Over 1 million tech questions and answers.

virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

Q: virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

hi,

was in the middle of browsing last night and got hit with this virus. a screen popped up and said my computer was infected and to scan my drives. at the same time, it shut down chrome and my ad-aware watch popped up and said started a live scan. I let ad-aware finish, restarted my computer, and I got the same fake antivirus pop ups as before. ad-aware started again in the background. I let it finish again and restarted again, and the same process happened. this is the popup I get after I restart:


it also turns my desktop white after I click OK.

I stopped the scan and tried to open chrome, firefox, IE, nothing works. sometimes they won't even open (and a popup will say that the file is infected) and sometimes it will open but will not display any websites; the browser just remains white or gives me a "this webpage cannot be displayed" general error.

I tried to open add/remove programs and nothing shows up (the window opens but I do not get a list of programs, the area is just white).

I was able to save GMER and DDS to a flash drive and ran them from the desktop.

during my GMER scan I had periodic popups saying my files were infected and that a scan would begin (which of course it didn't). eventually the pop ups stopped but all 3 browsers still don't work.

also, regarding the GMER scan, I have two hard drives, C: and F: (not partitioned, 2 actual drives). I unchecked F and left C checked. while the main drive is C, most of my actual files are on the F drive. don't know if you need to know that but thought I should mention it.

===
DDS
===


DDS (Ver_09-12-01.01) - NTFSx86
Run by kelsey at 0:10:27.98 on Thu 01/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2550.1907 [GMT -8:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
C:\Documents and Settings\kelsey\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://twitter.com/
uDefault_Page_URL = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\winlogon32.exe
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {2D7FF6B9-D495-42D9-BC54-2DCB29BE0648} - No File
BHO: {36d2ff50-9f55-4999-b1a4-2f4571fa621b} - c:\windows\system32\yayvWpmM.dll
BHO: {48C2D762-89DE-420E-87C5-949734B281AF} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: {B8297676-7E5B-49CB-9E18-32003D9FC464} - No File
BHO: {de29cf05-95b2-4a26-9969-4bbb436aee70} - c:\windows\system32\urqrPGwT.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EPSON Stylus CX4600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_06\bin\jusched.exe"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [smss32.exe] c:\windows\system32\smss32.exe
mRun: [Swixa] rundll32.exe "c:\windows\ofipepac.dll",Startup
StartupFolder: c:\docume~1\kelsey\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\kelsey\startm~1\programs\startup\lastfm~1.lnk - c:\program files\last.fm\LastFMHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\helper32.dll
Trusted Zone: clubbox.co.kr
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.ipop.co.kr/gom/GomWeb.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli BDEFMUXY.dll
mASetup: {23KLN5J0-4OPM-11WE-AAX5-24EF1F387232} - c:\recycler\k-1-3542-4232123213-7676767-8888886\hn.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kelsey\applic~1\mozilla\firefox\profiles\default user\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
FF - plugin: c:\documents and settings\kelsey\application data\mozilla\firefox\profiles\default user\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava131_04.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOJI600.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {96A03216-10D9-4A4F-94D6-AA8A20057320} - c:\documents and settings\kelsey\local settings\application data\{96A03216-10D9-4A4F-94D6-AA8A20057320}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-9 64288]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-1-24 31816]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-6-2 72936]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-6-2 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-6-2 171400]
S2 gupdate1ca78abc423de8a;Google Update Service (gupdate1ca78abc423de8a);c:\program files\google\update\GoogleUpdate.exe [2009-12-9 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-12-9 38224]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2007-8-3 42512]

=============== Created Last 30 ================

2010-01-27 08:09:32 0 ----a-w- c:\windows\system32\IS15.exe
2010-01-27 08:09:31 0 ----a-w- c:\windows\system32\helper32.dll
2010-01-27 08:07:57 22528 ----a-w- c:\windows\system32\smss32.exe
2010-01-27 07:58:16 0 ----a-w- c:\windows\Nlufako.bin
2010-01-27 07:58:15 120 ----a-w- c:\windows\Kqatezivanomo.dat
2010-01-27 07:54:58 0 ----a-w- c:\windows\system32\41.exe
2010-01-27 07:54:21 22528 ----a-w- c:\windows\system32\winlogon32.exe
2010-01-13 06:28:49 470528 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-01 06:21:53 223744 ----a-w- c:\windows\system32\CNMLM97.DLL

==================== Find3M ====================

2009-12-21 13:19:18 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-21 06:42:51 4 ----a-w- c:\docume~1\kelsey\applic~1\avdrn.dat
2009-12-09 08:46:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-09 08:41:56 77086488 ----a-w- C:\Ad-AwareInstallation.exe
2009-12-09 08:41:45 4844296 ----a-w- C:\mbam-setup.exe
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-05 21:49:49 12307750 ----a-w- c:\program files\FreeSoundRecorder.exe
2008-03-20 02:44:55 1612672 ----a-w- c:\program files\CuteWriter.exe
2006-05-02 19:49:56 21031280 ----a-w- c:\program files\aaw2007.exe
2008-05-04 17:00:02 524554 --sha-w- c:\windows\system32\MmpWvyay.ini2
2006-05-04 04:33:22 540158 --sha-w- c:\windows\system32\TwGPrqru.ini2

============= FINISH: 0:13:18.51 ===============

also, I do not have access to a windows install cd.

any help you can provide me would be great. thank you so much for your time!

RELEVANCY SCORE 200
Preferred Solution: virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 15 answers
RELEVANCY SCORE 127.6

hello,

This site helped me cure my Laptop in the past and now I am in the process of aiding a friend whose IE is being hijacked to a suspected Anti-malware site for a product known as "Ultimate Cleaner 2007". He also keeps getting repetative pop-ups for an alleged virus known as "Worm.Win32.NetSky" which redirects you again to an unknown site.

here is his HJT log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:27:09 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Docume... Read more

A:HJT log for "Ultimate Cleaner 2007" browser hijacking and "Worm.Win32.NetSky" warning

Welcome to TSG

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 117.2

I am infected with this crap and have used the following tools to try to get rid of it:
Windows Defender, Unible PowerSuite (SpeedUpMyPC, Registry Booster & Spyware Protector) and Norton's One Button Checkup and WinDoctor.

Not sure if it's related, but my DISPLAY is locked at 640 X 480.

Atempted the 5 Step Process before posting and Panda ActiveScan froze and crashed after scanning 59253 files, but not before identifying 28 spyware files.

Here's my extra.txt log from Deckard's:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1277.95 MiB / 810.39 MiB
Pagefile Memory (total/avail): 1516.89 MiB / 1165.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.88 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.21 GiB total, 18.7 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.25 GiB - 1 partition
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 37.21 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled... Read more

A:Netsky Worm-Popups-The Three Icons - "Error Cleaner" "Privacy Protector" "Spyware..."

Bump.

Read other 14 answers
RELEVANCY SCORE 115.2

This morning, my mom told me to look at her computer because there was something wrong with it. After an hour or so of looking at it, this is what learned:
There's an "Anti-virus" program installed on her laptop that makes claims of fake infections and attempts to lure the user into purchasing the full version of this so-called anti-virus program.

She uses AVG Free edition as her actual anti-virus. This new program (further to be called the "infection") wont allow me to open AVG.

The infection also redirects Internet Explorer to a page that says the following:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
...
Things you can do:
Get a copy of 'Win 7 Security 2011' to safguard your PC while surfing the web (RECOMMENDED)
Run a spyware, virus and malware scan
Continue surfing without any security measures (DANGEROUS)Click to expand...

Upon looking into the running processes, I found something I've never seen before. An entry called "ugg.exe" and the description of which is "Gpg4win: The GNU Privacy Guard and Tools for Windows"
When this process is ended, the taskbar popups cease and any "Win 7 Security 2011" windows close. However, an attempt to run IE or AVG restarts this process and puts us back at square one.

Trying to open the file location of the "ugg.exe" file, it brings me to the AppData\Local\ folder, however, there is no such file in that locati... Read more

A:"Win 7 Security 2011" Fake anti-virus program

Read other 7 answers
RELEVANCY SCORE 115.2

Hey guys

I was playing League of Legends today when my laptop all of a sudden shutted down and rebooten itself. No big deal I was saying to myself, there was no BSOD or anything else to notify except from the suspect "self reboot".

Well now, about 4 hours later I was still playing League of Legends (probably I'm an addict) when all of a sudden the game shutted down. A fake virus scanner started to "scan" files on my laptop saying that every file was infected. When I tried to download AVG Free I couldn't because the virus shuts down everything I open (even My Computer). After closing every single program loaded at that time, the virus rebooted my laptop and there was a BSOD.

Whatever I do to try installing an anti-virus gets blocked by the virus. My laptop reboots time after time. Is there any way to install a virusscanner as I am not really in the mood to lose about 750 gigabytes of data (better backup next time )? I tried installing AVG Free in safe-mode but AVG Free tells me I can't installed the scanner through safe-mode.

Please help me, I'll add to your reputation if you succeed to help :-)

EDIT: remove this post please, I'm just going to format my computer.

Thanks in advance

A:Fake anti-virus starts "scanning" but reboots PC

Try to install Malwarebytes AntiMalware free in safe mode with networking,
update it & do a full scan. It should be able to detect & remove the fake AV.

Read other 8 answers
RELEVANCY SCORE 114.4

my laptop is infected by "Smart Guard Protection". it blocked everything. i cant run internet browser, mbam, dds, gmer. (i read the instruction, but i cant get the programs to run. please tell me what to do so i can provide the logs).

dell inspiron 1525
windows vista home premium
2007
service pack 2
32 bit
intel Pentium dual cpu T2390 @ 1.86ghz 1.87 ghz
2.0 gb ram

thanks

A:please help get rid of "Smart Guard" (fake anti-virus)

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Can you get access in Safe Mode with Networking: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
Login on your usual account.
------------------------------------------------------

If so...

Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 111.2

I feel like such an idiot. I tried to run a patch for a game that I got off of a dubious site and I'm fairly certain it infected my system (because the real patch was around 40 megs compared to the 500 KB one I executed).

My first clue that something was wrong was after rebooting my system, the game (Thief II) started taking an extremely long time to load up. I checked out windows task manager processes and noticed wintems.exe which is apparently a Trojan.
This infection seems to have disabled my Windows Security Center icons which always show up in my taskbar (firewall, etc..) I reactivated them, and they disappear again after rebooting!

I used to have AVG but recently deleted it. I tried to install it again and it won't let me (perpetually telling me to reboot and restart).

I tried Avira Personal Edition and it won't complete install either.

Finally, I tried F-Secure's online scanner after finding a user who had success with it following an infection which sounded VERY similar to mine. It started to scan, but then stopped and gave me the message "Unable to download necessary online scanner components".
Here is the link to that forum if it is of any use: http://forum.avira.com/thread.php?threadid=31068&sid=99489e6f594767255f7333b471f1fbdc
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:51 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Runni... Read more

A:Virus/Worm Won't Let Me Install Any Anti-Virus Software

Bump
 

Read other 2 answers
RELEVANCY SCORE 110.8

Hey guys i need some of your help in this matter, i want to buy an anti mostly everything package for my lapt and pc but i have my doubts betweens Nod32 or AVG, i like this 2 mostly cos it wont slowdown your machine as Norton or some other softwares does, any suggestions on wich one to go with?

thanks.

Note: any other software it might be good to but not Norton, i dont like it at all.
 

A:"Best" Anti virus + Anti Spyware software on the market

Read other 6 answers
RELEVANCY SCORE 110.8

my pc get tis virus "Worm.Win32.AutoIt.c"...pls help me to remove it

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:15 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\User\Desktop\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PPStream\PPStream.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\StormII\stormliv.exe
C:\P... Read more

Read other answers
RELEVANCY SCORE 110.4

I downloaded an attachment from work, following that pop ups began appearing every second or so and took over my computer. I was unable to connect to the internet or get past this "antivirus software" message. It pulled up porno.com. Anything I tried to run (such as a scan etc) it objected to and said it was infected.

"application cannot be executed The File "...".exe is infected. Do you want to activate your antivirus software now? with the file in question being everything from microsoft word to some random program I've never heard of/seen. If I press no, more pop up, and if I press yes, it opens an IE window trying to get me to buy a pro edition of Spyware Protect 2009. There is also an icon for this "Antivirus System Pro" in my taskbar by the clock - it looks like a shield with blue and white stripes. I don't recall having ever installed this - maybe it was trial software (I bought this laptop from Dell in 2007 if that helps)? I have also been getting IE popups which go to "porno.org", "porno.com", and "******.com"

This seemed very similar to a problem one of your users had been having so I downloaded combofix.exe in safe mode. Otherwise the viruses stopped the download and said it was a virus. It has "helped" but within about 20 minutes the viruses is back with it's popups... Could you please offer any suggestions?

A:Problem with Virus and "anti Virus software"

Could I also say that I had trouble disabling my Norton and my Anti Virus/Spyware. In a desperate attempt, I went to add/remove and removed them (thinking I can always put them back) after removing all including norton, The Combofix said it was still running somewhere. Could you please comment on that as well? Thanks so much!

Read other 2 answers
RELEVANCY SCORE 110.4

Hi I'm having problems with my computer and an error that pops up saying the application cannot be executed The file "...".exe is infected, for anything I try to touch on my laptop. I'm running windows XP home edition.

I know we weren't supposed to run combo-fix, but I couldn't even get into my computer past the splash screen. I downloaded this onto a disc from another computer in the house and ran it in safe mode on my desktop. When I went back to standard mode I had some pop ups but was able to at least connect to the internet (I attached that log to this post)

I tried restarting again, and the desktop loaded. However, when I try to make some programs load (almost everything but firefox), the computer objects. I get these popups that say:

"Application cannot be executed. The file "...".exe is infected. Do you want to activate your antivirus software now?"

with the file in question being everything from microsoft word to some random program I've never heard of/seen. If I press no, more pop up, and if I press yes, it opens an IE window trying to get me to buy a pro edition of Spyware Protect 2009. There is also an icon for this "Antivirus System Pro" in my taskbar by the clock - it looks like a shield with blue and white stripes. I don't recall having ever installed this? I have also been getting IE popups which go to "porno.org", "porno.com", and "******.com"

I read through the instructi... Read more

A:Problem with Virus and "anti Virus software"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------


Quote:




I know we weren't supposed to run combo-fix, but I couldn't even get into my computer past the splash screen.




I could understand running ComboFix once, but why eleven times?

------------------------------------------------------

Please download one of the files below, courtesy of BleepingComputer.com, and save it to your desktop.

rkill.com
rkill.pif
rkill.scr
rkill.exe

If necessary, download to a USB drive on another computer, and transfer them to your desktop.

Double-click one of them to run it. You don't have to run them all, just get one of them to run.

You may have to run it multiple times to kill all the processes that are controlling your machine.

Keep trying until your desktop goes away and then returns.

If you get a prompt from the fake AV, just leave it open. Try rkill again.

Do not restart your computer. If you restart, you will have to do it all over again.

If rkill is unsuccessful, try running iExplore.exe just as you ran rki... Read more

Read other 19 answers
RELEVANCY SCORE 109.2

hey,I was on the internet and clicked on a link and it downloaded something without my permission and installed security tools (don't know if it is from the virus/trojan/ ...). First it gave a pop-up and and red circle with a white cross. I wanted to go to safeboot to go to a point where my system worked butIt affected my system fix (don't know the name in english, but it is the backup which you get when you go to msconfig and then safeboot ... ).so i stopped my system fix in the hope that the virus couldn't affect it. I went to safe mode through msconfig, when i got there it said that i was affected with a virus and this worm.win32.Netsky virus. Went on my laptop and downloaded hijackthis and i let it run on my pc.so here are the results:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:34:10, on 19/02/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\smss32.exeC:\Program Files\Trend Micro\Hijack... Read more

A:virus problem (worm.win32.Netsky virus and took a hijackfile)

Hello there,Appears you're infected with on of the newish Rogues. Let's see what we can do. You can run them in Safe Mode if you have trouble in Normal mode.Download and Run RKillPlease download and run the following tool to help allow other programs to run. There are 4 different versions. If one of them won't run then download and try to run the other one.You only need to download and run one of them.http://download.bleepingcomputer.com/grinler/rkill.comhttp://download.bleepingcomputer.com/grinler/rkill.scrhttp://download.bleepingcomputer.com/grinler/rkill.pif http://download.bleepingcomputer.com/grinler/rkill.exeNote:You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.Once the tool has run, do NOT reboot the machine, and please refer to this page and in step #6 and Step #7 and Step #8 try running Defogger, DDS and GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.With Regards,Extremeboy

Read other 17 answers
RELEVANCY SCORE 108.8

I have a relative whose resources are limited. They are upgrading from an older Windows XP PC to a newer Windows 7 PC. They want to transfer files from the old PC to the new one. We may use a bridged USB cable to do this, or we may use an external hard drive that belongs to me.

I use the external hard drive on a PC that uses the Linux operating system, but I have used the hard drive on a Windows XP PC. So I think a Windows PC can mount the external hard drive.

The older PC is scanned frequently by an anti-virus program that says it has identified potential threats, but it cannot eliminate them. SO WE ARE CONCERNED THE OLDER PC IS INFECTED.

QUESTIONS: What would be the best anti-virus program to use in the new Windows 7 PC to scan the transferred files for viruses, etc?

I have been told if I use my external hard drive, that I do not have to worry about Windows viruses infecting my own Linux-based PC, is this correct?

I have also been told I could scan the copied files on my external drive with "Clam AV" before transferring them to the new machine, is this good advice?

Any other comments would be welcomed.

Thank you,

CCT
 

Read other answers
RELEVANCY SCORE 108.8

as mine has just expired.

Any advice gratefully received.
 

A:Solved: Can you recommend a "free" anti-virus software please?

"AVG" is regularly recommended here at "TSG."
{redoak}
 

Read other 2 answers
RELEVANCY SCORE 108.4

Hi, Im running Win-xp. My hard-drive went out about a year ago and I had to reload Win-xp. I did not find any virus software to re-install. Is there a place to download some free anti-virus software? Like Mcafee? thanks...
dano
 

A:Where can I get the latest "Free" anti-virus software?

AVG is both popular and good
 

Read other 2 answers
RELEVANCY SCORE 108.4

Hi!

Once again, while on the web, I received a message that I needed some Anti-virus protection and when I went to close the box, it started downloading something. This happened a couple of times now.

To top it off, I was just notified by my bank today, that fraudulent charges are coming through my bank card and they are closing that account and issuing a new card to me. I am sure I need to clean my computer. Please help!

I have followed the necessary first steps and have attached the requested files and posted the documents.


DDS (Ver_09-09-24.01) - NTFSx86
Run by goldensunshine at 15:27:30.64 on Sun 09/27/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2036.993 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\syst... Read more

A:"Anti-Virus" Software downloaded out of the Blue

Hello goldensunshine Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.




After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.

It may be obvious but I need to say it anyway. If your credit card has been compromised then you need to consider every password you use on this computer as being compromised also. That means making sure you get to a clean computer and change them all.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes'... Read more

Read other 10 answers
RELEVANCY SCORE 106.4

I did what was suggested on one of the "Solved" posts regarding this messy virus. Here's where I am. I probably started in the middle, I see, after reading many posts about this same problem.

Did the Smitfraudfix and forgot to save the text box info; can redo if necessary.

Did the Super Anti-Spyware, here is that info:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/14/2010 at 07:58 PM

Application Version : 4.44.1000

Core Rules Database Version : 5685
Trace Rules Database Version: 3497

Scan type : Complete Scan
Total Scan Time : 02:40:44

Memory items scanned : 619
Memory threats detected : 1
Registry items scanned : 9059
Registry threats detected : 43
File items scanned : 151710
File threats detected : 874

Trojan.SVCHost/Fake
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
[svchost] C:\DOCUMENTS AND SETTINGS\COMPAQ_OWNER\APPLICATION DATA\MICROSOFT\SVCHOST.EXE
C:\WINDOWS\Prefetch\SVCHOST.EXE-11D9B1DB.pf

Adware.MyWebSearch/FunWebProducts
HKLM\Software\Classes\CLSID\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\Control
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32
HKCR\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{1D4DB7D2-6E... Read more

A:"Anti-Virus" Virus, Started on Fix from "solved" post, what now?

Read other 16 answers
RELEVANCY SCORE 106

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

A:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 4 answers
RELEVANCY SCORE 105.6

Hi. I am running Windows 7 Ultimate on my PC, which no longer is working to any degree. (Im on a laptop for this forum).The other day when I booted up, it only got to the welcome screen and went black, with the window in the middle describing the now familiar Neysky alert etc.When I hit alt-cont-del, the screen goes to the Windows screen but with no options other than to shut down, and some other stuff that I dont want (type without keyboard, etc)I rebooted and tried to go into safe mode but my keyboard wont respond once I get to the safe mode option DOS screen. I made a repair disc (Avira) based on another search on google. Ran a 2 hour scan and when I rebooted it started to act like it was going to work properly but then the black screen came up, without any virus alert. Back to square 1. Any suggestions?Edit: Moved topic from Breaking Virus & Security News to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 105.6

And I have spent MUCH time trying to rid myself of this pesky thing!!! In any case I did everything that was listed in the thread about preparing to post a log, I did the Ad-Aware scan three times, the Spy-Bot thing, the Mcaffe Stinger thing and additionally ran a McAffee scan and a webroot scan (useless really without buying the extra things...but i didnt know that when I bought it!)I THINK the worm is gone, I have no more pop-ups and the three desk top icons have disappeared but I want to be sure before I do anything else. Here is a log of my HiJack this scan.And can I just say...they site ROCKS!!!!! Thank you so much already for all the help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:16:55 PM, on 12/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32&#... Read more

A:I Had A Worm.win32.netsky Virus....

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 2 answers
RELEVANCY SCORE 105.6

hello, i desperately need help to rid of this virus, like many others i continually have a red screen background alerting of possible identity theft or 'privacy danger' and a spyware alert box that keeps popping up. i have the latest Norton 360 anti-virus that doesnt seem to detect the virus, i have no clue on how to continue on with this and rid my laptop of this virus, someone please help!!!

also most of my Auto-Protect from internet websites etc. are disabled or 'off' which i cant seem to turn on no matter how many times i restart my laptop. i also have a a little red-squared cross (x) box that keeps on flashing on the small icon bar at the bottom right hand corner.

***

Logfile of HijackThis v1.99.1
Scan saved at 22:17:11, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.... Read more

A:VIRUS - worm.win32.netsky. Please help!

Read other 6 answers
RELEVANCY SCORE 105.6

Need help finding which files should be removed because of the worm.win32.netsky virus that has infected my computer. Any and all help would be greatly appreciated.

A:worm.win32.netsky virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 105.6

Hi,

My computer was infected with the worm.Win32.Netsky virus. I think I got it when I downloaded a .exe file using Activex. I have windows XP, and I am not sure when my computer got infected. I downloaded come plug in for a video player and I went to sleep after that, and when I woke up, my computer was infested with popup screens telling me to that someone is trying to hack into the computer and that I should download some virus protection software.

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:22 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WholeSecurity\Enterprise Edition\WSService2K.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\s... Read more

Read other answers
RELEVANCY SCORE 105.6

I was reading the thread that moscow had posted and I have a very similar, if not the same problem. I tried going step by step of what was told to him but I had different file names. The virus/worm/whatever it is randomly alt-tabs windows, has popups of Spyware Alert! saying that my computer is infected with the Worm.Win32.NetSky virus. I think I got it when downloading an Active-X file. My hijack this log is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:03 PM, on 1/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\M... Read more

Read other answers
RELEVANCY SCORE 105.6

I am not sure what to do regarding this, i have scoured the internet to find a fix but they all seem to be impossible for me to do.

This is a timeline of what has happened so far.

On wednesday last week I was trying to watch a video and was prompted with an update for ActiveX controller, now me being a little naive just said yes and wham my computer was screwed.

It instantly closed everything down on my desktop, at which point i assumed something shifty was going on, so i whipped out the LAN cable to stop anything unwanted leaking from my computer.
Then the desktop became a bright red logo saving that my computer was under attack etc...
Then a mysterious screen popped up trying to scan my machine and saying i had various ficticious virus' and i needed to end the evaluation period and subscribe to the anti-virus software.

Then the computer began to run extremely slowly (about 5 mins for a right click on an shortcut to register). now this isnt anything new for me because its a few years old, so i pressed CAD and it gave me the message "Task Manager has been disabled by the administrator".

So i managed to pull up the start menu (after waiting about 10 mins) and it has removed all programs from the start menu and removed access to the Windows Explorer screen and My Computer. Eventually i managed to navigate to My Computer by changing the Start Menu to customisable and added My Computer there. However when i finally got My Computer to open (talking about half a... Read more

A:worm.win32.netsky virus

i have managed to get the computer operational again. i downloaded SDFix to a cd and ran its through the MS Dos prompt in safe mode and from there i also ran the .bat script.

this found about 20 files that needed deleting, and i did see that the desktop shortcuts to these files no longer had a valid path which made me happy.

I the ran a full system scan with Avast on the reboot of my computer and that found 23 malware, trojans and various adware throughout my computer.

Sadly the problem is still not 100% fixed as
1) i still cant see the C or D drive on My Computer and
2) i still have some annoying program called Win SpyWare Detector popping up telling me i have numerous errors and that i need to subscribe to it to fix my computer.

What steps should i now be taking to completely clean my system.
 

Read other 1 answers
RELEVANCY SCORE 105.6

It looks like I have this thing too... I read a few of the other post and saw that it said to download hijack this and have them do a scan and save a log file .. I did that and here is what I have ... Please help I got college work to do ...
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system... Read more

Read other answers
RELEVANCY SCORE 104.4

Hi,I have a computer that is infected with worm.win32.Netsky according to Windows defender.I've ran ad-aware, spybot and run Trendmicro housecall and removed everything that is in there.I know there are still things I should be removing..Below is my HijackThis log thank you!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:11:56 AM, on 12/17/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Inter... Read more

A:Need Help Removing Worm.win32.netsky Virus

Welcome to the BleepingComputer HijackThis Logs and Analysis forum chinozMy name is Richie and i'll be helping you to fix your problems.Please download/install Avira AntiVir Personal Edition Classic[Free]: http://www.free-av.com/Perform a full scan with Avira and allow it to delete everything it detects.Restart your pc when you've done.After restart,open Avira Antivirus and select "Reports".Then double click the report from the full scan you have just completed. Click the "Report File" button,then copy and paste the report into your next reply.Your version of Sun Java is out of date.Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older versions of Sun Java,and then update.1. Download the latest version of Java Runtime Environment (JRE)2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.3. Click the "Download" button to the right.4. Check the box that says: "Accept License Agreement".5. The page will refresh.6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.7. Close any programs you may have running - especially your web browser.8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.10. Click the Change/Remove button.11. Repeat as many times as necessary to remove each ... Read more

Read other 1 answers
RELEVANCY SCORE 104.4

Last night I opened an e-mail. It was labeled as coming from UPS and that our parcel could be picked up from there depot.As a result I cannot open Outlook Express.I have completed full system scans with Malwarebytes, Spybot Search & Destroy, Avira Antivirus Personal (free) and CCleaner.My desktop picture has changed to a black box with YOUR SYSTEM IS INFECTED! (in big red letters).System has been stopped due to a serious malfunction.Spyware activity has been detected.It is recommended to use spyware removal tool to prevent data loss.Do not use the computer before spyware removed. Also the background has changed colour 4 times so far and all Icons are highlighted.The taskbar has a red circle with a cross and in the pop-up balloon it reads: Click here to protect your computer from Spyware! Your computer is infected! Windows has detected an infection of spyware! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up to date spyware for you.A window comes up in the middle of the screen reading: WARNING Attention! System detected a potential hazard (Trojan SPM/LX) on your computer that may infect executable files. You private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need update your current security software. Click ok to download official intrusion detection system (IDS system).Note the unusual English of the wording.When the compu... Read more

A:Worm.Win32.NetSky AND Trojan SPM/LX virus HELP

Hi, rollie69 Welcome.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until... Read more

Read other 12 answers
RELEVANCY SCORE 104.4

A few days ago this virus has took over my whole computer. When I turn it on there are no icons nor the desktop, just my background and 2 warning messages that say Worm.Win32.NetSky is detected, it also says
Type: Virus
System Affected: Windows 2000, NT, ME, XP, Vista 7
Security Risk (0-5): 5
Recomendations: It is necessary to perform a full system scan.
When I click "OK" my computer automatically restarts and it happens again. I also tried every safe mode. But, the main problem is, I can't download anything to protect my computer, I've even tried using a flashdrive but no luck. Does anyone have suggestions of what I could do?
Thanks,
Kamp

A:Worm.Win32.NetSky Virus on Computer

Kamp, read the instructions on this page NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum. See if you can download the programs mentioned to a flash drive and run them on the infected computer. Then create a new thread in the Virus Forum with the info you have here, as well as any logs you're able to attach. If you can't run the 2 programs needed by the Virus staff, just let them know, they may have another option. If they want you to come back here and get instructions on something else, just post back in this thread.

Read other 1 answers
RELEVANCY SCORE 104.4

yesterday i was infected with the worm.win32.netsky and the trojan SPM/LX viruses, i have scanned with norton, ran the symantec win32.netsky patch, ran spybot search and destroy and found a few problems in the registry, something like nowallpaperchange! disabletaskmgr and something else, i deleted them within the registry, but nothing happened i still get popups saying i am infected and my background says YOUR SYSTEM IS INFECTED your system has been stopped due to a serious malfunction spyware activity has been detected. My taskmanager only works sometimes now that i deleted the registry change. I have also run Malwarebytes, but still nothing happenedhere is my hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:54:19 PM, on 1/15/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonj... Read more

A:worm.win32.netsky AND trojan SPM/LX virus HELP

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

I turned off my computer last-night which had been giving me this constant "c.exe stopped working" error message which I ignored. Today I opened my account and found only my wallpaper. NO taskbar, NO icons and this message:



So I immediately thought of a System Restore. I pressed Ctrl+Alt+Delete and came up with the Vista options all without the "Task Manager" option.

Yet here's another problem: Its all on my laptop, which its screen cracked couple months back and have been using a Logitech Wireless Keyboard/Mouse and Monitor Screen as a substitute ever since. Have no money to fix it but it works well kind-of like a compact desktop. I bring this up because I can NOT see the boot screen. The earliest my Monitor shows something is When I put in my password to login.

4,000+ iTunes Songs and All of my private data.
Please Help
It would be greatly appreciated.
Thank you.

A:Vista/ Worm.Win32.Netsky Virus

Hi,

please do the following:

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT



Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... ... Read more

Read other 2 answers
RELEVANCY SCORE 104

Hi,
I have limited computer knowledge - due to Global Economic Conditions, I bought my 7 year old computer with all software installed a year ago from a reliable university IT Dept., & its worked brilliantly, despite losing 2 slave H/Ds!
Last week I opened an e-mail with a Facebook link attached, & next thing Avast picked up this virus: File name: C:\WINDOWS\system32\drivers\Si3112r.sys
Malware name: Win32-Alureon-FR
Type: Virus Worm
VPS version 100405-1, 2010/04/05,
and Avast says: Cannot process.........
On startup, I now get "Bluescreen of death....", & can only start by re-starting with "last good configuration". Despite my best efforts, the virus remains, & avast now catches it each time, but cannot process it. I need to get rid of it!
The scans show a few programs that were seemingly previously installed on their external drives, but I was told to just ignore, & they have certainly not been an issue thusfar. I include scans as requested, and respectfully request your urgent help.
Many thanks! I HAD PROBLEMS ATTACHING THE WINRAR ZIPPED FILE - HOPE IT WORKS, - I CAN SEND IT UNDER SEPERATE COVER - Many thanks once again!

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 14:14:49.28 on 2010/04/04
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.570 [GMT 2:00]

AV: avast! antivirus 4.8.1368 [VPS 100403-0] *On-access scanning enabled*... Read more

A:PLEASE HELP with Virus/Worm "Win32-Alureon-FR

Hello -

I see that you've run ComboFix. At whose direction was this? Are you receiving help at another forum? If so, please stick with one forum at a time. If not, please post the log from ComboFix, located at C:\ComboFix.txt

Read other 19 answers
RELEVANCY SCORE 103.6

Hey everyone,

so I'm doing all this on my iPhone so please excuse the limited searching for answers.

I've had the fake antivirus software (av.exe) 2 or 3 times now but have been able to get rid of it with help from the guides. However, I now have the above listed virus, altho a post on systamtechs website makes me think it is not the listed virus and something else completely. It won't let me access task manager, has changed my sysamtech vptray program, changed AIM, and deleted malwarebytes exe. I tried reinstalling malwarebytes from a flash, but it didn't work. Was immediately deleted. Please help.

Oh, also, whatever this is hasn't touched ccleaner.

A:Fake worm.win32.netsky?

Hello and welcome... As this infection deletes a core executable of Malwarebytes' we will need to download a new copy of it and put it in the C:\ tc... so please follow our Removal Guide here http://www.bleepingcomputer.com/virus-remo...t-security-2010You will move to the Automated Removal Instructions for Internet Security 2010 using Malwarebytes' Anti-Malware:After you completed that post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 7 answers
RELEVANCY SCORE 103.6

I cannot connect to the internet with this virus so I couldn't download hijackthis or do any of the other steps suggested in the stickies. However my problem sounds alot like this thread I found on the site

http://www.techsupportforum.com/secu...se-advise.html

I'm also missing my C: and D: drives, am told task manager has been disabled by my sys admin when I press CTRL-ALT-DEL and have the programs error cleaner, privacy protector, Spyware&...protection on my desktop, as well as fake pop-ups claiming to be system errors and offering to fix the problem.

I ran AVG and quaratined/deleted the files it found but everything I mentioned above is still going on. Any help would be greatly appreciated, Thanks

ok, i followed the instructions on the combofix website (+ windows recovery console) and here are my results (note: most of the problem is gone, however I'm sure there are still some lingering malware files.

ComboFix 08-09-11.02 - Benjamin Cohen 2008-09-12 17:26:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.592 [GMT -4:00]
Running from: C:\Documents and Settings\Benjamin Cohen\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Benjamin Cohen\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Benjamin Cohen\Application Data\STEM3... Read more

A:Toolbar reads "VIRUS ALERT!", fake system alerts, fake AV programs on desktop

its been long enough I can bump right?

Read other 5 answers
RELEVANCY SCORE 103.2

I had something called worm.win32.netsky and it's been a problem for a few days now. I lost explorer.exe and could no longer access the task manager. When I clicked links on websites it would redirect to some advertisement/popup.

I managed to download kaspersky internet security (trial) and it supposedly found things and deleted them.

I still could not access task manager or restore explorer.exe.

I downloaded ComboFix and ran it - within a couple hours I tried Ctrl Alt Del and my task manager was back somehow

The screen of ComboFix is now stuck at "However, scan times for badly infected machines may easily double" and {it would seem} has not progressed for several hours.

The machine is a Windows Vista.
What should I do now? Close the Combofix? Reboot? ??? ???

A:Computer virus/malware - worm.win32.netsky

Update: The combofix must have finished overnight and then rebooted. The computer is not worse off than before, nor is it better.
What do I do?

Thanks.

Read other 1 answers
RELEVANCY SCORE 103.2

I seem to have a virus called "Worm.Win32.Netsky" on my Dell Latitude D610 Laptop. I'm running Windows XP Professional 2002 along with Service Pack 3. It has basically disabled all these things:Task MangerWhen I try to open the Task Manager it states "Task Manager has been disabled by your administrator"Registry EditorWhen I try Run > regedit > it says: "Registry editing has been disabled by your administrator"Safe ModeTrying to boot in Safe Mode hitting F5 just re-boots me to the same screenAnti-Virus Sites Won't LoadAny major websites that have to do with anti-virus won't load or open. For example McAfee, Symantec, etc.And now I have this fake malware program that pops up every now and then called "Internet Security 2010". Hope u guys can help me out.Thanks

A:Virus Worm.Win32.Netsky on my DELL Laptop...Help

Hello BrianDaboxer and welcome to Bleeping Computer! Sorry for the delay in response... Do you still need help? Just reply back and I'll be glad to help!Regards,swagger

Read other 1 answers
RELEVANCY SCORE 103.2

I turned off my computer last-night which had been giving me this constant "c.exe stopped working" error message which I ignored. Today I opened my account and found only my wallpaper. NO taskbar, NO icons and this message:So I immediately thought of a System Restore. I pressed Ctrl+Alt+Delete and came up with the Vista options all without the "Task Manager" option.Yet here's another problem: Its all on my laptop, which its screen cracked couple months back and have been using a Logitech Wireless Keyboard/Mouse and Monitor Screen as a substitute ever since. Have no money to fix it but it works well kind-of like a compact desktop. I bring this up because I can NOT see the boot screen. The earliest my Monitor shows something is When I put in my password to login.4,000+ iTunes Songs and All of my private data. Please HelpIt would be greatly appreciated.Thank you:)

A:Vista 32Bit/ Worm.Win32.Netsky Virus

Kristen,try using the guide posted at http://www.bleepingcomputer.com/virus-remo...tivirus-pc-2009Follow the steps carefully and let me know how it worked.

Read other 7 answers
RELEVANCY SCORE 102.8

I've been having some problems with my computer and I've always somehow managed to work my way around the issues spyware/malware etc. have created but lately it's been getting out of hand.. Some time ago I got a virus or something that made the entire tab under "Processes" dissapear. So I could not see process-names in the task-manager. I have re-installed XP but this problem persists. I have been using a different application to monitor and handle processes.

The problem now is the constant pop-ups generated from this fake anti-virus program calling itself "Anti Virus Pro 2007" or something.. It pops up with fake commercials, and even attach itself into other explorer-windows while I view other pages.

As popups and messageboxes keep popping up, I close them, but after a while windows will open a messagebox telling me "Buffer overrun detected in e:\Windows\system32\explorer.exe" (or \\windows\explorer.exe I don't remember really but you get the idea) and explorer.exe will be terminated, sometimes taking some internet explorer windows along with it, other times explorer.exe just starts up again and all my windows remain.

I used to have Norton but was forced to remove it as it was sucking up all my CPU. It rendered my computer useless, as I mainly use it for gaming.

I've also experienced having the connection between me and my modem broken while beeing on the internet, and I don't know if my computer actually is offline or if -I'm- just... Read more

A:Infected - "Win Anti Spyware" "Buffer overrun error" and a fake dialer or something++

Hello and welcome to TSF

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers. Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.

You are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Click "Save log" to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Expected logs:

Combofix.txt
HijackThis log

Read other 19 answers
RELEVANCY SCORE 102

OK, Yet another Win32.NetSky Virus thread. I'm usually pretty good getting rid of these but this one is a little bugger. I've read through a lot of the threads and can basically take my PC back, but the virus inevitably respawns itself. The following is a timelne of what I've done to get to this point.

It started with a message stating that I had a Windows Security Alert and asked me to download something to clean it up. It sounded funny, and wouldn't let me select cancel. Here's the window:
I tried CAD to get to the task manager and got the message "Task manager has been disabled by your administrator." I'm connected wireless so I disconnected and hit the Yes and it tried to launch me to

h-t-t-p://www.safenavweb.com/index.php?sid=502&said=0&aid=934&pn=5&pid=1
Then I get a second alert about the Worm.Win32.NetSky:

I think this one tries to put me to this webpage:

h-t-t-p://directnameservice.com/r.php?sid=502&said=0&aid=934&pn=5

At some point in time, The following is saved as my homepage:

h-t-t-p://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2

And I got shortcuts to some official looking spyware shortcut icons that are shortcuts to URLs.
Reading a Microsoft KB, I got my Task Manager back.

Reading some of the other pages, I ran ComboFix.exe.(Log Below)

This seemed to correct the issue. and I was good to go. However, on my next reboot I got another security alert then all ... Read more

A:Solved: Worm.Win32.NetSky and Privacy Protector Virus

Read other 7 answers
RELEVANCY SCORE 101.2

I was looking at these freeware AntiVirus program's to replace InoculateIt. The Company is ending InoculateIt support in May.
:
"Avast!" (ALWIL Software); "AVG" (Grisoft)
:
Both seem to get pretty good ratings, and I was thinking of getting one of them, then getting Norton AntiVirus when I have the extra $$$ available.
:
Any opinion's as to their ability to stop unwanted stuff from getting in, ease of setup & use would be appreciated.
One thing I've noticed is AVG only issues updates monthly--and I think Avast! is the same--is this often enough to effectively defend against new virii?
:
Will be using whichever one I get with ZoneAlarm (Freeware) Version 2.6.231
 

A:"Avast!" and "AVG" Anti-Virus program's. Opinion's?

Read other 7 answers
RELEVANCY SCORE 101.2

Don't know how it happened, but I started getting those fake "antivirus" pop ups. I used CTRL+ALT+DEL to end that program. Then my computer began to restart. I used the power switch to turn it off. When I turned it on, it would keep rebooting. I tried Safe mode, Last good known configuration, All the options, it wasn't until I tried "Debugging mode" that it actually looked like it might be working. It led me to a black screen with the "Worm.Win32.Netsky" alert. I turned it off without clicking anything. Help :/(Moderator edit: post moved to more appropriate forum. jgw)

A:Computer won't stop restarting, won't load. Worm.Win32.netsky virus

Can you boot now? To Normal and/or Safe mode?Is this an XP system?Can you follow our Removal Guide here http://www.bleepingcomputer.com/virus-remo...t-security-2010You will move to the Automated Removal Instructions for Internet Security 2010 using Malwarebytes' Anti-Malware:After you completed that post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 100.4

Sorry I couldnt run the other suggested tools - whatever took over my pc won't let them run. So here's my hijackthis log:

(attached)

Appreciate help soon. Thanks~

A:Hijackthis log - worm.win32.netsky fake spyware alert (I think?)

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please describe the issues you are experiencing with your computer.

Read other 3 answers
RELEVANCY SCORE 100.4

HelloA relative gave me there laptop to look at. It gets Worm.win32.netsky Spyware alert and Trojan SPM\LX popups. Current Problems are:In safe mode: Safe mode will not boot all the way. It gets to the back round screen but does not load any icons, task bar or anything.In normal mode:Cannot load most programs Task manager disabledGetting web browser redirects.I managed to get Hi jack this on the machine. I noticed Smss32.exe, winlogon32.exe, helper32.dll files. I found removal instructions online but I thought I would post hear and see what the experts say.Thank you for your time.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:01:16 PM, on 1/18/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v8.00 (8.00.6001.18865)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Windows\OEM02Mon.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\smss32.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files\HP\HP Software... Read more

A:Fake worm.win32.netsky Spyware alert popup

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 9 answers
RELEVANCY SCORE 100

A friend had the Anti-virus Number 1 virus on her computer. I ran Malwarebytes Anti-Malware AND Kaspersky's AVPTool on it, and that seemed to clear it up. Spy Sweeper and McAfee both claim the computer is now clean.

However, the computer is still running very slowly, and when I tried to empty the recycle bin, I got the following error:
"Cannot delete Dc317: The request could not be performed because of an I/O device error."

As far as I could see, no files from the recycle bin were deleted at all.
I have no idea if Dc317 is a systems file (and if so, how it got in the recycle bin in the first place) or if it's a leftover from the virus, and the "I/O device error" has me scratching my head. I have no idea what to do from here.

I have not run HijackThis yet--I'll run it and post the log the next time I go over to her house (though I'm not certain this is a malware problem at all). The OS is Windows XP. Any suggestions?

Thanks for reading this.

-wynne
 

A:removed "anti-virus number 1" virus: now cannot empty recycle bin

Read other 8 answers
RELEVANCY SCORE 100

I have a computer with Windows XP Pro SP3 running IE8 when I do google searches and click on the results I am redirected to a different page than what is shown in the result. I've run Malwarebytes and it did not find any viruses or malware, I restored the computer back to a date prior to when the redirects where happening, that did not work. Webroot says it is finding viruses but I can't quarentine or delete the viruses. Webroot listed the location of several viruses and when i checked that location nothing was there, several registry entries and temporary internet files. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. If it needs to be emailed to someone please let me know.Thanks,Pete.DDS (Ver_11-03-05.01) - NTFSx86 Run by Pete at 8:19:12.42 on Tue 04/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2325 [GMT -7:00].AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}.============== Running Processes ===============.C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k nets... Read more

A:Infected with Google redirect virus and fake anti-virus software pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 100

Hey everyone.

It's been awhile since I've had any big computer problems, but today when I came back to my laptop and tried to un-idle it, it froze up and I had to manually shut down the power. Upon start up, I was met with the blue screen of doom, giving me the error codes (0x00000023, 0x000E0100, 0xF8975FC0, 0xF8975CBC, and 0x83229805).

I was able to load up with the most "recent configuration" option though. Right before the explorer fully loaded, a pop-up notification came up warning me that my computer was infected with "worm.win32.netsky". Whatever malware had infected my computer had changed the wallpaper and made it so that my computer kept suggesting these fraudulent anti-spyware programs.

I tried to use Smitfraudfix and Malwarebyte to get rid of some things, but now I can't boot up regularly at all - only in safe mode. An attempted regular boot up leads to the dead end blue screen, and the most recent configuration leads to a restart. Though the pop-up warning me about the worm has disappeared in safe mode, I cannot check if the other pop-ups and wallpaper are still there because of the blue screen of death.

Nonetheless, there's still some sort of infection going on, because google redirects hits into random pages. But most of all I want to get around the blue screen. (I've ran chk dsk F\ with no results, and tried to start the CD recovery console but it froze)

I managed to uninstall Utorrent, but Alcohol 120% will not be instal... Read more

A:Worm.Win32.Netsky, Google Redirect Virus and Blue Screen of Death

Hi,

Please do the following:

we need to disable the sptd driver or it will interfere with our tools:

Please download DeFogger to your desktop.
Double click DeFogger to run the tool. The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


NEXT

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer... Read more

Read other 11 answers