Over 1 million tech questions and answers.

iPhone Blackhat SEO Poisoning Leads to Total Security Rogue Antivirus.

Q: iPhone Blackhat SEO Poisoning Leads to Total Security Rogue Antivirus.

Websense Security Labs? ThreatSeeker Network has detected that Google searches on terms related to iPhone SMS information are returning results that lead to rogue Antivirus software.



Read more -
iPhone Blackhat SEO Poisoning Leads to Total Security Rogue Antivirus - Security Labs Blog

Read other answers
RELEVANCY SCORE 200
Preferred Solution: iPhone Blackhat SEO Poisoning Leads to Total Security Rogue Antivirus.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 77.6

Problem started as Win86 a month ago of which seemed to be taken care of by Malwarebytes, yesterday the computer came back with the same blue screen background a green center stating that your computer is at risk and has been infected by malware. Since then all sorts of pops ups have been occurring and everytime I try to open a program a dialog box appears which states "Security Warning! The application cannot be executed. The file -whatever file/program you clicked on-is infected. Do you want to activate your antivirus software now? Yes/No."The internet has been hijacked by a very official looking page that states "Internet Explorer warning. Visiting this website may harm your computer" It gives me several options to click on including "purchase for secure surfing"Ark and Attach files attached.Here is the DDS Log:DDS (Ver_09-12-01.01) - NTFSx86 Run by Integrity at 15:52:52.31 on Tue 12/08/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.32 [GMT -6:00]AV: Norton AntiVirus *On-access scanning enabled* (Updated) {B5510F6F-87E1-47F7-A411-360BC453007C}FW: Norton Internet Security *enabled* {825036E0-9F94-4752-8789-8B92454AF49B}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchSVCHOST.EXEC:\WINDOWS\System32\svchost.exe -k netsvcsSVCHOST.EXESVCHOST.EXEC:\Program Files\Common Files\Symantec Shared\ccSe... Read more

A:Infected with Antivirus Pro, Rogue security Tool, Rogue Multiple

Please, I am still having problems with this...anyone have any answers?

Read other 17 answers
RELEVANCY SCORE 75.2

Well...it finally happened. I arm myself with a solid firewall/antivirus/startup monitor and careful surfing habits. My darling wife wanted to see some trailer of a new movie coming out and she probably was asked to: "please download this codec or something" to see the trailer....BAD MOVE! Got stung with the Total Security Rogue (TSC.exe) The good news is that Zonealarm blocked a lot of it but some crap still came through.Here's the history. I started out by logging into my account.1) Malwarebyte's Initial Cleaning- found a few files and cleaned them allMalwarebytes' Anti-Malware 1.41Database version: 2813Windows 6.0.6002 Service Pack 29/16/2009 9:27:24 PMmbam-log-2009-09-16 (21-27-24).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 215651Time elapsed: 45 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 3Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTW... Read more

A:Infected with Total Security Rogue

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 75.2

Hello all! I am posting on the site, I am sure this topic will be bumped to another location. I have been hit by the XP TOTAL SECURIRTY 2011 rogue virus. I have gone between safemode with networking, to normal boot. Have run Malwarebytes multiple times, each time it finds 9 infected files. i quarantine them, go to reboot in normal operation - now my executables won't load. I then go back in to safemode, and safemode is infected now. attempting to run combifix from reading a post from m0le. any other suggestions?
@10:45pm, attempting to disable AVG so I can attempt to run combifix.. but no luck.

@11:30 pm, followed the prep guide. will post tomorrow my logs.

A:XP Total Security/ Rogue virus

Hi,
I may not be an expert as the others but I can give you some suggestions.
I'm assuming you have Windows XP.
Did you follow this step here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
As for the .exe issue you had, you may try to download this fix found here: http://www.dougknox.com/xp/file_assoc.htm

Read other 2 answers
RELEVANCY SCORE 73.6

i tried to follow the instructions you have for uninstalling "total security", but not only can i not use the task manager, but it willnot let me install the mcrosoft program process explorer that you recommend. this spyware lets me download, but not install. it says anything i try to install is infected. i have tried spybot search and destroy, but it will not let me even open the program. it says application cannot be executed the file SpybotSD.exe is infected please activate your antivirus software. Of course the spyware they want me to actiate is theirs. (fraudulent)

A:total security, rogue anti spyware program

Moving to the Am I Infected forum for you.

Read other 1 answers
RELEVANCY SCORE 69.6

I got all of these viruses and i can't work properly because of these.

Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

I think i got more malware on. I believe it started when my sister inserted her flash disk on my pc.

What do i do?

A:Zlob.Trojan, Rogue.VirusTrigger, Rogue.Errorsmart, Rogue.System Antivirus 2008

Hello please run an MBAM scan on this PC. DO NOT put that Flash drive into any other PC's it is infected.Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main ... Read more

Read other 12 answers
RELEVANCY SCORE 69.2

Which antivirus is better Bitdefender Total Security 2016 or Eset Smart Security?
 

A:Which antivirus is better Bitdefender Total Security 2016 or Eset Smart Security?

Computer resources wise it's Eset... But, if you don't mind that, go with BD, there are a lot of giveaways from them.
 

Read other 26 answers
RELEVANCY SCORE 69.2

Direct Download links for offline installation



Bitdefender Antivirus Plus 2015 ( 32 bit)

http://download.bitdefender.com/windows/desktop/av_plus/2015/en-us/bitdefender_av_18_32b.exe
Bitdefender Antivirus Plus 2015 ( 64 bit)

http://download.bitdefender.com/windows/desktop/av_plus/2015/en-us/bitdefender_av_18_64b.exe
Bitdefender Internet Security 2015 (32 bit)

http://download.bitdefender.com/windows/desktop/i_security/2015/en-us/bitdefender_is_18_32b.exe
Bitdefender Internet Security 2015 (64 bit)

http://download.bitdefender.com/windows/desktop/i_security/2015/en-us/bitdefender_is_18_64b.exe
Bitdefender Total Security 2015 (32 bit)

http://download.bitdefender.com/windows/desktop/t_security/2015/en-us/bitdefender_ts_18_32b.exe
Bitdefender Total Security 2015 (64 bit)

http://download.bitdefender.com/windows/desktop/t_security/2015/en-us/bitdefender_ts_18_64b.exe



​BitDefender Antivirus Plus 2015 User Guide
http://download.bitdefender.com/res...tivirusPlus/Bitdefender_2015_AV_UserGuide.pdf

BitDefender Internet Security 2015 User Guide
http://download.bitdefender.com/res...netSecurity/Bitdefender_2015_IS_UserGuide.pdf

BitDefender Total Security 2015 User Guide
http://download.bitdefender.com/win...15/en-us/Bitdefender_TS_2015_UserGuide_en.pdf
Bitdefender Internet Security 2015 Screenshots

http://postimg.org/gallery/9ch1u0ty/

​OLD VERSIONS

​Bitdefender Antivirus Plus 2014 ( 32 bit)

http://download.bitdefender.... Read more

A:Bitdefender Antivirus/Internet security/Total security 2015 direct download link

480MB
 

Read other 18 answers
RELEVANCY SCORE 68

Ok a detailed description of the infection and the symptoms here goes

OS: Windows XP
Default Browser: IE 7

Wednesday Night:
I was browsing when my Norton Antivirus popped up a dialog stating that I had 2 threats. The hard drive was chugging hard and the 'Action Taken' in Norton just said 'Pending solution'.

When the hard drive quieted, the Security Tool Dialog popped up, my mbam.exe from malwarebytes had been deleted, and my desktop was displaying as a blank black screen. Google search results always redirected to searchclick8.com and Yahoo search was giving my a 999 security error (Yahoo security i believe). Random IE popups kept appearing with random Ads.

I used my laptop to search for solutions and with help, figured out how to get malwarebytes installed without having the exe deleted (rescuing it basically), and then booted up in safe mode and let malwarebytes do it's thing. I rebooted normally and the black desktop problem was gone along with the security tool app icon. However my antivirus still popped up every time i rebooted with a 'Downloader' trojan linked to cmd.exe. I kept quarantining it but it always popped up. At this point the only problem remaining was the searchclick8 google hijack. So I installed hijackthis and scanned while reading instructions on what is safe to delete and what is not via hijackthis.

I deleted the obvious bad entries but one kept coming back, sometimes within seconds... AppInit_DLLs: wuhomuro.dl... Read more

A:Security Tool (followed by Rogue.Antivirus Plus)

Read other 12 answers
RELEVANCY SCORE 68

I was watching videos with MegavIdeo, when a website popped up after clicking the player was blocked by Firefox, due to being listed as an attack site. I simply closed out of the website, thinking nothing of it. Now half an hour later, numerous windows popped up asking to run CMD, and an unknown .exe was asking permission to load. These would popup without stop, no matter how many times I closed them.I am infected by Security Suite rogue antivirus, and it will not let me do anything outside of Safe Mode. I looked in the uninstall list, and it doesn't seem to be listed. I also am having trouble with GMER, as it will have all of the boxes greyed out, and only lets me have these options checked: Services, Registry, Files, C:\, and ADS.-Just finished a MBAM Full scan, 24 infected files found. Attaching log.DDS (Ver_10-03-17.01) - NTFSX64 NETWORK Run by home at 12:38:29.65 on Sat 08/14/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18Microsoft? Windows Vista???? Home Premium 6.0.6001.1.1252.1.1033.18.3838.2938 [GMT -5:00]SP: Windows Defender *enabled* (Updated) c24SP: SUPERAntiSpyware *disabled* (Updated) c23============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost... Read more

A:Security Suite Rogue Antivirus

I will help you with this computer also. I want you to have a full functional clean computer for your other sick computer.Please note...I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further change... Read more

Read other 40 answers
RELEVANCY SCORE 68

Hello,One of the shop computers at work has a problem with a redirector that seems to keep on leading to the XP Antivirus rogue virus. I seem to be able to remove XP Antivirus with Malwarebytes but after I reboot the computer and try again a redirector keep rearing it head. Links from search engines will get redirected and the comptuer will randomly get popups. Sometimes after a redirect or popup the XP Antivirus will show up again. XP Antivirus been removed from this computer at least half a dozen times so far.I've uploaded the DDS logs, however GMER seems to keep freezing the computer. I'll keep trying and see if I can get a log out of it.Thank you.DDS (Ver_10-03-17.01) - NTFSx86 Run by INDAdmin at 1:13:05.34 on Sun 04/11/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.5.0_12Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1357 [GMT -5:00]AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {4C51B01A-CDC3-4827-A1FE-6A59E3C2E282}AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {B679CEE0-E54C-4BCA-828D-5875E7D08EB9}FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {4C51B01A-CDC3-4827-A1FE-6A59E3C2E282}FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {12D6C56A-DB40-4F2F-A0C4-4347C095E30D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:�... Read more

A:Redirector and XP Security Rogue Antivirus

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please run Combofix - looks like a rootkit herePlease download ComboFix from one of these locations:BleepingcomputerForoSpywareGeeksToGo* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exeDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)Double click on Combofix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing... Read more

Read other 2 answers
RELEVANCY SCORE 68

Hello,

Yesterday night my dad's computer with Vista got a redirect from a website to a Windows Security Rogue Antivirus. I'm sure you guys know how that works, so I closed out mozilla firefox as fast as I could and disconnected my internet. From their I panicked a bit and ran a windows defender scan and a McAfee security center scan and both came up empty. However, I could tell something was still wrong because his task manager showed three unauthenticated processes: winlogon.exe, csrss(or something like that).exe, and rundll32.exe.
None of these tree processes allowed my to right-click and check properties, instead only giving an option to "run administrative task" or something like that.

My dad's computer only had McAfee and Windows Defender when this happened. However, I kept the computer on all night (because the McAfee scan took that long) and this morning I sucessfully installed an older version of Malewarebytes, which found 7 adware.coupons and deleted them. I still felt like that wasn't it, and the task manager processes hadn't gone away so I read a bunch of stuff about getting rid of rogue anti-viruses online and most things said, including on this site, to run RKill and then Malewarebytes again in safe mode.
At some point while I was in my morning class my dad had restarted his computer in normal mode from safe mode,
and since then McAfee is disabled.
I ended up restarting into safe mode and using RKill and the first time it ran, it d... Read more

Read other answers
RELEVANCY SCORE 66.8

According to my friend this problem came while downloading music through limewire.

The version I found had the following numbers 2146056633.exe. The way I found it was through other web page (anti spyware 101). The numbers for the executable file on that web page are different (5386543871..). This version won't allow the installation of antyspyware/antivirus programs it just shuts them down. Even it shuts off the browser if you are downloading them directly from either Mozilla or IE.

With the information of were to find the .exe file,the folders were the files were located were identified and deleted. (Documents and Settings\allusers\applicationdata). This was not enough to get rid of what was causing the installation rejection of anti virus/spyware programs.

I tried to install Malawarebytes in Safe mode with networking and had the same problem it rejected installation. I proceded to start in safe mode and was able to install Malawarebytes although I could not update the program.

A quick scan was launched that identified a lot of Adwares, Rogues including system security. These were all removed with Malawarebytes.

This was not enough yet and computer was shutdown and started again in normal mode to get latest updates. After this it was shutdown again and started in safe mode to run a full scan with the latest updates.

The last Malwarebyte run finally fixed the problem since I can see Mcafee running. (Thats the only useful purpose it has right now). I think it... Read more

A:System Security Rogue antivirus program problem

I hope you've learned a valuable lesson about file sharing. It's not the last time you'll encounter such problems...

With all due respect, people (not all of them) are flooding computer forums with malware problems because they've been fooling around with illegal P2P applications. It's just about the best way to get malware, for free... Be advised once and for all!

Read other 1 answers
RELEVANCY SCORE 66.8

Hello, I've recently been infected with "Antivirus software alert" and it's preventing me from opening any program and redirecting me from antivirus-related sites along with all the usual symptoms that occur from contracting a rogue security program. I'm having great difficulty with removing this type of malware, or even starting a removal process and will greatly appreciate any help with fixing my laptop. I'm running on Vista

Thanks!

Read other answers
RELEVANCY SCORE 66.8

Can't seem to get rid of AntiVirus Studio 2010


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by loriables29 at 16:52:41.88 on Sun 11/14/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1787.871 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.e... Read more

A:AntiVirus Studio 2010 rogue security software

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

I have been using Quick heal total security for my desktop computer. I don't think I got infected with viruses anytime during usage. I wanted to consult bleepingcomputer to know which antivirus is best from cost-effective point of view. I want to balance cost factor and efficiency factor. Please let me know.

A:Antivirus (total security) I should be using for Windows 7

Hello there,There is no "one size fit all" AV solution - ultimately it boils down to personal preference.The most important factor in security is common sense. Please read this: Simple and easy ways to keep your computer safe and secure onlineIf you would be kind and give us some information, we can choose one that suits you.- Hardware specs?- Free or paid solution?- What do you use the machine for?- Do you have any special needs (speed, stability etc.)There is a suitable AV solution for everyone - we just need to find the one that suits us.Regards,Alex

Read other 2 answers
RELEVANCY SCORE 66.4

This thing has taken over! I am posting from another PC since I can't go online on infected computer. Please help!

Total security has installed itself, as well as Windows Antivirus Pro.

I can't open regedit, task manager. I am able to use IE, although it is redirecting some sites.

I started in safe mode and it still won't allow me to open regedit.

I am not able to use hijack this.

Running XP Pro on infected PC.
thanks

A:Total Security/Windows Antivirus Pro have taken over

Hello and welcome. please run this ARK, anti rootKit.Please let me know if you ran this from normal or safe mode thanks.If you cannot use the Internet,you will need access to another computer that has a connection.From there save Sophos to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program. Please download Sophos Anti-rootkit & save it to your desktop.alternate download linkNote: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now". Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.If the scan did not start automatically, make sure the following are checked:Running processesWindows RegistryLocal Hard DrivesClick Start scan.Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.Click on the suspicious file to display more information about it in the lower p... Read more

Read other 1 answers
RELEVANCY SCORE 66

Hello, my laptop is currently infected with malware of some sort called "Security Protection" which shows itself as a fake antivirus program. One of the files it uses is Defender.exe. Also, when I search on Google, and do a search, if I click on any of the items, it redirects back to Google.com. I started my computer in safe mode and installed Malwarebytes Anti-malware with a flash drive, and then ran a full system scan. I removed everything, and started the free trial of Malwarebytes to use the real-time protection and website blocking features. Even after running a full scan and removing everything, Malwarebytes still blocks many outgoing connections (which I believed were false positives). This is my work computer and I use a VPN to connect to access their network services, but with Malwarebytes active, my VPN client would shut down instantly after opening it. Since I thought I had removed the virus completely, I uninstalled Malwarebytes since it wasn't letting my use my VPN. However, the virus came back, and this is why I am on these forums looking for help..DDS (Ver_2011-08-26.01) - NTFSx86 MINIMALInternet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Run by root at 21:36:41 on 2011-08-27Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3055.2765 [GMT -4:00].AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}FW: McAfee Host Intrusion Prevention Firewall *Enabled* .============== ... Read more

A:Infected with "Security Protection" rogue antivirus software and Defender.exe

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 9 answers
RELEVANCY SCORE 65.6

Panda Free Antivirus vs 360 Total Security. Which is better? Why?
 

A:Panda Free Antivirus vs 360 Total Security

360 is far quite better in detection but there are some false positives that come with that. Panda has a decent detection but I have never liked it.
 

Read other 71 answers
RELEVANCY SCORE 65.6

I was browsing the internet (reddit.com) when Total Security randomly installed itself on my laptop. I didn't really notice until it started bugging me about "infections," at which point Windows AntiVirus Pro had installed itself. I tried to open up McAfee, but it was blocked by WAV, shich stated that the file was infected and therefore could not open. I tried to uninstall it through the Control Panel, but the Add/Remove Programs window would not open. So, I googled how to uninstall WAV and happened upon this site, where I saw the tutorial on how to remove it. I downloaded the setup exe for Malwarebytes' Anti-Malware like it says in the tutorial, but the setup was blocked in the same manner as McAfee.

Later, while I was initially typing this same post, my computer randomly logged me out and went to a black screen, the only things showing up being the fake virus alerts from AntiVirus and Total Security.

I am currently posting this from my desktop PC.

A:Windows Antivirus Pro and Total Security removal

Hi,I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Please give them a link to this topic.Good luck.

Read other 2 answers
RELEVANCY SCORE 65.6

Hello,

On vista, i was using bit defender and it was best.

but on vista, i installed bitdefender 2010, it was fine for 3 days.
Then my system sopped responding and hangs after startup, but fine in safe mode, i uninstalled bit defender and it's fine again now.
But i'm now confused which one else total security to use as i've never tried other than bit defender.

Please sugest me best and also mention if it consumes more or less memory[ram]

A:Suggest me best total security/antivirus for windows 7

Both MSE and Avast uses less ram and being used by most users at the moment. For Antimalware program, u might want to have Malwarebytes or Hitman Pro.

Read other 9 answers
RELEVANCY SCORE 64.8

Hello,

I've been battling the above infections since Friday with very little luck. I've been able to remove some things but it's clear that my machine is still infected as it stops me from running almost all antivirus.

I've attempted to run Hijack This log but it appears that the virus is stopping me. I've installed it but when I attempt to run it I get the following message:

"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

I get this same message when trying to run Malwarebytes and Spybot Search and Destroy. AVG does not identify my machine as being infected. The virus has corrupted all old restore points so I can not go back to a place prior to Friday when the infection likely occurred.

I purchased Spyware Doctor which identified some infections and allegedly cured them but the machine is definitely still infected.

I've sought out individual files known to exist with these viruses like :

CRU629.dat in the system32 folder
braviax in the windows folder
beep.sys in the system32\drivers folder

I know that one of these viruses (Total Security I believe) will start a program that's just a bunch of numbers in Task Manager. I have successfully stopped that from running but I see another folder in C:\Documents and Settings\All Users\Application Data\12767034 it's an application and I'm wondering if it too is part of the virus.

This is a frustra... Read more

Read other answers
RELEVANCY SCORE 64.8

Hello everyone! I have been trying to fix my father's computer, as he seems to have been infected with something called Total Security. It's basically a fake antivirus program that just takes over the whole computer, frequent popups about non-existent viruses, slowly consuming all the memory/processor power the computer has and grinding it to a halt. I don't know how he got it and neither does he.

I am able to temporarily get rid of the popups by killing 2 processes, 15904214.exe and _ex-08.exe. However, whenever I reboot the computer, they come right back.

Thanks in advance for your time!

Here are the logs.

DDS.txt
DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Owner at 18:48:43.53 on Mon 08/24/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1462 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Hp\HP Software ... Read more

A:Infected with Total Security (fake antivirus program)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

Hello everyone,
I have been battling trying to fix my computer for the past four days. It started with my computer just restarting and then a blue screen would come up and it would automatically restart. After I would re boot I started to get these things popping up at the bottom of the screen saying my computer was infected and total security was start running itself. I didn't buy it and quickly began to search the web and see what it actually was. Sure enough it was a virus so I came to this website to see what I needed to do. I downloaded that Malware thing and it would load. I tried to rename it didn't work. oh yeah I also tried to do a system restore and it will not let me it is locked saying call my administrator. When I am regular mode I try to press cont alt del and the task manager doesn't pop up. It only allows the task manager to come up on safe mode under administrator. I have downloaded plenty of antivirus scanners. My mcafee isn't working, tried norton not working, pc tools, spyhunter. Some will actually load and scan and when it is like 75% done scanning it just disappears. I've deleted some of those long numbers like 12141123(stuff like that) under system 32 and now I am not getting total security to pop up but antivirus pro 2010 and microsoft phising... I have tried manually deleting things but that is too confusing and quite frankly I don't want to delete something that doesn't need to be. I hope someone can help... Read more

Read other answers
RELEVANCY SCORE 64.8

Qihoo 360 total security essential vs Baidu antivirus
 

A:Qihoo 360 total security essential vs Baidu antivirus

Resource usage - if you're using cloud signatures for both AVs then it's almost nothing, if you activate avira signatures for baidu then of course it will be higher. Using Qihoo TSE with both avira and Bitdefender would put it at the highest amongst all.

Real world system impact - have only tested qihoo before and can say that it's relatively light on the system

Level of protection - Qihoo has this one if you are only talking about their cloud engines

Overall winner - have to say that it's Qihoo because of the better protection, although it can give more false positives
 

Read other 7 answers
RELEVANCY SCORE 64.8

I'm running Vista Ultimate 64x. Today, I uninstalled Panda AntiVirus and installed 360 Total Security. However, Windows Security Center is telling me that it can't find any antivirus software although 360 is one of the programs that it recommends (which I discovered via the Find a Program button in WSC). WSC provides an option for me to monitor antivirus programs myself, but it should detect 360, right? Any suggestions? Thanks.

A:Vista can't detect my antivirus software (360 Total Security)

Symantec/Norton products are not recognized by Vista or Windows 7 until you do a Live Update for 360. This has been an issue from the very beginning with Microsoft and Symantec and is still not fixed.
We do not suggest using any paid software like Symantec, Norton, McAfee etc the free programs work better then they do. We suggest uninstalling 360 and using the free Microsoft Security Essentials

Read other 3 answers
RELEVANCY SCORE 64.4

Hello,
 
I've got a sick machine.  The "System Care Antivirus" window opens right after startup and says I've got all sorts of viruses that need cleaning up. It won't let me run programs like DDS in normal mode and says that every webpage I go to is a security risk.  The machine is a Latitude E6520 running Windows 7 32-bit.  Any assistance you can provide is much appreciated.  Below is my DDS log...
 
DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 10.0.9200.16521
Run by ksmith at 12:47:42 on 2013-04-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2985.2252 [GMT -6:00]
.
AV: GFI Software VIPRE *Enabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Enabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://rocksol.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9... Read more

A:"System Care Antivirus" Rogue Anti-Spyware (looks like Live Security Platinum)

Hello mudhustler I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the sam... Read more

Read other 21 answers
RELEVANCY SCORE 64.4

A rogue Facebook application appears to be sending notifications that lead users to a credential harvesting site.Prospective marks receive a Facebook notification that a user has commented on one of their posts, as above.http://countermeasures.trendmicro.eu/rogue...ds-to-phishing/

A:Rogue Facebook Application leads to phishing

I just cleaned out all my apps, I delete all those apps my mates use and send on to me too... its almost not worth having a account!

Read other 1 answers
RELEVANCY SCORE 64.4

For years MSE was used. Now using a trial version of Kaspersky Total Security since one week, due to the impressive looking security it offers, and the excellent reputation.

Kaspersky web antivirus is disabled on my machine, due to serious intermittent delays in startup of Opera browser. The same for Private Browsing and Secur? Connection both are also disabled/ not used. For that I use Opera's private mode and VPN and Sandboxie when needed for bank transactions. Brave browser is used as secondary browser and does suffer barely from performance drop. It seems Kasperksy does not recognize it properly but not sure about that.

OS: Windows 7 64bit. Asus laptop, with I5 processor bought in 2012.
I would be willing to accept the delays if web antivirus is essential. I think it is not, since when malicious script or other nasties have been downloaded all the other protection modules should intercept and block the malware.

My question is: is my reasoning correct? To prevent malware, ublock origin is installed in medium mode, so it is blocking all third party frames. K9 web protection does an excellent job in blocking dangerous sites, especially sites which install pups/ adware like Softonic. Kaspersky web antivirus does not block any of these sites till now.

My question to you: is my reasoning correct? I will appreciate if others can take a look. I did a lot of research about these issues before posting, but it is always better to share my thoughts. Hopefully it can be of p... Read more

A:kaspersky total security 2018, web antivirus is resource hog. Disabled.

your reasoning is almost 100% correct but you may try other web security add-ons to see if it has same effect.
Update- sorry for not reading the whole of your question. If you have k9 web protection and find it good then no need for kaspersky web protection.
 

Read other 1 answers
RELEVANCY SCORE 63.6

I have a PC with Windows XP SP3 with Avast, SuperAnti-Spyware and MBAM while browsing I got a yellow virus warning (something win32 I believe) from Avast pop up near the bottom tray and within seconds the Total Security pop-ups started. My PC slowed to a stop so I rebooted and saw that Antivirus Pro_2010 had installed itself on my PC. All my Anti Virus programs would not start (ie MBAM) so I ended up following forums to end some processes, delete some .dll files that were known to be malicious and rename the .exe's to get Anti Virus programs to run. I installed and used AVG which found a couple things. Then I used ComboFix, and finally I got MBAM to run which found a good 40+ trojans etc. I believe I got the virus off but I tried to restore to before I got the virus but was unable to. I have since run scans with MBAM and SuperAnti-Spyware which have found nothing. Avast also finds nothing but it has a list of 44 files (mostly in WINDOWS\ folder with the last path part of file doubled) that it is unable to scan: because "The system cannot find the specified path". When I look on my C: drive and follow the file path, the second to last part is always missing (ie. WINDOWS\addins\addins) addins is not there. When I plug in my camera, the camera wizard does not pop up anymore as it use to before I had and removed the virus. I also saw on the unscanable list that there was a WINDOWS\Connection Wizard\Connection Wizard file that I'm assuming may be related? In th... Read more

Read other answers
RELEVANCY SCORE 62.8

Search engines are often used by attackers as platforms from which to deliver malicious code. A while ago it was reported that Google was serving up advertisements that led to misleading applications (also known as rogue antispyware products).This time, the malicious code authors are using ?Yahoo! Sponsored Search? listings as a means to promote a misleading product called ?Antivirus & Security.? Antivirus-2009-new.com and Antivirus-pro-download.com are returned in Yahoo! Sponsored Search results as the latest version of AVG antivirus; ...Instead of using techniques like search engine optimization (SEO) poisoning to get the opt listing in the search engine results, attackers are using Yahoo?s advertising services to display their advertisement on all websites that display Yahoo?s sponsored search results....symantec.com

A:Yahoo! Sponsored Search Results Leads rogue antispyware

Of course. Google's Sponsored Links are worse IMO.

Read other 1 answers
RELEVANCY SCORE 62.8

Bitdefender Antivirus Plus, Internet Security, Total Security 2016 ( 32 bit)

http://download.bitdefender.com/windows/desktop/connect/cl/2016/all/bitdefender_ts_20_32b.exe

Bitdefender Antivirus Plus, Internet Security, Total Security 2016 ( 64 bit)

http://download.bitdefender.com/windows/desktop/connect/cl/2016/all/bitdefender_ts_20_64b.exe

 

A:Direct download link for Bitdefender 2016 Antivirus/Internet & Total Security

Its only Total Security Package? Where are the individual ones? The AV Plus, IS ?
 

Read other 6 answers
RELEVANCY SCORE 62.8

I am running windows xp pro w/sp3. It had MSC installed but allowed totalsecurity 2009 and other malware to be downloaded and installed but not uninstalled. Now popup web sites are coming from nowhere. I am able to access the internet...and download malware removers but they can not be installed or started up from regular or safe modes of the os. Those cleaners include superantispyware.com, malwarebytes, ccleaner, spybot. and glary utilities. I'm not sure where togofrom here. Can you please advise me?

A:Infected with Total Security 2009 and Antivirus Pro 2010 but can't get any malware removers to start.

Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report for me to review.Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.

--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

Read other 3 answers
RELEVANCY SCORE 61.6

Camera Wizard not poping up after removing Total Security/Antivirus Pro_2010 I have a PC with Windows XP SP3 with Avast, SuperAnti-Spyware and MBAM while browsing I got a yellow virus warning (something win32 I believe) from Avast pop up near the bottom tray and within seconds the Total Security pop-ups started. My PC slowed to a stop so I rebooted and saw that Antivirus Pro_2010 had installed itself on my PC. All my Anti Virus programs would not start (ie MBAM) so I ended up following forums to end some processes, delete some .dll files that were known to be malicious and rename the .exe's to get Anti Virus programs to run. I installed and used AVG which found a couple things. Then I used ComboFix, and finally I got MBAM to run which found a good 40+ trojans etc. I believe I got the virus off but I tried to restore to before I got the virus but was unable to. I have since run scans with MBAM and SuperAnti-Spyware which have found nothing. Avast also finds nothing but it has a list of 44 files (mostly in WINDOWS\ folder with the last path part of file doubled) that it is unable to scan: because "The system cannot find the specified path". When I look on my C: drive and follow the file path, the second to last part is always missing (ie. WINDOWS\addins\addins) addins is not there. When I plug in my camera, the camera wizard does not pop up anymore as it use to before I had and removed the virus. I also saw on the unscanable list that there was a WINDOWS\Connecti... Read more

A:Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Can someone please help me?
 

Read other 1 answers
RELEVANCY SCORE 61.6

{{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.

While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

o... Read more

A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t...

There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum

Read other 1 answers
RELEVANCY SCORE 60.8

I already have a home security camera system. What I'am looking for is software I can put on my desk top that will notify me on my iphone when motion detection is activated. As well as allow me
to monitor the cameras from my iphone.

Read other answers
RELEVANCY SCORE 59.2

Malware removal guides Following the procedures stated in the Remove Security tool and uninstall guide, all appeared ok until section no. 20 Hostsperm .bat download to desktop ok, but could not open the file. Noted it was in Notebook and to download it you must use the save facility.section 21. Found and deleted c:\windows\system32\drivers\etc\HOSTS, observed that Windows Vista HOSTS download link is in actual fact identified under Windows 2003 Hosts file download link. When trying to save Hostsperm.bat to system32\drivers folder, was flagged with a message stating I did not have the authority to save the file such. I am not sure of what to do next or how to set Hostsperm in system\drivers. Can you please advise. DDS (Ver_09-12-01.01) - NTFSx86 Run by brian at 16:05:59.64 on 21/02/2010Internet Explorer: 8.0.6001.18882Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.1977.1032 [GMT 1:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetwor... Read more

A:Rogue.multiple H,Rogue. pc Doc pro,Rogue.Security.T

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 58.4

A month ago, I was browsing the internet when I got backdoor'd and this Total Security 2011 XP seized control of my system. This program changes it's name based on what system it is infecting (although you probably already knew that).

After quite the battle I managed to neutralize the virus and remove portions of it from my system, but now for some reason I cannot re-enable my automatic windows updates, nor can I get my Trend Micro Titanium Maximum Security to enable the windows firewall automatic booster.

I have removed a rouge copy of csrss.exe that was running from my hp administrators folder as well as several instances of kkc.exe (which is what several programs pointed to as the malware program, including malwarebytes antimalware, and Trend Micro Titanium Maximum Security that I remember off the top of my head.)

I also removed some entries with hyjackthis in order to stop my system from being redirected so that I can use it again.

The removed entries include:

12/04/2011, 6:21:54 PM: F3 - REG:win.ini load=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\csrss.exe
12/04/2011, 6:29:34 PM: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57636
12/04/2011, 6:42:04 PM: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:57636
Obviously my system is still not acting the way it should because it keeps loading more process's like rundll32 from my HP administrators folder inste... Read more

A:Still attempting to recover from "Total Security 2011 XP" rouge antivirus program

Read other 16 answers
RELEVANCY SCORE 55.6

Hello,I recently encountered what I believe to be a spyware/trojan problem on my laptop which is running Windows XP. The problem started about a week ago when a fake security alert came across my desktop saying "Attention! System has encontered a potentional problem..." I ran Spybot Search and Destroy and Malwarebytes Anti-Maleware (I already had these programs installed). These both removed a number of problems. I also have McAfee anti-virus software running. I also ran a scan with this. As of now the fake desktop alerts are gone, however, when I run a Google search and click on a result, I am redirected to some random website. I also have tried to reboot my computer in safemode but when I do this the screen gets hung up on the follow driver and goes no further:Multi(0)disk(0)rdisk(0)parition(2)WINDOWS\System32\Mup.sysDDS (Ver_09-12-01.01) - NTFSx86 Run by Tiffany at 16:38:16.95 on Sat 01/09/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.141 [GMT -6:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGrou... Read more

A:Possible Total Security/Total Spyware Trojan

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 4 answers
RELEVANCY SCORE 55.6

Hello everyone (and Happy Thanksgiving!),Two days ago, I got the antivirus action virus; I followed the steps on this site to remove it via malwarebytes--and successfully did. Woke up today, however, and the computer began acting strange--Java started all of the sudden (Since this was when Antivirus Action initially started, I rushed to end the process, but no use), then I instantly began running malwarebytes again. It discovered three infected files; two fake alert definitions, and one other trojan (really hitting myself in the head for not writing down exact names). Malwarebytes was running extremely slow for some reason, and my computer was behaving radically. I'm running XP Home - SP3, and the screen froze for a second, and then went to the classic 98 or older era windows template--then went back. Then it did it again a half hour later and remained in that state. Before I started scanning with malwarebytes, I received a Win32 HOST process failure notification (where it asks to choose to send error info to Microsoft or not). After Malwarebytes finished scanning, it said it needed to reboot to delete certain files. So I did.Here is where I ran into the BSOD. I chose safe mode, with/without networking, last known configuration, and boot normally--to no avail. I disabled automatic restart on error, and the BSOD posted: *** STOP: 0x0000007B (0xB84C7524, 0xC0000034, 0x00000000, 0x00000000)Also, when booting in Safe Mode, the system hangs on "MDFSYSNT.sys." A q... Read more

A:Antivirus Action leads to non-stop BSOD

The number one priority is getting to my data and transferring it to a safe HDD; then I plan on performing a reformat anyway.What are my other options, here?There are two options here:"getting to my data and transferring it to a safe HDD; then I plan on performing a reformat"getting the system cleaned up and running againThe first option is likely to be quicker.Let us know which one you intend to pursue and whether you would like any help.

Read other 9 answers
RELEVANCY SCORE 55.2

So i tried to remove digital protection with malwarebyte, while I also had total vista security rogue anti virus as well. The problem was that total vista messed up some of my legit files so i deleted them such as a win32 file. After mawarebyte scan, I deleted some files, but then when i restarted my computer, I got some window saying i lost some data or something like that and windows will attempt to restore last date that my computer worked. So i let my computer restore my computer settings to an earlier date and then when I log back in, total vista and digital protection was removed?

I don't know if they are removed just from a system recovery, so i need some advice. After the recovery, I tried the instructions on deleting total vista, but when I renamed process explorer to iexplorer.exe, it doesn't open up, because my computer recognized it as illegal instructions.

EDIT:

So far i am having no pop ups of the rogue anti virus software, but are they hiding??

A:total vista rogue anti virus removed after windows recovery??!!!

Hi Vay,I would suspect that the malware is still there, but hasn't had a chance to run yet. Unfortunately, it will probably pop up some time in the near future. However, if you aren't currently having any symptoms, that makes it easier to do the common scans that will probably remove the rogue for you.Start off by using TFC by Old Timer which will clean out any temp files that might be left over from the pre-restore infection.Follow this guide here on how to remove Digital Protection.Then:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" t... Read more

Read other 7 answers
RELEVANCY SCORE 54.8

My apologies for being unable to provide the starting information as requested in the readthisfirst thread, but under the circumstances, it can't be helped. I run a PC, Windows XP SP3.

This evening my computer was hit by a antivirus.net fake antivirus virus. This was not my first experience with false antiviruses, so I stayed calm, loaded up spybot (before the virus blocked all programs), and tried to get rid of it. I failed, and tried to reboot in safe mode as normal. Unfortunately, I can't even do that. As my computer tries to load windows, a few seconds into the loading, it flashes a blue screen with error text for a split second (I can barely make out something about a critical error and windows is being shut down to protect the computer) and then the computer restarts again.

This is baffling, and frankly, a nightmare. I've never before been unable to enter safe mode (or any mode of windows), and if I can't even *get* there, how am I supposed to run programs to counter the virus or even give you all more detailed information?

I appreciate any and all help that you can give me in fixing this, and will answer any questions I can to the best of my ability!
 

Read other answers
RELEVANCY SCORE 53.2

I use generally browse using Chrome on Android, but sometimes you come across these fake "Your Android device is infected with ... viruses".

Why is it that tapping OK opens the Google Play Store to 360 Mobile Security. Are you trying to tell me Qihoo are involved with these webpages to scare Android users into using their App?



On Windows PC with Avast Antivirus.


 

A:Scareware leads to 360 Mobile Security?

This makes me dislike 360 a little bit. They are practically scamming people by giving these fake popups..
 

Read other 2 answers
RELEVANCY SCORE 52.8

Earlier today my computer became afflicted with the rogue antivirus "Antivirus Soft." I've encountered viruses like this before, and so I immediately looked for a fix.I first followed this guide: Click HereBy all appearances, after running "rkill" the infection was gone. Strangely enough, rkill didn't seem to finish, it hanged at its initial display, but nevertheless cleared my display of Antivirus Soft. I no longer recieved false virus warnings, and could freely access programs on my computer. It should be noted however that I was not in fact running Safe Mode at that time. Upon rebooting, the infection had returned, and spammed its false messages more frequently. On top of it all, I could no longer run programs like "rkill," nor could I access task manager, either. I then rebooted in safe mode with networking and proceeded to follow the guide linked above closely. After running rkill, it created a notepad log with its results: Nothing. It hadn't found or listed any issues. I then continued with the guide and downloaded, updated, and ran Malware Bytes. The scan returned three infections, which I removed as per the guide. After, I rebooted my computer without safe mode but, lo and behold, Antivirus Soft was still there.I will note that, as of the writing of this post, as well as running the programs listed here: Click Here I have been running in safe mode with networking. If that affects the the results of those programs, then I apologize and will work quickly to run them aga... Read more

A:"Antivirus Soft" Rogue Antivirus

A very strange and hopefully wondering change: I ran Malware Bytes again, and while I'm almost positive that it yielded the exact same results as it had the first time, it appears as though Antivirus Soft is actually gone. I can only imagine the various scans, etc performed through the second guide I linked in my first post had something to do with this, as those were the only differences in this second scan. Here's hoping it is indeed gone! I just wanted to add this to my thread to say it might not be necessary to get help after all. Consider this issue resolved for the time being, though I might be back again in a few days or even hours.

Read other 3 answers
RELEVANCY SCORE 52.8

Well, MBAM did a flash scan while I was gone for a minute and a Rogue AV popped up in the scan. Ever since last night my computer has been freezing completely, requiring a hard shutdown. This has happened five times so far.I have beefed up my computer security since my last visit here, and I was hoping to not require coming back for help again.Here is the MBAM log.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
home :: HOME-PC [administrator]

Protection: Enabled

1/28/2012 12:51:32 PM
mbam-log-2012-01-28 (12-51-32).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 177055
Time elapsed: 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
c:\program files (x86)\antivirus pc 2009\quarantine (Rogue.AntiVirusPC2009) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)

A:Rogue AntiVirus - AntiVirus PC 2009

Hi Rewster,My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code or quote boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.  Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer ErrorsList Installed ProgramsList DevicesList Users, Partitions and Memory size.List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings&qu... Read more

Read other 34 answers
RELEVANCY SCORE 52.8

Rogue security product claims to be Microsoft Security Essentials.

F-secure reports:
This malware is distributed via drive-by-download attacks as hotfix.exe or mstsc.exe (md5: 0a2582f71b1aab672ada496074f9ce46).Click to expand...

-- Tom
 

A:Rogue security product claims to be Microsoft Security Essentials - Oct 22, 2010

Thanks for sharing.
 

Read other 2 answers