Over 1 million tech questions and answers.

Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Q: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello, New to the forums I had search and been trying everything to get rid of this problem. I found the sight through one of my searches. I am some what new to this so please bare with me. Of course I ran my scans, spybot, ad aware, norton 360. Ran hijack this and will post the log, in the process of running pandasecurity.

Windows xp pro
service pack 2

Right now my desktop back ground is blue with the box in the middle that says " warning! spyware detected on your computer! install an antivirus or spyware remover to clean your computer"

I have tried the right click desktop/ properties/ but I do not have the desktop tab!
I have themes/ appearance/ settings thats it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:00, on 8/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\WINDOWS\system32\lphca04j0epa3.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\aim\aim.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061113
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [lphca04j0epa3] C:\WINDOWS\system32\lphca04j0epa3.exe
O4 - HKLM\..\Run: [SMrhce04j0epa3] C:\Program Files\rhce04j0epa3\rhce04j0epa3.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdyeb.exe] C:\WINDOWS\system32\kdyeb.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\program files\aim\aim.exe -cnetwait.odl
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\program files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13018 bytes

Thank you for your time and hope to hear back soon.

RELEVANCY SCORE 200
Preferred Solution: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Warning! Spywre Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello bamflee84,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 175.2

Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-27 12:34:58Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-06-27 16:35:07 UTC - RP11 - Deckard's System Scanner Restore Point3: 2008-06-27 15:48:31 UTC - RP10 - Removed Funhouse2: 2008-06-27 15:46:01 UTC - RP9 - Last good restore point1: 2008-06-27 15:45:43 UTC - RP8 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 383 MiB (512 MiB recommended).-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:39:30 PM, on 6/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

A:Infected With-warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Click Start -> Control Panel -> Add Remove Programs and uninstall this program:My Web Search (Zwinky) ==============Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\lphc9h7j0e33t
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\Wallpaper
C:\WINDOWS\system32\lphc9h7j0e33t.exe
C:\WINDOWS\system32\blphc9h7j0e33t.scr
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a f... Read more

Read other 2 answers
RELEVANCY SCORE 174

After running Ad-Aware, Avg, and HouseCall my Desktop is still hijacked. My screen will go completely blue with warning of spyware and a notice that my computer must be restarted and to press F8 to restart. I press F8 and I go back to where I was with all applications still open. I've had a green screen come up with what looked like real time typing going on. The type again says that my computer needs to shut down followed my a message about information code and then a lot of mumbo jumbo nubers and digits until I press F8 or Ctrl Alt Del.Here is my Highjack this log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:17:17 PM, on 8/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exeC:... Read more

A:Warning! Spyware Detected On Your Computer! Install An Antivirus Or Spyware Remover To Clean Your Computer.

I went through the reccomended scans - disk cleanup, adaware, spybot, housecall, AVG, then stinger. I've been running a scheduled scan daily with AVG. My computer is still slow. Of course this computer is old. Is that the problem or can I get a little more speed?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:13:09 PM, on 8/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\lxddcoms.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\WINDOWS\system32\PSIService.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AT&T\Internet Security Wizard\ISW.exeC:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lexmark 2500 Series\lxddamon.exeC:\PROGRA... Read more

Read other 3 answers
RELEVANCY SCORE 174

I got the message "Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware remover to clean your computer" on my computer yesterday.Followed instructions provided by this site but still i can see the same problems.Find the attached Logs Produced by DSS.Any Help will be appreciated.

A:Warning! Spyware Detected On Your Computer Install An Antivirus Or Spyware Remover To Clean Your Computer

Hello gables,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 174

Hey everyone, I heard this website is great to ask question and I got a lot of help from you guys before and I can tell you know your stuff. I'm a new member just signed up because I just got a problem that I don't know how to solve.

I have Windows XP and this is a custom made computer so I don't know if that changes anything with fixing it or not. I was surfing online through some forums and then I got a little screen that popped up from my Avast virus protection and it said it found something. I usually don't read it and I usaully choose delete which worked fine up until now. After clicking on delete it would keep on reappearing saying that it found a virus. So I was guessing it I should continue pressing delete. Then a little program came up and I could tell it was a spyware or a virus so I closed it.

When I saw the name I went to add and remove programs to try and to uninstall it. I clicked on it multiple times to uninstall and it said it was succesfull but it wasn't. My screen then turned blue like the blue screen of death but I could still see the desktop and there was something written in the middle which was "Warning! Spyware detected on your computer! Install antivirus or spyware remover to clean your computer" in a box. So I decided to go into the program files and delete this program right away from the source. So I found it and it had a weird name it was like geber gaber. Once I deleted it it didn't look like it was sp... Read more

A:Warning! Spyware Detected On Your Computer! Install Antivirus Or Spyware Remover To Clean Your Computer

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 11 answers
RELEVANCY SCORE 154

(continued from title) ..clean your computer.
F-secure found Trojan-downloader.wim32.small.ywc.

Desktop shows blue background with boxin middle. Top part yellow and bottom part blue with message stated above.
Was using out of date McAfee and got this virus. Unistalled McAfee and installed F-secure through Charter High speed internet service (free). Went through the 5 steps. Windows said no updates needed during that step.

Deckard's System Scanner v20071014.68
Run by Kim on 2008-07-27 12:16:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
8: 2008-07-27 16:16:48 UTC - RP8 - Deckard's System Scanner Restore Point
7: 2008-07-26 18:46:38 UTC - RP7 - psc 7.03 build 116 Installation
6: 2008-07-26 17:00:21 UTC - RP6 - Removed TurboTax ItsDeductible 2006
5: 2008-07-26 16:59:41 UTC - RP5 - Removed TurboTax ItsDeductible 2005
4: 2008-07-26 16:58:47 UTC - RP4 - Removed WexTech AnswerWorks


-- First Restore Point --
1: 2008-07-26 16:46:47 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Kim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:51 PM, on 7/27/2008
Platform: Windows XP SP... Read more

A:Warning! Spywar detected on your computer. Install antivirus or spyware remover to..

Bump!

Read other 4 answers
RELEVANCY SCORE 152.8

Hi and thanks for taking the time to review my problem.Have blue wallpaper with yellow/blue centered dialog box states "Warning! spyware detected on your computer, install an antivirus or spyware remover to clean your computer"Desktop - properties - wallpaper - show wallpaper name phcpf6j0egen. I left this and did not try to change it.Other symptoms are full page blue screens with lots of dialog about errors telling me to disable BIOS memory options etc. etc. there may be many such pages - each one different describing different errors (they change quickly so I can not write hardly anything down) then it appears to restart my computer - has windows start up screen, but I think its a fake screen - it not really restarting and I can eventually get back to my desktop, the files I have open, or the web browser.I was surfing the internet when it happened and was tweaking my kerio firewall on my three networked computers, I downloaded a pdf file and took a screenshot of my router - I may have deleted these files although they looked pretty benign to me.I ran kaspersky scan --------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7 REPORT Monday, July 21, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, July 21, 2008 21:25:34 Records in database: 981617----------------------------------------------------... Read more

A:Blue Wallpaper With Dialog Box: "warning! Spyware Detected On Your Computer. Install An Antivirus Or Spyware Remover T...

Hi
I have resolved above problem. Mod may close/delete this post, unless further info would be of assistance to others.
Found a lot of useful info on BC which helped me fix the problem - basically the tool that has seemed to help me the most was Malwarebytes Anti Malware and I now seem to be malware free (need to do some other scans and checks)
Responsible bugs found Rogue.Multiple, Trojan.FakeAlert, Hijack.Wallpaper, Trojan.Agent
Symptoms resolved: (A) Blue Wallpaper with yellow/blue box stating "Warning! spyware detected on your computer Install an antivirus or spyware remover to clean your computer"
( random Blue Screens of Death with lots of text describing system errors etc. (fake)
© random windows startup screens appearing to restart computer (fake)
(D) redirect while surfing to pc-scanner-online.com (do not paste this in your browser) pop ups urging me to click dialog box in order to scan my computer for security risk (? attempt to infect my PC with "antivirus 2008" ?
(E) random Black Screens of Death (fake)

Felt real good killing those suckers!
Thanks BC
Regards to all, Janice

Read other 2 answers
RELEVANCY SCORE 148

My sister brought me her computer to fix it for her, said it was running really slow. When I first started the computer up and logged into Windows, I found a blue screen with a warning on it, "Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer". I knew then that she had gotten some malware somewhere. I had to press ctrl-alt-delete and manually run the explorer bar, and then I got an error stating that Windows Explorer has encountered a problem and needs to close. I have been working around this and have searched the internet for ways to fix this malware problem. I have downloaded Malwarebytes' Anti-Malware and ran that, removing over 270 Trojans. But to no avail, the blue screen with the warning is still there and you still have to run explorer.exe manually. Here are my Deckard's System Scanner logs.Deckard's System Scanner v20071014.68Run by Michele McClure on 2008-07-19 12:35:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --55: 2008-07-19 17:36:06 UTC - RP1529 - Deckard's System Scanner Restore Point54: 2008-07-18 23:22:30 UTC - RP1528 - System Checkpoint53: 2008-07-10 18:11:37 UTC - RP1527 - System Checkpoint52: 2008-07-09 17:48:43 UTC - RP1526 - System Checkpoint51: 2008-07-08 17:18:40 UTC - RP15... Read more

A:Background Changed: 'warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer' On Blu...

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if... Read more

Read other 3 answers
RELEVANCY SCORE 148

Hi all, my background changed to what is in the title saying Warning, spyware detected on yoru computer install antivirus or spyware to clean computer. I tried searching for solutions on google and already tried spyware doctor and spyware bot. When those didnt work I downloaded Hijackthis and ran it. The following is the long. Any help is greatly appreciated especially in layman's terms as I am not the most computer savvy. Thanks again. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:22 PM, on 7/18/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Funk Software\Odyssey Client\odClientService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Connected\AgentSrv.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\m... Read more

A:Changed Background To Warning Spyware Detected On Computer Please Install Antivirus Or Spyware To Clean Computer

Hi kb1171,First, we need to backup your registry:Please go to Start > RunPaste in the following line:regedit /e c:\registrybackup.regClick OK.It won't appear to be doing anything, that's normal.Your mouse pointer may turn to an hour glass for a minute.Please continue when it no longer has the hour glass.Registry FixPlease open up an instance of Notepad.Click on: Start, thenAll Programs, thenAccessories, thenNotepadCopy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad
REGEDIT4

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{eec00589-90e6-4a27-b81f-61c7b2616351}]

[-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]Save it as "All Files" and name it RemoveFilter.reg. Let the location be your desktop.Navigate to your desktop.Double click RemoveFilter.regA window will prompt you to Merge RemoveFilter.reg with the Windows Registry, this is normal. Choose Yes/Ok.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun ... Read more

Read other 1 answers
RELEVANCY SCORE 124

Hi,

I've used this forum before and once again I'm back seeking your help. Despite my efforts to steer clear of malicious software I've had something on my computer that keeps coming back and has resisted my attempts to clean it off. It's a Desktop that claims that I have spyware on my computer and their is either a bright blue or white background with a rectangular message "Warning! Spyware detected on your computer!". Nothing seems to be working poorly but I am concerned that it may leave me vulnerable to other malicious software. I have attached the DDS log file. Thanks for your help.


DDS (Version 1.1.0) - FAT32x86
Run by dittman at 22:37:36.93 on Thu 01/01/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.4 [GMT -5:00]
============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\Program Files&#... Read more

A:Warning! Spywre detected on your computer!

So after reading several other postings and trying several other Malware/Spyware removal programs Malwarebyte Anti-Malware came through and found many things that others hadn't and took care of the problem. No more HiJacked Wallpaper. Hopefully it won't come back. Something that I didn't mention in my last posting is whatever problem I was having wouldn't allow me to access my Wallpaper options and even more problematic it wouldn't allow me to boot in safe mode.

Thanks

Read other 7 answers
RELEVANCY SCORE 105.2

Deckard's System Scanner v20071014.68Run by Geoff on 2008-05-25 21:57:01Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-05-25 09:57:05 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-05-25 06:19:36 UTC - RP2 - Last known good configuration1: 2008-05-25 06:19:06 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Geoff.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:01:47 p.m., on 25/05/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Ahead\InCD\InCDsrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Java\jre1.6.0_05\bin\jusc... Read more

A:Blue / Yellow Screen With The Message: Warning! Spyware Detected On Your Computer! Install An Antiviris Or Spyware Remo...

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixThis includes installing the Windows XP Recovery Console in case you have not installed it yet.Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

Read other 4 answers
RELEVANCY SCORE 102.8

Howdy all
Please help.
Here are the details

Win xp sp2 - all patches
running
Commodo Firewall 2.4
Spyware Terminator
Avast

Both Spyware Terminator and Avast have been updated and the pc has been scanned. All found problem files have been deleted.

Upon boot up I have a message

Warning Spyware detected on your computer. Install a antivirus or spyware remover to clean your computer.

Its in a yellow and blue(desktop background) box.

HJT is below.

Thanks in advance.
Waiting to hear

jazzisjazz

-------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:13 AM, on 6/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShie... Read more

A:Please Help _HJT inside Message:Warning Spyware detected on your computer. Install a

Read other 16 answers
RELEVANCY SCORE 102.8

Hello,

I have a Toshiba laptop runing Windows XP Home edition. My laptop seems to have some sort of virus/spyware on it. The background turned blue and has a rectangle box in the middle (with yellow) stating, "Warning! Spyware detected on your computer! Install an antivirus or spyware removal to clean your computer." It also starts running a Windows XP spyware remover (i believe that's what it is) and comes back that a redicolous amount of files are infected. Any help would be greatly appreciated!

-Thank you

Ryan

A:My Laptop's Wallpaper Is Blue And Says, "warning! Spyware Detected On Your Computer! Install..."

Among other things, you have the win32/FAKESCREEN.N virus. I had the same thing. Go to http://www.bleepingcomputer.com/forums/t/158403/xp-antivirus-2008-win32fakescreenn-and-other-virus-problems-cant-fully-remove-them/ and see the steps that Q7 told me to follow, not just the first one. There are a bunch of steps in the thread and it is time consuming but when your done your PC will be good as new. Q7 is the man!!! My PC couldn't be better now. GOOD LUCK!!!

Read other 1 answers
RELEVANCY SCORE 97.2

HI,

I am getting a "warning spyware detected on your computer install an spyware.." on my desktop wallpaper since past two days.

I read about a similar problem on this forum. Thanks in advance for your help.

I ran SUPER Anti spyware, then ran combofix and then HJT. I'll post the
logs in that order. Right now the message has gone, but I guess its still not fixed.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/13/2008 at 03:22 PM

Application Version : 4.15.1000

Core Rules Database Version : 3503
Trace Rules Database Version: 1494

Scan type : Complete Scan
Total Scan Time : 01:31:36

Memory items scanned : 603
Memory threats detected : 2
Registry items scanned : 5735
Registry threats detected : 1
File items scanned : 105474
File threats detected : 242

Rogue.Dropper/Gen
C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE
C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE
[lphc5q4j0ev87] C:\WINDOWS\SYSTEM32\LPHC5Q4J0EV87.EXE

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR
C:\WINDOWS\SYSTEM32\BLPHC5Q4J0EV87.SCR
C:\WINDOWS\Prefetch\BLPHC5Q4J0EV87.SCR-206729A6.pf

Adware.Tracking Cookie
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][1].txt
C:\Documents and Settings\Jazz\Cookies\[email protected][2].t... Read more

A:Getting a "warning spyware detected on your computer install an spyware.." on desktop

Read other 6 answers
RELEVANCY SCORE 91.6

I need help getting rid of some nasty spyware / malware. Symtoms are:
1) Message appears on desktop as wallpaper saying: "Warning - Spyware detected on your computer! Please activate your antivirus software to clean your computer" along with some other messages.

2) It turns off the firewall

3) It removed all windows restore points

4) It deleted all the passwords from my email accounts

5) It slows the computer considerably

6) I was unable to do a Panda scan in either regular or safe mode

7) The hijack this scan below was done in safe mode

8) I did a virus scan and a spybot scan which found a few things but did not fix the problem

Appreciate your help.

Mark







Here is the HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:06 PM, on 8/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\So... Read more

A:Warning- Spyware Detected on Computer

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if n... Read more

Read other 9 answers
RELEVANCY SCORE 91.6

Hi,

Please help. I contracted a spyware thing that seems to have opened the door for an infection of 697 viruses (if one of the half dozen virus/spyware programs I've downloaded is to be believed).

I ran a hijack this, but I don't know what I'm looking for. I've looked through other posts to see what they found and I haven't found the same files.

I really appreciate any help you can offer!

quikquil

A:Warning! Spyware Detected On Your Computer!

Hello and welcome. HiJack is not a tool you want to use without expert supervision. Deleting the wrong item can make your PC inoperable..Please use this tool. Are you running XP?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to d... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hey,

I got the message Warning!spyware detected on your computer on my desktop.I've been trying for hours and reviewed alot of trojans but the message still comes up.If someone would be kind enough to help me id appreciate it.thank you here is my hijack this log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:08 AM, on 9/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc7t6j0el2r.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMAsst.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pcts... Read more

A:warning!spyware has been detected on your computer

Please download Malwarebytes Anti-Malware
You may also download the tool from Here or Here.
...save it to your desktop.Double-click on Download_mbam-setup.exe to install the application...follow the prompts when the installation begins.
DO NOT MAKE ANY CHANGES TO THE DEFAULT SETTINGS.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from Here...then just double-click on mbam-rules.exe to install them.
On the Scanner tab:Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top.
When the scan is finished, a message box will display:
"The scan completed successfully...
Click OK to close the message box and continue with the removal process.
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer.
(see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy the conten... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

So, I share a computer with my family. About a week ago, my desktop background has changed to a blue screen with a yellow warning that says: Warning! Spyware detected on your computer!Install an antivirus or spyware remover to clean your computer.After I change my desktop background, it continually loads the annoying blue warning screen again after reboot. Along with this annoyance, I believe two antivirus programs came along with it. I forgot the names of the programs, but I deleted both via "Add/Remove Programs."Not only that, but I kept receiving the dreaded blue screen of death. My screen would receive the blue death screen whenever I tried to run scans on my computer. I ended up going into safe mode on my computer and running the scans (Ad-Aware, SpyBot S&D, AVG, ZoneAlarm Security Suite, Super AntiSpyware, and even Disk Defragmenter/Cleanup).After running those scans, I don't receive the blue screen of death much anymore. It blue screened once in the past four days I believe.However, my desktop background still shows the annoying bright blue warning prompting me to believe there is more that I have not cleaned out yet. So I turn to you guys.Someone here posted a thread similar to this problem, and I proceeded to follow the instructions, but I believe my case is a bit different somehow.Here is my HijackThis log:__________________________________________________________________________________Logfile of Trend ... Read more

A:Warning! Spyware Detected On Your Computer!

Hello NetBren and welcome to the Bleeping Computer forums.I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.As I am still training, everything that I post to you, must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The fixes are specific to your problem and should only be used for this issue on this machine.Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.

Read other 8 answers
RELEVANCY SCORE 91.6

It has removed my restore points and locked out my display settings. I have tried several different anti-virus, spyware, and malware programs, but I still can't rid myself of this.Here is my Hijackthis log file. Any help would be great. Thanks.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 06:35:19, on 6/9/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee ... Read more

A:Another Warning! Spyware Detected On Your Computer!

Hi and Welcome to the forums.Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Read other 12 answers
RELEVANCY SCORE 91.6

hi! earlier i got this spyware/virus while im surfing the net. it just appeared and change my desktop background. its says: Warning! Spyware Detected on your computer! install antivirus or spyware remover. then there's a link to 'view the top spyware removers'
 

A:Warning! Spyware Detected on your Computer!

Read other 16 answers
RELEVANCY SCORE 91.6

Hi,I hope someone can help me with this major probCouple nights ago shutdown PC everything fine then then next morning booted up and the desktop background has changed to:''Warning Spyware detected on your computer! Install antivirus or spyware remover to clean computer''now it seems like somebody went on the Internet while I was asleep and got the PC hijacked and its all messed up now (I'm hunting down who's responsible as I type)Now I've never had this before but straightaway there are some suspicious things going1) Desktop background changed (and cannot change back to previous)2) a program called ''Antivirus XP'' is installed3) PC keeps rebooting over and over again with the the odd flash of blue screen of deathI've already run my most up-to-date Spybot, Ad-aware, & AVG all of which detected a load of stuffWith the scanning done and all the trojans etc. deleted (or at least I think they are) the problem still existsAfter following the prep guide here is my copy of the generated DSS report along with the Kaspersky log tooCheers.Deckard's System Scanner v20071014.68Run by S. Rahman on 2008-06-30 01:41:39Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore ---------------------------------------------------------------- Last 5 Restore Point(s) --6: 2008-06-29 18:05:07 UTC - RP7 - Deckard's System Scanner Restore Point5: 2008-06-29 18:03:44 UTC - RP6 - Installed Java™ 6 Update 64: 2008-06-29 1... Read more

A:Warning Spyware Detected On Your Computer

Hi,Thanks for the logs. That went quite well. You have quite the mess.Including email spam bots, password stealers and a bunch of other downloaders and so on.If you do anything sensitive on the PC (like banking, online shopping and such) ya'll need to have your passwords changed from a clean machine.This goes for all users of this machine.Best to contact your financial institutions if you do online banking or use credit cards so they can keep an eye on your accounts.Online game sites as well. (many of these password stealers are targeted at stealing accounts from games like WoW)Reason you cannot fix your background is the malware set restrictions to disable showing those settings. That too will be fixed shortly.Reason your security software keeps detecting more and more stuff is because you have several trojans downloading it all & re-installing it.Anyway -- let's get on with the fixing.We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt t... Read more

Read other 11 answers
RELEVANCY SCORE 91.6

Google brough me here. (and looks like this site will be helpful much beyond malware trouble)The wallpaper states "Warning! Spyware has been detected on your computer". Looking at another post here, I don't need to describe the whole thing.I visited "whatis.com" which is now techtarget.comI believe it brought this infection.Here's the Deckard log:=====================================================================================================Deckard's System Scanner v20071014.68Run by owner on 2008-06-05 22:05:19Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --8: 2008-06-06 02:05:25 UTC - RP10 - Deckard's System Scanner Restore Point7: 2008-06-05 02:48:00 UTC - RP9 - Spyware Terminator - restore point6: 2008-06-05 02:34:04 UTC - RP8 - Spyware Terminator - restore point5: 2008-06-04 15:03:08 UTC - RP7 - Removed Ad-Aware4: 2008-06-04 13:57:49 UTC - RP6 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-06-04 01:41:22 UTC - RP3 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:06:08 PM, on 6/5/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Expl... Read more

A:"warning Spyware Detected On Your Computer"

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new HijackThis log. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers
RELEVANCY SCORE 91.6

Hi,

The problems with my computer started on 12/25/07. I think there is fake spyware on my computer. I keep getting Generic Backdoor.u pop up and removed.

I have attached the HijackThis log. Please let me know which files to check off and remove.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:36 AM, on 12/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oa... Read more

A:Warning Spyware detected on your computer

I need your help. My restore information has been erased and I keep getting these virus win32.trojan.BHO and GenericBackDoor.u. It looks like there is a fake spyware program that keeps coming up and it wants me to use it (but I don't recall loading it).

Let me know which items to check off on my most recent HijackThis log below.

I was going to get rid of all the BHO items on the list but your site said not to try anything on my own.

THank you,

Nancy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:25 PM, on 12/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\... Read more

Read other 18 answers
RELEVANCY SCORE 91.6

I have a spyware or virus program on my computer. the desk top screen now has a message box dead center stating "Warning spyware detected on your computer" "install antivirus or spyware remover to clean your computer" the box is yellow and blue. the desktop tap in display properties has been removed also, so if it would have been possible to change it back like that, that option has been made more difficult.below is the hijack this log. hope you can help, thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:12 AM, on 7/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\WIN... Read more

Read other answers
RELEVANCY SCORE 91.6

I have a blue background screen with this in the middle in yellow and blue.I have tried a few programes to get rid of this from my desktop,but so far nothing has worked.I would be so grateful if someone could help me

A:Warning Spyware Detected On Your Computer...

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to see a list ... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

I have a huge virus/spyware problem.
anti virus xp says i have over 2000 viruses on my computer i need to know the best virus removing program and i have a hijack scan if that will help too?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:08:54 PM, on 8/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IPFax\FaxMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\lphcvlfj0eg6r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\STEPHANIE\Desktop\WinRAR.exe
C:\Documents and Settings\STEPHANIE\Desktop\HiJackThis.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS... Read more

A:warning spyware detected on your computer

Hello -

anti virus xp is a rogue. Do not install it.

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware. It can take as little as eight seconds to infect an unprotected computer.

We will address that during the course of this fix.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Post... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Got infected with something that replaced my desktop background with the spyware detected warning. It also put icons on my desktop and toolbar. I was able to find and delete the new desktop background image and a couple of registry things that seemed related. This was before I found your forum. I tried to run the Kaspersky scanner. It seemed to run successfully on the critical areas scan but there was absolutely nothing in the report area. The My Computer scan started running okay but than had two or three fatal errors, do you want to send a report to microsoft events. I selected "don't send" and the scan seemed to continue okay. At the end of the scan, again there was absolutely nothing in the report.Following is the DSS report followed by the Extra report.Thank you in advance for your help!Deckard's System Scanner v20071014.68Run by Brynn on 2008-06-13 11:09:20Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-06-13 18:09:26 UTC - RP7 - Deckard's System Scanner Restore Point6: 2008-06-13 15:39:53 UTC - RP6 - Installed Java™ 6 Update 65: 2008-06-13 04:05:16 UTC - RP5 - System Checkpoint4: 2008-06-12 03:38:40 UTC - RP4 - System Checkpoint3: 2008-06-11 03:37:01 UTC - RP3 - after the virus warning attack-- First Restore ... Read more

A:Warning! Spyware Detected On Your Computer

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Brynn\Application Data\shcn1cj0e54c
C:\WINDOWS\system32\lphcg1cj0e54c.exe
C:\Program Files\shcn1cj0e54c
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispScrSavPage
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system\\NoDispBackgroundPage
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Reboot and post a new log from DSS.Let me know any changes that you notice with your computer.

Read other 10 answers
RELEVANCY SCORE 91.6

Hi there;I sent a message a couple of weeks ago -I haven't had a reply, yet, so I wonder if I can re-post my log and maybe one of your helpers might be free to have a look at it.Any help is much appreciated.Thank you, AndreasProblem summary: I use a shared computerMy part, i.e. Administrator part, is infected with following warning message:"Windows warning messageWarning! Spyware detected on your computer!Warning!Win32/Adware.Virtumonde detected on your computerWarning! Win32/Privacy/Remover.M64 detected on your computerInstall an antivirus or spyware remover to clean your computerPlease activate your antivirus software to clean your computer"I contact you from my partners unaffected part of the computer (no administrator rights, so can't install programs from there) where internet works as normal !I have been able to download the latest Hijackthis software onto my partners part of the computer, then move it to an USB stick, log off as my partner, log on as myself, and then uninstall an older ( 2005 ) version of Hijackthis and install the current version of Hijackthis from the USB stick......I have then been able to create a Log from my infected part of the computer (previously my part appeared completely locked, but apart from the internet it seems to be functioning sufficiently now to uninstall/install programs and create the log. But the Internet access is not working, so I'm sending this from my partners login. Hope this makes sense.Here's... Read more

A:Warning! Spyware Detected On Your Computer !

Hello Andreas GWelcome to BleepingComputer ========================I am closing your original topic and we will stay with this one.But in the future please do not post multiple topics. Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.===========================================Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scan... Read more

Read other 9 answers
RELEVANCY SCORE 91.6

Hello Bleeping Computers,I have been hijacked and have tried everything I can think of to remove it. I get the blue screen with the "Warning! Spyware detected on your computer!" in yellow and below that it reads "Install an anivirus or spyware remover to clean your computer." I do not get any prompts to install winfixer. Once the computer has sat for a while, I get the DOS Blue screen of death that gives me system errors. This screen is not real, once I hit the enter button, it goes away and the desktop comes back up. If I do not hit enter on the DOS blue screen, then a fake Windows restart screen comes up. It to goes away if I hit the enter button.I have ran the Kerpersky scan and am attaching the log. I have tries seveal times to run the DSS scan, but everytime it opens my Notepad, I get an error that it can not find the path. I ran Hijack this seperatly and am attaching that log. Please let me know if you can help and if there is any thing else I need to supply.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:41:05 PM, on 6/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WIN... Read more

A:Warning Spyware Detected On Your Computer

Hello mlhough and welcome to BC. Let's see what we can find. Please follow the steps below in order:First, it appears that there are multiple anti-virus applications running on this computer (TrendMicro and AntiVir). Running more than 1 anti-virus application at the same time can cause file access and resource issues and if there is an infection the multiple programs can actually block each other from dealing with the infected file(s). I highly recommend that you choose which application you want to keep and uninstall the other one(s) to prevent these problems.Next, before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You ... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

So I was innocently surfing the web one day, when a balloon from Windows Security informed me that my firewall was down. Alarmed, I closed out of the internet to find (the attatched file) as my backround. I booted up Panda AV and scanned the whole computer. Panda said that it disinfected 5 files from the system and 3 from the Hard Disk C. I then went to change my backround back to ascent, and the desktop and screensaver tabs for display were gone! I did some searching, found out how to fix the Tabs, changed a few 1s to 0s in the registry, and everything was normal again. Problem fixed, right?

Pleased with myself, I headed for the kitchen to fix some mac & cheese, and upon returning, I found a threatening looking blue screen with a lot of text (If I encounter the screen again, I'll attempt to take a screenshot). Apparently, there had been some sort of error, and it wanted me to restart the computer, which I did. After start up, the same backround was back, my firewall was down again, and the desktop and screensaver tabs were gone. I scanned with Panda again, but it didn't detect anything.

Any help would be greatly appreciated. I don't want to have to spend another $75 on a professional computer cleanup.

A:Warning! Spyware detected on your computer!

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:33 PM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApvxdWin.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\lphcv9hj0ecfv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program F... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

well i saw a thing saying to agree with antivirus xp 2008 and i end task it and close my internet browser and saw my background was messed up and couldn't fixed it. I tracked down the file it was tt2b3 or something with that in the name and i download malwarebyte thing and used it but it didn't do anything it said nothing was wrong so i need help to remove my messed up background which says
" Warning! "
Spyware detected on your computer!
install an antivirusremover to clean your computer.
please help my i spent 5 hours trying to fix this.

A:Warning Spyware Detected On Your Computer

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that ev... Read more

Read other 7 answers
RELEVANCY SCORE 91.6

Just started to get a problem where my desktop is now white & contains warning messages:
Warning! Win32/Adware.Virtumonde &
Warning Win32/Privacyremover.M64 are detected on my computer. In addition my PC seems to be operating slower. did a system scan using TrendMicro PCillin cleaned up some cookies but didnt solve problems.....Also ran Fixvundo & Virtumundobegon without improvements....

My hijack this log is below....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:02 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTune... Read more

Read other answers
RELEVANCY SCORE 91.6

THis message is now my set as my desktop background, i wish i could get my hands on the people who create these but i cant so i just want to fix it. Everytime i run spybot and clik the fix it button my screen goes blank so i got hijackthis to get rid of my problem but i dont know how to use it. If anyone knows how I can get rid of the crap on my computer, short of wiping it out, i would appreciate it.

Read other answers
RELEVANCY SCORE 91.6

My laptop has been infected with spyware and my desktop background has changed and it shows the following warning! "SPYWARE DETECTED ON YOUR COMPUTER".I have googled for help and found this forum and I ran the following *.bat file mentioned in the below link... how do I find which file has been infected from the log file??http://www.bleepingcomputer.com/forums/lof...php/t45883.html--------------------------------------------miekiemoesMar 4 2006, 01:24 PMHello,I can't see anything suspicious in your log concerning your hijacked desktop.. but let's take a look where that html file is present and if there are any policies set. So perform next:Open notepad and copy and paste next bold in it:regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"regedit /e peek2.txt "HKEY_CURRENT_USER\Control Panel\Desktop"regedit /e peek3.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"type peek1.txt >> look.txttype peek2.txt >> look.txttype peek3.txt >> look.txtdel peek*.txtstart notepad look.txtSave this as look.bat , choose to save as *all files and place it on your desktop. This is how the batch must look afterwards: Doubleclick look.batNotepad will open with some txt in it. Copy and paste the contents in your next reply. ---------------------------------------

A:Spyware Detected On Your Computer Warning

You should not be following specific instructions provided to someone else especially if they were given in the HijackThis forum. Those instructions were given under the guidance of a trained staff expert to help fix that particular member's problems, NOT YOURS. Before taking any action, the helper must investigate the nature of the malware issues and then formulate a fix for the victim. Although your problem may be similar, the solution could be different based on the kind of hardware, software, system requirements, etc. and the presence of other malware. Using someone else's fix instructions could lead to disastrous problems with your operating system. It's best that you tell us what specific issues YOU are having rather than point to someone else.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any prob... Read more

Read other 1 answers
RELEVANCY SCORE 91.6

Hi, I have ran every scan possible and still cant seem to find the problem. I also think i deleted some of the temporary files. this seemed to have happen 8/10 when I downloaded some file....now my wallpaper says "warning spyware detected on your computer install an antivirus to clean your computer" I don't know which programs to use anymore and which are good or faulty. I have a Dell i purchased 12/07 with vista home. i have the hijackthis log below. Please help. Thanks! Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:38:13 PM, on 8/19/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:c:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\System32\rundll32.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\Google&... Read more

A:"warning Spyware Detected On Your Computer"

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 2 answers
RELEVANCY SCORE 91.6

Hi there;I sent message ca 1 hour ago. This is an updated up-to-date log to complement/supersede the last message:Problem summary: I use a shared computerMy part, i.e. Administrator part, is infected with following warning message:"Windows warning messageWarning! Spyware detected on your computer!Warning!Win32/Adware.Virtumonde detected on your computerWarning! Win32/Privacy/Remover.M64 detected on your computerInstall an antivirus or spyware remover to clean your computerPlease activate your antivirus software to clean your computer"I contact you from my partners unaffected part of the computer (no administrator rights, so can't install programs from there) where internet works as normal !In previous message I sent log from 2005 version of Hijackthis which was still on my computer and working - it was created while I was on my partners login.Since the 1st msg I sent, I have now been able to download the latest Hijackthis software onto my partners part of the computer, then move it to an USB stick, log off as my partner, log on as myself, and then uninstall the 2005 version of Hijackthis and install the current version of Hijackthis from the USB stick......I have then been able to create a New Log from my infected part of the computer (previously my part appeared completely locked, but apart from the internet it seems to be functioning sufficiently now to uninstall/install programs and create the new log. But the Internet access is not working, ... Read more

A:"warning! Spyware Detected On Your Computer..."

Duplicate topic user is being helped.

Read other 1 answers
RELEVANCY SCORE 91.6

I have run 2 different spyware programs and anti virus programs and I can't get rid of this. I hpe some one can help me.The Home Page has been changed to a big red ?X? screen with a message : ?Warning Spyware Detected on your PC? ! Possible spyware infection has been detected. Click here to scan your PC for spyware??.?The html is traced to C:\windows\system32\spywarewarning.mht?On the desktop right corner end, every few minutes it will pop out a message: ?Windows security alert. Your computer is not protected against spyware! Spyware able to steal you data including passwords, credit card numbers etc. Scan your computer immediately? Thank YouLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:06:28 PM, on 10/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\WINDOWS\system32\CTSvcCDA.EXEC:\Program Files\Common Files\M... Read more

A:"warning Spyware Detected On Your Computer

Hello sgasper and welcome to BC My name is SNOWHITE and I will be helping you with your Malware problem.Do you happen to install by your self WatchRight? It is a monitoring program that captures data from a computer including screenshots, keystrokes, web cam and microphone data, instant messaging, visited websites etc. please read more here --> http://research.sunbelt-software.com/threa...;threatid=14094 and here --> http://www.symantec.com/security_response/...-020114-5742-99PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATERPlease follow the steps below exactly in the order they are written:Step #1Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to pr... Read more

Read other 14 answers
RELEVANCY SCORE 91.6

I have an IBM thinkpad, P4, 1.6ghz, 393,112 kb ram, windows 2000 5.00.2195, service pack 4. I picked up a Zlob.trojan. I ran spyhunter3.0 and AVG which found the Zlob and removed but I still have the blue screen with the "Warning! Spyware detected on your computer Install an antivirus or spyware remover to clean your computer" I havn't tried to connect to the internet for fear of it downloading malware as I've come to understand that is what it would do. Is that correct?

Here is my Hijackthis log. Anybody see anything?
 

Read other answers
RELEVANCY SCORE 91.6

Hello to all members. First off all I'he read some posts and tried do follow the instructions written there ... but I'm still facing some problems.
1. Some web pages display the message Error 404 object not found (eg http://www.malwarebytes.org) or redirect to my local php server
2. Combofix displays a msgbox with the text "combofix has detected the presence of rootkit activity and needs to reebot the machine"

Additional information: Windows XP Pro with SP2 installed

A history of the problem:

A couple of days ago, my desktop background suddenly changed to a bright blue with a dialog box stating "Windows Warning Message!" at the top and which had on a bright red field the words "Warning! Spyware Detected on your Computer!" At the bottom of the box it said "Please activate your antivirus software to Clean your computer. I couldn't modify my background. After some research I've changed some settings in control panel -> display and was ok. I've also installed Ad-aware from LavaSoft which detected some files in windows and windows\system32 directories (the names were something like phcn2gj0ep09). Then tried Spybot - Search and Distroy) which repaired some entries in registry and finally hijackthis from trendMicro.

The log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:17, on 27.08.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Norm... Read more

Read other answers
RELEVANCY SCORE 91.6

I am using XP Pro-SP2 (Installed already) We have the Blue and Yellow WARNING... screen that is so common, with disabled Desktop and Screen saver properties tab missing. User let kids on machine and they installed the decoy program. I completed all five steps prior to posting this thread. Ad-Aware Pro 2008 is installed (Ad-Watch disables currently), Windows updates are up-to-date.

**********Panda ACTIVE Scan Log********
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-08-13 14:14:49
PROTECTIONS: 0
MALWARE: 4
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;=================================... Read more

A:Warning-spyware Detected On Your Computer

BUMP, please (posted 8/13/2008)

Read other 7 answers
RELEVANCY SCORE 91.6

I have on my desktop a blue screen with a blue and yellow box in the middle containing the message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer."I also have a screensaver that comes up with a blue screen that starts with "A problem has been detected and windows has been shut down to prevent damage to your computer." It then rotates between various things like "BAD_POOL_HEADER" and "BOGUS_DRIVER" and "PAGE_FAULT_IN_NONPAGED_AREA" and continues with "If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:" and proceeds to give instructions about checking for properly installed software and starting up in safe mode. This screen appears for a while and then rotates to the Windows graphic like it's restarting and then returns to the blue instructions page. The pages will vanish with a tap of a key like a normal screensaver. The screensaver and desktop option controls are missing from the display properties in the control panel.We had other issues like pops but ran the following programs and haven't had any other problems since: Spyware Doctor, SmitFraudFix, Spybot, and Spy Sweeper as well as Microsoft's free online scanner.Thank you for your help! KASPERSKY ONLINE SCANNER 7 REPORTMonday, June 23, 2008Operating System: Microsoft Windows XP Professional Service... Read more

A:Warning! Spyware Detected On Your Computer!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Documents and Settings\Rachel and Barney\Application Data\AXPDefender
C:\WINDOWS\system32\blphc7j7j0e56a.scr
C:\WINDOWS\system32\lphc7j7j0e56a.exe
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Also post a new log from DSS.

Read other 8 answers
RELEVANCY SCORE 91.6

Hello Helpers and General Onlookers,My boss, Barry opened an email without looking at it's contents and feels that is what gave him this problem. He has the following message embedded on his desktop display:Warning!Spyware Detected On Your Computer!____________________________________________Install an antivirus or spyware remover toclean your computer.---------------------------------------------------------------------------------------This message is contained in a box, the top half is yellow, the bottom half is blue______________________________________________________________________Along with this though it may be or may not be related- he is getting the blue screen of death with various messages that end it restart your computer and call your network administrator if it keeps happening. It flits out of it so fast that every time he calls me to witness the issue the computer is already restarting itself._________________________________________________________________________________________________Things I've tried. Installing adaware and running it. Did not phase it.Running AVGAdd/Remove Programs (not there)Pulling my hair out! (I'm bald but it solved nothing)Kicking the tower and cursing God. (I'm probably going to hell before this thing gets fixed)________________________________________________________________________I would much appreciate any help including going through the process of using Combofix and posting the results for some... Read more

A:Warning! Spyware Detected On Your Computer

Try running a full system scan with Malwarebytes' Anti-Malware.

Read other 3 answers
RELEVANCY SCORE 91.6

Hello,

I'm working on my sisters computer and it is a mess. It has Windows XP withe SP 3 with IE6.

The problem is that there is a blue background that says Spyware has been detected on the computer and an anitvirus program needs to be downloaded. Also, a screensaver keeps popping up that looks like the blue screen of death followed by a fake reboot. The system has slowed down tremendously and almost nothing can be accomplished on it. Also, the user has been partially locked out of the display properties (cannot change backgound or screensaver).

Any help will be appreciated by this point.


Deckard's System Scanner v20071014.68
Run by Jay on 2008-07-06 09:22:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-07-06 14:22:38 UTC - RP1483 - Deckard's System Scanner Restore Point
5: 2008-07-06 06:00:27 UTC - RP1482 - Move file to quarantine: {02478D38-C3F9-4efb-9B51-7695ECA05670}
4: 2008-07-06 05:04:08 UTC - RP1481 - Software Distribution Service 3.0
3: 2008-07-06 03:45:51 UTC - RP1480 - Software Distribution Service 3.0
2: 2008-07-06 02:50:07 UTC - RP1479 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-05 00:31:39 UTC - RP1478 - System Checkpoint


Backed up registry hiv... Read more

A:Warning: Spyware has been detected on this computer

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.
Download SDFix and save it to your desktop.
Do not do anything with this yet!


Reboot
Reboot your system in Safe Mode.Restart the computer. The computer begins processing a set of instructions known as BIOS.
After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (dependent on your system this may be F5 or another key)
Instead of Windows loading as normal, a menu should appear
Use the arrow key to highlight Safe Mode and press Enter.


SDBot FixRight click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the ... Read more

Read other 15 answers
RELEVANCY SCORE 91.6

How do I get this message off my desktop "Warning! Spyware detected on your computer!". Ever since I downloaded Limewire and downloaded microsoft frontpage from limewire this thing has been on my desktop. AVG antivirus is finding a trojan horse apparentley from the frontpage file I downloaded. I ran adaware, spybot, the panda virus scan. Ran the Rogue and Smitrem program.I ran Hijack and Im guessing its something to do with one of these 3 lines I picked out below...O4 - HKLM\..\Run: [{01-10-0F-F6-DW}] c:\windows\system32\rwwnw64d.exe DWramO4 - HKLM\..\Run: [34401059] rundll32.exe "C:\WINDOWS\System32\qhbmtmrw.dll",bO4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\tcntaxdn.exe DWramHere is the whole Hijack file... I put the 3 lines above in bold below...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:32:20 AM, on 5/15/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS... Read more

A:Warning! Spyware Detected On Your Computer!

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You have identified some of the malware in your log, but not all of it.Please go to this page and scroll down to step 6.http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Follow the directions there to run DSS and then post those logs back here in your next reply.

Read other 12 answers
RELEVANCY SCORE 91.6

Hi,

My computer has got the warning! spyware, I downloaded AVG and deleted
registry keys for bhpl... and msauc but problem comes back again. Could you please help me.

Thanks
Sam

Logfile of HijackThis v1.99.1
Scan saved at 10:54:17 PM, on 6/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.e... Read more

A:warning! spyware detected on your computer!

Hello Sam -

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add or Remove Programs, and then delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Just close it for now.

---------------------------------------------------------------------------------------------

Next.........

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Plea... Read more

Read other 19 answers
RELEVANCY SCORE 91.6

Hi. I have a computer that in all likelyhood has considerably more problems then the one that I am talking about. I had never realised that there existed opportunities such as this to seek expert advice, so I apologize in my logs are beyond ugly.
My most recent problem however concerns getting my computer background changed to say "Warnig Spyware Detected on your computer! Install antivirus software or spyware remover to fix the problem." The background is blue and there are ants crawling all over it until you move the mouse. I am also getting a pop that asks if I want to search for software to fix the problem, however I am not sure if this pop up is associated with the virus or not. I went to the internet to try and find a solution for this but I have found only similar problems that were slightly different. I found one that got the user to run an MS-DOS file and identified why the background was changing, I think - i'll throw my own log of this after the hijack this log. I am running a windows xp o/s.
Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:18 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMO... Read more

A:Warning Spyware detected on your computer!

Read other 9 answers