Over 1 million tech questions and answers.

Possible ransomware infection - unsure how to proceed

Q: Possible ransomware infection - unsure how to proceed

I am helping an elderly family friend diagnose his computer problems.  He has fallen victim to a fake technical support scam by a company called "Adroit Rescue", and has paid their "fee" for what they claim is a year's worth of technical support.  I have his computer, and it is disconnected from the internet.
 
In looking through the machine, I see that the scam happened on August 7, 2016.  A text document was placed on the desktop, with the title "COMPUTER TECHNICIANS".  Inside, it lists the technician's supposed name and employee ID, the company name and phone number, and a customer ID number.
 
On the day the scam happened, he said received a popup on the screen which froze his computer, then received a phone call from Adroit.  He had no idea how they acquired his phone number.  He also cannot remember how the popup occurred - either by clicking an email link, Facebook link, Microsoft Edge browser ad, etc.  He said they spent an hour on the phone with him.  They did their fake security presentation on the computer screen, and "unlocked" his machine after taking his credit card information over the phone.
 
How do I go about determining exactly what they have done to his machine?
 
By searching the hard drive, I see the following happened on August 7th:
 
-  A folder for ADWCleaner was created.  Its logfile shows removal of the following:
   -  ask.com
   -  dotomi.com
   -  land.pckeeper.software
   -  media-dc6.msg.dotomi.com
   -  pckeeper.software
   -  www.ask.com
 
-  I am seeing error messages that state that Windows Security Center is not turned on.  I checked the Security settings, and Windows Defender appears to be running, but is out-of-date.
 
As I said, this machine is running, but is disconnected from the Internet.  Is it safe to plug into my Xfinity/Comcast modem with two other PCs attached?  I'd appreciate any advice on how to proceed.
 
 
 

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Possible ransomware infection - unsure how to proceed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 119.2

I am helping an elderly family friend diagnose his computer problems.  He has fallen victim to a fake technical support scam by a company called "Adroit Rescue", and has paid their "fee" for what they claim is a year's worth of technical support.  I have his computer, and it is disconnected from the internet.
 
In looking through the machine, I see that the scam happened on August 7, 2016.  A text document was placed on the desktop, with the title "COMPUTER TECHNICIANS".  Inside, it lists the technician's supposed name and employee ID, the company name and phone number, and a customer ID number.
 
On the day the scam happened, he said received a popup on the screen which froze his computer, then received a phone call from Adroit.  He had no idea how they acquired his phone number.  He also cannot remember how the popup occurred - either by clicking an email link, Facebook link, Microsoft Edge browser ad, etc.  He said they spent an hour on the phone with him.  They did their fake security presentation on the computer screen, and "unlocked" his machine after taking his credit card information over the phone.
 
How do I go about determining exactly what they have done to his machine?
 
By searching the hard drive, I see the following happened on August 7th:
 
-  A folder for ADWCleaner was created.  Its logfile shows removal of the following:
   -  ask.com
   -  dotomi.com
&... Read more

A:Possible ransomware infection - unsure how to proceed

A little more info:  This is a Dell Windows 10 machine - my apologies for not mentioning that in the previous post.  I had previously helped him with the Dell update software a few days earlier, and I remember installing Malwarebytes to scan for any malware as a precaution while looking at his setup.
 
Other things I've discovered:
 
-  It appears that in the process of the scam, the scammer uninstalled Malwarebytes, and downloaded a program called "Support-LogMeInRescue" on August 7th at 2:20 PM.  There is a file named "rescue.info" in the root C: directory.  I opened it with Notepad, but it only showed machine / computer code - no legible text.  The date and time of the rescue.info file is August 7th at 2:21 PM.
 
-  The scammers created a manual restore point labeled "tech123" on August 7th at 2:50 PM (the day of the scam).  There is a previous Windows update restore point from earlier that day - 12:38 PM - labelled as "Critical Update".  They deleted all other restore points.
 
-  They then used ADWcleaner as mentioned previously.  The date is August 7th at 4:40 PM.
 
-  The C:\ Program Files\ Common Files\ directory has a last-modified date of August 7th at 4:21 PM, but I cannot see any files inside which also contain that date.
 
-  I also searched for the date 8/7/2016 in both File Explorer and Event Viewer, and found some interesting things:
 
   -  Prefe... Read more

Read other answers
RELEVANCY SCORE 69.6

Hello ALL
I have ESET security on my sons laptop since last April. It has been scanning at start up and doing what it is supposed to. Recently he started having some breaking up of sound.
The MS jingle at start up and sometimes songs he plays. I thought it prudent to do some scans just to make sure no malware has snuck in.

Updated and did a quick scan with MBAM. Nothing found

Did an ESET smart scan and it listed threats as ?4 infiltrations?.
It stated it could not clean automatically and to pick a manual action.It does not list "clean" as an option

Only actions listed are:

Delete
Or
No action taken

I am reluctant to simply delete theses without getting some outside advise.

Input form BC friends would be appreciated

This is what is listed as found by ESET:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\4ef244d4-49cf35e6 multiple threats No action

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\7\124509c7-563d8dc7 a variant of Java/TrojanDownloader.Agent.NDJ trojan No action
Best Regards
Nawtheasta

A:ESET found something but unsure how to proceed.

Please download and run Temp File Cleaner and then do the following:Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Read other 9 answers
RELEVANCY SCORE 68.8

Hi again I just found the cause of my Blue Screen of Death but i'm not sure what this file is for or if it is safe to get rid of it, the file that causes my daily blue screen of death is call cymon.sys some sort of driver from the company CypherTec Inc.. Any help on this matter would be awesome i'm tired of getting a blue screen in the middle of playing games and what not. Just let me know what info you need to help me figure this out. Thank you

A:Found the cause of my blue screen but unsure on how to proceed

Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Read other 7 answers
RELEVANCY SCORE 68.8

We use Desktop Central to manage our windows updates. I've come across a new error that I have not seen all year. They are telling me it's a Microsoft error and they have no information on it. 
I have a couple of Windows 7 machines that have the following error on multiple updates.
An attempt was made to create more links on a file than the file system supports.

Of the machines having this issue, they're not all the same KB. Using one of the machines as example, it's having this issue with 3 updates.
2019-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4519976)

2019-09 Security Only Quality Update for Windows 7 for x64-based Systems (KB4516033)

2019-08 Security Only Quality Update for Windows 7 for x64-based Systems (KB4512486)


Seems like the standard Windows Updates fix's aren't working. Software distribution folder rename, fixit tools, etc. I'm not see this on any of our Windows 10 machines. 
Any idea how to go about resolving this? Reimaging is way at the bottom of the list due to these machines being at remote sites. 

Read other answers
RELEVANCY SCORE 68.8

Hello Everyone. Been awhile since I've been here. Been able to solve most of the problems I've encountered on my own since my first post in the hallowed halls of the techsupportguy forums.

Alas, I am in some dire need of help for a problem I've been having. I've checked other posts on here as well as other websites, but none of them seems to address my problem specifically, so forgive me if you have to repeat yourselves.

I've been having randoms BSoDs and hard hangs, most notably during gaming and while using browsers, but also less frequently whenever I'm just eating and chatting to a friend. I'll just be sitting there starting at my desktop and a Page Fault error will pop up and the system will lock. These problems have ranged from blue screens describing to page faults to what seems to be the monitor shutting off and going completely black. Can't even shut down the computer by going through alt-f4 or the start menu via macros, so it's not a monitor problem. NOTE: It also crashes in safe mode.

This doesn't happen at all on some days, but on others it seems as if it occurs 5-6 times in a row.

I started by doing a system restore and updating all of my drivers, but it hasn't helped. I thought that I might have some memory problems, so I went ahead and I ran windows memory diagnostic and it reported that there was a hardware problem with my memory. I have not run memtest86 yet, though.

Another notable thing is that whe... Read more

A:Definite Memory Problems; Unsure how to proceed

Read other 9 answers
RELEVANCY SCORE 68.8

Hi everyone! First, here are my laptop and system specs: OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 4039 Mb Graphics Card: Mobile Intel(R) HD Graphics, 1795 Mb Hard Drives: C: Total - 431937 MB, Free - 358762 MB; D: Total - 29690 MB, Free - 26465 MB; Motherboard: LENOVO, Base Board Product Name Antivirus: Microsoft Security Essentials, Updated and Enabled

So after my (now uninstalled and expired McAfee) antivirus program detected some threats, I deleted them but got worried about my laptop being infected. After doing some research, I ran SFC, which showed I had some corrupt files that couldn’t be repaired (attached if it will help!)

I didn't know what to do with them, so I backed up my files to an external hard drive, uninstalled McAfee and installed Microsoft Security Essentials (ran it on Full Scan, too), ran both CCleaner and MalwareBytes, and finally, ran CHKDSK in Safe Mode for both the C: drive and the D: drive, hoping these might repair the problems. Now, all this went just fine, reporting no threats, etc., but when I ran SFC again it still shows the same corrupt files, and now I don't know what to do to protect my computer and resume using it more normally

I read that you can fix these corrupted files with a repair installation/inplace upgrade (running setup.exe from the Windows 7 DVD and selecting ‘upgrade’) or run... Read more

A:Solved: Unsure how to proceed with SFC's corrupted files

Read other 13 answers
RELEVANCY SCORE 58

I had been streaming videos from a site that I recently learned has had problems with malware. My Avira antivirus is not updating and something is preventing me from installing the current Java version. I am concerned that I may have a malware infection on my machine. Could someone please help me?

I have a Dell Inspiron B130 laptop running Windows XP.

---------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Alison at 20:23:17 on 2011-05-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.30 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour ... Read more

A:Possible malware infection, please tell me how to proceed

Hello and My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs. Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!Download and Install CombofixDownload ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop ... Read more

Read other 7 answers
RELEVANCY SCORE 56.8

Hello.

I am a new member, and you are my last hope in ridding my computer of some sort of virus that has plagued it for the last couple of weeks.

I downloaded and began marching through the steps of the Preparation Guide for potential malware problem but was only able to get as far as step 6. The dds file from the link provided is not the same as the one in the Guide. Instead, I get a file called AutoCad Script, 512KB that, when I run it, produces a bunch of gibberish in Notepad and nothing like the scan shown on the screen shot in the guide.

I am unable to continue with the fix, and need further assistance.

Please help.

UPDATE: Just tried to run RootRepeal to generate log, and a settings.dat file was placed on the desktop after running the utility and no window appeared when clicking the "report" box for checkboxes for what to include in the scan.

A:malware infection repair, unable to proceed

Welcome to BCPlease try running this first and then run the scansPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again===========================If you cannot get DDS to work:Please download RSIT by random/random and save it to your Desktop.Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.Close all applications and windows so that you have nothing open and are at your Desktop.Double-click on RSIT.exe to start the program.If using Windows Vista, be sure to Run As Administrator.Click Continue after reading the disclaimer screen.Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).When the scan is complete, a text file named log.txt will automati... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Hi,

I recently received a notice that my warcraft account was banned due to violation of terms of service, but the actions were not performed from this computer, we are already recovering the account, but would like to determine if it is due to malware / keylogger on this machine or some external means.

First steps were to run Super Anti Spyware and MalwareBytes (SaS reported only tracking cookies, and MBAM one registry infection - PUM.Hijack.StartMenu - logs from both attached)

Then following the instructions in the Preparation Guide, ran Defogger, DDS and GMER

Many thanks

Logs following: (ATTACH.TXT added as attachment)

---> DDS.TXT
DDS (Ver_10-12-12.02) - NTFSx86
Run by Dianne at 12:03:26.62 on Fri 12/31/2010
Internet Explorer: 8.0.6001.18999
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3321.2248 [GMT -7:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows ... Read more

A:Unsure about infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 8 answers
RELEVANCY SCORE 52.8

Hello, I'm not sure what infection type I have. I have scanned with AVG Free and it found a trojan, but I removed it without checking the name. I think it was BHO something.Eitherway, my taskmanager was disabled (I re-enabled it), my internet is running slow, and SVHost.exe keeps trying to connect to the internet (never asked me before).Recently my friend went through my spam box and opened a bunch of email I hadn't gotten the chance to delete yet and I think that's where the problem lies. I quickly batted him over the head for doing this but now am left with the burden of figuring out what got into my computer =(Here is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:16:32 PM, on 2/16/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\WIND... Read more

A:Unsure of what infection I have

Hi,* Please visit this webpage for instructions for downloading and running ComboFix:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPost the log from ComboFix in your next reply.Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix..This because Security Software may see some components ComboFix uses (prep.com for example) as suspicious and blocks the tool, or even deletes it. Please visit HERE if you don't know how.

Read other 2 answers
RELEVANCY SCORE 52.8

Hey guys,Been handed a computer that belongs to a friend, did a few scans with some antispyware tools and found alot of malware etc. All came from some P2P program they had been using. So I removed those and now I cannot open the Run dialogue, I can run the files from the system32 folder, cmd.exe etc, so I think its a virus or something related. I am using an admin account so permissions shouldnt be a problem. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:54:49, on 06/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Kontiki\KService.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\fxss... Read more

A:Unsure of infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

Hi,

I hope someone can assist.

I dont know what infected my notebook.
It freezes and lags and makes a lot of noise.

Cheers

A:Unsure what infection

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 14 answers
RELEVANCY SCORE 52.8

Dear sir or madam, I am experiencing what seems to be an infection of some sort. Your diagnostic aid would be greatly appreciated. Below I have listed some symptoms I am having...-Slow computer performance- Freezes at start up- Unable to run multiple applications/files w/o freezing- Firefox opens "Ad" tabs at random timesBelow is the DDS LogDDS (Ver_10-10-10.03) - NTFSx86 Run by User at 10:48:57.29 on Fri 10/15/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2912 [GMT -4:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtc:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Adobe\Acrobat 9.0\Acr... Read more

A:Unsure of infection name

Hello Robert_47129 ,I see you've run ComboFix on your own.....could you please post the report from it for me? If you've run it more than once, then please post the FIRST report.Thanks,tea

Read other 11 answers
RELEVANCY SCORE 52.8

Hi everyone. Thanks in advance for looking at this (and possibly helping me.)
Here's my story:

After a Google search I received a pop-up like what is show at this page:
http://www.bleepingcomputer.com/virus-removal/remove-fake-microsoft-security-essentials-alert

I ran Malwarebytes which seemed to do the trick at first but soon after my Norton Internet Security kept showing signs that it was blocking an intrusion. Scans with Ad-Aware and Norton seem to have quarantined or fixed various malicious objects but on restart, Norton continued to alert me of intrusion attempts (I believe "kangojim1.com" was one blocked source of intrusion, though there were others.)
Additional attempts to purge the problem required several re-installations of Norton.
Other symptoms that came and went included google result link redirection, loss of sound utilities after a "Generic Host Process for Win32" failure prompt, dysfunctional video applications, desktop icons failing to fully load, failures or lag in program executions, (including firefox,) system freezes, blank desktop on restart, and possibly more.
At this moment, my desktop has returned to normal, my Norton requires re-installation and I have the computer unplugged from the internet. My files (the ones I care about) are backed-up. I have not tested other functionality except to run DDS and GMER (both were not functioning until after another malwarebytes scan in safe mode) in order to post those logs here.
I hope I... Read more

A:Unsure of Infection Name

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 14 answers
RELEVANCY SCORE 52.8

I apologize, but I had to make some changes to the computer system now running. I turned some programs off, so as not to be running in the background as well as replaced the Norton Antivirus with McAfee. This is not my computer but my in-law's system so it is not vigilantly being watched nor maintained. It will be left alone from this point on. Again I apologize for the confusion (as well as the second post that I made concerning McAfee). I have included the new HJT scan below and included the new scan as an attachment ("Updated HJT Report") as well as keeping the old scan attachment ("HJT.txt").I have run a Trend Micro HJT scan. My system is running very slow. AdAware has been run and found virtually nothing. I am not sure if there is more on this system or not. I would appreciate if someone reviewed this output and see what I may have and then what I would have to do to remove infected/infecting items.Thanks,RyanPS--Hope this doesn't confuse the situation! Thanks for the help and understanding!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:32:37 AM, on 12/27/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\... Read more

A:Unsure if I have an infection or not

Hello Ryan,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 52.8

My computer runs slow pretty much and theres a couple suspicious files. Google toolbar won't uninstall and wireless connection doesn't consistently work.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 21:13:32.53 on Fri 09/18/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.169 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\... Read more

A:Unsure what Infection...just need help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 52.8

I'm disinfecting my brother's computer, which has a very very very bad infection, so bad, in fact, that it's slower than my mom's Mac G3.. I downloaded combofix, ran it, but it didn't produce a log..*?* Immediate help would be greatly appreciated as my mom needs this computer to do work on, and with how bad the infection is, it's almost impossible to do anything on. It's really slow, even for typing. Here's the HJT log after running combofix:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:02:47 PM, on 2/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files&... Read more

A:Unsure, But Very Bad Infection

Hi and welcome,

sorry for delay.
If you are not getting help elsewhere and still need assistance, please post a fresh hijackthis log here.

thanks

Read other 2 answers
RELEVANCY SCORE 52.8

Last night my computer rebooted itself and popped up with about 20 or so error messages that System32 files were unable to run due to one reason or another. Also, another window popped up urging me to cancel and reboot. Also, all of my icons have been removed from the desktop and my start menu is virtually empty. I was just going to run a system restore and all of the System Tools have been deleted. I restarted the computer in Safe Mode and ran Malwarebytes. It found 13 infections and sucessfully removed them. When I rebooted my computer the pop ups were gone but none of the icons have returned and the start menu is still empty. Did I do something wrong or is there a deeper problem?

Thanks

A:Unsure about infection

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 52.8

I spent some time with family and my roommate used my laptop. It became infected with malware. I wiped my system and just want to make sure everything is all clear.DDS (Ver_10-03-17.01) - NTFSX64 Run by Sam Steffen at 23:09:52.78 on Wed 07/21/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4054.2247 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files\Fingerprint Sensor\ATService.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\bcmwltry.exeC:\Windows\system32\WLANExt.exeC:\... Read more

A:Unsure about infection

Hello, samsteffen.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksShould you still require assistance, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.Please disable word-wrap before posting logs. This can be done by clicking Format and un-ticking the word-wrap feature in notepad. The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.If you are running Vista, please run all the fixes as an administrator. This is done by ... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hello,
Please help. I think i may be infected.
System: Windows 10
Defender is the only firewall/antivirus, etc. installed.
System has begin operating slightly oddly. Very reminiscent of a time way long ago and a different computer, when I caught a keylogger.
Shutdown shows 1 app/program hanging, but does not say what it is.
Also occasional what look like splash screens or flashes of something taking the whole screen but it moves so fast all I can see is a flash.
It has also at what seems like random times, suddenly seems to bog down, as if when I'm typing, it "takes a minute" to catch up to what I'm inputting (and I'm a hunt & peck typist).
Defender & Malwarebytes scans come up clean.
Eset Online scanner however finds 1 thing, then as soon as it does locks up and won't proceed even far enough to tell me what it is.
I don't torrent or wander off to any of the corners of the internet that are "known offenders of being dangerous"
I am vehement about not opening unknown attachments.
In nosing about, i did find a TrkWks/trkw.dll in my system, which lists here as evidence of a backdoor trojan.
Suggestions on what I can do to look further?

Read other answers
RELEVANCY SCORE 52

I am getting AVG warnings of Trojan horse Generic13.AQKP and I keep getting popups with various sites. I was unable to un hijackthis until I removed some fo the unneeded files from the run/startup and boot into safe mode. Attached are the files from DDS:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Administrator at 15:05:34.93 on Sun 05/17/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.810 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.... Read more

A:Infection - unsure what is wrong

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 52

Hi there and thank you in advance for any assistance- I'm at my wits end.
I can log on in safe mode. However, I'm unable to start normally. I ran malwarebytes anti-malware and super antispyware. Both did show some problems. In both cases, I checked the fix sections and rebooted but alas, to no avail.
When I attempt a normal start, the log on takes my password. The background wallpaper comes up but no icons are on the screen, no start button, nor does it allow me to access any programs.
I have run the DDS software mentioned in the other section but it is well above my knowledge range to be able to use it's printout to help my problem, so I humbly ask for your help. Cheers.

DDS (Ver_09-03-16.01) - NTFSx86 MINIMAL
Run by Administrator at 12:03:31.48 on 27/04/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.503.309 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: iolo AntiVirus? *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: iolo Personal Firewall? *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\... Read more

A:Unsure of infection type

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 52

My computer is saying I have an internet connection but when using the internet browers it does not let me browse the internet it is saying there is no connection.
This computer before had trouble connecting to just particular websites. After accidently uninstall avira anti virus this is when it stopped all together.
The computer has also been reformatted recently due to the problems on it, this did not seem to help.
This is being written from a different computer, all the other computers in the house are all fine and connecting to the internet and browsing fine.
Sorry to be such a pain and so vauge.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Paul at 23:17:45.73 on 19/04/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.748 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *enabled*
FW: Avira Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporat... Read more

A:unsure of infection/malware (sorry)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 52

I'm not sure what my problem is exactly. I have mysterious devices registering in router, screen discolorations/overlays, undesired scrolling. I'm sure I'm hijacked and the DDS script doesn't open right because it's handled by AutoCAD. I have a HijackThis log, is that enough?

A:Unsure of Infection [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.Please tell us what your operating system is: Windows XP, Vista, etc.Orange Blossom

Read other 5 answers
RELEVANCY SCORE 52

Hi there,Yesterday my spyware doctor started flagging several processes as possibly malicious and quarantined them. I ran a scan in safe mode and it identified a trojan and removed it. My computer is still running slow and firefox keeps on crashing however, so i am skeptical if the infection was completely removed.My hijack this log is as follows:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:33:11 PM, on 7/22/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Spyware Doctor\pctsAuxs.exeC:\Program Files\Spyware Doctor ... Read more

A:Unsure of recent Infection

I installed Symantec Endpoint Protection and it identified the flashd32 trojan.

Read other 3 answers
RELEVANCY SCORE 52

Here is the log that Hijackthis has given meI would appreciate help thank you verrrrry much ^_^Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:17:17 AM, on 11/20/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\system32\actcontroller.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXER0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllF2 - REG:sy... Read more

A:Hijackthis Log, Sorry Unsure Of The Infection Name :(

Hello Mistermeow, Our apologies for the delay. I notice you run your hijackthis from Safe mode with network support mode. I cant see the all the running processes when it is run from Safe mode with network support mode, so please run it from the Normal mode. What symptoms are seeing on this computer?If you still need help, please post a new log so I can see if anything has changed.

Read other 2 answers
RELEVANCY SCORE 51.6

Alright, after using four or five spyware removers, I am finally ready to post a Hijack This! log. Sorry to say I am not sure what virus/mal-ware I happen to have. I checked the web and have seen some examples of other people who have had similar problems, but none of them showed up on my Hijack This! log. The best way to describe it is that my background has been changed without warning. It is not one of those web page backgrounds, it IS my background and my background tools have been locked... some how. "http://ic1.deviantart.com/fs9/i/2006/013/e/5/W00t_more_spyware_by_Volair.png"Also, I am wondering if I should get rid of anything that has "(no file)" after it? I am guessing that there is nothing left... but just incase I thought I would ask. Thanks in advance !Logfile of HijackThis v1.99.1Scan saved at 8:59:56 AM, on 1/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iTunes\iTune... Read more

A:My Background Is Being Hijacked ;o; (unsure Of Infection.)

Hello,It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Download smitRem and save the file to your desktop.Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.I see you already have Ewido installed.You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.[*]The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")[/list]If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesDon't run it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)O1 - Hosts: 216.39.69.102 view.atdmt.comO2 - BHO: A... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Hello everyone. My mom's computer is thoroughly infected with something nasty, but I can't tell what it is. I could not run mcafee, msconfig, regedit, or hijackthis without the windows closing immediately after opening. I was also prevented from visiting various security-related websites. I managed to start the computer in safemode and produce a hijackthis log file, but I need help diagnosing the problem. Thank you in advance for whatever help you may be able to offer:Logfile of HijackThis v1.99.1Scan saved at 2:44:52 PM, on 11/23/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\donna\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.dell.com/search/index.htmR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: SideStep Browser Helper - {08351226-6472-4... Read more

A:Log Analysis - Unsure Of Infection Type

Hi and Welcome to bleeping computer!! My name is David Please do both of the following before we start if possible!:1) Please print off these intructions - they will be needed later when internet access is not available.2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! Please download ewido security suite it is a free version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck.Install background guardInstall scan via context menuLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful") If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updatesOnce the updates are installed do the following:Click on scannerClick on Complete System Scan and the scan wil... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

The last few days my pc has been doing some really weird stuff. Upon opening MSN, coversation windows will "flicker" on and off the screen, and some people have said i have spammed them with links, though i haven't. Tried a system restore a few days ago, got as far as "Click next to retstore you system to the selected point" but clicking next did nothing. There has also been some very random error messages, with options like Ok to terminate Cancel to debug which i've never seen before. There's also a few things in my list of processes that look a little sus. I honestly don't know how many times svchost.exe is supposed to be in there ><

here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:13 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Inter... Read more

A:Probable Infection. Unsure what type though.

Bump
 

Read other 3 answers
RELEVANCY SCORE 51.6

Been getting some popups latelyLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:38 PM, on 12/17/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runescape.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywayR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/mywayO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO9 - Ex... Read more

A:Unsure of infection, causing popups

Hello bubblets,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 51.6

Hi; I posted previously in another forum, and after I was helped along, I was asked to post my topic here. I am trying to restore internet accessibility to my sister's laptop and get rid of all her malware as well. I have previously scanned with Malwarebytes, which removed 23 threats.Some things I have tried before posting on the last forum include:-Using command for "netsh int ip reset reset.log", resulting in the message "Resetting Echo Request, failed. Access is denied. Reseting Interface, OK! A reboot is required to complete this action."-Using command for "netsh winsock reset catalog", resulting in the message "The system cannot find the file specified."-Using command for "sfc/scannow", which seemed to run fine.-Running msinfo32, to find under Components>>Network>>Protocol that the list was empty.-Scanning with FSS, which showed that "Localhost is blocked. There is no connection to network. Attempt to access Google IP returned error: other errors. Attempt to access Yahoo IP returned error: other errors".What I was advised to do by the previous BC Adviser:"Download TDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive)Download FSSCheckmark all the boxesClick on "Scan".Please copy and paste the log to your reply.Download mini toolboxCheckmark following boxes:Flush DNSReport ... Read more

A:No internet connection; Unsure of infection

Hi,

I noticed that my topic is the oldest one with no reply, and I have seen many topics posted days later than mine that have already received support feedback. I read the guidelines for the forum, and the note to please be patient as the "average response time is 5 days". It's been 5 days now, and I wanted to check and see if this topic was simply missed or that I was told to post it in the wrong section so it is being ignored.

Thanks, and hope to talk with you soon.

-tdzhgf

Read other 14 answers
RELEVANCY SCORE 51.6

I somehow got a Snap.Do program downloaded by accident while downloading or upgrading another trusted one. You know how they are now. If you install or upgrade any known program that you fell is legit these other programs (mostly mal-ware) try to piggyback on the install. If you forget to make sure all the little extra checkboxes are uncheckecked then it will install all kinds of weird stuff you never asked for. I think I accidentally let  this Snap.Do bug on and have been having problems ever since. I thing it is more that coincidence which I don't believe in coincidences much anyway. I tried to uninstall it from control panel and no go. I tried to find it in my program files and look for a uninstall option but there is no listing. I think it is masked under another name. Anyway I've got problems coming out my ears now so I am attaching the logs and I hope you can tell me where to start. Thanks in advance for any help. 

A:Possible Snap.Do Virus, Otherwise Unsure of Infection

Hello cableman I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Hi, my IE is running EXTREMELY slowly, especially at start and page loading. I ran HJ and here is the log file. Any/all help is greatly appreciated!Logfile of HijackThis v1.99.1Scan saved at 12:41:25 PM, on 1/14/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\system32\S3apphk.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\WINDOWS\mstlsapi.exeC:\WINDOWS\system32\ntvdm.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\HijackThis!\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostF2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C... Read more

A:Unsure Of Infection -- Ie Runs Very Slowly

You have no active AntiVirus and are infectedGet the free AVG AntiVirus 7.5 install it, check for updates and run a full scanAVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/======================Click on http://noahdfear.geekstogo.com/FindAWF.exe to download FindAWF.exe and save it to your desktop.? Double-click on the FindAWF.exe file to run it.? It will open a command prompt and ask you to "Press any key to continue".? Press any key and the FindAWF tool will begin scanning your computer for the infected AWF files and the backups the trojan created.? It may take a few minutes to complete so be patient.? When it is complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop or whatever location you ran the file from.? Come back here to this thread and copy and paste the contents of the AWF.txt file in your next reply.

Read other 17 answers
RELEVANCY SCORE 51.6

Hi all-I'm a newbie to BC.com, and after registry fixers, anti-spy scans, virus scans, deleting temporary internet files, my Compaq Presario running Windows XP, 2.7 GHz Intel Celeron Processor, 512 MB RAM, and 120 GB HD continues to run super, super slow. Way slower than it did when we first took it out of the box. Other information that may or may not be helpful? I have a Linksys wireless router connected to this PC, password-secured, so that I can connect to our Verizon DSL service with my laptop and TiVo. My PC was slow both before adding the router and after. The laptop is ultra-fast, but does have a dual-core Intel processor.I googled a bunch of different words/phrases, and that led me to this site. It seems to me that posting a Hijackthis log is the best place to start, so here it is. Any advice is appreciated and if I did this wrong by all means let me know. I'm open to constructive criticism!!!Thanks in advance!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:44 PM, on 8/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\s... Read more

A:Infection Unsure, But Windows Xp Is Way Slow

Hi Scottie and welcome to Bleeping Computer. I will be handling your log and helping you to get cleaned up.Please take note of the following:1. Please do not make any system changes yet. as any changes you make may well alter your log.2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.4. Please reply to this thread. Do not start a new topic.Please give me some time to look over your log and I will get back to you as soon as possible.Starbuck

Read other 14 answers
RELEVANCY SCORE 51.6

was redirected here from 'Am I infected? What do I do?' forum. Mod. edit: Topic referenced is here: http://www.bleepingcomputer.com/forums/t/199425/hijacked-browser-and-slow-page-loading/ ~ OB i son't have a specific virus name for you, but here are some symptoms if that helps:having a problem while browsing with firefox with search results being hijacked to various ad sites as well as slow page loading and was looking for some help. i will also mention that my outdated norton antivirus has recently stopped auto-protecting and i can't enable it as well as a notification in the system tray that windows automatic updates is turned off(which i want, but the notification itself is new). these symptoms all appeared at about the same time.here is the DDS log and attachment:DDS (Ver_09-01-19.01) - NTFSx86 Run by sg at 11:48:21.15 on Sat 01/31/2009Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.114 [GMT -5:00]AV: Norton AntiVirus *On-access scanning enabled* (Outdated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Intel\ASF Agent\ASFAgent.exeC:\WINDOWS\System32\drivers\CDAC11BA.EXEC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Google\Common\... Read more

A:unsure of infection name, having browser redirect

Hello deepdorp,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 10 answers
RELEVANCY SCORE 51.6

Hey BleepingComputer community, just looking for a bit of guidence and advice, I hope I don't come a burden here with my questions .

so a brief description why I believe my Laptop is infected, I downloaded a file and it installed perfectly, nothing within question ( I ran MBAM and Trend Micro Internet Security on it before I Installed, this came up clean) so after installing and using the file, I went back to where I got it and got a few if not everyone claimed that the file I had downloaded had some sort of virus/malware or just generally seemed very fishy. So I ran my AV and MBAM both showed I had nothing to worry about, still uncertain I uploaded the file to VirusTool.com and the results are below (I took out the AV's which nothing came up for)

My computer seems generally fine, browsing, starting up, just general laptop stuff, it seems to be running just like it was before installation of the file.

-------

Virus Total (scan of the file in question)

File name: setup.exe
Detection ratio: 7 / 42
Analysis date: 2012-04-25 08:59:09 UTC ( 0 minutes ago )
More details

Antivirus Result Update

AntiVir - TR/Dropper.Gen - 20120424
Avast - Win32:Dropper-gen [Drp] - 20120425
F-Secure - Gen:Variant.Barys.882 - 20120424
GData - Win32:Dropper-gen - 20120424
McAfee - Artemis!B994FA6808DE - 20120424
McAfee-GW-Edition - Artemis!B994FA6808DE - 20120424
nProtect - Trojan/W32.Agent.564736.AK - 20120424

A:Unsure if I have a Infection or not. ( Win32:Dropper-gen )

It's definately infected.. One shopuld scan the downloaded file before opening it to determine if its safe. Once opened the malware is released.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.I'd like us to scan your machine with E... Read more

Read other 6 answers
RELEVANCY SCORE 51.6

AFG was on system, caught trojan when it was downloaded but can not be sure of what name of it was - then uninstalled AFG and installed McAfee Security.I have installed and run:Spy SweeperWindows WasherAdAwareSpybot Search and DestroyUltimate Fixer is the trojan I think I have.On Startup I get three error messages unable to load:pqfklsbe.dllshonknyr.dllyvkfonev.dllLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:14:04 PM, on 10/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\SiteAdvisor\6172\SiteAdv.exeC:... Read more

A:Ultimate Fix? Unsure Of Type Of Infection

Welcome to the BleepingComputer HijackThis Logs and Analysis forum dclark20 My name is Richie and i'll be helping you to fix your problems.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.*NOTE*In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.Also post a new Hijackthis log please.

Read other 11 answers
RELEVANCY SCORE 51.6

Hello, recently I have been having a strange problem with my computer randomly having a "network cable disconnected" appear on my taskbar (using windows xp) or I simply lose all connectivity and see that I am still connected to my network supposedly but my computer stops receiving packets. I contacted my network administrator and I was told that there were no apparent issues with my computer connecting to the network and that everything seemed to be working normally and that the issue must be on my end and that "something definitely has to be in your system stopping you from getting information". It's been awhile since I've had to deal with any malware type issues and this problem was much more subtle than anything I've encountered before so I simply followed this guide

http://www.selectrealsecurity.com/malware-removal-guide

almost exactly and apart from a few nasty temporary internet files and two registry errors after all the scanning and searching (avira, hitmanpro3, and the eset online scanner) nothing that I think could have been the root of the issue was found. Earlier this week I added collusion and betterprivacy to my firefox to see if there were any malicious trackers messing with my system while I browsed but I haven't found a single red or gray dot on my collusion webs and betterprivacy has been deleting any junk data that sites might have been slipping into my system and I'm still having this issue with my network connecti... Read more

A:Unsure of infection, would like educated opinion

Welcome to the forum.Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:

Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows DefenderPress "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.

Read other 5 answers
RELEVANCY SCORE 51.6

Sorry but not sure of infection but am suspicious becuase of the following :Zonealarm client will not update Antivirus but will update Anti spywareWireless connection to internet is fine and google homepage appears fairly quickly as do home pages of other sites e.g. Merijn.orgTry and download anything at all and it is slower than a perverbial snail and would take 2 days to do something that should take 5 minutesFound a line in zonealarm program control that said "Remove Serivce" notice the spelling error of service and the properties calls it RemSvcOh by the way I have cleaned up some items using CCleaner yesterday and wanted to use Spybot but could not get it installed.Anyway here is my HJT Log, hope someone can help on this - am writing this from my other computer (the one not working is my sons and he's going mad )Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:57:42, on 02/03/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Zone Labs\ZoneAla... Read more

A:Infection Unsure, Av Internet Blockage

Hello Garfielduk and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It's clean.Let's try another scanner and see if it shows anything. If that comes up clean then we'll send you over to the XP forum and have them check out the configuration.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administ... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

Dear helpers,My internet browsers are really lagging in the first 5 minutes. I tried Chrome, Mozilla, and IE 8! Same. I also tried a lot to fix it, starting with CCleaner (cleaned everything including fixing all registries) , Microsoft Security Essentials full scans, AVG Free Full safe mode full scan, spybot, removed unnecessary files, deleted ALG files from registry to see if it helped, and modified services.exe and startup programs to run more efficiently.Do you need to see my HJT file?It's really weird. Hopefully, it's not a rootkit or backdoor. At first, I thought it was due to the Mozilla java plug-in crashes, but it affected other browsers.To top it off, I went to 2wire.com to check its speed meter and it was above 2 mbps.I followed the preparation guide to its full extent. Here is my DDS.TXT file::DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 19:02:55.93 on Tue 08/10/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.138 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Exp... Read more

A:init rootkit infection? (Unsure) I need your help ~

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 51.6

Hello there!So, about two days ago, I was downloading music when all of a sudden, messages telling me to download XP Antispyware started popping up. Of course, I did not download anything, and soon got rid of that little nuisance. However, the Just-In-Time feature began (and is still) showing up constantly, suggesting me I use Microsoft Script Editor. With my appalling lack of knowledge on debugging, I opt for opening Firefox and begin searching for more information on the subject, only to have myself redirected to websites such as MyLocalHero, www.bravotv.com, etc., each time I click on a search result, as well as freezing a lot with all the flash players. And it's not just Firefox— at the moment, I'm using Opera, and it's turned out to be very useful, but every now and then it begins redirecting me to similar sites as well.I've tried Disk Cleanup, Malwarebytes', Spybot - S&D, and a gazillion other programs; some problems have been detected and resolved, but none seem to have anything to do with my problem(s).To top it all off, I keep getting the message 'www.google.com: 443 uses an invalid security certificate' whenever I open my Google Homepage.So, in short: It's browser redirecting, the debugging feature (Just-In-Time) that I have no idea how to use, and the invalid security certificate.My patience is beginning to falter. I posted my problem on another forum yesterday, but I've received no response and my thread has alread... Read more

A:Browser redirecting. Unsure of infection.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

pieces of it were removed and isolated etc by spybot S&D avast and AVG, i'm STILL hearing random audio ads that sound like radio ads. I have not been able to identify what is generating this.
source of infection was a disguised ad that looked like a flash video waiting to be played, it downloaded an EXE that I should have KNOWN was infected, but it slipped in I was used to the idea of having a player or plugin for things like icefilms, after I went through the install I immediately realized my error and have been attempting to remove the infection.
OS: windows 7
attached is a DDS log. I'm willing to scan with whatever it takes, but these ads are freaking annoying.
 

A:Unsure of infection type, very stubborn

AVG scan results were:
 
"";"Potentially harmful program Downloader.CIC, C:\Users\Xiaowen\Downloads\Installation.exe";"Secured"

"";"Found MalSign.Rungnapa.9F5, C:\Users\Xiaowen\Downloads\FLVPlayer-Chrome.exe";"Secured"

"";"Found MalSign.Generic.C6A, G:\Setup.exe";"Secured"

"";"Found MalSign.Generic.C6A, G:\Setup v2 1 (1).exe";"Secured"

"";"Found MalSign.Generic.C6A, G:\Setup v2 1.exe";"Secured"
"";"Found MalSign.BitCocktail.0E0, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[1]";"Secured"

"";"Adware Toolbar.PT, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\update[2]";"Secured"

"";"Trojan horse SHeur3.BNBY, E:\Users\Michael\AppData\Roaming\Thunderbird\Profiles\f63az98h.default\ImapMail\f.com\INBOX.sbd\Shipping.sbd\UPS";"Secured"

"";"Trojan horse Generic35.BTEK, C:\ProgramData\InstallMate\{182455E5-333C-4E03-ACE8-7B1EC3C77713}\Custom.dll";"Secured"

"";"Trojan horse Generic35.BTEK, C:\ProgramData\InstallMate\{48CEC1F1-B477-4084-A26F-FC55932DE307}\Custom.dll";"Secured"

"";"Trojan horse Generic35.BTEK, C:\ProgramData\InstallMate\{2A37FBD7-E873-4AD0-A83B-A051F1D4D921}\Custom.dll";"Secured"

"";"Trojan horse Dropper.Generic4.ARVX, F:\old_crud\dead rising 2 pc game\crack\DR2Launcher.exe";"Secured"

obviously whatever i've still got wasn't removed, but i'd like it gone. I do believe I was aware of the trojan in the dr2 launcher, which ... Read more

Read other 23 answers
RELEVANCY SCORE 51.6

The systomps of the infections, or whatever is wrong with this PC, is that 1) I cannot run Malwarebytes... 2) I can't install anything by Google... I keep getting a "Google Installer has encountered a problem and has to close". Spybot can install and have the guard up, but it can't run its virus finder... I'm not sure what to do. Should I post my HJT?

Read other answers
RELEVANCY SCORE 50.8

about the old xp machine again...
i was browsing through the system folders on my machine and found the following folder
 
C:\Documents and Settings\Administrator\Local Settings\Temp\HCBackup
 
it contained iCRCReserve.tmp   hcpackage.exe    hcversion.xml  AUStrg(empty folder)  AUCache(folder)
 
i looked up some of these names online and found
 
http://www.threatexpert.com/report.aspx?md5=2399c6f17aaa39ba58bb09aee33bd913
 
 
my system contains the files listed under "file system modifications"-->"files created"
the files 
marked 3, 4 ,5 ,6 ,7 on that list are all present and have same size. they match the file sizes shown there, i did not know how to check the MD5 or SHA-1.
 
does this mean i am infected or are those files quite benign? they may have something to do with trend micro housecall or they might be named to fool me into thinking that. hcpackage.exe says it was produced by a "company" Igor Pavlov.
what is going on here?
thanks
 

A:a few files i found, unsure if this indicates infection. no other signs

excuse me but it's been several days now, can i have some advice on this matter please.
thanks.

Read other 24 answers
RELEVANCY SCORE 50.8

so, yea, been an avid windows user for dang near 20 years now, at my meager age of 24.....and, something just is not right....I do not know what is wrong, but I  CAN JUST TELL somethings not right... nothing is finding anything, not kaspersky total security 2016, not kaspersky virus removal tool, not mbam or mbam premium (however mbam was physically unable to update, for anything, I straight up had to spend hours gettting the definitions up to date as the servers were blocked, and also could not activate my sub due to activation servers also being blocked), superantispyware, as per my norm with it, always crashes when scanning the system, msisoft emergency kit is still running, has found a total of 19 items, of which like 12 are "no risk" items, and its not finding what I know is there, as everything it finds I'm already aweare of the files in question and know them to be, for the most part save one or two, to be legit files, hijackthis has FOUND THINGS THAT RAISE HUGE RED FLAGS TO ME already, and just, sooo many other things I've tried that have been completely fruitless as heck... anywho, the logs in question now.Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01Ran by High Voltage (administrator) on FURRYONE (28-03-2016 01:45:12)Running from S:\DownloadsLoaded Profiles: High Voltage (Available Profiles: High Voltage)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Defaul... Read more

A:unsure the infection, but 20 years windows exp states there is one

Greetings mmd123 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems ... Read more

Read other 3 answers