Over 1 million tech questions and answers.

Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Q: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello, New to the forums I had search and been trying everything to get rid of this problem. I found the sight through one of my searches. I am some what new to this so please bare with me. Of course I ran my scans, spybot, ad aware, norton 360. Ran hijack this and will post the log, in the process of running pandasecurity.

Windows xp pro
service pack 2

Right now my desktop back ground is blue with the box in the middle that says " warning! spyware detected on your computer! install an antivirus or spyware remover to clean your computer"

I have tried the right click desktop/ properties/ but I do not have the desktop tab!
I have themes/ appearance/ settings thats it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:00, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\lphca04j0epa3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\aim\aim.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061113
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [lphca04j0epa3] C:\WINDOWS\system32\lphca04j0epa3.exe
O4 - HKLM\..\Run: [SMrhce04j0epa3] C:\Program Files\rhce04j0epa3\rhce04j0epa3.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdyeb.exe] C:\WINDOWS\system32\kdyeb.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13018 bytes

Thank you for your time and hope to hear back soon.

RELEVANCY SCORE 200
Preferred Solution: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello bamflee84,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 175.2

Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-27 12:34:58Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-06-27 16:35:07 UTC - RP11 - Deckard's System Scanner Restore Point3: 2008-06-27 15:48:31 UTC - RP10 - Removed Funhouse2: 2008-06-27 15:46:01 UTC - RP9 - Last good restore point1: 2008-06-27 15:45:43 UTC - RP8 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 383 MiB (512 MiB recommended).-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:30 PM, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

A:Infected With-warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Click Start -> Control Panel -> Add Remove Programs and uninstall this program:My Web Search (Zwinky) ==============Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc9h7j0e33t
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper
C:\WINDOWS\system32\lphc9h7j0e33t.exe
C:\WINDOWS\system32\blphc9h7j0e33t.scr
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a f... Read more

Read other 2 answers
RELEVANCY SCORE 174.4

I got the message "Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware remover to clean your computer" on my computer yesterday.Followed instructions provided by this site but still i can see the same problems.Find the attached Logs Produced by DSS.Any Help will be appreciated.

A:Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello gables,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 174.4

After running Ad-Aware, Avg, and HouseCall my Desktop is still hijacked. My screen will go completely blue with warning of spyware and a notice that my computer must be restarted and to press F8 to restart. I press F8 and I go back to where I was with all applications still open. I've had a green screen come up with what looked like real time typing going on. The type again says that my computer needs to shut down followed my a message about information code and then a lot of mumbo jumbo nubers and digits until I press F8 or Ctrl Alt Del.Here is my Highjack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:17 PM, on 8/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exeC:... Read more

A:Warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer.

I went through the reccomended scans - disk cleanup, adaware, spybot, housecall, AVG, then stinger. I've been running a scheduled scan daily with AVG. My computer is still slow. Of course this computer is old. Is that the problem or can I get a little more speed?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:09 PM, on 8/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lxddcoms.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AT&T\Internet Security Wizard\ISW.exeC:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\PROGRA... Read more

Read other 3 answers
RELEVANCY SCORE 174.4

Hey everyone, I heard this website is great to ask question and I got a lot of help from you guys before and I can tell you know your stuff. I'm a new member just signed up because I just got a problem that I don't know how to solve.

I have Windows XP and this is a custom made computer so I don't know if that changes anything with fixing it or not. I was surfing online through some forums and then I got a little screen that popped up from my Avast virus protection and it said it found something. I usually don't read it and I usaully choose delete which worked fine up until now. After clicking on delete it would keep on reappearing saying that it found a virus. So I was guessing it I should continue pressing delete. Then a little program came up and I could tell it was a spyware or a virus so I closed it.

When I saw the name I went to add and remove programs to try and to uninstall it. I clicked on it multiple times to uninstall and it said it was succesfull but it wasn't. My screen then turned blue like the blue screen of death but I could still see the desktop and there was something written in the middle which was "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" in a box. So I decided to go into the program files and delete this program right away from the source. So I found it and it had a weird name it was like geber gaber. Once I deleted it it didn't look like it was sp... Read more

A:Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 11 answers
RELEVANCY SCORE 154.4

(continued from title) ..clean your computer.
F-secure found Trojan-downloader.wim32.small.ywc.

Desktop shows blue background with boxin middle. Top part yellow and bottom part blue with message stated above.
Was using out of date McAfee and got this virus. Unistalled McAfee and installed F-secure through Charter High speed internet service (free). Went through the 5 steps. Windows said no updates needed during that step.

Deckard's System Scanner v20071014.68
Run by Kim on 2008-07-27 12:16:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-27 16:16:48 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-26 18:46:38 UTC - RP7 - psc 7.03 build 116 Installation
6: 2008-07-26 17:00:21 UTC - RP6 - Removed TurboTax ItsDeductible 2006
5: 2008-07-26 16:59:41 UTC - RP5 - Removed TurboTax ItsDeductible 2005
4: 2008-07-26 16:58:47 UTC - RP4 - Removed WexTech AnswerWorks


-- First Restore Point --
1: 2008-07-26 16:46:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:51 PM, on 7/27/2008
Platform: Windows XP SP... Read more

A:Warning! Spywar detected on your computer. Install antivirus or spyware remover to..

Bump!

Read other 4 answers
RELEVANCY SCORE 152.8

Hi and thanks for taking the time to review my problem.Have blue wallpaper with yellow/blue centered dialog box states "Warning! spyware detected on your computer, install an antivirus or spyware remover to clean your computer"Desktop - properties - wallpaper - show wallpaper name phcpf6j0egen. I left this and did not try to change it.Other symptoms are full page blue screens with lots of dialog about errors telling me to disable BIOS memory options etc. etc. there may be many such pages - each one different describing different errors (they change quickly so I can not write hardly anything down) then it appears to restart my computer - has windows start up screen, but I think its a fake screen - it not really restarting and I can eventually get back to my desktop, the files I have open, or the web browser.I was surfing the internet when it happened and was tweaking my kerio firewall on my three networked computers, I downloaded a pdf file and took a screenshot of my router - I may have deleted these files although they looked pretty benign to me.I ran kaspersky scan --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 21:25:34 Records in database: 981617----------------------------------------------------... Read more

A:Blue Wallpaper With Dialog Box: "warning! Spyware Detected On Your Computer. Install An Antivirus Or Spyware Remover T...

Hi
I have resolved above problem. Mod may close/delete this post, unless further info would be of assistance to others.
Found a lot of useful info on BC which helped me fix the problem - basically the tool that has seemed to help me the most was Malwarebytes Anti Malware and I now seem to be malware free (need to do some other scans and checks)
Responsible bugs found Rogue.Multiple, Trojan.FakeAlert, Hijack.Wallpaper, Trojan.Agent
Symptoms resolved: (A) Blue Wallpaper with yellow/blue box stating "Warning! spyware detected on your computer Install an antivirus or spyware remover to clean your computer"
( random Blue Screens of Death with lots of text describing system errors etc. (fake)
© random windows startup screens appearing to restart computer (fake)
(D) redirect while surfing to pc-scanner-online.com (do not paste this in your browser) pop ups urging me to click dialog box in order to scan my computer for security risk (? attempt to infect my PC with "antivirus 2008" ?
(E) random Black Screens of Death (fake)

Felt real good killing those suckers!
Thanks BC
Regards to all, Janice

Read other 2 answers
RELEVANCY SCORE 148

My sister brought me her computer to fix it for her, said it was running really slow. When I first started the computer up and logged into Windows, I found a blue screen with a warning on it, "Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer". I knew then that she had gotten some malware somewhere. I had to press ctrl-alt-delete and manually run the explorer bar, and then I got an error stating that Windows Explorer has encountered a problem and needs to close. I have been working around this and have searched the internet for ways to fix this malware problem. I have downloaded Malwarebytes' Anti-Malware and ran that, removing over 270 Trojans. But to no avail, the blue screen with the warning is still there and you still have to run explorer.exe manually. Here are my Deckard's System Scanner logs.Deckard's System Scanner v20071014.68Run by Michele McClure on 2008-07-19 12:35:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --55: 2008-07-19 17:36:06 UTC - RP1529 - Deckard's System Scanner Restore Point54: 2008-07-18 23:22:30 UTC - RP1528 - System Checkpoint53: 2008-07-10 18:11:37 UTC - RP1527 - System Checkpoint52: 2008-07-09 17:48:43 UTC - RP1526 - System Checkpoint51: 2008-07-08 17:18:40 UTC - RP15... Read more

A:Background Changed: 'warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer' On Blu...

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if... Read more

Read other 3 answers
RELEVANCY SCORE 148

Hi all, my background changed to what is in the title saying Warning, spyware detected on yoru computer install antivirus or spyware to clean computer. I tried searching for solutions on google and already tried spyware doctor and spyware bot. When those didnt work I downloaded Hijackthis and ran it. The following is the long. Any help is greatly appreciated especially in layman's terms as I am not the most computer savvy. Thanks again. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:22 PM, on 7/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Funk Software\Odyssey Client\odClientService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\m... Read more

A:Changed Background To Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer

Hi kb1171,First, we need to backup your registry:Please go to Start > RunPaste in the following line:regedit /e c:\registrybackup.regClick OK.It won't appear to be doing anything, that's normal.Your mouse pointer may turn to an hour glass for a minute.Please continue when it no longer has the hour glass.Registry FixPlease open up an instance of Notepad.Click on: Start, thenAll Programs, thenAccessories, thenNotepadCopy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad
REGEDIT4

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{eec00589-90e6-4a27-b81f-61c7b2616351}]

[-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]Save it as "All Files" and name it RemoveFilter.reg. Let the location be your desktop.Navigate to your desktop.Double click RemoveFilter.regA window will prompt you to Merge RemoveFilter.reg with the Windows Registry, this is normal. Choose Yes/Ok.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun ... Read more

Read other 1 answers
RELEVANCY SCORE 124

Hi,

I've used this forum before and once again I'm back seeking your help. Despite my efforts to steer clear of malicious software I've had something on my computer that keeps coming back and has resisted my attempts to clean it off. It's a Desktop that claims that I have spyware on my computer and their is either a bright blue or white background with a rectangular message "Warning! Spyware detected on your computer!". Nothing seems to be working poorly but I am concerned that it may leave me vulnerable to other malicious software. I have attached the DDS log file. Thanks for your help.


DDS (Version 1.1.0) - FAT32x86
Run by dittman at 22:37:36.93 on Thu 01/01/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.4 [GMT -5:00]
============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\Program Files&#... Read more

A:Warning! Spywre detected on your computer!

So after reading several other postings and trying several other Malware/Spyware removal programs Malwarebyte Anti-Malware came through and found many things that others hadn't and took care of the problem. No more HiJacked Wallpaper. Hopefully it won't come back. Something that I didn't mention in my last posting is whatever problem I was having wouldn't allow me to access my Wallpaper options and even more problematic it wouldn't allow me to boot in safe mode.

Thanks

Read other 7 answers
RELEVANCY SCORE 105.2

Deckard's System Scanner v20071014.68Run by Geoff on 2008-05-25 21:57:01Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-05-25 09:57:05 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-05-25 06:19:36 UTC - RP2 - Last known good configuration1: 2008-05-25 06:19:06 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Geoff.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:01:47 p.m., on 25/05/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Java\jre1.6.0_05\bin\jusc... Read more

A:Blue / Yellow Screen With The Message: Warning! Spyware Detected On Your Computer! Install An Antiviris Or Spyware Remo...

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 4 answers
RELEVANCY SCORE 102.8

Hello,

I have a Toshiba laptop runing Windows XP Home edition. My laptop seems to have some sort of virus/spyware on it. The background turned blue and has a rectangle box in the middle (with yellow) stating, "Warning! Spyware detected on your computer! Install an antivirus or spyware removal to clean your computer." It also starts running a Windows XP spyware remover (i believe that's what it is) and comes back that a redicolous amount of files are infected. Any help would be greatly appreciated!

-Thank you

Ryan

A:My Laptop's Wallpaper Is Blue And Says, "warning! Spyware Detected On Your Computer! Install..."

Among other things, you have the win32/FAKESCREEN.N virus. I had the same thing. Go to http://www.bleepingcomputer.com/forums/t/158403/xp-antivirus-2008-win32fakescreenn-and-other-virus-problems-cant-fully-remove-them/ and see the steps that Q7 told me to follow, not just the first one. There are a bunch of steps in the thread and it is time consuming but when your done your PC will be good as new. Q7 is the man!!! My PC couldn't be better now. GOOD LUCK!!!

Read other 1 answers
RELEVANCY SCORE 102.8

Howdy all
Please help.
Here are the details

Win xp sp2 - all patches
running
Commodo Firewall 2.4
Spyware Terminator
Avast

Both Spyware Terminator and Avast have been updated and the pc has been scanned. All found problem files have been deleted.

Upon boot up I have a message

Warning Spyware detected on your computer. Install a antivirus or spyware remover to clean your computer.

Its in a yellow and blue(desktop background) box.

HJT is below.

Thanks in advance.
Waiting to hear

jazzisjazz

-------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:13 AM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShie... Read more

A:Please Help _HJT inside Message:Warning Spyware detected on your computer. Install a

Read other 16 answers
RELEVANCY SCORE 97.6

HI,

I am getting a "warning spyware detected on your computer install an spyware.." on my desktop wallpaper since past two days.

I read about a similar problem on this forum. Thanks in advance for your help.

I ran SUPER Anti spyware, then ran combofix and then HJT. I'll post the
logs in that order. Right now the message has gone, but I guess its still not fixed.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2008 at 03:22 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 01:31:36

Memory items scanned : 603
Memory threats detected : 2
Registry items scanned : 5735
Registry threats detected : 1
File items scanned : 105474
File threats detected : 242

Rogue.Dropper/Gen
C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE
C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE
[lphc5q4j0ev87] C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR
C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR
C:\WINDOWS\Prefetch\BLPHC5Q4J0EV87.SCR-206729A6.pf

Adware.Tracking Cookie
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][2].t... Read more

A:Getting a "warning spyware detected on your computer install an spyware.." on desktop

Read other 6 answers
RELEVANCY SCORE 91.6

Hello to all members. First off all I'he read some posts and tried do follow the instructions written there ... but I'm still facing some problems.
1. Some web pages display the message Error 404 object not found (eg http://www.malwarebytes.org) or redirect to my local php server
2. Combofix displays a msgbox with the text "combofix has detected the presence of rootkit activity and needs to reebot the machine"

Additional information: Windows XP Pro with SP2 installed

A history of the problem:

A couple of days ago, my desktop background suddenly changed to a bright blue with a dialog box stating "Windows Warning Message!" at the top and which had on a bright red field the words "Warning! Spyware Detected on your Computer!" At the bottom of the box it said "Please activate your antivirus software to Clean your computer. I couldn't modify my background. After some research I've changed some settings in control panel -> display and was ok. I've also installed Ad-aware from LavaSoft which detected some files in windows and windows\system32 directories (the names were something like phcn2gj0ep09). Then tried Spybot - Search and Distroy) which repaired some entries in registry and finally hijackthis from trendMicro.

The log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:17, on 27.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Norm... Read more

Read other answers
RELEVANCY SCORE 91.6

Problem started with desktop "AntiVirusXP2008" and a very slow computer. I used Spybot to fix the desktop problem and 27 other problems. After this, the computer was still slow and shutdown and re-booted every 20-30 minutes. Also a new text box was on the desktop saying "Warning! Spyware detected on your computer" complete with a "Buy" button. After many hours of work I found this web site with a recommendation to buy STOPzilla. STOPzilla removed the desktop problem and 57 other problems but did not fix the slow computer and other problems. My task Manager shows numerous process running most of which appear bogas. Also, a new pop up occurs occasionally that says "Warning! You have 5407 critical objects on your computer" with the usual "Buy Now" button. A second STOPzilla scan identified 14 more problems. The new infection names are Malware Protector, Secure Desktop Hijacker, Sweg, Winds32, Core and Virus Alert. After removing these, the computer is still extremely slow and it still has the "Warning" popup. I have a HijackThis File but not sure how to submit it. Any help is appreciated. Tom22

A:"warning! Spyware Detected On Your Computer"

Hello and welcome. Please first disable Spybot while the scan is done, you can turn it on afterward.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and c... Read more

Read other 8 answers
RELEVANCY SCORE 91.6

Hi,

The problems with my computer started on 12/25/07. I think there is fake spyware on my computer. I keep getting Generic Backdoor.u pop up and removed.

I have attached the HijackThis log. Please let me know which files to check off and remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:36 AM, on 12/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oa... Read more

A:Warning Spyware detected on your computer

I need your help. My restore information has been erased and I keep getting these virus win32.trojan.BHO and GenericBackDoor.u. It looks like there is a fake spyware program that keeps coming up and it wants me to use it (but I don't recall loading it).

Let me know which items to check off on my most recent HijackThis log below.

I was going to get rid of all the BHO items on the list but your site said not to try anything on my own.

THank you,

Nancy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:25 PM, on 12/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

I am using XP Pro-SP2 (Installed already) We have the Blue and Yellow WARNING... screen that is so common, with disabled Desktop and Screen saver properties tab missing. User let kids on machine and they installed the decoy program. I completed all five steps prior to posting this thread. Ad-Aware Pro 2008 is installed (Ad-Watch disables currently), Windows updates are up-to-date.

**********Panda ACTIVE Scan Log********
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-13 14:14:49
PROTECTIONS: 0
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=================================... Read more

A:Warning-spyware Detected On Your Computer

BUMP, please (posted 8/13/2008)

Read other 7 answers
RELEVANCY SCORE 91.6

Hello Helpers and General Onlookers,My boss, Barry opened an email without looking at it's contents and feels that is what gave him this problem. He has the following message embedded on his desktop display:Warning!Spyware Detected On Your Computer!____________________________________________Install an antivirus or spyware remover toclean your computer.---------------------------------------------------------------------------------------This message is contained in a box, the top half is yellow, the bottom half is blue______________________________________________________________________Along with this though it may be or may not be related- he is getting the blue screen of death with various messages that end it restart your computer and call your network administrator if it keeps happening. It flits out of it so fast that every time he calls me to witness the issue the computer is already restarting itself._________________________________________________________________________________________________Things I've tried. Installing adaware and running it. Did not phase it.Running AVGAdd/Remove Programs (not there)Pulling my hair out! (I'm bald but it solved nothing)Kicking the tower and cursing God. (I'm probably going to hell before this thing gets fixed)________________________________________________________________________I would much appreciate any help including going through the process of using Combofix and posting the results for some... Read more

A:Warning! Spyware Detected On Your Computer

Try running a full system scan with Malwarebytes' Anti-Malware.

Read other 3 answers
RELEVANCY SCORE 91.6

Hello! I had downloaded a program yesterday and when it was finished, the desktop displays a blue screen with textin the middle, that says: ''Warning! Spyware detected on your computer! Install an antivirus or spyware removerto clean your computer.'' So I cleaned my computer, but the blue screen with the warning sign is still there! Does somebody know how to get rid of this virus/malware? Sincerely, Rick.Ps:I'm Dutch, so maybe my Englisch is a littlebit wrong. Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:''warning! Spyware Detected On Your Computer!''

What was the program you used to clean your computer and what program did you download yesterday?

Read other 5 answers
RELEVANCY SCORE 91.6

Hi, this is a challenge!This computer belongs to a disabled person with a brain injury (memory problems) he tends to click ok when ever a popup happens.I help him, and will be doing all the disinfection. He will not be using this computer for the duration of theprocess. The warning sign in yellow and blue on the wallpaper (background screen appeared first)then the malware protector 2008 program started, then a couple days latter Advanced xp defender showed up.I tried running kaspersky but it failed twice.Here is the result of the DSS scan: ThanksDeckard's System Scanner v20071014.68Run by Mitchell J Cohen on 2008-06-06 09:54:34Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --5: 2008-06-06 13:54:41 UTC - RP5 - Deckard's System Scanner Restore Point4: 2008-06-06 11:37:46 UTC - RP4 - System Checkpoint3: 2008-06-04 23:33:13 UTC - RP3 - Installed Ad-Aware2: 2008-06-04 13:36:34 UTC - RP2 - Last known good configuration1: 2008-06-04 13:36:27 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Mitchell J Cohen.exe) ------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Tren... Read more

A:Warning!spyware Detected On Your Computer

Hello Spacy55 and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed... Read more

Read other 7 answers
RELEVANCY SCORE 91.6

I have a blue screen with a yellow background which say's: Warning!Spyware detected on your computer!Install an antivirus or spyware remover to clean your computer.There has been installed (by the virus i guess) blphcv58j0e39r.scr and phcv58j0e39r.bmp.Please help me to remove this virusDeckard's System Scanner v20071014.68Run by Maarten Bakelaar on 2008-07-14 19:47:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------------------------------------------------------- Last 5 Restore Point(s) --12: 2008-07-14 14:54:34 UTC - RP641 - Deckard's System Scanner Restore Point11: 2008-07-12 23:26:43 UTC - RP640 - Controlepunt van systeem10: 2008-07-10 11:32:10 UTC - RP639 - Controlepunt van systeem9: 2008-07-05 08:44:05 UTC - RP638 - Controlepunt van systeem8: 2008-07-01 13:10:12 UTC - RP637 - Controlepunt van systeem-- First Restore Point -- 1: 2008-05-08 14:21:26 UTC - RP630 - Controlepunt van systeemBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-14 19:56:30Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\syste... Read more

A:Warning Spyware Detected On Your Computer

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 2 answers
RELEVANCY SCORE 91.6

Hello and HELP please. This is my first time posting so if I am not doing it right I apologize and please let me know HOW I should be doing it. I have the yellow and blue box on my desktop that says Warning! Spyware detected on your computer. Install an antivirus or spyware remover to clean your computer. I have read about 20 of these by googling and have run SpyBot, AdAware, and Avast. It has found some things and fixed them but I still have the problem. I cannot even boot into normal mode without hitting the escape key as a blue screen comes up with lots of writings. Someone said to download SmitFraud but then when I googled SmitFraud it said not to. Meanwhile I have installed HiJack This and have my log (which seems to be what is required) I would appreciate any and all help in resolving this problem. I am not real computer smart but also not stupid. Can you please help? Here is a copy of my HiJack This and thanks a million!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:08:17 PM, on 6/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSExplorer.EXEC:Program FilesAlwil SoftwareAvast4aswUpdSv.exeC:Program FilesAlwil SoftwareAvast4ashServ.exeC:PROGRA~1ALWILS~1Avast4ashDisp.exeC:Program Fi... Read more

A:Warning Spyware Detected On Your Computer

Hello Again. I don't know how long it takes for someone to read this but I wanted to report that I ran everything again (SpyBot, Avast and Adaware) and they once again removed many viruses/trojan horses, etc. and when it was done I was able to right click on the desktop and suddenly I had five tabs again (themes, desktop, screensaver appearance, settings) which then showed me that the message I am getting at start up is a picture labeled phc53gjoe1a1. Prior to running all three scans again I only had three tabs there - Themes, Appearance, Settings and it would not let me browse for any other picture. I did a search with the number 53 and found three files. The picture that was a bmp and then I found an .scr and an .exe called lphc53joe1a1 but I was only able to delete the picture and when I tried to delete the other two it said it was unable to do it :-( I noticed that most of the Avast errors were found in the localsettings\temp\ files and had various names like tt21.tmp, tt3e.tmp, tt42.tmp., tt5B.tmp (about 9 of these). During SpyBot it showed CoolWWWSearch.hjg, Microsoft.Windows.Security.InternetExplorer, Microsoft.Windows.System and Microsoft.WindowsSecurityCenter_disabled. I have *fixed* all of these on the last 3 scans but they keep popping back up. I fixed my desktop back to the way I had it and thought all was well but then I rebooted and everything was back :-( I ran another HiJackThis and got this log file.Logfile of Trend Micro Hijac... Read more

Read other 9 answers
RELEVANCY SCORE 91.6

I have run 2 different spyware programs and anti virus programs and I can't get rid of this. I hpe some one can help me.The Home Page has been changed to a big red ?X? screen with a message : ?Warning Spyware Detected on your PC? ! Possible spyware infection has been detected. Click here to scan your PC for spyware??.?The html is traced to C:\windows\system32\spywarewarning.mht?On the desktop right corner end, every few minutes it will pop out a message: ?Windows security alert. Your computer is not protected against spyware! Spyware able to steal you data including passwords, credit card numbers etc. Scan your computer immediately? Thank YouLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:06:28 PM, on 10/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\Common Files\M... Read more

A:"warning Spyware Detected On Your Computer

Hello sgasper and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Do you happen to install by your self WatchRight? It is a monitoring program that captures data from a computer including screenshots, keystrokes, web cam and microphone data, instant messaging, visited websites etc. please read more here --> http://research.sunbelt-software.com/threa...;threatid=14094 and here --> http://www.symantec.com/security_response/...-020114-5742-99PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATERPlease follow the steps below exactly in the order they are written:Step #1Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to pr... Read more

Read other 14 answers
RELEVANCY SCORE 91.6

Hi,I hope someone can help me with this major probCouple nights ago shutdown PC everything fine then then next morning booted up and the desktop background has changed to:''Warning Spyware detected on your computer! Install antivirus or spyware remover to clean computer''now it seems like somebody went on the Internet while I was asleep and got the PC hijacked and its all messed up now (I'm hunting down who's responsible as I type)Now I've never had this before but straightaway there are some suspicious things going1) Desktop background changed (and cannot change back to previous)2) a program called ''Antivirus XP'' is installed3) PC keeps rebooting over and over again with the the odd flash of blue screen of deathI've already run my most up-to-date Spybot, Ad-aware, & AVG all of which detected a load of stuffWith the scanning done and all the trojans etc. deleted (or at least I think they are) the problem still existsAfter following the prep guide here is my copy of the generated DSS report along with the Kaspersky log tooCheers.Deckard's System Scanner v20071014.68Run by S. Rahman on 2008-06-30 01:41:39Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------------------------------------------------------- Last 5 Restore Point(s) --6: 2008-06-29 18:05:07 UTC - RP7 - Deckard's System Scanner Restore Point5: 2008-06-29 18:03:44 UTC - RP6 - Installed Java™ 6 Update 64: 2008-06-29 1... Read more

A:Warning Spyware Detected On Your Computer

Hi,Thanks for the logs. That went quite well. You have quite the mess.Including email spam bots, password stealers and a bunch of other downloaders and so on.If you do anything sensitive on the PC (like banking, online shopping and such) ya'll need to have your passwords changed from a clean machine.This goes for all users of this machine.Best to contact your financial institutions if you do online banking or use credit cards so they can keep an eye on your accounts.Online game sites as well. (many of these password stealers are targeted at stealing accounts from games like WoW)Reason you cannot fix your background is the malware set restrictions to disable showing those settings. That too will be fixed shortly.Reason your security software keeps detecting more and more stuff is because you have several trojans downloading it all & re-installing it.Anyway -- let's get on with the fixing.We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt t... Read more

Read other 11 answers
RELEVANCY SCORE 91.6

Hey,

I got the message Warning!spyware detected on your computer on my desktop.I've been trying for hours and reviewed alot of trojans but the message still comes up.If someone would be kind enough to help me id appreciate it.thank you here is my hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:08 AM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc7t6j0el2r.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pcts... Read more

A:warning!spyware has been detected on your computer

Please download Malwarebytes Anti-Malware
You may also download the tool from Here or Here.
...save it to your desktop.Double-click on Download_mbam-setup.exe to install the application...follow the prompts when the installation begins.
DO NOT MAKE ANY CHANGES TO THE DEFAULT SETTINGS.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from Here...then just double-click on mbam-rules.exe to install them.
On the Scanner tab:Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top.
When the scan is finished, a message box will display:
"The scan completed successfully...
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
(see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy the conten... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

Blue and yellow desktop giving me a warning that my computer has detected spyware and needs to be cleaned, also, screen saver comes on that shows a fake reboot. Desktop options have been disabled and I can use a back route to change my wallpaper but it reverts back to warning sign upon reboot. Help!


1. I went to my control panel and removed any of the programs listed on your remove list (only viewpoint and viewpoint manager)

2. I performed a scan with PandaActiveScan

3. I installed Spyware Blaster and IE-Spyad per your directions.

4. I tried updating my OS but found I was already on ServicePack 2, and there weren't any critical updates so I just left it alone

5. I downloaded Hijack This and ran a scan. Here are the results of the scan:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\s... Read more

A:Warning! Spyware Detected on your computer!

Hello -

If you saved the log from Panda ActiveScan, please attach it to your next reply.

To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
Click Upload.


Please ensure that you include the header information when posting a HijackThis Log. The header contains important information about your system critical to our review. When HijackThis opens Notepad with the log, press Ctrl+A to select all, Ctrl+C to copy all, then Ctrl+V to paste all into a thread.

I would require a new HijackThis log, please.

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Create an uninstall list:

With HiJackThis still open Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

---------------------------------------------------------------------------------------------

Read other 4 answers
RELEVANCY SCORE 91.6

Hi,

My computer has got the warning! spyware, I downloaded AVG and deleted
registry keys for bhpl... and msauc but problem comes back again. Could you please help me.

Thanks
Sam

Logfile of HijackThis v1.99.1
Scan saved at 10:54:17 PM, on 6/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.e... Read more

A:warning! spyware detected on your computer!

Hello Sam -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Just close it for now.

---------------------------------------------------------------------------------------------

Next.........

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Plea... Read more

Read other 19 answers
RELEVANCY SCORE 91.6

Hello,

I'm working on my sisters computer and it is a mess. It has Windows XP withe SP 3 with IE6.

The problem is that there is a blue background that says Spyware has been detected on the computer and an anitvirus program needs to be downloaded. Also, a screensaver keeps popping up that looks like the blue screen of death followed by a fake reboot. The system has slowed down tremendously and almost nothing can be accomplished on it. Also, the user has been partially locked out of the display properties (cannot change backgound or screensaver).

Any help will be appreciated by this point.


Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-06 09:22:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-07-06 14:22:38 UTC - RP1483 - Deckard's System Scanner Restore Point
5: 2008-07-06 06:00:27 UTC - RP1482 - Move file to quarantine: {02478D38-C3F9-4efb-9B51-7695ECA05670}
4: 2008-07-06 05:04:08 UTC - RP1481 - Software Distribution Service 3.0
3: 2008-07-06 03:45:51 UTC - RP1480 - Software Distribution Service 3.0
2: 2008-07-06 02:50:07 UTC - RP1479 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-05 00:31:39 UTC - RP1478 - System Checkpoint


Backed up registry hiv... Read more

A:Warning: Spyware has been detected on this computer

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

Read other 15 answers
RELEVANCY SCORE 91.6

Hello, i found my desktop with the message "warning! spyware detected on your computer..." this morning after it rebooted itself for an unknown reason. i quickly downloaded SUPERAntiSpyware Free edition and scanned for about 30 minutes. afterwards, it restarted and the message was gone. but, i found out that there were two tabs missing on properties (right click desktop) so i downloaded spybot and scanned. it successfully reloaded all my tabs, but i am still paranoid that there may still be a virus in my computer. what can i run to make sure everything is clean and gone?

A:Warning! Spyware Detected On Your Computer...

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 7 answers
RELEVANCY SCORE 91.6

it says this on my background my background is blue with them words wrote on it i have pc tools free antivirus i have spyware doctor and i have zonealarm free firewall but none of them are picking anything up i tried to go in safemode and do it but my antivirus will not come up in safemode and spyware doctor wont pick anything up either i bought the spyware doctor does anybody have any suggestions my computer it is going slower but that is aboput the only side effect i can tell ii unplugged the internet from it so it cant get no worse im typing this on xubuntu on my ps3 what should i do it also give my error message can not find script file "C:\Documents and settings\Owner\Local Settings\Temp\.tt2.tmp.vbs".

A:Why Does My Pc Say Warning Spyware Detected On Your Computer?

Without any punctuation, capitol letters, or spaces between sentences, this is very difficult to read. For those using translation software this could be impossible for them to read.

Read other 5 answers
RELEVANCY SCORE 91.6

Hi,

Please help. I contracted a spyware thing that seems to have opened the door for an infection of 697 viruses (if one of the half dozen virus/spyware programs I've downloaded is to be believed).

I ran a hijack this, but I don't know what I'm looking for. I've looked through other posts to see what they found and I haven't found the same files.

I really appreciate any help you can offer!

quikquil

A:Warning! Spyware Detected On Your Computer!

Hello and welcome. HiJack is not a tool you want to use without expert supervision. Deleting the wrong item can make your PC inoperable..Please use this tool. Are you running XP?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to d... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

I have a huge virus/spyware problem.
anti virus xp says i have over 2000 viruses on my computer i need to know the best virus removing program and i have a hijack scan if that will help too?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:54 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\lphcvlfj0eg6r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\STEPHANIE\Desktop\WinRAR.exe
C:\Documents and Settings\STEPHANIE\Desktop\HiJackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS... Read more

A:warning spyware detected on your computer

Hello -

anti virus xp is a rogue. Do not install it.

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

We will address that during the course of this fix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

I have a blue background screen with this in the middle in yellow and blue.I have tried a few programes to get rid of this from my desktop,but so far nothing has worked.I would be so grateful if someone could help me

A:Warning Spyware Detected On Your Computer...

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

i have received this background on my computer and cant get rid of it. i have googled this and was linked to your site. i have done the look.dat and this is what i came up with, does anything look suspicious:Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoDriveTypeAutoRun"=dword:00000091[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]"NoDispBackgroundPage"=dword:00000001"NoDispScrSavPage"=dword:00000001Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Control Panel\Desktop]"ActiveWndTrkTimeout"=dword:00000000"AutoEndTasks"="0""CaretWidth"=dword:00000001"CoolSwitch"="1""CoolSwitchColumns"="7""CoolSwitchRows"="3""CursorBlinkRate"="530""DragFullWindows"="1""DragHeight"="4""DragWidth"="4""FontSmoothing"="2""FontSmoothingOrientation"=dword:00000001"FontSmoothingType"=dword:00000001"ForegroundFlashCount"=dword:00000003"ForegroundLockTimeout"=dword:00030d40"GridGranularity"="0""HungAppTimeout"="5000""LowPowerA... Read more

A:Warning! Spyware Detected On Your Computer....

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi there;I sent a message a couple of weeks ago -I haven't had a reply, yet, so I wonder if I can re-post my log and maybe one of your helpers might be free to have a look at it.Any help is much appreciated.Thank you, AndreasProblem summary: I use a shared computerMy part, i.e. Administrator part, is infected with following warning message:"Windows warning messageWarning! Spyware detected on your computer!Warning!Win32/Adware.Virtumonde detected on your computerWarning! Win32/Privacy/Remover.M64 detected on your computerInstall an antivirus or spyware remover to clean your computerPlease activate your antivirus software to clean your computer"I contact you from my partners unaffected part of the computer (no administrator rights, so can't install programs from there) where internet works as normal !I have been able to download the latest Hijackthis software onto my partners part of the computer, then move it to an USB stick, log off as my partner, log on as myself, and then uninstall an older ( 2005 ) version of Hijackthis and install the current version of Hijackthis from the USB stick......I have then been able to create a Log from my infected part of the computer (previously my part appeared completely locked, but apart from the internet it seems to be functioning sufficiently now to uninstall/install programs and create the log. But the Internet access is not working, so I'm sending this from my partners login. Hope this makes sense.Here's... Read more

A:Warning! Spyware Detected On Your Computer !

Hello Andreas GWelcome to BleepingComputer ========================I am closing your original topic and we will stay with this one.But in the future please do not post multiple topics. Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.===========================================Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scan... Read more

Read other 9 answers
RELEVANCY SCORE 91.6

My laptop has been infected with spyware and my desktop background has changed and it shows the following warning! "SPYWARE DETECTED ON YOUR COMPUTER".I have googled for help and found this forum and I ran the following *.bat file mentioned in the below link... how do I find which file has been infected from the log file??http://www.bleepingcomputer.com/forums/lof...php/t45883.html--------------------------------------------miekiemoesMar 4 2006, 01:24 PMHello,I can't see anything suspicious in your log concerning your hijacked desktop.. but let's take a look where that html file is present and if there are any policies set. So perform next:Open notepad and copy and paste next bold in it:regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"regedit /e peek2.txt "HKEY_CURRENT_USER\Control Panel\Desktop"regedit /e peek3.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"type peek1.txt >> look.txttype peek2.txt >> look.txttype peek3.txt >> look.txtdel peek*.txtstart notepad look.txtSave this as look.bat , choose to save as *all files and place it on your desktop. This is how the batch must look afterwards: Doubleclick look.batNotepad will open with some txt in it. Copy and paste the contents in your next reply. ---------------------------------------

A:Spyware Detected On Your Computer Warning

You should not be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were given under the guidance of a trained staff expert to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. It's best that you tell us what specific issues YOU are having rather than point to someone else.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any prob... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi, I have ran every scan possible and still cant seem to find the problem. I also think i deleted some of the temporary files. this seemed to have happen 8/10 when I downloaded some file....now my wallpaper says "warning spyware detected on your computer install an antivirus to clean your computer" I don't know which programs to use anymore and which are good or faulty. I have a Dell i purchased 12/07 with vista home. i have the hijackthis log below. Please help. Thanks! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:38:13 PM, on 8/19/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:c:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\Google&... Read more

A:"warning Spyware Detected On Your Computer"

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 91.6

Hi there;I sent message ca 1 hour ago. This is an updated up-to-date log to complement/supersede the last message:Problem summary: I use a shared computerMy part, i.e. Administrator part, is infected with following warning message:"Windows warning messageWarning! Spyware detected on your computer!Warning!Win32/Adware.Virtumonde detected on your computerWarning! Win32/Privacy/Remover.M64 detected on your computerInstall an antivirus or spyware remover to clean your computerPlease activate your antivirus software to clean your computer"I contact you from my partners unaffected part of the computer (no administrator rights, so can't install programs from there) where internet works as normal !In previous message I sent log from 2005 version of Hijackthis which was still on my computer and working - it was created while I was on my partners login.Since the 1st msg I sent, I have now been able to download the latest Hijackthis software onto my partners part of the computer, then move it to an USB stick, log off as my partner, log on as myself, and then uninstall the 2005 version of Hijackthis and install the current version of Hijackthis from the USB stick......I have then been able to create a New Log from my infected part of the computer (previously my part appeared completely locked, but apart from the internet it seems to be functioning sufficiently now to uninstall/install programs and create the new log. But the Internet access is not working, ... Read more

A:"warning! Spyware Detected On Your Computer..."

Duplicate topic user is being helped.

Read other 1 answers
RELEVANCY SCORE 91.6

My PC got this message (blue desktop, yellow banner, black writing) earlier today. I ran my Avast antivirus program, which actually tried to clean up the system by restarting it a couple of times and doing scans. But the nasty message is still there. I looked through some of your past posts and tried to troubleshoot this myself. Using some guidance from one of your posts and my own guesses, I cleaned up the temporary Internet files folder, the Temp folder in the C:\Documents and Settings\Farhan\Local Settings folder, and also looked for likely culprits in C:\WINDOWS and C:\WINDOWS\SYSTEM folders. I am pretty sure I did not delete any important file. I did find a .jpg file (weird name but I don't remember it) that is what's on the desktop, and deleted it, but to no avail.Anyways, I am reproducing the results from the two files (separated by lines of "="s) you guys asked for. I am also attaching the two Notepad files.I really hope you can help me.Farhan====================Deckard's System Scanner v20071014.68Run by Farhan on 2008-08-09 17:31:56Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --87: 2008-08-09 21:32:04 UTC - RP1142 - Deckard's System Scanner Restore Point86: 2008-08-09 21:07:48 UTC - RP1141 - Removed ... Read more

A:"warning! Spyware Detected On Your Computer" -- Please Help (8/9/08)

Just now the PC went to the blue screen of death and had a message that Windows was going to shut down to prevent further damage. There was a message about the kernel but I was not quick enough to write it down before it went back to the normal Word document that is currently open on the Desktop.

I have unplugged my network cable from the infected PC, and am using my work PC. I also deleted all my passwords to credit card and bank sites in case this is a Trojan. I will keep checking my email on this laptop and then reconnect the infected PC to the Net when you guys are able to help me. I can see this is becoming quite an epidemic today.

Farhan

P.S.: In the process of trying to fix the PC before I sent the first email I downloaded AntiVirus XP 2008, and now I cannot uninstall it or turn it off and it's really pissing me off.

Read other 4 answers
RELEVANCY SCORE 91.6

well, I have the following showing on my desktop display
warning spyware detected on your computer, install an antivirus....
I have researched this on the forums, have run mcafee, spybot and ran a log for hijack this.
I am not sure what to do, as the image reappears each time i restart the machine.
It seems a nuisance more than anything.....I also have seen mcafee catch and prevent a joke.c program from running several times since the virus came on the machine.

any help is appreciated

A:Warning Spyware Detected On Your Computer

http://www.besttechie.net/tools/mbam-setup.exe. this is malwarbytesantimalware scanner download it update it and then do a quick scan it may help u

Read other 1 answers
RELEVANCY SCORE 91.6

well i saw a thing saying to agree with antivirus xp 2008 and i end task it and close my internet browser and saw my background was messed up and couldn't fixed it. I tracked down the file it was tt2b3 or something with that in the name and i download malwarebyte thing and used it but it didn't do anything it said nothing was wrong so i need help to remove my messed up background which says
" Warning! "
Spyware detected on your computer!
install an antivirusremover to clean your computer.
please help my i spent 5 hours trying to fix this.

A:Warning Spyware Detected On Your Computer

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that ev... Read more

Read other 7 answers
RELEVANCY SCORE 91.6

So I was innocently surfing the web one day, when a balloon from Windows Security informed me that my firewall was down. Alarmed, I closed out of the internet to find (the attatched file) as my backround. I booted up Panda AV and scanned the whole computer. Panda said that it disinfected 5 files from the system and 3 from the Hard Disk C. I then went to change my backround back to ascent, and the desktop and screensaver tabs for display were gone! I did some searching, found out how to fix the Tabs, changed a few 1s to 0s in the registry, and everything was normal again. Problem fixed, right?

Pleased with myself, I headed for the kitchen to fix some mac & cheese, and upon returning, I found a threatening looking blue screen with a lot of text (If I encounter the screen again, I'll attempt to take a screenshot). Apparently, there had been some sort of error, and it wanted me to restart the computer, which I did. After start up, the same backround was back, my firewall was down again, and the desktop and screensaver tabs were gone. I scanned with Panda again, but it didn't detect anything.

Any help would be greatly appreciated. I don't want to have to spend another $75 on a professional computer cleanup.

A:Warning! Spyware detected on your computer!

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:33 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\lphcv9hj0ecfv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program F... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Warning! Spyware detected on your computer!
Install an antivirus or spyware remover to clean your computer

Then the bugs start crawling everywhere! I seen this posted in a few other threads, but the 5 step instructions said to create a new thread...

Attached and C&P'd the requested log files.... TIA for any help!!!




Deckard's System Scanner v20071014.68
Run by misty on 2008-06-10 21:30:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-11 02:30:29 UTC - RP4 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-10 21:32:08
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireles... Read more

A:Warning! Spyware detected on your computer!

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

------------------------------------------------------

I see you ... Read more

Read other 12 answers
RELEVANCY SCORE 91.6

THis message is now my set as my desktop background, i wish i could get my hands on the people who create these but i cant so i just want to fix it. Everytime i run spybot and clik the fix it button my screen goes blank so i got hijackthis to get rid of my problem but i dont know how to use it. If anyone knows how I can get rid of the crap on my computer, short of wiping it out, i would appreciate it.

Read other answers
RELEVANCY SCORE 91.6

i got this message just randomly, maybe i had a virus the whole time... well, this thing is getting annoying and i cant uninstall it, it just keeps popping up a message: you have an x amount of viruses on your computer, click here to get rid of them!, the program is called xp antivirus 2008, its so annoying! well, i installed a couple of ad-ware removers and antiviruses, but they didnt find any viruses, so now im stuck, and xp aantivirus uninstalled itself and they expect me to pay to get rid of the viruses...

A:Warning!spyware Detected On Your Computer!

Hello ashton_r and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Addition... Read more

Read other 14 answers