up on my toolbar and I began getting popup windows constantly stating that my computer had been infected with a virus and that I should click on the window in order to fix it. I though it was a legitimate warning so I kept trying to click on it but nothing would happen. It wasn't until I actually read the whole message thoroughly and saw that the word "prevent" was misspelled as "pervent" that I began to suspect something. I looked up information online and found out that it was probably the Rogue Antivirus. I searched online for ways to remove it and one of the websites suggested downloading Smitfraudfix and Malwarebytes' Anti-Malware so I did and I ran both. Malwarebytes showed infections, which I deleted. The website suggested running Smitfraudfix in Safe Mode but the first couple of times I tried this it wouldn't work so I ran it in Normal Mode and removed the infections it found. I finally figured out how to run it in Safe Mode, so I ran it again in Safe Mode. After this, the popups stopped but my desktop background changed to blue. I was able to change it but then I noticed that my toolbar clock was stuck on military or 24 hour time and when I would try to change it, the time shown would be correct but then when I hit apply, it would still be in military time. I have gone through all of the recommended steps in the Preparation Guide. When I ran Adware for the second time, it showed 41 items detected ... Read more

A:Help...Toolbar clock stuck on military time

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Read other 7 answers
RELEVANCY SCORE 68.8

I ran Combox and my clock is stuck in Military Time!! I manually changed it back to Regular time but when I reboot my computer it goes back to Military Time How do i reset this?
Also it looks like Combofix knocked off my Zonealarm.. When I restart my computer it doesn't boot up by itself.. I have to go to Start, Programs and then activate the Zonealarm Manually.... How do i fix that so it's up all the time?? thank you in advance!
 

A:Help! Combofix defaulted my clock to Military Time!

Read other 6 answers
RELEVANCY SCORE 68.4

From: Eric

I received a computer running XP Media Center Edition from a friend. Its desktop was being hidden automatically unless I told it to "show desktop". I ran SuperAntiSpyware and MBAM on it. They seemed to have removed the viruses. In preparation of this topic I ran GMER, which would not run so I ran TDSSkiller. TDSSkiller got rid of a rookit virus. What I need now is to make sure that the computer is completely clean. Here are the DDS and GMER reports.

Thank you

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by sherri cordry at 20:08:08 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1770 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Comp was infected with Trojan.Agent/Gen-Fake AV, Trojan.Agent/Gen-Hullo[short], Rootkit virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 68.4

Hi this morning i went down the hall for about 5 minutes then when i came back it said my computer has been infected and my desktop turned with a thing saying your privacy is in danger. I downloaded spybot and i got rid of the red background and the annoying pop ups. Since then where my time is displayed in military time and sas virus alert next to it. i am very confused. I need help
 

A:Virus alert near time which is in military time

Welcome to TSG

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Before we start with the fix, we need to fix the restrictions.
Navigate to the SDFix folder (usually C:\SDFix).
Right-Click on XP_CodecRepair.inf OR W2K_CodecRepair.inf depending on your Operating System.
XP for all versions of Windows XP and W2K for Windows 2000.
Click o Install
Your desktop may refresh a couple of times, don't be alarmed.
Please reboot into Safe Mode and follow the instructions below.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will resta... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

Hello,

I have tried many different ways to remove the infections present on my computer.
I will provide a brief history:

I use firefox (latest version) and began receiving popups constantly. Websites such as facebook or google simply wouldn't load (the page would remain on "contacting www.google.ca ..." and never load anything). Closing firefox completely and restarting it resolved the problem for a few moments, but the popups and freezing would continue.

I tried several programs and methods. MBAM identifies many risks (quick and complete scans performed) and removes most at the time of the scan, with the rest requiring a restart, which is always performed. On restart, I receive a rundll error stating that the dll name (i.e. defarewo.dll or zapezade.dll) cannot be located.

I downloaded AVG and allowed it to scan as well. While active in my task bar, upon opening firefox, one or several trojans are identified and I allow AVG to "heal", "remove" or "delete" them (there are different options depending on what is identified). Regardless, once in firefox the popups continue.

I have also attempted several protocols suggested on this website. I have started the computer in safemode with the program that suspends explorer and winlogon (the protocol states to suspend rundll32 as well, but that file is not listed on the screen). I then ran vundofix, which failed to locate it on the computer. Still in safemode I ran MBAM and several thin... Read more

A:Trojan.Vundo.H, Trojan.Agent, Rogue.Adware Alert (according to MBAM)

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

Windows XP: My Windows clock is stuck on military (24-hour) time. How do I change it back?
 

A:Solved: Windows Clock Stuck on Military Time

Open Regional and Language Options in Control Panel. On the Regional Options display click Customize, then in the next window click the Time tab. For Time format choose h:mm:ss tt
 

Read other 3 answers
RELEVANCY SCORE 68.4

Hello, I have an hp with xp home sp3.
I've had this infection for a week or two now. Ok I've fixed the military time and the ip address issue. But now security essentials is constantly detecting new trojans. So...there's gotta be something else I can do to get rid of the virus permanently, right?

Read other answers
RELEVANCY SCORE 68.4

My PC Clock got set to military 24 hr format. Does anyone know how to set it back?
 

A:Solved: Resetting PC Clock from Military to Standard Time

Control Panel - Regional and Language
 

Read other 2 answers
RELEVANCY SCORE 68

i let my friend on my computer while i was at work, came home computer is screwed up /sighControl Alt Delete Disabledfiles are hiddenClock has a VIRUS ALERT Beside itSafemode works.i ran these following programs in safemode.Malware Bytes - Anti MalwareAd-ware Personal - SpywareAd-ware 2008 AVG?? Cannot run for some reason.Search and DestroyA-squaredSDFixSmitfraudFixPlease help, thanks, Morth.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:52:59, on 7/12/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware2008\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0ZR5LBX4\HiJackThis[1].exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: {c1e31e8c-a12e-d8a8-1eb4-bba4f8dc0e11} - {11e0cd8f-4abb-... Read more

A:Clock - Virus Alert? - Hj Log

Bump

Read other 4 answers
RELEVANCY SCORE 68

hi all...a past few days my comp. affected with XP antivirus 2008..i've scan with Malwarebytes' Anti-Malware.but now beside my clock still got "virus alert"..can anyone hel me to slove this problembelow is my HijackThis..tqLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:25: VIRUS ALERT!, on 7/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\PC Tools Internet Security\pctsTray.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\... Read more

A:Virus Alert Beside My Clock

HiFirst ... as you've run Malwarebytes' Anti-Malware ... please post the log THEN ...Download Deckard's System Scanner (formerly Comboscan) to your Desktop.Note: You must be logged onto an account with administrator privileges.1. Close all applications and windows. 2. Double-click on dss.exe to run it, and follow the prompts. 3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized 4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.5. Then do the same with extra.txtNote: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txtPlease remember to post both txt files ...Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.THEN ..Please run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My Co... Read more

Read other 2 answers
RELEVANCY SCORE 68

I had a virus alert next to the clock in addition to numerous other problems. Saw the fix here with using Malwarebyte's Anti-Malware, installed the program and ran it. It found numerous problems and fixed them, however I still have some issues. My wallpaper is gone. It shows up after booting then just goes to white. Also, on booting I get the message "cannot find 'file:///c:/Windows/privacy_danger/index.htm' " The computer is running much better and it appears that the Malwarebyte's program fixed most things but not all. Any more suggestions? I ran the program twice and it did find another problem the second time. I did reboot. Should I try a complete scan? Here are the logs:

First time:Malwarebytes' Anti-Malware 1.26
Database version: 1126
Windows 5.1.2600 Service Pack 3

9/7/2008 8:43:44 PM
mbam-log-2008-09-07 (20-43-44).txt

Scan type: Quick Scan
Objects scanned: 49284
Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 15
Registry Values Infected: 29
Registry Data Items Infected: 13
Folders Infected: 1
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\efcDwUKB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wregiimn.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xwnldn.dll (Trojan.Vundo) -> Delete on reboot.
... Read more

A:Virus Alert Next To Clock

Please download ATF Cleaner by Atribune & save it to your desktop. alternate download link DO NOT use yet.Please download and install SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)Under the "Configuration and Preferences", click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program.Do not run a scan just yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow key... Read more

Read other 12 answers
RELEVANCY SCORE 68

Hi,I was downloading a keygen the other day and I got a virus where it displays "Virus Alert" on the clock and it changed all the setting in my computer. I was able to resolve a lot of it. The only one that I have left is the wall paper setting. When I tried to change the wall paper setting. i got the following error... file:///C:/Windows/privacy_danger/indexi have posted the Hijackthis log below. hopefully, somebody could help...thanks....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:10 PM, on 8/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Dell Network Assistant\hnm_svc.exeC:\Program Files\Common Files\LogiShrd&... Read more

A:Virus Alert On Clock

HiPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Read other 2 answers
RELEVANCY SCORE 68

Okay, I admit I was dl torrents and now Im in some trouble. I had my many virus protection programs running. As soon as I ran a recently dl program. All my vp programs went nuts! It stopped most of them but my search, control panel, run and my comp are missing. So, im in desperate need of some help. Thnx in advanced.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Diana\Application Data\inst.exe
C:\WINDOWS\erem.exe
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini
C:\WINDOWS\SYSTEM32\fhiPoUvw.ini2
C:\WINDOWS\SYSTEM32\svevsbly.ini
C:\WINDOWS\system32\ylbsvevs.dll
.
---- Previous Run -------
.
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\system32\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\mmmghb.dll
2008-07-13 17:26 . 2008-07-13 17:26 116,864 --a------ C:\WINDOWS\SYSTEM32\hjjcbnwq.dll
2008-07-11 11:27 . 2008-07-11 11:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-11 09:46 . 2008-07-11 09:46 321,792 --a------ C:\WINDOWS\SYSTEM32\wvUoPihf.dll
2008-07-10 11:32 . 2008-07-10 11:32 <DIR> d-------- C:\Program Files\SymNetDrv
2008-07-10 00:34 . 2008-07-10 11:33 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-10 00:34 . 2008-07-11 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Applicati... Read more

Read other answers
RELEVANCY SCORE 67.2

Hi, I would appreciate any help with this..

i keep getting a popup that says :
“Windows Security Alert” warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protections

I have Mcafee on the system but now I cannot change registry, my start menu is messed up (no icons) etc...
Here is my hijackthis log:
--
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22: VIRUS ALERT!, on 10/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\WINDOWS\system32\svchostBT.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Netw... Read more

A:Solved: Virus Alert in clock

Thanks to the forum... this reply solved my problem.
http://forums.techguy.org/6175760-post2.html

--- here is the log from MalwareByte---
Malwarebytes' Anti-Malware 1.28
Database version: 1230
Windows 5.1.2600 Service Pack 2

10/5/2008 19:08:37
mbam-log-2008-10-05 (19-08-37).txt

Scan type: Quick Scan
Objects scanned: 56130
Time elapsed: 7 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 21
Registry Values Infected: 5
Registry Data Items Infected: 18
Folders Infected: 0
Files Infected: 24

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBTJyXR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sbajslyg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ljJCrPIC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\neksolda.dll (Trojan.Zlob) -> Delete on reboot.
C:\WINDOWS\xgpsarbm.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjcrpic (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{674855c3-b0b1-4413-9bb4-bfa6a9b5257b} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser H... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

My computer was recently infected by a trojan (Trj\Downloader) but I believe that it has been deleted. Now, I'm trying to restore affected programs (including my Start Menu for which All Programs will not appear). My concern at the moment, though, is that my clock is consistantly in Military Time with the words "VIRUS ALERT!" after them. I found a similar thread on this website concerning this problem and followed the instructions given there (download a program called dss.exe, run the scan feature, and post the logs of the scan). Now I have no idea how to read the scan and was hoping someone here could help me out. I just need the time in Central Time (US) and the "VIRUS ALERT!" message to go away. Is this possible?

Main.txt

Deckard's System Scanner v20071014.68
Run by Tonya on 2008-07-13 21:26:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-14 02:26:40 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-14 00:01:32 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Tonya.exe) -----------------------------------------------

Logfile of Trend Micro HijackT... Read more

Read other answers
RELEVANCY SCORE 67.2

Hi, any help anyone can give me is greatly appreciated. I have this virus that changed my system clock to military time, won't let me bring up my computer and has put a VIRUS ALERT! next to the system clock. Again any help would be much appreciated. My hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:32: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC... Read more

A:Virus Alert Beside System Clock

Hi John05, Welcome to the forums!My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:Please make an Uninstall List using HiJackThis.To access the Uninstall Manager you would do the following:1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.Lastly, please keep these points in mind:If you have questions, please DON'T hesitate to ask!The instructions I give are specific to your current problem and should not be used on other systems.Please post your replies only to this topic, and please DO NOT start a new thread.Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"I am reviewing your log now, and will be back wi... Read more

Read other 4 answers
RELEVANCY SCORE 67.2

Have VIRUS ALERT! on time clock tool bar and has been converted to military time. How to fix?

Results of scan:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-12 09:34:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
35: 2008-07-12 13:34:10 UTC - RP323 - Deckard's System Scanner Restore Point
34: 2008-07-09 00:57:37 UTC - RP322 - System Checkpoint
33: 2008-07-06 03:48:13 UTC - RP321 - Installed AVG 8.0
32: 2008-07-06 03:47:24 UTC - RP320 - Removed AVG 8.0
31: 2008-07-05 20:36:32 UTC - RP319 - Avg8 Update


-- First Restore Point --
1: 2008-04-08 16:25:17 UTC - RP289 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-12 09:35:42
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-A... Read more

A:VIRUS ALERT! on time clock

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------


Quote:




C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\AIHEOGZP\dss[1].exe




Please note that tools are best Run from the Desktop. Easier to find and perform specialized functions which may be required.

Save to the Desktop and then Run f... Read more

Read other 1 answers
RELEVANCY SCORE 67.2

I was infected by several trojans (including Smitfraud.C and Antivirus2008) yesterday, but managed to get rid of the worst of them with Spybot S&D, Onescan, Windows Defender, Ccleaner and SUPERAntiSpyware. The "VIRUS ALERT!" next to my Windows clock, however, can't seem to be removed. Also, I can't seem to access my C drive from My Computer. Would appreciate any/all assistance. Deckard's System Scanner v20071014.68Run by April Han on 2008-08-02 14:24:00Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --79: 2008-08-02 06:24:10 UTC - RP419 - Deckard's System Scanner Restore Point78: 2008-08-02 02:51:28 UTC - RP418 - Cleaned registry with Windows Live OneCare safety scanner77: 2008-08-01 19:20:41 UTC - RP417 - Windows Defender Checkpoint76: 2008-08-01 18:11:37 UTC - RP416 - Installed SUPERAntiSpyware Free Edition75: 2008-08-01 17:59:29 UTC - RP415 - Windows Defender Checkpoint-- First Restore Point -- 1: 2008-08-01 03:12:48 UTC - RP341 - Software Distribution Service 3.0Backed up registry hives.Performed disk cleanup.-- HijackThis (run as April Han.exe) -------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:25: VIRUS ALERT!, on 8/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Interne... Read more

A:"virus Alert!" Next To Windows Clock

Hello Widowpoison and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

Good evening, eveyone.

I have a VIRUS ALERT! message next to my time clock which has been changed to military time. I ran symantec norton antivirus, windows defender and also spybot, none of which got rid of the message or changed my time clock back. When I go to my computer, I do not see any of my drives either. Please help me to fix this. I've been working on it for two days and I'm getting frustrated.

Thank you in advance.

Tweety

A:Virus Alert! Next To Time Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 6 answers
RELEVANCY SCORE 67.2

Hello.

A few days ago I accidentally downloaded some malware onto my computer. My computer had slowed to a crawl, I couldn't access my hard drive, I kept getting messages about viruses and spyware and the words "VIRUS ALERT!" appeared next to my clock.

After following some instructions I found on another thread, everything seemed to be back to normal. My computer is working at full speed, the pop-up messages have stopped and the "VIRUS ALERT!" message has disappeared.

But I still can't access my hard drive. Does this mean I'm still infected with something or do I need to sort something out in my computer settings?

I would be very grateful for any help with this.

A:VIRUS ALERT! next to clock: Aftermath

What exactly do you mean by "still can't access my hard drive"? Can you provide more information. How are you trying to access the hard drive? Do you get any error messages?

Read other 4 answers
RELEVANCY SCORE 67.2

virus alert is in my task bar. the clock is reading in the 24 hour mode. I downloaded hijack this and have a file saved. I'm hoping for some helpMod Edit: Topic moved from Windows XP to more appropriate forum~ TMacK

A:Virus Alert Is In My Task Bar Next To The Clock

Hi uoi, and welcome to BleepingComputer.Please read this guide before going any further.

Read other 1 answers
RELEVANCY SCORE 67.2

I was getting the virus alert in the clock area and was getting a lot of pop ups for virus scans. I read some of the forms and down loaded the Malwarebytes' Anti-Malware and ran some others as well. I was able to change the clock after getting the control panel and start menu back. I think I have everything taken care of but my firewall is turn off and I cant turn it on because of group Policy. I beleave that this can be cured buy the XP_CodecRepair.inf. You said that the link was taken away and I should start a new topic to resolve my problem. Thank you for all your help with this.

Read other answers
RELEVANCY SCORE 67.2

Good afternoon.

I have an issue with my computer (obviously). My clock is now showing up with VIRUS ALERT! beside it. My homepage has also been hijacked to hxxp://pc-antispypro.com/?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

Please let me know if there is anything you can do to help me out, I have run a number of antispyware scans and have run my Norton a number of times and haven't been able to get rid of this so far, so I figured it was time to try to get some help before I spend many more hours and getting no where on my own.

This is the first time I've had to ask for assistance on this sort of issue, so please let me know if you require any further information.

A big thank you in advance for any assistance you can provide.

Here is the log file from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by agordon at 2008-10-28 15:51:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 74 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:55, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Pr... Read more

A:Virus Alert beside clock / popups

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted remov... Read more

Read other 11 answers
RELEVANCY SCORE 67.2

My computer has been infected with some pop-up message trojans or viruses. It has at least two visible problems: one is that the system clock now displays both the time and a message "VIRUS ALERT!" right after the time. The other problem is that various pop ups from both reputable and non reputable companies keep invading my IE. Last night a VIRUS ALERT! sign appeared on a message someone sent me on messenger, I have run AVG, ADAWARE, C Cleaner and SPYBOT in the safe mode but to no avail. The VIRUS ALERT! sign seems to be getting more virulent and invading more of my computer. Should I run a Hijack Log? Has anyone any idea! I really would be grateful.

A:Virus Alert! Message In Clock.

Moving to Am I Infected

Read other 18 answers
RELEVANCY SCORE 67.2

I know you are prolly getting tired of this on but here it goes. I have the virus alert in the bar by the clock and some start menu items are missing or locked by admin,i am the admin. No control panel and IE is FUBAR. My whole system is EXTREAMLY slow . I keep getting alerts from SpyWare Dr. about Explorer.exe trying to write to the registery but Spyware Dr. stops it.

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59: VIRUS ALERT!, on 7/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\CyberLink\PowerDVD8... Read more

A:Virus Alert in taskbar next to clock

Welcome to TSG
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Before we start with the fix, we need to fix the restrictions.
Navigate to the SDFix folder (usually C:\SDFix).
Right-Click on XP_CodecRepair.inf OR W2K_CodecRepair.inf depending on your Operating System.
XP for all versions of Windows XP and W2K for Windows 2000.
Click o Install
Your desktop may refresh a couple of times, don't be alarmed.
Please reboot into Safe Mode and follow the instructions below.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will rest... Read more

Read other 1 answers
RELEVANCY SCORE 66.8

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 66.4

Hi,

These are the symptoms.

VIRUS ALERT! next to the tool bar clock
Control Panel and other options missing from the Start Menu
A Bugs screensaver (desktop is now blue, if left for 10/15 mins, little bugs start crawling across the screen.
Popups staing Vundo
Updates will not complete (yellow shield on tool bar)

Deckards log below. I would attach extra, but dont seem to have it. Sorry

Deckard's System Scanner v20071014.68
Run by philip on 2008-06-06 15:29:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-06 15:29:47
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\spool\drive... Read more

A:Vundo & VIRUS ALERT! by tool bar clock

Hello and welcome to TSF

Can you post the extra.txt from Deckard System Scanner, in you reply.

==========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.

========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and com... Read more

Read other 9 answers
RELEVANCY SCORE 66.4
A:Solved: Virus Alert By System Clock

problem soved through another forum. thanks anyhows
 

Read other 1 answers
RELEVANCY SCORE 66.4

i have SuperAntiSpyware, MalwareBytes, and Avira installed trying to remove the virus to no avail.they do not find anything.the PC that im running is an XP SP3 machine with AMD athlon 1800+ @ 1.53GHz , 256 MB DDR ramI also have an HJT log saved if neededDDS LOGDDS (Ver_09-12-01.01) - NTFSx86 Run by TomlinJ at 2:50:36.34 on Thu 03/04/2010Internet Explorer: 7.0.5730.11============== Running Processes ============================= Pseudo HJT Report ===============uStart Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2uSearch Page = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uWindow Title = Microsoft Internet Explorer provided by CompaquSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=uDefault_Page_URL = hxxp://start.earthlink.netuDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.htmluSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=mSearchAssistant = hxxp://www.google.com/ieuURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\com... Read more

A:VIRUS ALERT! in system tray clock

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the to... Read more

Read other 6 answers
RELEVANCY SCORE 66.4

Hi,I've had an infection. I researched and performed the combofix/recovery tool programs and seem to be back to normal. Can you please check these logs and make sure there are no traces? Thank you in advance**EDIT**I also seem to not be able to establish an internet connection. I can do so with other laptops(the one I'm on) on the same wireless network, but cannot with the infected one, still.HIJACKTHIS LOG:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:55, on 8/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\Program Files\Common Files�... Read more

A:Virus Alert In System Tray By The Clock

I've ran everything I know of to run.

It says I am connected to my wireless router. But Firefox or IE won't connect to anything.

Any ideas. I'm desperate

Thanks

Read other 3 answers
RELEVANCY SCORE 66.4

I have a message next to the clock saying virus alert, and pop ups appearing for internet explorer regarding homepage changes. i have run smitfraudfix superantispyware and spyhunter (subsequently finding the dll's which apparently were causing issues) and removed them, however the system still runs slowly and the message on the clock is still there ? your help is very much appreciated!
(and also the original pop up which no longer appears was a worm.win32.netbooster warning which i have understood to be a fake warning to con people into buying adaware software?)

(os is windows xp sp3)

A:Virus Alert Message On Toolbar Clock

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 8 answers
RELEVANCY SCORE 66.4

Hi i am new to this site and have gone through "Preparation Guide for use before posting a HijackThis Log "I have shortcut links to 3 items appearing on my desktop everytime "Malware Defender, Protect your privacy, System Error fixer". Also the word "VIRUS ALERT!" appears on toolbar next to clock on right side. My computer would switch off, but i have managed to get to the point where its not switching off. I have no access to control panel, my computer, my documents, etc and progam list from start button, i only have access to "set program access and defaults" and "conect to" from start button, everything seems to have disappeared. I have ran spybot, ad Aware, avg, stinger, sygate firwall etc, but every time i switch the computer on virus or malware turns up again. Spybot always detects and remover the follwoing: NNC.MGRS, Microsoft.Windows.Explorer, Microsoft.Windows.System, Microsoft.WindowsSecurityCentre.RegistryTools, Microsoft.WindowsSecurityCentre.TaskManager, and most of all Smitfraud-C.CHANGED MY NAME TO USERNAME IN LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 20:50, on 20/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\... Read more

A:VIRUS ALERT! on toolbar with clock, Smitfraud-C.

Hi

I'm sorry it took so long to get a reply. Forums have been very busy

If you still need help with this post a fresh hjt log, please.

Read other 2 answers
RELEVANCY SCORE 66

I have already begun a thread in another area and after some work was referred here. The link to my previous thread is http://www.bleepingcomputer.com/forums/topic424808.html/page__pid__2454291#entry2454291
The first problem I noticed was one of the fake Security Center alerts. I quickly shut off computer, but it had already taken hold. after doing research on this site I ran TDSS Killer (ran fine but found nothing), RKill (never could finish, a system restore bulletin would pop up, and have had successful malwarebyte scans. At that point I could no longer connect to internet and I can't access my firewall. After working with the shooter on the above thread (we ran security check, superantispyware, malwarebyte, and gmer) the problem continuted. I will include my dds and gmer attachments

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Administrator at 7:54:14 on 2011-10-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.345 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~3\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\ctf... Read more

A:Trojan Fake alert, trojan agent

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/425111 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 14 answers
RELEVANCY SCORE 66

Hi Forum, I'm new and have got a virus.
My taskbar has VIRUS ALERT! next to the clock, some stuff out of desktop and programs have disappeared.
Ran AdAware and Zonealarm, still not solved the problem, here is my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58: VIRUS ALERT!, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\WINDOWS\system32\wscntfy.exe
C:... Read more

Read other answers
RELEVANCY SCORE 66

I first had problems when Virus Alert! appeared next to the clock in windows, icons to various supposed spyware removal tools appeared on the desktop and internet explorer's home page defaulted to another supposed spyware removal site. Alongside general system instability and crashes and no access to the C or D drives.

I ran various scans with AVG and superANTIspyware with the latter showing up trojans which were nominally removed. I edited the registry regarding the clock as per these instructions http://miekiemoes.blogspot.com/2008/...o-restore.html
although I did not adjust the system properties.
I also used the VArestorepolicies.inf file from the above blog to regain access to drives.

Assuming it was the Zlob Media Codec issue I used SmitfraudFix from:
http://vpcsolutions.blogspot.com/200...ownloader.html which has appeared to have made the system more stable but still not properly usable.

Here is the HijackThis logfile
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:18, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Pro... Read more

A:Partially resolved issues with Virus Alert! next to the clock.

Quote:




Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.





Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly :D

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe

----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following
Download and Run RSITPlease download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:log.tx... Read more

Read other 2 answers
RELEVANCY SCORE 66

I have a virus alerts and security alerts popping up and a loss of administrative ability. I also have a virus alert message where the clock is. I cant access alot of functions because of this. I managed to get a HJT log off of it (its a laptop). I cant remove any programs and i dont want to connect to the internet for fear of the malware downloading more stuff. I am transfering everything (HJT logs,programs you tell me to) with a flashdrive till I get this resolved.Hope you can help. You guys havent failed me yet. Heres my log.



Logfile of HijackThis v1.99.1
Scan saved at 13:59: VIRUS ALERT!, on 7/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost... Read more

A:Virus alert in clock area and no adminisrtaive ability

Hello and welcome to TSF

You are using an outdated version of Hijackthis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Do not post that log, instead, do this next:

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "... Read more

Read other 15 answers