Over 1 million tech questions and answers.

avg detects virus found exploit, a resulting error in the healing process

Q: avg detects virus found exploit, a resulting error in the healing process

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\AOL\1146002459\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = tests
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146002459\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file://E:\setup\RiffLick.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

End of file - 12564 bytes

please help me out here

Read other answers
Preferred Solution: avg detects virus found exploit, a resulting error in the healing process

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)


Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\QuickTime\qttask.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers

arm in sling typing one handed. i got hit with this on my cpu and can't heal it or get rid of it. i put it in the virus vault. it hit the temp internet files. what do i do? i have win xp pro. thanks for the help.

A:Virus Found Exploit

Can be you more specific on the type of exploit as there are many of them?For example, many users have reported "Java/ByteVerify.Exploit.Trojan - Virus found in Java Runtime Environment (JRE) cache".Java.ByteVerify is actually a method to exploit a security vulnerability in the Microsoft Virtual Machine that is stored in the java cache as a java-applet. The vulnerability arises as the ByteCode verifier in the Microsoft VM does not correctly check for the presence of certain malformed code when a java-applet is loaded. The solution for a lot of these exploits are to:Follow the instructions here to clean your JAVA cache.Follow the instructions here to clean your your Web Browser Cache: IE, Netscape, Mozilla, Opera, AOL.

Read other 10 answers

arm in sling typing one handed. i got hit with this on my cpu and can't heal it or get rid of it. i put it in the virus vault. it hit the temp internet files. what do i do? i have win xp pro. thanks for the help.

A:Virus Found Exploit

I have already responded in your other thread here. Please do not duplicate postings as this causes confusion and makes it more difficult to get the help you need to resolve your issues. Thanks for your cooperation.This thread is closed.

Read other 1 answers

Hey guys,
So a few hours ago i downloaded a file which wasnt what i thought it was it was a exe that when i run did nothing so suspecting something fishy i run a AVG scan and it picked up a Trojan horse generic and 6 of these. I managed to move them all to the viru vault and delete them all. I ran another scan nothing came up. Now i seem to be getting alerts from AVG every once in a while saying threat Detected or something along them lines with this Script/Exploit virus below. How serious is the matter will this course damage to my computer if not dealt with?

Infection Virus found

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B3K7V0B4\adserver[1].htm";"";"16/10/2009, 23:51:02"

A:Virus Found Script/exploit


Read other 1 answers

Hello , I am trying to help someone fix their system.. I know that this is a dell dimension b110 less than one yr old.
The lady updated Mcaffe, and i guess ie 7.. she cannot surf the net... her browser window doesnt even show page cannot be verified. or the progress bar.. it is simply a open blank window.. it is not set to open blank page or work offline..
When i ran her anti-virus software.. it showed two infected files.. Both infected by the Exploit ByteVerify trojan virus.. It apparently hijacks the start page. The Mcaffee ( UGHGH) refered me to MS03-011
No instructions on how to manually remove or anything.. it said update dat files.. install path.. thats it.. the browser still is not functional.. we tried dell support they used remote support and basically emptied the temp folder and deleted the temp internet files and deleted the system restore.. and refered her to paid for tech support to remove thevirus.. i did quarantine the files but dell recommended to restore them..Can anyone here help?I would like to be able to fix this properly without having to pay Dell.. I can give more info about system.. but.. Thank you all. (K

A:Trying To Help Virus Found.. Exploit Byteverify

Your friend or you need to1)Disable restore pointGuide on how to disable restore points.2) download updates here.3) Startup in Safe mode4) Scan and have the trojan be removed.5) After removal start up in normal mode and enable restore point againPleae make sure that her computer is upto date with latest patches

Read other 4 answers

Got an email - thought it was from a known source - it wasn't - and it replaced my home page with the shady site address.. have gone into the registry and forced it back to my usual default... and cleaned out my Temp folder...
In >Tools>Internet Options> General Tab my whole home page section of this tab is unavailable (greyed out buttons and field).
In >Tools>Internet Options> Security Tab my Custom Security area is also greyed out.
This is a problem for me as it relates to my need to get ActiveX working on my laptop to view reports for one of our products.

After having quarantined the js.exception.exploit virus from
these files: 22116[1].js & startpage.js & illegal.js.
And upgrading installing and ininstalling IE from ie5.0 to 6 to 5.5 and upgrading sp2 - the problem still persists.
I'm running Win2000 Prof WinME.

Anyone know a fix for me?

Loads of thanx in advance!

A:js.exception.exploit virus found and quarantined

Read other 6 answers

Listen, guys,
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers


This is a little strange. A friend downloaded some photos she had taken, from her camera onto my computer. Everything was fine until I tried to resize them, as soon as I did AVG 8 (the full version) said that the photo "may be infected by unknown virus Exploit.JPEG" It has no problem with the origional files just the the resized ones.

I scanned the supposedly infected resized photos with Malwarebytes and with Superantispyware and they both detected nothing.

At the same time I was resizing some other photos that had come from a camera to disk to my computer and AVG had no problems with them, they were also JPEGS.

So I am just wondering if this is a real virus or a false positive?

A:Avg 8 - Detects Exploit.jpeg Only In The Resized File.

If you suspect a file to be a false positive. Test the file at [virusscan.jotti.org] and if it is a false positive, archive (zip, arc, tar etc) the file using a password and email a copy to [email protected] with a brief description as well as the password you used to archive it with.If it is a false positive, turn off heuristic scanning for the time being. When Grisoft adjusts the virus definitions you can turn it back on. If turning off Heuristics still doesn't allow access to the file while testing and emailing... disable the resident shield temporarily.AVG forum.grisoft: instructions for suspected FP's

Read other 11 answers

Less than an hour ago, I was researching Cross Scripting. A Google search led me to a link that, when I clicked on it, caused my McAfee Virus Scan to alert me of the Exploit-MhtRedir.gen Trojan. The McAfee notice stated that the files infected had been deleted. I ran a virus scan and came up clean also.

My question is: When this happens, should I report this to anyone? This has been the first time I've ran into a virus alert while researching using Google and clicking a link from their website.

A:McAfee Detects Trojan: Exploit-MhtRedir.gen

Read other 8 answers

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??


I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

A:Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make... Read more

Read other 1 answers

Hi, I scanned pc using Avast5 and found following virus but Avast can't qurantine or delete it. Also tried Spybot S&D.
File Name: *PROCESS\3ac\msmpeng.exe\60f0000\40000
Severity : High
Status Threat: BV:AutoRun-E[Wrm] Win32:FakeAlert-GY[Trj] NSISownloader-CC[Trj] JS dfka-AJM[Expl] Win32:Small-HUF[Trj] Win32:Small-gen2[Trj] Win32:Zbot.AVH[Trj]
Result: Error Access Denied or Fileaname, Directory or Volume label syntex is incorrect

Can anyone help PLEASE!?

A:Virus Found in Process Memory Help


Please do the following:

Please download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Please download DDS from either of these links


and save it to your desktop.

Disable any script blocking protection
Double click dds.pif to run the tool.
When done, two DDS.txt's will open.
Save both reports to your desktop.
Please include the contents of the following in your next reply:


Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.

Double click the exe file.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan bu... Read more

Read other 1 answers

I have an HP Pavilion g7, 64bit, running on Windows 7.
It has been EXTREMELY slow recently, w/ constant freezing, to the point where I have to manually restart the computer. It seemed like processes were constantly running in the background, so I went through msconfig, and got rid of many of the startup programs. It helped a little, but not much. So I ran Security Task Manager, and nothing came up beyond a 47% rating- but I ended some of the processes that I thought were unnecessary. Then I had issues w/ Java- it kept prompting me to update the plugin, which I did, as this was several days before the news hit about the Java security issues. As soon as I found out about the Java issues, I went it and disabled Java & the Firefox Java plugin. I downloaded Malwarebytes Pro, and it came up clean. I ran the Eset one-time scan, which found 1 infected file, and deleted it. I have avast running, which keeps coming up clean.
I ran Security Task Manager again today, like I've been doing every day for the past week, and suddenly today there was a process that ranked 67%, and was listed as "potentially harmful." It was called "Microsoft application virtualization virtual service agent", and under the description, it listed the function was "to manipulate."
I don't know where this process came from- it never came up before on the STM scan, and like I said, it ranked pretty high on the security rating, when nothing had ever been above... Read more

A:Potentially harmful process just found- is this a virus?

The file sftvsa.exe is located in a subfolder of "C:\Program Files" or sometimes in a subfolder of "C:\Documents and Settings". Known file sizes on Windows 7/XP are 219,496 bytes (92% of all occurrences), 209,768 bytes, 203,608 bytes, 203,624 bytes or 213,504 bytes. The program is not visible,so perhaps you are set to "Show hiiden files."I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button... Read more

Read other 3 answers

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers

On reboot after windows starts with desktop background showing, but before desktop icons are shown/loaded I get:RUNDLLError loading C:\windows\system32\iernonce.dllThe specified process could not be foundI think this was caused by VundoFix. This is the log:VundoFix V6.7.8Checking Java version...Scan started at 8:51:28 PM 2/11/2008Listing files found while scanning....No infected files were found.Beginning removal...My reason for running VundoFix is I am redirected to http://wwww2.look-up-results.com whenever I use the address bar in both Firefox and IE to search for a known site such as yahoo, digg, reddit. Google is supposed to be my default search. If I just use the word yahoo, digg, etc. I get redirected. If I use the word yahoo.com, digg.com I go to the correct site. I use Firefox most and only use IE if forced to. Can't get Windows Updates. After it starts it's prep I get an error 0x8007007F. Can't get Kaprasky online scan to load it's program. All this seems to be ActiveX problems. Ran McAfee complete virus scan, it's clean. Spybot S&D was clean except for 1 tracking cookie. Adaware was clean. McAfee Stinger was clean. The redirect only happens on my dialup connection, only on this laptop. My desktop PC is not affected on the same dialup connection. Also not redirected if I leech off my neighbor's WiFi.Also ran ComboFix. Here is a part of it's log. Will post complete log on request.ComboFix 08-02-13.2 - Mike Lindow 2008-02-12 16:29:07.1 - NTFSx86Micro... Read more

A:Rundll Error Loading Iernonce.dll Process Not Found

Welcome to the BleepingComputer HijackThis Logs and Analysis forum. My name is Richie and i'll be helping you to fix your problems.Apologies for the late response,as i'm sure you can appreciate we are extremely busy.If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.If you have not followed the info in the link below prior to posting your log then please do so now:Preparation Guide for use before posting a HijackThis Log:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/If you still require help,please post a new Hijackthis log into this topic in your next reply.Also post a detailed description of the issues you're experiencing.*Note*Post all reports/logs directly into this topic,not as attachments,thanks.

Read other 3 answers

I typically use AVG to scan for viruses and have had a virus for a couple months without being able to get rid of it. The file path is

C:\documents and settings\all users\application data\symantec\norton antivirus corporate edition\7.5\APTemp\AP2.htm

The result message says "Virus found Exploit - infected" but AVG is unable to remove this virus.

I get 1 other result with AVG - C:\\WINDOWS\system32\kernal32.dll - result: Change - Status: Changed

My computer has been running slower and somewhat "choppy" since I got this virus. I also recently had problems booting up.

Here's a summary of the 5 steps when I went through them:

1. Add/remove programs - nothing found that needed to be removed
2. Panda ActiveScan - Report is attached
3. Spyware Blaster - couldn't run this, got an error message stating "Cannot find import; DLL may be missing, corrupt, or wrong version File "MSVBVM60.DLL" error 126. I tried unistalling and re-downloading from a different site, with the same results.

IE-Spyad - downloaded but couldn't install/run - all of the files that I unzipped were text files, nothing to run.

4. I have SP2 - all critical updates have been installed.
5. Deckard's Scan - main text is below, extra.txt is attached.

Deckard's System Scanner v20070826.66
Run by Administrator on 2007-08-29 17:29:24
Computer is in Normal Mode.

-- System R... Read more

A:"Virus Found: Exploit" when scanning with AVG - computer slow


Read other 19 answers

Hi:I have scanned and cleansed various infections of viruses and spyware. (Scanned with: Ad-Aware SE Persoal, Spybot, AVG 7.5, AVG anti-spyware, AVG anti-rootkit, and McAfee Stinger.)Now for my issue:I continue to get pop-up's and new viruses. Also I get an runtime error which prompts "just in time debugging". I'm unable to delete them permanetely. After being deleted they reappear. I've tried deleting them with virus-scanners. My HJT log:Logfile of HijackThis v1.99.1Scan saved at 10:50:05 PM, on 6/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exed:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exed:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exed:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\Mixer.exed:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINDOWS\system32\atiptaxx.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXED:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Micros... Read more

A:Smitfraud_c.tool888, Exploit Virus, Runtime Error

Hi -You've got some nasty infections including password stealers. Do NOT do any online transactions such as online banking, online purchases, etc. until we have finished. I strongly suggest that you change your passwords at sensitive websites from a computer you know is not infected.Also, make sure that your data files are backed up.You will need to print these instructions because you will be working in Safe Mode without an Internet connection.? Please set your system to show all files.- Go to Start > open My Computer- Select the Tools menu and click Folder Options.- Select the View tab and, under Hidden files and folders, select Show hidden files and folders- Uncheck Hide file extensions for known file types- Uncheck Hide protected operating system files (Recommended)- Click Apply, then OK? Reboot into SAFE MODETo get into the Windows XP Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times. Choose Safe Mode from the menu that will appear and press Enter.? Start HijackThis, click System Scan Only and place a checkmark next to the following items:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL ... Read more

Read other 10 answers

I received a notice from Norton that there was an attack by MHTMLRedir.Exploit and that it was being blocked but then said it could not remove. I later clicked on the "view quarantined items" and got the error in "error creating quarantine object. Please re-install Norton" . Here is my Hijackthis file: Please help - Thank you!

Logfile of HijackThis v1.99.1
Scan saved at 11:46:33 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm1... Read more

A:Error On Norton Anti-Virus/MHTMLRedir.Exploit


There is nothing to indicate malware in your log...Did you reinstall Nortons ?.

It may be best to run a scan....

Please download Ewido Security Suite

Install Ewido Security Suite.
When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu"

To open the main screen double click the icon on the desktop.

You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.

Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'

If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it.Post it back here.......

Read other 7 answers

A small child got on my computer and was playing games over the weekend and must have downloaded a virus. I have Windows XP. The first issue was my keyboard was not responding. It still does not work, except for the standby button. However it does fully function in Safe Mode.

Next problem when I rebooted was that I had the virus "antivir soloution pro". I think I have successfully removed it by following some guidelines posted on your website in another post. However when I run an AVG virus scan, it shows the following infection "Exploit Phoenix Exploit Kit (type 1112)" and it shows it in two different files with no option to remove them.

My keyboard still does not respond with Windows either.

Any help would be apreciated.

A:Exploit Phoenix Exploit Kit (type 1112) virus?

Hello a couple more to run..Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved passwords, ple... Read more

Read other 3 answers

I use Microsoft 7; Office 10. Problems: Unwanted music, slooooow, pop-ups, error msg., Exploit Blackhole Exploit Kit. LOTS of problems - is there any hope?

Here are the results of the recommended tests. (Side question: Why didn't full versions of Webroot, AVG2012, or CCleaner catch these?)

Error Msg:
http://forums.techguy.org/register.php?a=act&u=739368&i=bed7.... An error occurred in sending the command to the application.

Threat was Blocked!
File name: www.mycalihomeguide.com/
Exploit Blackhole Exploit Kit (type 2170)
Process name: C:\Windows\svchost.exe
Process IN: 4824
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:47 PM, on 7/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.... Read more

Read other answers

a few days ago i was on my old windows xp computer and i ran the following programs just to check it was in good health.
MiniToolBox.exe  (found nothing)
JRT.exe (found nothing)
AdwCleaner.exe (found nothing but the setting for google as my default search engine)
tdsskiller.exe (found nothing)
rkill.exe( found two "things")
FSS.exe(found nothing)
malwarebytes(found nothing)
norton antivirus(found nothing)
the two things found were HWDeviceService.exe   and    ouc.exe, respectively in folders
C:\Documents and Settings\All Users\Application Data\DatacardService\
C;\Documents and settings\Administrator\Application Data\\T-Mobile Internet Manager\
both were shown as terminated processes but rkill found no windows services to stop, no registry issues, no miscellaneous issues, no windows service integrity issues and no missing digital signatures. i navigated to the files of the processes it terminated and scanned both with norton and mbam which both turned up no results, norton even said that the files were considered trustworthy by large numbers of norton users. does this just mean rkill  is being heavy handed (it has a short comment in the log after each process terminated calling HWDeviceService.exe an [AU-HEUR] and calling ouc.exe a [UP-HEUR] ) or are the two files/processes dangerous? by viewing their properties ouc.exe shows as being created on 8th april 2013 and modified 31 december 2009, HwDeviceService.exe shows as being created and m... Read more

Read other answers

I have been infected with sal.xls.exe virus and have removed it with AVG - latest version.

My hard disk and removable disks have a $recycle.bin and System Volume Information folder on them that is hidden and unaccessable.

I have stopped system restore and tried to delete folders. I can remove the $recycle.bin folder but not the system volume information folder. The $recycle.bin reappears.

How do I remove them?

I am running a HP Pavilion DV7 Notebook PC with a Intel Core i7 CPU Q820 1.73 GHz and 4 GB Ram

Need help as my system is slowing down. Any ideas please.

A:SAL.xls.exe virus and resulting damage

Quickly download Hitman Pro and run a scan.
Products - SurfRight
Make sure you are connected to internet before you scan.

Read other 9 answers

Hi All,
First off, avid PC user here. So i'm suprised to see myself here, but we all need help sometimes. I have a pc of mine that is definatly infected. But, im finding it hard to actually detect the infection. Below is all the information on it that I can get.

Running Process: "C:\Windows\System32\rundll32.exe" "C:\Users\Klownicle\AppData\Local\miulgou.dll",miulgou
Symptoms: MalwareBytes repeatedly reporting outgoing communication is getting blocked with this process, but only to one address. No Popups, No Redirects, No FBI warnings, etc. Everything appears normal.
Things attempted to Detect:
Run Full MalwareBytes, 100% No Detection.
Run Full MSE, 100% No Detection.
Run Full HitManPro, 100% No Detection.
Run Full MalwareBytes Anti-Root, 100% No Detection.
Run TCPCon, shows 100's of TCP Outbound with random IP and random ports with the same associated ProcessID as above.
Navigated to Location of Said File, clear as day its there.
Viewed in Processor Explorer, Task Manager, clear as day its there.

Why on earth does nothing detect this? I know I can remove the .dll and believe all is well, but I would rather something detect and remove it.

A:Found Infection, Nothing Detects It, Suggestions?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 7 answers

Good morning.  I am in need of your assitance in further identifying and removing a virus and repairing damage done.
Dr. Web CureIt continues to identify Trojan.PWS.Panda.5661 virus, but cannot seem to permanently remove it.  Further looking through existing topics here, I have identified other tools to help clean and repair, but nothing has worked, and the damage appears to be getting worse.
I run Dr. Web routinely, along with MalwareBytes Anti-Malware, Hitman, and Kaspersky TDSS.  Saw Dr. Web identify the Panda.5661 a little over a week ago.  A few days later, was reading on here and ran MBRCheck and that indicated MBR damage to the C:\ drive and two external hard drives.
When Dr. Web origianlly found the Panda.5661, TDSSKiller indicated the vsmon.exe file was infected, which is related to Zonealarm firewall.  I uninstalled Zonealarm, reinstalled, and vsmon.exe was infected again.  Since then, other executable files have been indicated as being infected when TDSSKiller is run, four or five in the past few days.  I have TDSS quarantine them, and have kept Zonealarm installed, but with the internet connectivity disabled; not certain anymore if Zonealarm is functioning properly.
I have run RJT, AdwCleaner, and other programs seen here in the forums, to no avail.
Appreciate any assistance that you can provide in walking me through the cleaning process.
Thank you,

A:Virus Infection and Resulting MBR Problems

Hello WJL2112I'm Seedy21 and I will be helping you with your issues.Please note the following information about the malware forum:From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by mePlease do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactiveIf you are using Cracked or Illegal software your thread will be closedLastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.We need to see some additional information about what is happening in your machine.Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool.When done, DDS will open two (2) logs1. DDS.txt2. Attach.txtSave both reports to your desktop.The instructions here ask you to attach the Attach.txt.Instead of attaching, please copy/paste both logs into your next reply.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails t... Read more

Read other 34 answers

I have a serious computer problem I have read numerous posts to self diagnose and correct the problem. When I think it's good it comes back to haunt me, I am stuck with a computer that constantly freezes, Google redirects me to malicious sites and mostly everytime I try to run the control panel it freezes up on me. I also have this error messege that pops up and says "Generic Host process for Win32 services has encountered a problem and needs to close." Some additional info for that error message:SzAppname: svchost.exeSzAppVersion: 5.1.2600.5512SzModname: ntdll.dllSzModVersion: 5.1.2600.5755I have run Malware bytes numerous times quick scan, full scan it will detect then I will remove and when I restart the computer and run it again it's back on there! I am getting to my witsends over this I don't know what to do and need some help please! here is my HiJackthis log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:52:09 AM, on 11/30/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17091)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WI... Read more

A:Google redirect virus, generic host process win32 error messege, constant virus removal with malware bytes

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 2 answers

EDIT:Moved to Am I Infected from XP~~boopmeI had a problem with a smart hdd virus that has resulted in internet explorer problems. I managed to remove what i thought was the virius and thought I had cured the virus, but ever since I have been having Internet issues. Initially i can connect but after connecting to one page i always get the "internet explorer cannot display the webpage" I followed a post running fss.exe and afd.sys, but as my log file was different I didn't want to follow the subsequent steps. I have attached the resulting log files for analysis.Farbar Service Scanner Version: 30-04-2012 01Ran by Chukieb (administrator) on 07-05-2012 at 16:20:41Running from "C:\Documents and Settings\Chukieb\Desktop"Microsoft Windows XP Home Edition Service Pack 3 (X86)Boot Mode: Normal****************************************************************?Internet Services:============?Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Yahoo IP is accessible.??Windows Firewall:=============?Firewall Disabled Policy:==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall"=DWORD:0??System Restore:============?System Restore Disabled Policy:========================??Security Center:============?Windows Update:============?Windows Autoupdate Disabled Policy:====================... Read more

A:SMART HDD virus resulting in Internet explorer not working

Reset your routerDownloadmini toolboxCheckmark following boxes: Flush DNSReport IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory sizeClick Go and post the result.

Read other 26 answers

I think I may have got it by visiting a couple of not-so-trustworthy sites on this windows xp OS.

Basically, when I run windows, it gives me BSOD, error code 24.

If I select the option to go to safe mode, it gives me BSOD again but with error code 7e.

I ran chkdsk /r, and it said at end that chkdsk found some problem and fixed it. However, the problem persists.

I have only access to command prompt, so please note I can not install some anti-virus tool unless it supports command-line installation.

A:possible virus/trojan resulting in BSOD - Dell laptop

I ran chkdsk /r again, and this time it did not say anything bad at all. FYI

Read other 1 answers


I've been here for help before and the people here were wonderful and saved my pc. Now I have a new problem. Last night I opened a pdf and read it. Not very long after that McAfee started having problems. So, I uninstalled it and installed Norton. I did a scan with that and Malware Bytes, but both said my pc is clean. I then discovered however that one of my other programs was not working and keeps giving me error messages and tells me it cannot debug. Here is a couple of examples of what it tells me:

process id= 0x3a4 (9320), thread id 0x2c8 (712)
process id= 0x848 (2120), thread id 0x908 (2312)

The program that isn't working is not important. I can live without it. I just want to make sure there isnt' something on my machine that shouldn't be. Also there are times where my screen freezes for a while, but after a bit it begins to function properly again. My load time when I turn on my computer has also increased, but that may be due to Norton.

Is this a virus? Thank you very much to anyone who is able to help me. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:10 PM, on 5/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syste... Read more

A:Process Error Virus?

Read other 16 answers

Hi all~
Not sure if anyone can help me with this for I have little info on it BUT

in the past 3-4 months my pc will just be sitting idle then crash to the blue error screen--
UNFORTUNATELY I have yet to write down the exact error. All I remember is the last few words are "dumping physical memory" I believe.

Now when I reboot...I cant...I get "error loading operating system" I have tried EVERYTHING I can think of to avoid a reformat...but a reformat is always the end result~

So far this has happened 4 times in 4 months--As you can imagine I'm pretty ^%$#$% pissed

If this happens again in the next 60 days (I REALLY hope not) I will write the entire blue screen error down and repost.

But if anyone has ideas before then I would love it!!


A:Blue error screen resulting in crash

Read other 7 answers

Hello, I hope I can accurately describe all I've done with my machine over the last 2 months or so, much of which is described here: http://www.bleepingcomputer.com/forums/ind...p;#entry1408857Microsoft Windows XP Home SP 3Dell Inspiron 2200 Notebook LaptopPhysical Memory 512.00 MBAvailable Memory 154.94 MBTotal Virtual Memory 2.00 GBIn the time since that post, I've been busying myself with trying to bring this machine up to date--updating drivers, hardware, software etc, un-installing or deleting old unused or unwanted programs, files, folders, etc. replacing some factory installed programs, added a third party firewall (OA) and generally attempting to fine tune it and in the process educate myself. The machine is running very smoothly now (for my limited needs) and doesn't APPEAR to be infected but these entries in Autoruns concern me.BVRPMPR5 File not found: D:\INSTAL~E\Core\BVRPMPR5.SYSmbr File not found: C:\DOCUME~1\Nick\LOCALS~1\Temp\mbr.sysMEMSWEEP2 File not found: C:\WINDOWS\system32\2.tmppxdiypob File not found: C:\DOCUME~1\Nick\LOCALS~1\Temp\pxdiypob.sysI dug into these a little and this article in particular re: MBR convinced me that I needed to seek expert advice before going any further: http://www.cxotoday.com/India/News/MBR_Roo...-87316-909.htmlThis new Windows MBR rootkit launches itself very early during the Windows startup process without requiring any registry or file modifications. In fact, it is quite surprising that it's possible to write to the MBR... Read more

A:AutoRuns detects several entries in the driver startup tab as "File not found"

If you have the MBR rootkit, you need to move to the advanced forum for help...Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible.

Read other 3 answers

A few days ago my computer was infected by a slew of nasties. I've removed many with the help of various programs (Malware Bytes, Trojan Remover, AVG, Avast!, Microsoft OneCare, Ad-Aware, Spybot S & D, and Avira).However, Microsoft OneCare reports that is is unable to remove the 3 issues in the title. My other symptoms include:1) windows update blocked2) google/yahoo search results redirected3) some random popups as well as some warnings from Ad-Aware that firefox and svchost have been trying to connect to malicious websitesI have been unable to run gmer all the way through as my computer keeps resetting before it's finished.Here's my DDS:DDS (Ver_10-03-17.01) - NTFSx86 Run by Andy at 12:45:17.04 on Sun 07/25/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1118 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exe... Read more

A:Virus:Win32/Alureon.H & Exploit:Java/CVE-2009-3867.GC & Exploit:Java/CVE-2008-5353.KM

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers

I've updated my 64bit Windows Vista with 64bit Windows 7 Ultimate after which i've noticed that my computer would occasionally(at least once a day) shut down while being in sleep mode with following message:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.
Locale ID: 1033

Additional information about the problem:
BCCode: 9f
BCP1: 0000000000000003
BCP2: FFFFFA8005770060
BCP3: FFFFF80000B9C518
BCP4: FFFFFA80099D0010
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:

Please help me with this matter. Thanks a lot


PS I hope i've posted this thread in right section.

A:Sudden Shut Downs Resulting: BlueScreen Error


Read other 1 answers

Hey guys,

Im pritty newb into this kinda things, so i will try to explain my problem as clear as possible.
Everytime i open a video file i get some error windows like "Windows Explorer has encountered a problem and needs to close. We are sorry for the inconvenience" and "Meda Player Classic has encountered a problem and needs to close. We are sorry for the inconvenience". This last error window has a error report : Error signature AppName: mplayerc.exe AppVer: ModName: unknown ModVer: Offset 00000000. I havent had this kind off problem before, and am asking what to do to fix this.

Thanks too you all for trying to fix my problem,

Feng Wu

A:Opening Video File resulting into a signature error.

Read other 16 answers

Hi guys - Managed to get myself into a pickle here... Downloaded some software (from a suspicious site - won't do that again) and two things commenced, the first of which I have got through (for the moment anyway), the second I have not.Some basics: am running a Dell Lattitude D630 laptop, Windows XP (downgraded from Vista), plenty of memory. Great laptop. 32-bit. SP3 loaded. AVG 8.5. Ad-Aware 6.0.1. First issue. Upon rebooting, black screen with cursor flashing in top left hand corner. No visible loading of the OS. After hitting F2, I got the laptop to boot from my CD drive using my Windows Service Pack 2 CD which I'd kept from the time of the original purchase in late 2007, and all seemed OK. Laptop fully booted up, all programs operational inclu Office 2007.The error message which had initially showed when booting from the disk drive was the following: KERNAL_STACK_INPAGE _ERROR. I ran a full hardware test on the laptop (from the boot menu choices), and all tests (SATA etc.) passed after the hour+ that this took. My deduction was that the hardware was OK, and that "we have a software problem here, Houston".Then noticed the second issue...2. Ran a Google search and, when clicking any of the links offered up by the search, the links began to take me, for a moment, to the correct URLs and then immediately redirected me elsewhere (to webpages I did not intend or want to see). Something definitely hijacking my browsing system.Went to majorgeek... Read more

A:Infected with malware or virus, resulting in (1) KERNAL_STACK_INPAGE_ERROR and (2) Google links being redirected

Hello, Ralph Lister.My name is aommaster and I will be helping you with your log.Before we proceed with the fix, please take note of the points below:Please track this topic by either adding it to your favourites or clicking the Options button at the top of this thread and then Track this topic.The logs that you post should be copied and pasted directly into the reply. Only attach them if requested or if they do not fit into the post.If you do not reply within 5 days, I will have to close your topic. Should you not be able to meet this, please notify me so that I will leave the topic open.Please do not install, update, or run any programs for the duration of the fix.If you do not understand the instructions I provide, please don't hesitate to ask. That's what I'm here for Please continue to reply to this topic until I give you the all clean. Just because there are no symptoms of infection doesn't mean that the computer is clean.P2P Program Warning!uTorrentP2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.T... Read more

Read other 22 answers

Hi folks. I?m stuck and do not know how to proceed. Thanks in advance for your assistance. I think a virus has infected my computer. The symptoms are as follows: 1) Internet Explorer is extermely slow/non-responsive, 2) I began receiving pop-up ads regularly, and 3) My browser is being hijacked, where in clicking on a hyperlink I get redirected to site different than the one intended. In addition, I am now getting a number of error messages upon start-up of the system, and error messages that shut the system down after operating for five to 30 minutes (which might be related to usage of Internet Explorer). I?ll first describe these error messages, then post the contents of the .txt files from the DDS and RootRepeal scans.The first error occasionally results in a termination of the start-up process. The error message is ?Page_Fault_In_Non-Page_Area?. The system then prompts me to start in safe mode, etc. This error seems to be the result of having to power off the computer to shut it down after the system freezes from the other errors.The second error message occurs near the end of the start-up process, every time. The message is as follows?Run DLL Error, error loading c:\windows\system32\wohubevu.dll. The specified module could not be found.An error message that appears irregularly is?Frame Window: SVChost.exe-application error. The instruction at ?0x02c3f8c8? referenced memory at ?0x00000000?. The memory could not be ?written?. Click ok to terminate.The error... Read more

A:Infected by unknown virus resulting in pop-up ads, browser hijacking, interruption of system operations

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 35 answers

I'm having some problem I just can't fix. I am getting an win32 host process error daily and when that happens I lose sound. I've went to windows audio service and clicked start and it fixes it until I get the win 32 error again. Also, while I'm on the internet new windows open themselves sometimes its just the google page but most of the time to odd pages. I have ran avg, malwarebytes, super antispyware, avast and combofix and nothing has fixed my problems. Here is the combofix log I am hoping someone can help me I would really appreciate it!ComboFix 10-09-30.03 - Owner 09/30/2010 21:45:19.5.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1538 [GMT -5:00]Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Owner\Application Data\PriceGongc:\documents and settings\Owner\Application Data\PriceGong\Data\1.xmlc:\documents and settings\Owner\Application Data\PriceGong\Data\a.xmlc:\documents and settings\Owner\Application Data\PriceGong\Data\b.xmlc:\documents and settings\Owner\Application Data\PriceGong\Data ... Read more

A:needing virus and win32 host process error help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers

Today i decide to run a mse full scan and it found Exploit:Java/CVE-2011-3544 and Exploit:Java/CVE-2010-0840.OO. I removed both of them and ran a malwarebytes scan and found nothing and removed java and reinstalled it. i was just wondering if i should do anything else.

Thanks in advance!!

A:MSE found Exploit:Java

Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Read other 6 answers

I was visiting this site I go to on a daily basis and today this random window popped up saying that a virus has been detected and it tried to download to my computer but I canceled it. I've attached my HijackThis log so if someone could please take a look at it and let me know what I need to do in order to remove it. Thanks in advance.

A:exp.wmf/Bloodhound.Exploit.56 found! Plz help!

Read other 7 answers

Ok I usually keep my computer cleaned out and try to stay away from sites that may cause it harm. While I was away my son got on here and tried watching tv shows and I think thats when it got infected. It's really slow, mouse arrow will freeze and not move I have to restart to get it back. Tried downloading a new antivirus because mine was not finding it but it kept saying error and would not let me. I finally got one call bull guard which I had never heard of and all it found was cookies. Went to bitdefender an ran the online scanner and I have included the log from that and a hijack this log. Any help at all would be appreciated, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:55 PM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\s... Read more

Read other answers

Need help with my computer infected with x.exe and several unknown viruses/malware. Every time my antivirus(AVG) detects it, svchost closes with an error and then suddenly my network stops from working. When AVG removes x.exe it spawns multiple numbered viruses like 25.exe, 47.exe etc and x.exe keeps reappearing.I also followed the steps on this post: http://www.bleepingcomputer.com/forums/topic251725.htmlHope someone could help me on this because this problem keeps bugging me for several days already. Thanks in advance.Protection tools used so far:-AVG 2012-Lavasoft Adaware-MBAM-SAS-CombofixHere is a screenshot of the virus being detected by AVG while i do the GMER scans:DDS Log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.1.0Run by Veilside at 14:38:31 on 2011-11-18Microsoft Windows XP Professional 5.1.2600.3.1252.63.1033.18.1919.1189 [GMT 8:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}.============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Progra... Read more

A:Infected with x.exe, randomnumber.exe etc. Resulting to Svchost error & My network connection stops

update: avg resident shield detected multiple .exe files again and needed to restart the computer but after restarting it gets detected again with a new file name and prompted to restart every time it detects it and sometimes cuts off my internet connection.

Read other 6 answers


Yesterday afternoon there was a power outage. When the power came back on an hour later, I turned my PC (which was on) back on. PC is Dell Dimension 8200.

The screen started up, and then went to a screen that says "We apologize, but Windows did not start successfully...." and says something about hardware or software changes (there were none) or power failure, etc. A blue screen error would flash up quickly then disappear as the system began to restart again and again.

I took a digital photo of the blue screen, which said:
UNMOUNTABLE_BOOT_VOLUME .... Tech info: ***Stop: 0x000000ED (0X837CE900, 0XC0000006, 0x0000000, 0X0000000)

I tried to use the DELL Troubleshooting for Windows and search the error codes, and from what I have come up with my hard drive is dead??

I also restarted, hit Ctrl + alt + D to run an IDE Diagnostic test, which resulted in:

Primary IDE
Drive 0: (name of drive) : Fail, return code 7
Drive 1: No IDE Device

Secondary IDE
Drive 0: Samsung DVD Rom SD: Diagnostics not supported
Drive 1: CD R/RW Drive - Diagnostics not supported

Test Complete, Press Enter to Reboot.

So, now I don't know what to do. The computer was bought from Dell in 2002. My computer saavy ex I believe upgraded the drives and CD roms shortly after we got it. I don't have the Windows CDs because Windows was installed on the system, so I can't run the CD to see about doing whatever that could do.....

My issue is that I have a TON of per... Read more

Read other answers


Windows Live OneCare popped up a warning message on my Vista PC earlier, but the message disappeared before I could read it.

I checked OneCare and there were no alerts, but when I reviewed the Event Log, it listed two occurrences of Exploit:HTML/Repl.D, found one minute apart.

Does anyone know what this is and what I should do to remove it?

The link from Event Viewer states that it is a low risk exploit, but gives no details on how to recover (http://www.microsoft.com/security/e...?name=Exploit:HTML/Repl.D&threatid=2147600073).

However, when I Google 'Exploit:HTML/Repl.D', Sophos say that this exploit can result in code being downloaded to my PC (it links to the following: http://www.sophos.com/security/analyses/trojrexploa.html)!!

No dodgy sites have been browsed and the only software installed recently, was Spybot.

The exploit was found in the Temporary Internet Files.

Please help!
Thanks in advance.

A:help: AV found... Exploit:HTML/Repl.D


Vista is fully patched and OneCare is up-to-date with the latest definitions.

I've just run a full scan with OneCare and it says that it removed Exploit:HTML/Repl.D, but I'm still concerned about how it installed on the machine in the first place and whether or not it's really gone.

Any advice would be appreciated.

Read other 1 answers

Firstly I'd like to say I'm a complete novice and don't have a clue about how to fix this so your help is crucial to me right now, and I'll need taking through any process in simple easy to understand steps please. Sorry if I'm not following the right protocol for this board, I'm a new user and quite clueless!
Last night I lost all my MSN and messenger settings, couldn't get into any of my emails or any msn secure pages. So naturally realised something was wrong. To begin with I did a system restore to take the pc back to when I knew that the settings for MSN were there and I now have all that working, but I knew something must've made it go wrong.
I ran norton av (I have Norton AV {updated before each use}, Int.Sec and Prot.Centre and I run regular AV checks twice a week) which found nothing. I ran adaware and spybot. Spybot found something called smitfraud and between them they found dozens of threats and instances of spyware and adware which needed attention. I dealt with it, and ran them again, but some of the problems still showed up. So then I ran panda scan which found it again and also found exploit.byteverify and dialer.hcc, but didn't eradicate them, so since then I've run AVG Anti-Spyware and SuperAntiSpyware but these haven't fixed my problems either.

Can or more to the point will one of you please help me to sort this? I am dreading having to wipe my OS out and start again.

A:Smitfraud And Exploit.byteverify Found

The first step that I would recommend would be to download superantispyware look here:http://www.bleepingcomputer.com/forums/topic3616.htmlcompletely update the program, run a full scan, restart the program to let it remove any problems that it finds, then post a hijack this log here:http://www.bleepingcomputer.com/forums/topic3616.htmlthese are the instructions on what to do before you post the log, how to post, etc.The team members are very busy, so do not post any repliesuntil one of them answers your post. If you have not had an answer after five days post here:http://www.bleepingcomputer.com/forums/topic3616.htmlsas updates constantly, so updating is important, as are the restarts (dont worry about protocol, all of us were new at one time)OF

Read other 8 answers

Bazooka found this can you have a look at log please
Logfile of HijackThis v1.99.1
Scan saved at 12:34:01, on 07/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Filseclab\xfilter\xfilter.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Voyager100Test\fts.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\Program Files\Common Files\AOL\1132916045\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1132916045\ee\AOLServiceHost.exe
C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe
c:\program files\common files\aol\1132916045\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1132916045\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Fi... Read more

A:Bazooka found exploit-beehappyy

Bazooka Scanner v1.13.03
[email protected]
Log created 13:00:38.
OS: Windows NT 5.1
Database version: 3.110000
Database format version: 1.020000
Database date: 20051204
Current date: 2005-12-07 13:00
Result when scanning:

Exploit Beehappyy.biz 544.734.001 %WinDir%\tempf.txt

Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe -boot
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk
C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe -boot
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Program Files\Common Files\Filseclab\FilMsg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Mr Wright\Start Menu\Programs\Startup\desktop.ini
C:\... Read more

Read other 2 answers

Hi Quevvy,I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. Thanks!

A:Exploit.JS.Pdfka.ggk found by Kaspersky

Are there any other scans that I should perform in the meantime?

Read other 10 answers

Not sure if you guys saw it yet, but apparently a security flaw makes it easy for eval hackerz to compromise your system. Ubuntu and Debian users are at risk here *_*Note: 2^128 is about 3.4 with 38 0s after it.2^15 is 32 768. Imagine that.Check out the news here.

Read other answers