Over 1 million tech questions and answers.

Got a nasty virus on my laptop now, need some help healing it.

Q: Got a nasty virus on my laptop now, need some help healing it.

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??

-EDIT

I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

RELEVANCY SCORE 200
Preferred Solution: Got a nasty virus on my laptop now, need some help healing it.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.It may ask you to reboot the computer to complete the process. Allow it to do so.When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 1 answers
RELEVANCY SCORE 60.8

Listen, guys,
MY OS: WinXP
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers
RELEVANCY SCORE 60

I spent the night at my sister's the other day. She was agitated while using her laptop. Typical complaints, it is slow to respond, some programs won't open at all, and pop ups. I ran a few of the scans that I've used in the past and it's more responsive, there aren't any more popups flashing, but it still lags. I am hoping some wise soul on here can take it to the next level.

Thanks in advance!
 

A:Healing my sister's slow laptop

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Cyndy (administrator) on SANDERS on 24-04-2015 11:28:21
Running from C:\Users\Cyndy\Downloads
Loaded Profiles: Cyndy (Available profiles: Cyndy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Sear... Read more

Read other 20 answers
RELEVANCY SCORE 58

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers
RELEVANCY SCORE 58

Hi there,
I'm a new poster but an old lurker...lol. Thank you in advance for any help you can give me!!!

My husband's laptop is infected with something nasty. Unfortunately, the problems it has caused makes it hard for me to do anything:

It started Wednesday when his taskbar disappeared. Along with this, the keyboard start button has no effect. His McAfee icon disappeared off the desktop and I can't open mcafee from the programs folder either. It won't run. I tried to uninstall it but Add/Remove programs won't let me. He also cannot connect to the internet (or network). So I went ahead and put Avast on his computer from a flash drive and ran a scan and took the actions recommended. But no difference so far. I should also mention that I tried to go into services but I just get a blank window (I was trying to stop mcafee). The window that comes up has graphics but no content. It also won't let me run SpyBot. Some other simple funtions don't work like moving or copying files to other locations. Last night, after running CleanUp, I got the BSOD.
My father in law has been in town and was using his computer so we are thinking he must have gotten into something...
Here is his HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:46 AM, on 11/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e... Read more

A:Nasty virus (?) on laptop

Bump please
 

Read other 1 answers
RELEVANCY SCORE 58

My dad hadn't replied to any emails I sent him in a few days so I asked him what was up over the phone and he told me his computer had been playing audio ads in the background even if he hadn't been running any programs. He said he did a google search to try to see how to fix it and the links would say things like "Tech Support Guy forums" but after he clicked them he would be redirected to spyware removal sites and other random sites. I am by no means qualified to do tech support, but I do know about Malwarebytes, Spybot, etc. So I downloaded Malwarebytes, updated it, ran a scan and it found something, so I removed it. Then I scanned it again and it found nothing. We restarted and none of his icons were "there" on the desktop. They were hidden, but I had hidden folders visible to look in the temp files in the local settings and network settings, but all his desktop icons are now like this and Google is still redirected and it keeps popping up IE-Explorer errors on start up. My dad said it also started opening up a folder that contained a PDF of the laptop user's manual on start up this morning. So apparently it was worse than before. Anyway, here are all my files. I have no idea how to read this stuff. I am out of ideas if the Malwarebytes doesn't work.

Thanks for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:42:58 PM, on 1/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6... Read more

A:Nasty Virus(es) on Dad's Laptop

48-hour bump. Thanks for any help. I'll only be in town to help my dad for another few days.
 

Read other 1 answers
RELEVANCY SCORE 57.2

Can someone please help me... Today I tried downloading something off of limewire. It was a zip file and the second I opened it my laptop went crazy. My laptop has always been pretty tough to crack cause I keep a bunch of spyware programs running/scanning, etc.... Up to today I've never had any spyware/malware problems with it... But this thing is nasty. popups, explorer opens tabs super quick and locks the computer up. It won't let me change my automatic update settings back to automatic. My spysweeper program keeps alerting me of a host file called that is in the font directory called SVChost.exe and it absolutely will not go away.... Up till about 2 hours ago my computer was completely unusable but I ran three or four scanners and removed a whole bunch of spyware that it found (which before today it found NONE)..... I ran a hijack this log and here it is..... I have Vundofix, spysweeper, adaware, spybot search and destroy, and spyware guard..... I've run pretty much all of them just to get my computer where it is about 10% usable.... can someone please help. here's my hijackthis log.... also my mousepad clicker on the bottom of the keyboard stopped working and some of my keyboard keys are suddenly not very reactive and I have to hit them twice to take the letter i'm trying.... this thing is NASTY whatever it is....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:44:44 PM, on 10/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.600... Read more

A:can someone help. nasty virus/malware on my laptop

That first step was primarily just to gain some more stability for you so it will be a little easier to remove the rest of it. And there's quite a bit going on there in your log.Please download ComboFix from one of these locations:Link 1Link 2Link 3* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.
If Combofix won't run, rename combofix.exe to cf.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanni... Read more

Read other 4 answers
RELEVANCY SCORE 56.8

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSch... Read more

Read other answers
RELEVANCY SCORE 53.6

aigh...where to start. i got a virus a few days ago, something that actually shut down my resident scanner (avast) and installed itself. it started out with the desktop change/phoney virus scanner and the ubiquitous "installing microsoft office" starting up over and over.a boot scan of avast cleared up most of that, but since then i've had a very nasty hijacker deep in my system. it was hijacking every search i did in yahoo, upon clicking the link i was redirected to random pages. likewise, i was booted out of yahoo mail every 9 or 10 seconds due to the malware trying to attack.i ran spyzilla, or whatever the pay program is, and it said it found, amongst others:malpakwinscenteradvertisementserviceinet2000vundo6To4v32TargetSaverPShope Full ContextToolbar88MaxSearchNEXT, i ran spybot, which found a bunch of junk and deleted it. then i ran MALWAREBYE as well as SUPERantispyware, all three found junk and removed/deleted/quaranteened it. this cleared up most of the problems, but the search-link hijacker was still working. NOTE: it wasnt hijacking my search page, it was only re-directing me upon clicking links.i found and ran COMBOFIX next, which found a bunch more stuff and deleted it. i waited for the log file to write, ran it again, which also updated the program and found 3 more infections.next i ran the atribune VUNDO FIXER, which found NOTHING.next i ran VIRTUMUNDOBEGONE, which also found nothing. all scans find nothing.avast has found nothing in a long time.non... Read more

A:nasty, nasty virus/spyware (avast can't fix)

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 12 answers
RELEVANCY SCORE 48

I have no idea what happend with my computer. I even stop using P2P programs a long time ago. I am posting this Hijack Log from another computer. I can barely touch the computer that it's infected. I was lucky to save the hijack log before it started to freak out on me..

Let me start with the symptons.s

1.It started to mess with my internet. My internet woudn't work in my house when it was connected to the infected computer. The Link light I have in my wireless antenna which connects to my computer keeps blinking non stop when it's connected. Like if it was downloading information non stop.

2.I started to get Blue Screens. I have to restart the computer every time I get the blue screen of death.

3.I just a message that gives me a countown of 60 seconds warning me that the computer will be shut down by itself.

This is my Log..

Logfile of HijackThis v1.99.1
Scan saved at 10:51:59 AM, on 5/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Administrator\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=des... Read more

A:Nasty Nasty Nasty Viruses. (Hijack Inside)

Bump!

Read other 16 answers
RELEVANCY SCORE 48

trying to get it, ive hit it with malware antibytes, spybot, and a few hjt scans but this is a little beyond my abilities

under normal login cant access task manager, and any time we've tried installing a new program the "antivirus" malware is popping up as saying that its a dangerous file and that its been blocked

here are the logs
sorry if that came out sounding weird im exhausted here



DDS (Ver_09-07-30.01) - NTFSx86
Run by Steve at 16:01:27.65 on Sun 09/13/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.568 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 090913-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program F... Read more

A:nasty nasty virus

Hi darklordryu,

I'd like to see the log from Malwarebytes, please.

Read other 11 answers
RELEVANCY SCORE 46.4

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
 
New message
 
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
 
As I would expect, Phoenix Techno... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi,

I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.
 

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.
 

Read other 2 answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\fscagent.exe
C:\WINDOWS\System32\update\1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\update\7.exe
C:\WINDOWS\System32\8.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers
RELEVANCY SCORE 46

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

A:Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers
RELEVANCY SCORE 45.6

I'm currently disturbed by this popup every time i open my computer. Whatever user I log-in the same popup appears. The title of the popup is "C:\WINDOWS\system32\keyboard\services.exe" Below that, a message says that Windows cannot find 'C:\WINDOWS\system32\keyboard\services.exe'.This started when I transferred video clips from an mp4(ipod). Of coarse, I scanned it first using my updated AVG free edition and found no threat. After that i downloaded a free realplayer11 from cnet (here's the url: http://download.cnet.com/RealPlayer/3000-1...-10073040.html). It was saved to my desktop so as the video clips that I transferred. Then I tried to install realplayer but upon running the downloaded installer, it warned me that the computer will be restarted after the installation. So, I decided to cancel it first and remove first the mp4(ipod) and the flash drive of my cousin (which was already there when I used the computer). I failed in safely removing the mp4(ipod) but succeeded in removing the flash drive. I then, decided to forcefully remove the mp4(ipod) and started a computer scan. As expected, I found 1 trojan and successfully healed it. AVG asked for a restart and I clicked 'yes'. From that time, this annoying popup shows.The incident happened while I'm using the Administrator Account.I'm using Windows XP Professional SP2Please help me with this problem....

A:Popup After Healing Infected File

Hi and welcome..Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via ... Read more

Read other 17 answers
RELEVANCY SCORE 45.6

I have had this issue for many months, now. I loaded Vista x64 Home Premium to run in a dual-boot configuration with my XP Pro. I do critical work so I didn't trust going to Vista exclusively. I mainly wanted it to see if I could utilize all my RAM and speed up Photoshop processing.
I have had it working three or four times, (except for tablet functionality) then when I must re-boot because of SP1 and other security updates or in one case, I installed Office 2007, it does nothing on restart; black screens and just sits there, totally unresponsive. No blinking of the LED which shows drive activity. When re-booting, F8 isn't working (nothing happens). Regarding the previous instances, I gave up trying to get it to respond and went back to booting into XP, which always works fine. Then after a period (usually a month or more) I will try booting into Vista, on restart, and viola, it works again!
WTF is going on?

ASUS A8N32-SLI Deluxe motherboard
AMD Athlon 64 X2 4400+ Toledo: 2,400 Mhz on air (10% OC)
Thermalright XP-90C with 92MM Thermoflow temperature sensing fan
4 Gig of OCZ Titanium DDR400 (PC3200) dual channel, unbuffered RAM
MSI NX6600-TD256E video card & dual 24? wide screen LCDs setup
2X - WD 250Gb 7200RPM SATA main drive, w. 16Mb cache
(one for XP Pro and one for Vista x64 Home Premium)
2X - Fujitsu MAU3036NP (15K RPM hard drives running SCSI 0 [striped])
Lian 7077A - full tower case with optional 120mm fan in top,
90mm fan (stock AMD-CPU) angled facing MB chips... Read more

A:No reboot after updates and then mystery healing

How did you set up the dual boot?

Read other 8 answers
RELEVANCY SCORE 45.6

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers
RELEVANCY SCORE 45.2

Quote:
We?ve covered how to use the old school CHKDSK command check on disk in Windows 7 yesterday but what we didn?t touch is actually even better. It?s a nice new feature that I didn?t realize its existed either until very recently.

Basically, once the feature is turned on, Window will detect a physical file system error and automatically fix it on the fly without you even noticing it happened. Because of this, you actually have a lot less chances having to run CHKDSK to check the disk manually because most likely the errors you suspected may have been fixed by this self-healing process already.

NTFS Self-healing is turned on by default in Windows 7 but if you are not sure you can use the following command to make sure. Note that the command has to be run as Administrator.

fsutil repair query c:



However, there is a possible downside that you may have already been thinking and wondering. Yes, the data may potentially be removed silently without user?s knowledge during the self-healing process. To address this issue, Microsoft added BugCheckOnCorrupt option that does something you may think it?s crazy.

It throws a BSOD (blue screen of death) and shuts everything down instead of attempting to fix the error, if the system discovers any NTFS corruptions.

Yes, not every BSOD is bad. Some of them happened in purpose, just like this as designed. It does sound crazy because why you would want the system crash, but from the data safety perspective, this att... Read more

A:NTFS Self-Healing is An Overlooked but Useful Feature in Windows 7

Thanks Nick, interesting read.

Read other 2 answers
RELEVANCY SCORE 45.2

Xi'an Double Road Import and Export Co., Ltd. is the production and sales of biotechnology products, has always focused on high quality, is China's biotechnology industry's leading enterprises supply.
Since 2010, China in production and sales of our products have been ranked first in the industry, has become a silver antimicrobial technology and products, including silver antibacterial agent 1-MCP preservation of professional manufacturers, the company has a complete and scientific quality management system, integrity, strength and quality of being recognized products, welcome friends from all walks of life come to visit and negotiate business.Skin Wound Healing Cream suppliers
website:http://www.zgxianbilu.com/
 

Read other answers
RELEVANCY SCORE 44.8

Hi guys,

I need my laptop for work and really need some help to fix it, I have been trying for the last couple of days to fix it to no avail.

Basicly my Laptop is unable to run any sort of virus scan. I have Mcafee as main Scanner, and I tried Super Spyware Scanner, Malwarebytes, Kaspersky Online scanner and none of them can complete a full scan, and laptop freezes during scan and I have to Restart manually.

Also the scan seems to Freeze at specific file locations and when I delete those files in that location it freezes at another location, possible worm?

Im really worried about this Virus because in the past I've been able to remove Viruses/Trojans without much hassle, this time its different.

I dont have Bootdisk or Windows Installation disk

Edit: Also I think a couple of days ago I clicked on a link provided in an email , Subject of email was ... Hi , Data Entry Workers Needed..
I can post you the whole email if you need to check it and the url...

Help is appreciated.

Here is the DDS Log and I have the attach.txt (zip) If you need it (((I wasnt presented with ark.txt during the DDS scan))

-----------------------------------------

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Western Wind at 20:20:41.44 on 12/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.3061.1875 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Di... Read more

A:Nasty Virus, unable to do any virus scans.

Hi,
I'm nasdaq.

Sorry for this long delay. If you still need help run this tool and submit the log for my review.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.

How to : Disable Anti-virus and Firewall...
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


For AVG antivirus and anti-spyware security software users only.

Quote:




Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. T... Read more

Read other 4 answers
RELEVANCY SCORE 44

Hey, been having issues recently. Malwarebytes has been having trouble removing Trojan Lameshield, as well as a few other viruses which it doesn't seem to be able to detect (I'm pretty sure Lameshield is creating more viruses). I've even had my laptop speakers randomly play several radio stations at once for no apparent reason, which continues until I close explorer.exe. No longer having issues with that, but frankly I don't know what I'm doing. Any help here would be greatly appreciated.

I'm running a 64 bit version of Windows 7.

EDIT: Disabled smilies, lol. Made it hard to read.

Here's the DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Hans at 19:55:25 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2129 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\syst... Read more

A:A few nasty viruses are on my laptop, please help!

Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

You are right. Zero Access is on your system logside another one we call TDL. Lets fix them one by one.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save i... Read more

Read other 19 answers
RELEVANCY SCORE 44

Hi Guys:

I have just bought a new laptop and have installed some software (security, etc., the usual stuff).

I ran a HJT and it has produced the log below - there are LOTS of items I don't recognise and have never seen before on my old computer. Maybe due to the OS being VISTA in place of the old XP?

Can you see anyting nasty I should ditch?

Thanks in advance.

Terry.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:44, on 30/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Recovery Solution II\WCScheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\autoclk.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Thomson\ST330\diagnostics\diag... Read more

A:New Laptop - anything nasty to ditch?

Mostly it's adjusting to Vista and all the new things that come along with it.
It looks fine.
 

Read other 1 answers
RELEVANCY SCORE 44

Hello

I would like some assistance with fixing my laptop

Toshiba Satellite intel centrino windows vista - not sure if you need anything else. everything was pre loaded when l brought the laptop and l dont have a disk

Firstly l am unable to complete a scan and post on here as requested in the how to post guide thing....maybe helping to do that is the first step?

The laptop has a message that appears when its logged on saying.....
Windows has encounted a critical problem and will restart automatically in one minute please save you work....

The laptop will then shut down and restart again and continue this cycle...reading up on the net (from the kids PC) it said to change the date and time...so through safe mode l did this and l can now log in in normal mode but can not do anything .....l can conect to the internet but a web page wont load..... l am unable to complete a scan as it will shut down half way through and then l am told acess is denied and wont load ... l have download a number of freeware scans (pcdocter,spybot) by using the pc and usb and loading onto the laptop but unable to run them...l am also blocked from acessing folders like users, my documents, temp folders says l dont have adminastrtor rights ???

OH a couple of names that have come up in the half scans are downloader win32Renos.JT..... ZBLOT..... hijacker something not looking good for me ??

Let me know what l need to do so you can help me please ?

Thanks
Hayley

Hi Again

So... Read more

A:something clever and nasty on my laptop

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please save this file to your desktop. Go Start > Run and copy/paste the following command into the Run box and click OK:

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with Notepad and post the contents here.
------------------------------------------------------

Will dds run now? If not...

See if RSIT will run: Download RSIT by random/random and Save it to your Desktop.
Double-click RSIT.exe to run the tool.
Click Continue at the disclaimer screen.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Please copy/paste the contents of log.txt in your next reply.
Please attach info.txt to your reply.
To attach a file to a reply, simplyClick the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
Copy and Paste the following into the Upload File from your Computer box:C:\rsit\info.txt
Click Upload
----------... Read more

Read other 19 answers
RELEVANCY SCORE 44

I have a nasty virus, and I need some advice of what to do. First of all, it won't go away, I've scanned with malwarebytes, and like 5 different AV scanners. For this reason I'm thinking it was more of a physical prank then a virus. Basically my user account got turned into a guest. The administrator account is disabled, I can't enable it, or do anything which requires administrator privileges. In safe mode, I can only login to my (guest) account. I'm not sure what to do, and I can't even backup my files, make a new partition, etc.

A:A Nasty Virus

Clean install? Barring that, you might need to create a boot disk. McAfee, Norton and others allow you to do this online.

Read other 9 answers
RELEVANCY SCORE 44

This is going to be a long story.

So I have avast internet security installed and that can't do much considering I paid $80 for it. In task manager i got about 7 or 10 "svchost" running and i try to end the process but it keeps on coming back I have had it on there for awhile now and my passwords have been stolen but luckily my internet banking and BTC wallet are super secure (2 factor security). So I turn on my computer this morning and i open up chrome and this is what i get

"Error The requested URL could not be retrieved while trying to retrieve the URL: http://www.google.co.nz/
(Bullet Point) Access Denied
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect
Your cache administrator is root (when i click root it opens up my email client with no email there)
Generated Fri, 15 Jan 2016 04:21:44 GMT by kmjproxy.indonesiapower.corp (squid/2.6.STABLE21)"

Straight I seen that I knew instantly it was some kind of malware so I open up avast and do a full system scan and it found nothing (because the file is crypted -_-) so I scan for network threats oh and look your ethernet adapter has been tampered with your passwords and sensitive info is at risk GREAT! and there is the dns server 8.8.8.8 so I kindly remove it from Internet protocal verison 4. I have also tried wiping my drive but no luck the malware is obviously blocking it. And also before this happe... Read more

Read other answers
RELEVANCY SCORE 44

My sons computer has windows xp and runs Norton Anti Virus. He has a Virus that is stopping him from getting on the internet so he can have Norton fix the problem and wont let him run anti virus program on the computer. At first it was putting up random websites on his computer and it gets worse every time he turns it on. Would crashing it out and putting the Operating System and everything back in work? Norton says if he cant get on the internet they cant fix it. Any help would be appreciated, if crashing it would help how would i do that?Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Nasty Virus

Do you have access to a different computer and a thumb drive or CD burner?If so, ----------------------------Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main ... Read more

Read other 3 answers
RELEVANCY SCORE 44

this is my daughter's computer, but she asked me to help her. I appreciate any help you can give us. I ran an eset scan, and it found malware, but didn't catch the virus. I'll atach a screenshot of what's popping up as well, but here's what's happening. Unfortunately, my daughter clicked on a link in an email that purported to come from UPS (she is expecting a UPS shipment and thought it was legit). Immediately, she got a bubble on the task bar saying "Privacy Alert! Rogue Malware detected in your system! Data leaks and system damage are possible. Click here for a free security scan and spyware detection." Not knowing any better she clicked on the bubble which popped up a "scan" that "detected" a bunch of viruses and malware (over twenty). She called me and I came over. I was unable to get to the internet via internet explorer or firefox, but finally found a back way in through a game link shortcut, and here I am. GMER crashed the computer twice, so I can't attach Ark.txt.

computer info:
HP Pavilion A705W
Windows XP Home Version 2002, SP3
Intel Celeron CPU 2.93 GHz, 504 MB Ram

Here's the DDS:

DDS (Ver_11-03-05.01) - NTFSx86
Run by user at 20:42:56.21 on Fri 04/22/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.83 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running ... Read more

A:nasty virus

there's also a popup that shows up right by the taskbar icons saying "XP Home Security ALERT; Internet Connection Alert!; Suspicious network activity detected! Malware infection is possible!; Details: Attack from: 20.150.188.222 port: 56897; Attacked port: 4466; Threat: IM-Worm.Win32.Kelvir.k"...the ip address, port numbers, and threat name change each time it pops up. it's obviously bogus, but my daughter is not tech savvy and didn't realize it...again, thanks.

Read other 19 answers
RELEVANCY SCORE 44

Logfile of HijackThis v1.98.2
Scan saved at 4:39:09 PM, on 5/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\system.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\eScorcher\eScorcher.exe
C:\WINDOWS\System32\supporter5.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper... Read more

A:Plz help. i got that nasty virus from MSN

i had that worm long ago.

i don't even remember how i got rid of it.

try www.trendmicro.com and see if the online scan will clear it up.

if it doesn't, then it's not a worm or a virus, it's some other peice of malware.

Read other 3 answers
RELEVANCY SCORE 44

I have 350gb Western Digital external drive that I using with my laptop to store music, movies and apps that I may happened to download or purchase . But recently I think I may have picked up a virus. Whenever I plug my drive into my laptop it doesn't show. Normally, whenever I plugged it up it would open Windows Explorer and show me what files were listed. Now, it doesn't do anything, and its a brand new drive. I mean, I only purchased it about 4 months ago.

Things that I've tried in order to get it working:
I tried running a scan on it but it doesn't show when I open Windows Explorer
I tried connecting it to another pc and scanning it, but it won't show on other pc's
I tried replacing the usb cable that connects it to my laptop, nothing!
Does anyone have any idea on what I can do, I have so many important files that I can't wipe it, I mean, I have over 1200 mp3's alone. Not to mention all kinds of other important data. Again, its a Western Digital 350gb external drive and it has a virus on it. Please, if there's anyone who can help with this I would be much appreciative.

Thank you
 

Read other answers
RELEVANCY SCORE 44

Greeting guys, I wish my first post could be under different circumstances, but such is life.
I got stuck doing Tech Support for a friend's computer, and she has this thing buggered up something terrible. I've been working at this for a day or so now, and nothing is working.

Symptoms:

The running of nearly any program results in a popup notice stating that the item is infected and presents a "Yes or No" option to fix it. "Yes" brings up a webpage for a bogus AV program. "No" ends the program.

System Restore is hidden from User Access, and gpedit.msc seems to be effected too (cannot be found by the computer in search or run commands)

All network connections are limited to the scam AV site. Trying to access any page brings up a similar page to the one that appears when trying to run most programs.

Steps Taken:

Due to the virus preventing internet access and any function that doesn't directly lead to the downloading of its program, I have been booting into Safemode and using a 1Gig Jumpdrive I have lying around to transfer AV programs that I install to it and then copy them onto her system (these are all updated before the transfer). So far I have tried: Spybot S&D, Super AntiSpyware, Hijackthis, and Malware Bytes.

Spybot S&D: Revealed a number of issues when run in safemode, "deleted" them and then ran a 4 hour or so boot scan. No changes.

MalwareBytes: Won't run. I get the "Run-time error "0&qu... Read more

A:Particularly Nasty Virus

Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
regsvr32 "C:\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"?Once you've done that click on File and select Save As...?In the Save dialogue box click on the drop down menu next to Save as type and select All Files?Name the file MBAM Fix.bat (the .bat extension is very important)?Save the file to your desktop and double click it to run it on XP. For Vista please right click on it and choose Run As Admin?Click OK to each of the 3 dialog boxes that should show a success message for each file registered?If you get an error that REGSVR32 "is not recognized as an internal or external command, operable program or batch file", then ensure that the file REGSVR32.EXE exists in the %WINDIR%\SYSTEM32 folder. If it's not found there you can copy if from another Computer running the same operating system and service pack level.If that doesn't fix it then please download and install the Microsoft Visual Basic Common Controls from HERE to see if it helps.{Credit Tigger93 @MBAM}

Read other 7 answers
RELEVANCY SCORE 44

Hey,
i wonder if you can help.
all the processes on my computer work fine, but the start bar keeps dissapearing every few seconds.

here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:46, on 14/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\exp... Read more

A:help with this nasty virus

Please download SDFix from here and save it to your desktop


Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.


Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post that log in your next reply.


=========================================


Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this ... Read more

Read other 1 answers
RELEVANCY SCORE 44

The problem is....when I attempt to visit antiviral websites such as norton, pctool, etc...my browser will not connect...also I finally got around to installing 90 day norton trial and the blasted thing won't let it download updates at all...infact it seems to disable my ability to do anything related to antivrus software...also it enables me to install/remove new/old programs...I need help...my pc is my lifeline for the work that i do from home...if ci can't get this thing under control...i may lose my job....Thanks...here are the things you've guys requested...i think it's really great for you all to do this for free...not too many people would...


DDS (Ver_09-06-26.01) - NTFSx86
Run by Uncanny at 0:39:45.40 on Sun 07/19/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2815.1650 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.... Read more

A:Help!!! I've Got a Nasty Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by Right-Click >>> Run As Administrator

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 44

Hello all, im know this specific virus has been posted already but im looking for help for my specific situation. Sorry if im in the wrong correct me if i am D: Ok so, christmas eve i was infected with a virus called "Malware Defense" ive never had much expierence with viruses like this, so i did a few things i realise were mistakes lol So this virus disabled -Avg,Spybot,System Restore,Disk Defragmenter and Security Center. i didnt understand why system restore was not working, so i thought i would turn it off..then back on. Doing this deleted all my restore points. <---that being my mistake lol. Alright well i downloaded spyware doctor and got rid of many viruses at least 300+ among those were rootkits, tracking cookies and others. i read a few guides and manually got rid of mdefense files and those related to it. So i dont have it trying to install itself, or load fake virus alerts and pop ups. i didnt do this in safe mode if that means anything. So here is my problem, ive got most of this virus gone. But not all of it, when i try to re-install avg it says "Avg is not compatiable with malware defense" and spybot wont even open after re-install, so i assume its still there. my pc seems close to virus free except for the disabled programs and what avg install fail tells me. I cant locate whatever is left. So here his my question, how do i locate the rest of this horrible virus and how do i re-enable System Restore,Disk Defragmenter and Security Center... Read more

A:A nasty virus

Have you gone through the tutorial?http://www.bleepingcomputer.com/virus-remo...malware-defense

Read other 3 answers
RELEVANCY SCORE 44

Hello everyone, I have a nasty virus I think that I can't get rid of. The room on my C drive is just disapearing. I have over 100 gbs on the hard drive and some how I only have two left.... Also I deleted a bunch of extra files last night which gave me a extra 15 gbs. In the morning I was down to 2 gbs again.

I have ran a few virus scans such as AVG, Avira, and OneCare. They get a trojan every now and then. I am probably gonna have to get it rebooted...

A:Nasty virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 44

Hokay,
So here is my situation.
Avast picked up a virus a couple of days ago. I deleted it, ran a bootscan and thought nothing more of it. It was identified as a trojan, I of course didn't write down the name.
Boot up the computer to....a whole mess.

Most of my programs won't run, but I have a stable desktop. Programs that aren't starting (at startup) include Intel Extreme Tuning Utility, Catalyst Control Center, Steam, Dropbox, and importantly Avast. Windows firewall seems to be working. I can later activate the control center, but none of the others. Neither Firefox nor Chrome work. I can run any windows component program and winRAR (and those without error, issue, or erroneous behavior) including IE and media center. I cannot run windows update, though my computer says that there is an update to be installed. Windows defender finds nothing wrong on full system scan. When I try to start avast through system services, I get an error that states that the program failed to respond to the start or command request in time (almost instantaneous error). I can't sidestep that dialogue box.

For clarification, when I say doesn't work, I mean I try to activate the program and nothing happens (outside of the briefest of hourglasses indicating that yes, I did in fact double click).

Nothing is overly suspicious in running processes.

I know that the worm is messing with my registry in some way, looking for possible culprits in add/remove programs gives t... Read more

A:Nasty little virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 4 answers
RELEVANCY SCORE 44

Like the title states I have a nasty virus I've tried malwarebytes but it won't work because I have some sort of preexisting virus. Malwarebytes won't open I tried the chameleon thing nothing. Please help me as I need my PC for my college classesEdit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

A:Nasty virus please help

Hi -
Lets see if there are any items left in here .............Please Copy and Paste all logs
 
First -
Download Screen317 Security Check from Here or Here and save it to your Desktop.
 * Double-click SecurityCheck.exe
 * Follow the onscreen instructions inside of the black box.
 * A Notepad document should open automatically called checkup.txt
 * Please Copy/Paste the contents of that document.Note:: If any security program requests permission to access the Internet, allow it to
 
 
Next -
Please download MiniToolBox  to desktop to run it.
 Checkmark the following boxes:
 * List content of Hosts
 * Flush DNS
 * Report IE Proxy Settings
 * Reset IE Proxy Settings
 * Report FF Proxy Settings
 * Reset FF Proxy Settings
 * List last 10 Event Viewer log
 * List Installed Programs
 * List Users, Partitions and Memory size
 Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 Click Go and Copy / Paste the result. (result.txt)
 
 
Next -
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or Temporarily Disable your Antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe ... Read more

Read other 8 answers
RELEVANCY SCORE 44

Hey guys, I&#8217;m new here and I was wondering if there was anything that could be done for my PC. It is so badly infected that I am writing this letter from another computer. So here is what happened. The other day I was browsing the web, when all of the sudden my PC tries to open Acrobat. Sensing that something funny was going on I immediately went and tried to do a system restore. Well the virus had disabled system restore. I then tried running both Malwarebytes and McAfee virus scan. The virus disabled Malwarebytres and McAfee would only run for about 10 seconds and then would freeze up. Well I then attempted to do a couple of online scans, and while they were being run, all my windows closed, my icons disappeared from my desktop, and my taskbar disappeared. Well I then restarted my computer and it gave me the &#8220;blue screen of death&#8221; windows error message (I think that is what it is called, like I said I&#8217;m new here). I am able to log on to windows from safe mode, but when I do it just gives me a black screen with the words &#8220;safe mode&#8221; in all 4 corners. It still won&#8217;t show my icons or my task bar. I am able to get task manager to run by hitting ALT+CONTROL+Delete, but it does little good because every time I try to run McAfee, Panda Security, Adaware, or BitDefender it will immediately close these programs down. Also, if I try to run Malawarebytes, Internet Explorer, or Windows Defender it gives me a message ... Read more

A:One NASTY Virus!!!!

Nevermind guys, I had to reformat the hard drive.
 

Read other 1 answers
RELEVANCY SCORE 44

Good Morning,
 
I am facing a problem with probably a virus since a few days.
I am getting messages from my computer a software that I am trying to install for a hardware is not passing the Windows Logo testing. Before this message was pointing at an Activity Monitor and is currently mentioning an Antivirus program.
 
I tried to make a scan with McAffee but this virus seem to stop all efforts to use this program.
I then tried Hijackthis which finds a Nasty file as followed:
 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee\MSC\Updates\Installs\1\msc\mcinst.exe
 
I tried to delete this file but it cannot be found on the Hijckthis virus removal tool and therefor cannot be "fix checked".
 
I tried loading down other free malware softwares but this effort seems to be impossible due to the virus.
 
Is there any way to get rid of this virus? Shall I uninstall McAffee since the virus seems to be connected?
 
Any help would be appreciated

A:Nasty Virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/504859 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 44

My son recently jumped on my pc and i noticed that i cant load anything on my IE browser. there is also a fake antivirus popping up on my screen that i cannot get rid of please please please help.

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:36 AM, on 2/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NCH Software\Fling\fling.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ideazon\Zboard Software\Driver\ZboardTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AIM7\aim.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\sys... Read more

A:Nasty virus please help

Read other 16 answers
RELEVANCY SCORE 44

I have a virus that I have been trying to clean using AVG, malwarebytes and superantispyware. All of these recognize something, however it never seems like it is cleaning because my system is still not back to it's usual state. I cannot regularly launch malwarebytes without changing the name of the executable and there are still 2 unidentified things running in msconfig. They are:igirukururul command: rundll32.ee "C:\WINDOWS\igirukururul.dll",Startuprundl32 command: rundll32.exe "opmnoo.dll",DLLRegisterServerHere is a post of the last MBAM log I have:Malwarebytes' Anti-Malware 1.44Database version: 3825Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187023/5/2010 5:59:08 AMmbam-log-2010-03-05 (05-59-08).txtScan type: Full Scan (C:\|)Objects scanned: 145924Time elapsed: 30 minute(s), 50 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 3Registry Data Items Infected: 0Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\kbupdate (Trojan.Agent) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vttsttsys (Trojan.Vundo) -> Q... Read more

A:Nasty virus on XP Pro SP3

Hello stumpman13 Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.In order to better assist you I will need the following:Download DDS and save it to your desktop from here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to... Read more

Read other 2 answers
RELEVANCY SCORE 44

theres was like a black danger warning on my desktop and a windows sytem error or windows critical error something like that would pop up and programs on my pc takes a long time to load, I tried to fix the problem by using super antispyware but it only removed the danger warning on desktop, so then a few minutes later the computer screen would just go black and the computer just stays on nothing i could do is just unplug the power cord, this started happening like 5 hours ago , right now im in safe mode. also im using windows xp homeHeres my hijackthis logLogfile of HijackThis v1.99.1Scan saved at 10:15:17 AM, on 1/15/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\gearsec.exeC:\WINDOWS\System32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\taskmgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\BitLord\BitLord.exeC:\WIND... Read more

A:Nasty Virus On Pc

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately. You are infected with various malware including backdoor trojans. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. You are missing one important program on that computer - an antivirus! This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer. AVG and Avast are excellent, free antivirus programs..Never install more than one antivirus on your system - several together can cause problems and decrease performance.Please move HijackThis to another location, preferably c:\Program Files\HijackThis. Anywhere is fine, other than your Desktop or a Temp folder. If HijackThis is in... Read more

Read other 5 answers
RELEVANCY SCORE 44

A virus infected itself on my computer. I formated my computer yesterday and the default security program for it was Mcafee but I had some problems browsing the internet so I removed it and it infected itself when I had no security.

so, basically I'm using windows vista home premium. the virus is posing as a security program called "Security Tool" and it's detected every program as a walware and closing it. I try opening a rar file but it closed because "Security Tool" says it has a worm. I tried to install Norton so I can run a scan and delete it but it closes the exe file and it even closes task manager saying it's a worm.

how do I delete this "Security tool" so I can run programs again and install a Norton.

A:Got a nasty virus

I found your entry on how to delete it thank you

Read other 1 answers
RELEVANCY SCORE 44

Hello,

Please Help Me. Recently, my Windows 7 Operating system has developed a tendency where 50% of the time when I start up my system, after I input my password and wait for my computer to load, the screen is completely stuck on loading for a very, very long time if it loads at all. Also, sometimes if it does load my screen is completely black and only the mouse is shown.

My avast anti-virus scanned my entire system and said that there was nothing wrong, but clearly something is. My spyware blaster also says that no viruses have invaded my computer and I've used crap cleaner to sweep idle components from my system. Yet, nothing helps. The only thing that does is starting windows on safe mode, then it loads right away every time, but without it I take a 50% chance of my operating system loading successfully or not.

Clearly, something is wrong but I have no idea how to fix this or what I should do. Please can you help me and give me some advice on what to do about this problem?

A:I think a nasty virus has set in...

Hello let's see of we can find something.Reboot into safe mode with Networking.. and run these.Please download Rkill by Grinler and save it to your desktop.Link 1Link 2Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer, you will need to run the application again. >>>Please Download TDSSkiller Launch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.>>>>Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are conne... Read more

Read other 1 answers
RELEVANCY SCORE 44

My computer is infected with a virus. I ran AVG and several infected files kept showing up with win32/virut. I have looked this up & it seems that this is a type of virus.
When I start my computer all that i'm getting is my desk top wallpaper & the taskbar with the start, internet explorer & firefox quick launch icons & the clock.
After a 2/3 min wait I get a speech bubble pop up from the bottom right of the screen telling me that my firewall may be turned off. After this pops up all my icons appear but my wallpaper dissappears & turns to a white background.
I have ran a tool by AVG for removing the win32/virut virus but it doesn't seem to have worked properly.
I can still access the internet, use all my programs & access all my files.

I have a HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:59:12, on 25/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\AVG\AV... Read more

Read other answers
RELEVANCY SCORE 44

My buddy brought me his laptop. It is constantly getting false windows security notices that open to a website to buy a virus scanner. It also randomly opens www.porno.com when left idle. Any time you try to install anything, it claims that the administrator has set permissions to not allowed it (even in safe mode). Most programs and applications (including add/remove programs, msconfig, etc) give an error saying that the program is infected and wont open. This one has me pretty stumped. Any way to clear this one out without wiping it? The only virus scanner he had was Avast. I tried running mcaffee and spybot over the network and nothing was found.

Following is the HJT log
Logfile of HijackThis v1.99.0
Scan saved at 6:55:23 PM, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Programs\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freecodesource.com/home-page/...?id=L461243974
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1... Read more

A:Nasty Virus

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers