Over 1 million tech questions and answers.

Got a nasty virus on my laptop now, need some help healing it.

Q: Got a nasty virus on my laptop now, need some help healing it.

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??

-EDIT

I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

RELEVANCY SCORE 200
Preferred Solution: Got a nasty virus on my laptop now, need some help healing it.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 1 answers
RELEVANCY SCORE 60.8

Listen, guys,
MY OS: WinXP
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers
RELEVANCY SCORE 60

I spent the night at my sister's the other day. She was agitated while using her laptop. Typical complaints, it is slow to respond, some programs won't open at all, and pop ups. I ran a few of the scans that I've used in the past and it's more responsive, there aren't any more popups flashing, but it still lags. I am hoping some wise soul on here can take it to the next level.

Thanks in advance!
 

A:Healing my sister's slow laptop

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Cyndy (administrator) on SANDERS on 24-04-2015 11:28:21
Running from C:\Users\Cyndy\Downloads
Loaded Profiles: Cyndy (Available profiles: Cyndy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Sear... Read more

Read other 20 answers
RELEVANCY SCORE 58

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers
RELEVANCY SCORE 58

Hi there,
I'm a new poster but an old lurker...lol. Thank you in advance for any help you can give me!!!

My husband's laptop is infected with something nasty. Unfortunately, the problems it has caused makes it hard for me to do anything:

It started Wednesday when his taskbar disappeared. Along with this, the keyboard start button has no effect. His McAfee icon disappeared off the desktop and I can't open mcafee from the programs folder either. It won't run. I tried to uninstall it but Add/Remove programs won't let me. He also cannot connect to the internet (or network). So I went ahead and put Avast on his computer from a flash drive and ran a scan and took the actions recommended. But no difference so far. I should also mention that I tried to go into services but I just get a blank window (I was trying to stop mcafee). The window that comes up has graphics but no content. It also won't let me run SpyBot. Some other simple funtions don't work like moving or copying files to other locations. Last night, after running CleanUp, I got the BSOD.
My father in law has been in town and was using his computer so we are thinking he must have gotten into something...
Here is his HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:46 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e... Read more

A:Nasty virus (?) on laptop

Bump please
 

Read other 1 answers
RELEVANCY SCORE 58

My dad hadn't replied to any emails I sent him in a few days so I asked him what was up over the phone and he told me his computer had been playing audio ads in the background even if he hadn't been running any programs. He said he did a google search to try to see how to fix it and the links would say things like "Tech Support Guy forums" but after he clicked them he would be redirected to spyware removal sites and other random sites. I am by no means qualified to do tech support, but I do know about Malwarebytes, Spybot, etc. So I downloaded Malwarebytes, updated it, ran a scan and it found something, so I removed it. Then I scanned it again and it found nothing. We restarted and none of his icons were "there" on the desktop. They were hidden, but I had hidden folders visible to look in the temp files in the local settings and network settings, but all his desktop icons are now like this and Google is still redirected and it keeps popping up IE-Explorer errors on start up. My dad said it also started opening up a folder that contained a PDF of the laptop user's manual on start up this morning. So apparently it was worse than before. Anyway, here are all my files. I have no idea how to read this stuff. I am out of ideas if the Malwarebytes doesn't work.

Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:58 PM, on 1/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6... Read more

A:Nasty Virus(es) on Dad's Laptop

48-hour bump. Thanks for any help. I'll only be in town to help my dad for another few days.
 

Read other 1 answers
RELEVANCY SCORE 57.2

Can someone please help me... Today I tried downloading something off of limewire. It was a zip file and the second I opened it my laptop went crazy. My laptop has always been pretty tough to crack cause I keep a bunch of spyware programs running/scanning, etc.... Up to today I've never had any spyware/malware problems with it... But this thing is nasty. popups, explorer opens tabs super quick and locks the computer up. It won't let me change my automatic update settings back to automatic. My spysweeper program keeps alerting me of a host file called that is in the font directory called SVChost.exe and it absolutely will not go away.... Up till about 2 hours ago my computer was completely unusable but I ran three or four scanners and removed a whole bunch of spyware that it found (which before today it found NONE)..... I ran a hijack this log and here it is..... I have Vundofix, spysweeper, adaware, spybot search and destroy, and spyware guard..... I've run pretty much all of them just to get my computer where it is about 10% usable.... can someone please help. here's my hijackthis log.... also my mousepad clicker on the bottom of the keyboard stopped working and some of my keyboard keys are suddenly not very reactive and I have to hit them twice to take the letter i'm trying.... this thing is NASTY whatever it is....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:44 PM, on 10/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.600... Read more

A:can someone help. nasty virus/malware on my laptop

That first step was primarily just to gain some more stability for you so it will be a little easier to remove the rest of it. And there's quite a bit going on there in your log.Please download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.
If Combofix won't run, rename combofix.exe to cf.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanni... Read more

Read other 4 answers
RELEVANCY SCORE 56.8

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSch... Read more

Read other answers
RELEVANCY SCORE 53.6

aigh...where to start. i got a virus a few days ago, something that actually shut down my resident scanner (avast) and installed itself. it started out with the desktop change/phoney virus scanner and the ubiquitous "installing microsoft office" starting up over and over.a boot scan of avast cleared up most of that, but since then i've had a very nasty hijacker deep in my system. it was hijacking every search i did in yahoo, upon clicking the link i was redirected to random pages. likewise, i was booted out of yahoo mail every 9 or 10 seconds due to the malware trying to attack.i ran spyzilla, or whatever the pay program is, and it said it found, amongst others:malpakwinscenteradvertisementserviceinet2000vundo6To4v32TargetSaverPShope Full ContextToolbar88MaxSearchNEXT, i ran spybot, which found a bunch of junk and deleted it. then i ran MALWAREBYE as well as SUPERantispyware, all three found junk and removed/deleted/quaranteened it. this cleared up most of the problems, but the search-link hijacker was still working. NOTE: it wasnt hijacking my search page, it was only re-directing me upon clicking links.i found and ran COMBOFIX next, which found a bunch more stuff and deleted it. i waited for the log file to write, ran it again, which also updated the program and found 3 more infections.next i ran the atribune VUNDO FIXER, which found NOTHING.next i ran VIRTUMUNDOBEGONE, which also found nothing. all scans find nothing.avast has found nothing in a long time.non... Read more

A:nasty, nasty virus/spyware (avast can't fix)

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 12 answers
RELEVANCY SCORE 48

I have no idea what happend with my computer. I even stop using P2P programs a long time ago. I am posting this Hijack Log from another computer. I can barely touch the computer that it's infected. I was lucky to save the hijack log before it started to freak out on me..

Let me start with the symptons.s

1.It started to mess with my internet. My internet woudn't work in my house when it was connected to the infected computer. The Link light I have in my wireless antenna which connects to my computer keeps blinking non stop when it's connected. Like if it was downloading information non stop.

2.I started to get Blue Screens. I have to restart the computer every time I get the blue screen of death.

3.I just a message that gives me a countown of 60 seconds warning me that the computer will be shut down by itself.

This is my Log..

Logfile of HijackThis v1.99.1
Scan saved at 10:51:59 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=des... Read more

A:Nasty Nasty Nasty Viruses. (Hijack Inside)

Bump!

Read other 16 answers
RELEVANCY SCORE 48

trying to get it, ive hit it with malware antibytes, spybot, and a few hjt scans but this is a little beyond my abilities

under normal login cant access task manager, and any time we've tried installing a new program the "antivirus" malware is popping up as saying that its a dangerous file and that its been blocked

here are the logs
sorry if that came out sounding weird im exhausted here



DDS (Ver_09-07-30.01) - NTFSx86
Run by Steve at 16:01:27.65 on Sun 09/13/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.568 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 090913-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program F... Read more

A:nasty nasty virus

Hi darklordryu,

I'd like to see the log from Malwarebytes, please.

Read other 11 answers
RELEVANCY SCORE 46.4

Hi,

I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.
 

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.
 

Read other 2 answers
RELEVANCY SCORE 46.4

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
 
New message
 
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
 
As I would expect, Phoenix Techno... Read more

Read other answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\fscagent.exe
C:\WINDOWS\System32\update\1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\update\7.exe
C:\WINDOWS\System32\8.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers
RELEVANCY SCORE 46

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

A:Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers
RELEVANCY SCORE 45.6

I have had this issue for many months, now. I loaded Vista x64 Home Premium to run in a dual-boot configuration with my XP Pro. I do critical work so I didn't trust going to Vista exclusively. I mainly wanted it to see if I could utilize all my RAM and speed up Photoshop processing.
I have had it working three or four times, (except for tablet functionality) then when I must re-boot because of SP1 and other security updates or in one case, I installed Office 2007, it does nothing on restart; black screens and just sits there, totally unresponsive. No blinking of the LED which shows drive activity. When re-booting, F8 isn't working (nothing happens). Regarding the previous instances, I gave up trying to get it to respond and went back to booting into XP, which always works fine. Then after a period (usually a month or more) I will try booting into Vista, on restart, and viola, it works again!
WTF is going on?

ASUS A8N32-SLI Deluxe motherboard
AMD Athlon 64 X2 4400+ Toledo: 2,400 Mhz on air (10% OC)
Thermalright XP-90C with 92MM Thermoflow temperature sensing fan
4 Gig of OCZ Titanium DDR400 (PC3200) dual channel, unbuffered RAM
MSI NX6600-TD256E video card & dual 24? wide screen LCDs setup
2X - WD 250Gb 7200RPM SATA main drive, w. 16Mb cache
(one for XP Pro and one for Vista x64 Home Premium)
2X - Fujitsu MAU3036NP (15K RPM hard drives running SCSI 0 [striped])
Lian 7077A - full tower case with optional 120mm fan in top,
90mm fan (stock AMD-CPU) angled facing MB chips... Read more

A:No reboot after updates and then mystery healing

How did you set up the dual boot?

Read other 8 answers
RELEVANCY SCORE 45.6

I'm currently disturbed by this popup every time i open my computer. Whatever user I log-in the same popup appears. The title of the popup is "C:\WINDOWS\system32\keyboard\services.exe" Below that, a message says that Windows cannot find 'C:\WINDOWS\system32\keyboard\services.exe'.This started when I transferred video clips from an mp4(ipod). Of coarse, I scanned it first using my updated AVG free edition and found no threat. After that i downloaded a free realplayer11 from cnet (here's the url: http://download.cnet.com/RealPlayer/3000-1...-10073040.html). It was saved to my desktop so as the video clips that I transferred. Then I tried to install realplayer but upon running the downloaded installer, it warned me that the computer will be restarted after the installation. So, I decided to cancel it first and remove first the mp4(ipod) and the flash drive of my cousin (which was already there when I used the computer). I failed in safely removing the mp4(ipod) but succeeded in removing the flash drive. I then, decided to forcefully remove the mp4(ipod) and started a computer scan. As expected, I found 1 trojan and successfully healed it. AVG asked for a restart and I clicked 'yes'. From that time, this annoying popup shows.The incident happened while I'm using the Administrator Account.I'm using Windows XP Professional SP2Please help me with this problem....

A:Popup After Healing Infected File

Hi and welcome..Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via ... Read more

Read other 17 answers
RELEVANCY SCORE 45.6

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers
RELEVANCY SCORE 45.2

Quote:
We?ve covered how to use the old school CHKDSK command check on disk in Windows 7 yesterday but what we didn?t touch is actually even better. It?s a nice new feature that I didn?t realize its existed either until very recently.

Basically, once the feature is turned on, Window will detect a physical file system error and automatically fix it on the fly without you even noticing it happened. Because of this, you actually have a lot less chances having to run CHKDSK to check the disk manually because most likely the errors you suspected may have been fixed by this self-healing process already.

NTFS Self-healing is turned on by default in Windows 7 but if you are not sure you can use the following command to make sure. Note that the command has to be run as Administrator.

fsutil repair query c:



However, there is a possible downside that you may have already been thinking and wondering. Yes, the data may potentially be removed silently without user?s knowledge during the self-healing process. To address this issue, Microsoft added BugCheckOnCorrupt option that does something you may think it?s crazy.

It throws a BSOD (blue screen of death) and shuts everything down instead of attempting to fix the error, if the system discovers any NTFS corruptions.

Yes, not every BSOD is bad. Some of them happened in purpose, just like this as designed. It does sound crazy because why you would want the system crash, but from the data safety perspective, this att... Read more

A:NTFS Self-Healing is An Overlooked but Useful Feature in Windows 7

Thanks Nick, interesting read.

Read other 2 answers
RELEVANCY SCORE 45.2

Xi'an Double Road Import and Export Co., Ltd. is the production and sales of biotechnology products, has always focused on high quality, is China's biotechnology industry's leading enterprises supply.
Since 2010, China in production and sales of our products have been ranked first in the industry, has become a silver antimicrobial technology and products, including silver antibacterial agent 1-MCP preservation of professional manufacturers, the company has a complete and scientific quality management system, integrity, strength and quality of being recognized products, welcome friends from all walks of life come to visit and negotiate business.Skin Wound Healing Cream suppliers
website:http://www.zgxianbilu.com/
 

Read other answers
RELEVANCY SCORE 44.8

Hi guys,

I need my laptop for work and really need some help to fix it, I have been trying for the last couple of days to fix it to no avail.

Basicly my Laptop is unable to run any sort of virus scan. I have Mcafee as main Scanner, and I tried Super Spyware Scanner, Malwarebytes, Kaspersky Online scanner and none of them can complete a full scan, and laptop freezes during scan and I have to Restart manually.

Also the scan seems to Freeze at specific file locations and when I delete those files in that location it freezes at another location, possible worm?

Im really worried about this Virus because in the past I've been able to remove Viruses/Trojans without much hassle, this time its different.

I dont have Bootdisk or Windows Installation disk

Edit: Also I think a couple of days ago I clicked on a link provided in an email , Subject of email was ... Hi , Data Entry Workers Needed..
I can post you the whole email if you need to check it and the url...

Help is appreciated.

Here is the DDS Log and I have the attach.txt (zip) If you need it (((I wasnt presented with ark.txt during the DDS scan))

-----------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Western Wind at 20:20:41.44 on 12/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3061.1875 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Di... Read more

A:Nasty Virus, unable to do any virus scans.

Hi,
I'm nasdaq.

Sorry for this long delay. If you still need help run this tool and submit the log for my review.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


For AVG antivirus and anti-spyware security software users only.

Quote:




Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. T... Read more

Read other 4 answers
RELEVANCY SCORE 44

Hi Guys:

I have just bought a new laptop and have installed some software (security, etc., the usual stuff).

I ran a HJT and it has produced the log below - there are LOTS of items I don't recognise and have never seen before on my old computer. Maybe due to the OS being VISTA in place of the old XP?

Can you see anyting nasty I should ditch?

Thanks in advance.

Terry.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:44, on 30/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\autoclk.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Thomson\ST330\diagnostics\diag... Read more

A:New Laptop - anything nasty to ditch?

Mostly it's adjusting to Vista and all the new things that come along with it.
It looks fine.
 

Read other 1 answers
RELEVANCY SCORE 44

Hello

I would like some assistance with fixing my laptop

Toshiba Satellite intel centrino windows vista - not sure if you need anything else. everything was pre loaded when l brought the laptop and l dont have a disk

Firstly l am unable to complete a scan and post on here as requested in the how to post guide thing....maybe helping to do that is the first step?

The laptop has a message that appears when its logged on saying.....
Windows has encounted a critical problem and will restart automatically in one minute please save you work....

The laptop will then shut down and restart again and continue this cycle...reading up on the net (from the kids PC) it said to change the date and time...so through safe mode l did this and l can now log in in normal mode but can not do anything .....l can conect to the internet but a web page wont load..... l am unable to complete a scan as it will shut down half way through and then l am told acess is denied and wont load ... l have download a number of freeware scans (pcdocter,spybot) by using the pc and usb and loading onto the laptop but unable to run them...l am also blocked from acessing folders like users, my documents, temp folders says l dont have adminastrtor rights ???

OH a couple of names that have come up in the half scans are downloader win32Renos.JT..... ZBLOT..... hijacker something not looking good for me ??

Let me know what l need to do so you can help me please ?

Thanks
Hayley

Hi Again

So... Read more

A:something clever and nasty on my laptop

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please save this file to your desktop. Go Start > Run and copy/paste the following command into the Run box and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with Notepad and post the contents here.
------------------------------------------------------

Will dds run now? If not...

See if RSIT will run: Download RSIT by random/random and Save it to your Desktop.
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please copy/paste the contents of log.txt in your next reply.
Please attach info.txt to your reply.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
Click Upload
----------... Read more

Read other 19 answers
RELEVANCY SCORE 44

Hey, been having issues recently. Malwarebytes has been having trouble removing Trojan Lameshield, as well as a few other viruses which it doesn't seem to be able to detect (I'm pretty sure Lameshield is creating more viruses). I've even had my laptop speakers randomly play several radio stations at once for no apparent reason, which continues until I close explorer.exe. No longer having issues with that, but frankly I don't know what I'm doing. Any help here would be greatly appreciated.

I'm running a 64 bit version of Windows 7.

EDIT: Disabled smilies, lol. Made it hard to read.

Here's the DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Hans at 19:55:25 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2129 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\syst... Read more

A:A few nasty viruses are on my laptop, please help!

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

You are right. Zero Access is on your system logside another one we call TDL. Lets fix them one by one.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save i... Read more

Read other 19 answers
RELEVANCY SCORE 43.6

The problem is....when I attempt to visit antiviral websites such as norton, pctool, etc...my browser will not connect...also I finally got around to installing 90 day norton trial and the blasted thing won't let it download updates at all...infact it seems to disable my ability to do anything related to antivrus software...also it enables me to install/remove new/old programs...I need help...my pc is my lifeline for the work that i do from home...if ci can't get this thing under control...i may lose my job....Thanks...here are the things you've guys requested...i think it's really great for you all to do this for free...not too many people would...


DDS (Ver_09-06-26.01) - NTFSx86
Run by Uncanny at 0:39:45.40 on Sun 07/19/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2815.1650 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.... Read more

A:Help!!! I've Got a Nasty Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 43.6

I have this virus which keeps popping up a bubble in the bottom right corner of the screen saying

"Your computer is infected! .....blah blah blah let us download this stuff for you."

I tried restarting my computer in safe mode and trying to run Spybot Search and Destroy, and MalwareBytes but to no avail. Once the program would start scanning it would shut off, and if i tried to find the program again it said it had been deleted.

This thing also redirects me to random pages if i try to use search engines.

Thanks ahead of time if anyone can help!

P.S. I also had my MP3 player plugged into this computer when the virus first started. I am wondering if i tried to plug that into a different computer would it transfer the virus? I haven't just because i figured it would, and would anyone know how to get it off there if it is infected? Thanks!
 

Read other answers
RELEVANCY SCORE 43.6

This is going to be a long story.

So I have avast internet security installed and that can't do much considering I paid $80 for it. In task manager i got about 7 or 10 "svchost" running and i try to end the process but it keeps on coming back I have had it on there for awhile now and my passwords have been stolen but luckily my internet banking and BTC wallet are super secure (2 factor security). So I turn on my computer this morning and i open up chrome and this is what i get

"Error The requested URL could not be retrieved while trying to retrieve the URL: http://www.google.co.nz/
(Bullet Point) Access Denied
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect
Your cache administrator is root (when i click root it opens up my email client with no email there)
Generated Fri, 15 Jan 2016 04:21:44 GMT by kmjproxy.indonesiapower.corp (squid/2.6.STABLE21)"

Straight I seen that I knew instantly it was some kind of malware so I open up avast and do a full system scan and it found nothing (because the file is crypted -_-) so I scan for network threats oh and look your ethernet adapter has been tampered with your passwords and sensitive info is at risk GREAT! and there is the dns server 8.8.8.8 so I kindly remove it from Internet protocal verison 4. I have also tried wiping my drive but no luck the malware is obviously blocking it. And also before this happe... Read more

Read other answers
RELEVANCY SCORE 43.6

Help!!! I think I have a nasty friggin virus.

Now, the problem is that I can't access my task manager through ctrl+alt+del. Everytime I try to, I get task manager has been disabled by your administrator.
I can't run regedit from the RUN function. Everytime I try, it also says it has been disabled by the administrator.
I can't restart in safe mode. Everytime I try that, a blue screen pops up and says a bunch of stuff I don't remember but along the lines of "Run CHKDSK/F blah, blah, blah. It does'nt actually say blah, blah, blah.
I can't use the system restore function.
I can't run spybot search & destroy.
I can't defrag.
The internet is running extremely slow.
When I left click items in my folder, say to delete it, my pc freezes.

I was told I should download and run Malwarebytes. That got rid of some of the problems cause now I don't have to restart my pc 10 friggin times just to log on to my account.

So below is the information you need. I hope I can get help with this pesky friggin problem. THANKS!!!!



DDS (Ver_09-05-14.01) - NTFSx86
Run by Al at 13:41:45.04 on Sat 05/23/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.197 [GMT -4:00]

AV: AT&T Internet Security Suite AT&T Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: AT&T Internet Security Suite AT&T Firewall *enabled* {80593BF4-D969... Read more

A:I think I have a nasty virus.

Hello, and welcome to TSF.
I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread.
Make sure it is set to Instant Notification, then click Subscribe.
Please be patient with me during this time.

Read other 14 answers
RELEVANCY SCORE 43.6

Hello, My Wife seems to have encountered a nasty little virus associated with istsvc trojan.
I managed to remove this with symantec's tool.
however, it has other problems.
It originally came with McAfee's onlline virus program but she never registered or updated it.
Since we have SBC/Yahoo, I've been trying to install and use their virus software.
The problem is I can't remove the McAfee program It won't auto-uninstall and this virus prevents access to the taskmanager (among numerous other things)
I've tried booting to safe mode changing file attributes to unhide everything and running a third party virus
program to uninstall it but it reports it can't find anything.
it won't run regedit.exe or anything allowing me access to the registry.
some of the things I've seen include Pokapoka79.exe, ypager.exe.dll, eetu.exe.dll, campanion.exe.dll, folders include surfaccuracy, Igetnet, 180 searchassistant programs on the C: drive
When I tried to get updates from Microsoft I got messages saying the ActiveX control was off, instructions to turn them on don't work or are disabled for sbc/yahoo browser I use.

What to do?

A:Nasty Little Virus

I suggest you post a HijackThis log for examination.Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Read other 3 answers
RELEVANCY SCORE 43.6

Hello all, im know this specific virus has been posted already but im looking for help for my specific situation. Sorry if im in the wrong correct me if i am D: Ok so, christmas eve i was infected with a virus called "Malware Defense" ive never had much expierence with viruses like this, so i did a few things i realise were mistakes lol So this virus disabled -Avg,Spybot,System Restore,Disk Defragmenter and Security Center. i didnt understand why system restore was not working, so i thought i would turn it off..then back on. Doing this deleted all my restore points. <---that being my mistake lol. Alright well i downloaded spyware doctor and got rid of many viruses at least 300+ among those were rootkits, tracking cookies and others. i read a few guides and manually got rid of mdefense files and those related to it. So i dont have it trying to install itself, or load fake virus alerts and pop ups. i didnt do this in safe mode if that means anything. So here is my problem, ive got most of this virus gone. But not all of it, when i try to re-install avg it says "Avg is not compatiable with malware defense" and spybot wont even open after re-install, so i assume its still there. my pc seems close to virus free except for the disabled programs and what avg install fail tells me. I cant locate whatever is left. So here his my question, how do i locate the rest of this horrible virus and how do i re-enable System Restore,Disk Defragmenter and Security Center... Read more

A:A nasty virus

Have you gone through the tutorial?http://www.bleepingcomputer.com/virus-remo...malware-defense

Read other 3 answers
RELEVANCY SCORE 43.6

So i had this nasty virus "Vundo/Viriant-PRG" i think was the name. I have downloaded several programs and think I have gotten rid of it, but was looking for someone to look at my HiJack This report and give me the



HickJack This report:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:14:39 PM, on 9/13/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Steam\Steam.exe
D:\Program Files\Quicken\bagent.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Windows\wdcbg.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Razer\Lachesis\razerhid.exe
D:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Razer\Lachesis\OSD.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Razer\Lachesis\razertra.exe
D:\Program Files\Razer\Lachesis\razerofa.exe
C:\Users\Brian\Desktop\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... Read more

A:Nasty Virus

Hello, baffronti
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste th... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Hello Tech guys,
i have a nasty virus on my PC that give a bad image error message
DLL C:\WINDOWS\system32\scriptdll is not a valid Windows image every time i need to use system restore, help and support and real player..Also the system restore have just a blank screen and so the help and support i can only see the search assistant...I am so frustrated because i used spybot, malawarebytes and Ad-Aware but i still have the problem..
I do not know what else to do to get rid of it..

A:Nasty Virus on my PC

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 43.6

So, I'm pretty new to Windows after leaving OSX. I have Win8.1 with all updates.
Last night I was surfing in Chrome and suddenly it crashed. I restarted my machine and Chrome. When I then went onto some websites I was absolutely bombarded with ads and pop-ups (I run adblock). Even worse is when I click on something I want to look at I get taken to a dodgy page in some dark corner of the net. My machine is nearly unusable. Most video players crash and most websites I visit are now not even worth bothering with. Same with Firefox.
I've downloaded Kapersky, Bitdefender and AVG. None of these can find anything - I really don't know what to do.
I have low technical ability so please be patient with me if you do decide to help.
I'll be happy to answer any questions, provide screenshots, anything.
Thank you so much.
Leon.

A:I have a very nasty virus - PLEASE HELP!!

Hi Leon,, Let's first clean out Chrome.Disable all the PluginsDisabling Plugins in Google ChromeNow we'll get all the junk off the machine.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCl... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

I have some nasty stuff on my computer that is making it run slower then a snail... there is also a window that pops up every time i do anything on my computer and it says "system error: i have an unknown trojan" then it of i click on it , it takes me to a random antivirus website or it shuts down IE.... Please Help!! I use this computer for my home business!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:06:00 PM, on 3/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile... Read more

A:Nasty Virus! Please Help!

Hello tmauser1,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 2 answers
RELEVANCY SCORE 43.6

theres was like a black danger warning on my desktop and a windows sytem error or windows critical error something like that would pop up and programs on my pc takes a long time to load, I tried to fix the problem by using super antispyware but it only removed the danger warning on desktop, so then a few minutes later the computer screen would just go black and the computer just stays on nothing i could do is just unplug the power cord, this started happening like 5 hours ago , right now im in safe mode. also im using windows xp homeHeres my hijackthis logLogfile of HijackThis v1.99.1Scan saved at 10:15:17 AM, on 1/15/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\gearsec.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\taskmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\BitLord\BitLord.exeC:\WIND... Read more

A:Nasty Virus On Pc

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. You are infected with various malware including backdoor trojans. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. You are missing one important program on that computer - an antivirus! This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer. AVG and Avast are excellent, free antivirus programs..Never install more than one antivirus on your system - several together can cause problems and decrease performance.Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in... Read more

Read other 5 answers
RELEVANCY SCORE 43.6

I got this really nasty virus in my system, I've tried everything I know to delete it but when it won't go away... Kaspersky keeps on blocking its actions but its still messing up my pc, the logos have disappeared and my pc is going from slow to the slowest.. I've attached the log since its too big to be posted lol
any help will be greatly appreciated it, thanks in advance.
 

Read other answers
RELEVANCY SCORE 43.6

Not exactly sure what it is. It has changed my internet explorer home page to this:



Also have a hijack log here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:38 PM, on 7/14/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files (x86)\Web Technologies\iebtm.exe
C:\WINDOWS\SysWOW64\DeltTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files (x86)\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\nerds.de\LoopBe30 Trial\loough.exe
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\Web Technologies\wcm.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Web Technologies\iebtmm.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Web Technologies\wcs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,... Read more

Read other answers
RELEVANCY SCORE 43.6

I'm getting the NT Authority Shutdown in 60 seconds error when I boot up. I can get into safe mode to run but the virus is blocking what appears to be all of the major malware error detection software, including mbam, superantispyware and spybot. Have tried the renaming of these programs with fresh download, with no luck in getting them to run. Any help would be appreciated, thanks in advance.

Read other answers
RELEVANCY SCORE 43.6

Hello! I recently got quite a nasty virus on my computer and do not know how to fix it. It hid all my files, refuses to let me access the Internet, and won't let me open any program. I also have no audio; it claims that I have no speakers, regardless of whether try to use my computer's speakers or my headphones. Using Safe Mode with Networking, I was able to unhide my files. I was also able to unhide programs, such as Microsoft Word, but it won't let me open any of these programs. I was unable to unhide my original Malwarebytes program. Whenever I try to reinstall Malwarebytes through a flashdrive, I get through all of the installation until the very end. Then a notice pops up that "Acess is denied", and then "Error: Setup was not completed. Please correct the problem and run Setup again". None of the forms of Rkill work either; however, nothing pops up when I run it. The regular RKill screen comes up for the blink of an eye, but before anything happens, it is shut right back down. I also tried to install Malwarebytes onto my flash drive, rather than just downloading the set-up and then installing to my computer, and run it directly from the flash drive. It did in fact run and found one minor virus. Unfortunately, it apparently didn't find, or was blocked from finding, the virus which is causing my problems as absolutely nothing changed in my computer. I don't know how it is blocking my Internet. I tried looking though Tools->Int... Read more

A:Please Help Me Get Rid of a Nasty Virus!!!

Hello and welcome.Your may be bundling the ZeroAccess rootkit along with the rogue malware. This rootkit will terminate any process that scans one of the items it is protecting in the Windows Registry or the file system. It will then change the permissions on that program so that when you attempt to run it again you will receive an access denied message. If you are infected with this Rootkit, then the following guide will not be able to remove the infection unless you first remove the rootkit. You can attempt to remove the rootkit using TDSSKiller as outlined below.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer thr... Read more

Read other 7 answers
RELEVANCY SCORE 43.6

Hey! for the past couple of days my computer have been slow and so on, and my spybot keeps finding the same virus over and over again but it wont get removed.. 
This is my latest spybot search and destroy scan log, please help ( it says it has removed the viruses, but every time i rescan it reappears...) also tried with malwarebytes but it aint working
 
[i] 15-08-25 19:32:26
[i] 15-08-25 19:32:26 Product MS Direct3D
[+] 15-08-25 19:32:26 Moving into quarantine HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 15-08-25 19:32:26 Successfully cleaned HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name
[i] 15-08-25 19:32:26
[i] 15-08-25 19:32:26 Product MS DirectInput
[+] 15-08-25 19:32:26 Moving into quarantine HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+] 15-08-25 19:32:26 Moving into quarantine HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
[+] 15-08-25 19:32:26 Successfully cleaned HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\DirectInput\MostRecentApplication\Name
[+] 15-08-25 19:32:26 Successfully cleaned HKEY_USERS\S-1-5-21-2855741374-1915922570-20632288-1000\Software\Microsoft\DirectInput\MostRecentApplication\Id
[i] 15-08-25 19:32:26
[i] 15-08-25 19:32:26 Product Windows ... Read more

A:Got some nasty virus i cant get rid of!

No one can help? also some of my programs wont start because of this bleep.. and sorry for the name of my PC.. my friend named it for me and idk how to change it xd

Read other 1 answers
RELEVANCY SCORE 43.6

EDIT: I didn't read the pinned message above so I will crosspost this to the logs forum.Hi folks, my HP netbook running Windows XP Home Edition has been hit by some kind of browser virus. It disabled Mozilla Firefox. I can run Internet Explorer, but if I try to download Firefox again or do anything that threatens the virus, it redirects to a site called plxlestatservlce.com and says the page cannot be displayed. So far I have run Malwarebytes Anti-Malware, Windows OneCare, and one other Windows program and none have worked. I just ran HijackThis and here is the log:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 3:59:22 PM, on 11/26/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrator\Local Settings\Temporary Internet File... Read more

A:Nasty virus -- please help!

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

Hi guys,

I have what I suspect might be a nasty virus and I've got no idea how to get rid of it... it seems to attack through the Internet (I've got broadband) b/c it shuts down my firewall and after that all my programs lock and my computer restarts... other than that, my internet often just randomly starts working after a short while. On average, this all happens after about 15 minutes of starting my computer.

What's worse is I've run ad-aware and norton, and they don't pick up a single thing... I've run the microsoft malicious software removal too, with no luck... my computer often says its low on virtual memory, and the strange thing is whenever i try to restart, it often says a program called 'nbnock32.exe' is not responding and I have to end it before it can properly shut down.

The point is I don't wanna format, but this virus is really causing me problems with my study... any idea what i should do?

Btw, my computer is AMD Athlon 3000, 200GB HD, 1 gig ram etc... ie. it isn't because of the incompetence of my computer that this is happening...

A:Nasty Virus?

nbnock32.exe doesn't show up in any databases I've searched.
Try runing Spybot S&D (with the TX update).
http://www.majorgeeks.com/download4392.html
http://www.majorgeeks.com/download2471.html

Norton has lost my respect, so run "Avast!4Home" and see if it finds anything.
http://www.majorgeeks.com/download1968.html

How secure is your site? That is, have you secured the local logins? Can you little brother walk up to it and start using it without you knowing? I'm wondering becasue the problem you describe makes me think you've been hacked.

Do you have a real firewall, or just the Windows Firewall.

Read other 9 answers
RELEVANCY SCORE 43.6

Ok, my parent's have a really nasty virus going on. It is one of the viruses that runs the fake virus scan on your computer. This one blacked out the desktop background and hid some of the icons that are on their desktop. It pops up several messages about being hacked, low system memory, and fake claims of infection. I followed the initial steps you require before posting about virus removal, but ran into some issues with the DDS and GWAR. The virus is not allowing me to run either program. The DDS would not run at all and the GWAR froze up halfway through the scan and would not continue. I tried this in normal mode, safe mode, and safe mode with networking. Your help is appreciated.

Thanks!

A:Nasty Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437306 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 18 answers
RELEVANCY SCORE 43.6

Good Morning,
 
I am facing a problem with probably a virus since a few days.
I am getting messages from my computer a software that I am trying to install for a hardware is not passing the Windows Logo testing. Before this message was pointing at an Activity Monitor and is currently mentioning an Antivirus program.
 
I tried to make a scan with McAffee but this virus seem to stop all efforts to use this program.
I then tried Hijackthis which finds a Nasty file as followed:
 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe
 
I tried to delete this file but it cannot be found on the Hijckthis virus removal tool and therefor cannot be "fix checked".
 
I tried loading down other free malware softwares but this effort seems to be impossible due to the virus.
 
Is there any way to get rid of this virus? Shall I uninstall McAffee since the virus seems to be connected?
 
Any help would be appreciated

A:Nasty Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/504859 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Hello,

Please Help Me. Recently, my Windows 7 Operating system has developed a tendency where 50% of the time when I start up my system, after I input my password and wait for my computer to load, the screen is completely stuck on loading for a very, very long time if it loads at all. Also, sometimes if it does load my screen is completely black and only the mouse is shown.

My avast anti-virus scanned my entire system and said that there was nothing wrong, but clearly something is. My spyware blaster also says that no viruses have invaded my computer and I've used crap cleaner to sweep idle components from my system. Yet, nothing helps. The only thing that does is starting windows on safe mode, then it loads right away every time, but without it I take a 50% chance of my operating system loading successfully or not.

Clearly, something is wrong but I have no idea how to fix this or what I should do. Please can you help me and give me some advice on what to do about this problem?

A:I think a nasty virus has set in...

Hello let's see of we can find something.Reboot into safe mode with Networking.. and run these.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are conne... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

So, I have this problem. My computer got infected with trojans and malware a few days before, and i ran a scan with AVG and one with malwarebytes anti-malware. When i wanted to update windows yesterday, it wouldn't work.
Appearently it has to do with BITS (background intelligent transfer service). In services.msc i couldn't start it manually so i started to look in th registry. There i found in HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/BITS/ that one of the registry keys 'Imagepath' is '%fystemroot%\svchost.exe -k netsvcs'. So i changed to fystemroot to systemroot. However, it immediately changed back to fystemroot. Then i tried replacing fystemroot with C:\WINDOWS, but that was immediately changed to Cf\WINDOWS\. I'm in desperate need of help.

I have an XP media center edition, if that helps.

Thanks in advance

A:Help with nasty virus

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;

IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help Forum.

http://www.techsupportforum.com/f50/

Please ensure that you create a new thread in the Virus/Trojan/Spyware Help Forum; not back here in this one.

IMPORTANT - Read This Before Posting For Malware Removal Help

When carrying out the instructions for malware removal,

If you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.

However, it is extremely important to make mention of the fact that you could not complete all of the steps in your post in the Virus/Trojan/Spyware Help Forum.

http://www.techsupportforum.com/f50/

Where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers