Over 1 million tech questions and answers.

Help with popup virus

Q: Help with popup virus

I really need help, everytime i start up my comp a pop comes up

After i click Ok this comes up
I dont know how to stop it, i end process and it goes away, but everytime i start up its there

RELEVANCY SCORE 200
Preferred Solution: Help with popup virus

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help with popup virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 51.2

Lately my computer has been running very oddly. Sometimes my explorer.exe will use up 100% and my computer is VERY sluggish.. I have also recently been getting annoying messages such as SysProtect downloads to help fix your computer, You maybe be affected by Blackworm Virus, and a nwe one, Something about the Beagle virus .. Pops up in the same way the Blackworm Virus one does. Also when i exit the SysProtect popup it will direct me to a page to install it. I then close that and get another popup to install it cuz it is (recommended) and i close that and it directs me again to some webpage. Once those are done i can then exit it free of popups for awhile. I also cant run my adaware anymore cuz it says it runs into an error in the Windows Registry causing my computer to go to a blue screen with error.

Here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 11:54:23 AM, on 3/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C... Read more

A:SysProtect Popups - Blackworm Virus Popup - Beagle Virus Popup

Read other 10 answers
RELEVANCY SCORE 46.8

Recently cleaned my parents computer of the Adware Portal Scan trojan. Now, friend is having similar problems (computer trying to dial up automatically and sudden bombardment of popups despite having two popup stoppers). However, I'm not seeing the slmss or mwsvm files. He can't even install a new anti-virus program because his cd drive has been disabled. Below is the hijack this log from his computer. I know there's a lot of junk; I've tried to warn him about his internet traffic habits. Right now, though, our main concern is regaining access to his cd drive and his internet. The repeated auto dialing is shutting down all other activities. Any help someone can give would be greatly appreciated!

Logfile of HijackThis v1.95.1
Scan saved at 6:51:02 PM, on 11/19/03
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\MEDIA\MEDIA\UPDATESTATS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IEDRIVER\IEDRIVER.EXE
C:\WINDOWS\UPTODATE.EXE
C:\PROGRAM FILES\CLEARSEARCH\LOADER.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\PROGRAM ... Read more

A:Virus? - Popup Bombardment Despite Popup Stoppers

Because you are running 98, I need to ask you to download the latest version of HJT. I quick-scanned your log, and I think that we need the latest version to avoid problems.

You can download it over the top of the current version. Do that, and post another log.

(I wouldn't ask this if it wasn't important. I'm really not a "details" kinda guy).

http://mjc1.com/mirror/hjt/

Read other 19 answers
RELEVANCY SCORE 41.2

Hi,
My pc got infected with a virus that have pop up ads open up in IE whether I'm using IE or FireFox. I've run Spybot Search and Destroy, AdAware, and Avast and they didn't fix the problem. Below is my HijackThis log. Any help would be much appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 7:59:45 PM, on 4/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VSDOTNET\Binn\sqlservr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Fi... Read more

A:Solved: Popup virus for anti-virus tools

Read other 7 answers
RELEVANCY SCORE 39.2

I have both a redirect virus and ads pop up in both the right bottom and left bottom of my laptop. I am running windows 7 home edition. I ran malewarebytes in safe mode with networking today. It found two issues but it's still happening. What do I do?

A:redirect virus and ad popup virus

Same PC?

http://www.bleepingcomputer.com/forums/topic483690.html

You didnot finish the process here

Read other 19 answers
RELEVANCY SCORE 38.8

I keep getting popups while i have firefox/internet explorer open.

Here is my log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:13 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Viewpoint\Common\ViewpointService.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\AIM6\aim6.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\AIM6\aolsoftware.exe
D:\Program Files\PokerStars\PokerStars.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft... Read more

A:Popup Virus

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 38.8

Ever since I downloaded and installed Autoshutdown off cnet . I got this virus. I only have free AVG anti virus and did a full computer scan already and it still hasn't removed the problem.
 
This pop up is unexitable unless I close it from Task Manager. It pops up every 30 mins  - 1 hour. Please help remove ( without cost preferably )
 
 
Thank you.

A:Virus popup help

Hello kenshi.. looks like installer spyware... Please do these...Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vist... Read more

Read other 1 answers
RELEVANCY SCORE 38.8

Hey, I've done everything possible from A-Z that Bleeping Computer's "Preparation Guide for Hijackthis" has told me to download/fix/check to get rid of this. Though, the programs downloaded DID get rid of a lot of things I didn't even know were there! So, they were definately worth it. I started getting a ton of popups randomly after almost never getting them on my Dell Inspiron 6000 (this is before I did what Bleeping Computer forums told me to do). The main one's I can't get rid of now are all of like 2-4 popups the downloaded programs cannot find(post-updated computer protection). They end up being blocked by my internet security, but I can still hear the sounds that they produce, such as: a soap commercial, talking about how fat ppl are getting, ect. These popup's mainly hurt me by minimizing my fullscreen video games. It seems to have my computer's focus to switch from the program I am using, to the popup. I appreciate the constant and miracle-like effort of BleepingComputer.com! Help and Thank you!!Logfile of HijackThis v1.99.1Scan saved at 4:51:23 PM, on 11/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svc... Read more

A:I Got A Popup Virus!

Hi Lion of God and Welcome to the Bleeping Computer!Please download Combofix to your Root Drive C:http://download.bleepingcomputer.com/sUBs/combofix.exeDoubleclick combofix.exe to launch the application.Follow the prompts that will be displayed on the screen.Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txtPlease post that log in the next reply.Please install,update and scan the entire system with one of the following free Antivirus Software ProgramsAVG Free for Windowsavast! 4 Home EditionAntiVir? PersonalEdition ClassicBitDefender 8 Free Edition

Read other 1 answers
RELEVANCY SCORE 38.8

ok i have been lookin at the site and you all seem to be great at helping people sooo i need help recenty i have been recieving popups when i open up IE i have never had problems b4 this and have 2 popup blockers but these popups are never blocked i would appreciate any help thanks alot to everyone

A:Popup Virus

First of all two pop up blockers might give conflicts. go thru these steps first and see whether it resolves anything. Post back the result overhere prior to posting a HJT log

Read other 3 answers
RELEVANCY SCORE 38.8

I recently picked up a virus that opened IE windows with different stuff. One of the windows was open during scan. Here is my Hijack log. Thank you for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:55 AM, on 12/26/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NovaStor\NovaStor... Read more

Read other answers
RELEVANCY SCORE 38.8

Just got a window that reads as follows:
The file is infected and you must follow the steps we provide to eliminate the virus completely.

Then below that in blue and underlined it says:
Consult step-by-step guide
I am assumming when you click the consult line it will install. However I have tried to delete it, scan it, reboot but nothing makes it go away. As soon as I am back on line it pops up.
Hp M8000n, dual core 5200, 2g ram, 500 hd win7

Any help would be appreciated.
 

A:virus popup

Just noticed the following top right in[1].htm. Thought it was a part of the window that was open.
 

Read other 2 answers
RELEVANCY SCORE 38.8

There's a virus/malware/spyware or something on my laptop that causing problems when I log onto the internet. Firefox is the most effective. I can't access certain sites and random advertisments popup out of nowhere. So I have to use Internet Explorer to post on this forum. Norton and Spybot hasn't help with the problem. I downloaded Hijackthis and here's the log. If anyone can help, it would be much appreciated. Let me know if you need to know anything. Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:07 PM, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\Re... Read more

A:Need with popup virus

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, and since it's been several days since your original log was posted, please do this:
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt here.
Please attach info.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\rsit\info.txt

Click Upload.

---------------------------------------------------------------------------------------------

Read other 4 answers
RELEVANCY SCORE 38.8

Thank you in advance...

I am running XP with service pack 3 and firefox 3.5.7

I have a popup virus that opens random websites in new firefox windows.
At first it was mainly nexplore, but lately it is anything from a gaming site
to a virus protection site.....and on.

I have tried to fix this on my own by reading different forums and running programs on my own (sorry)

So, hopefully I have not screwed it up more. I have run hijackthis, spybot, avira antivir,
and a free microsoft online scan. Most of the time they find something, but it always loads back up.

One side note, as I ran GMER, my Zune program started up by itself....








DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 22:49:03.45 on Sat 01/23/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.391 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Common Files... Read more

A:Need help with a popup virus...

BUMP, please

Read other 15 answers
RELEVANCY SCORE 38.8

I stupidly opened an email attachment and got a virus. I just got it so the infection shouldn't be bad yet.
It's the one that wants you to buy anti-virus software and puts up pop-ups.

What to do?

I have McAfee but that's not detecting the virus.

Thank You

Here is my HJT Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:10:24 AM, on 3/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
C:\PROGRA~1... Read more

Read other answers
RELEVANCY SCORE 38.8

Logfile of HijackThis v1.99.1Scan saved at 3:11:40 PM, on 11/2/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\System32\TFNF5.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\System32\TPSBattM.exeC:\WINDOWS\octeltpop.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\System32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Documents and Settings\aimee\Application Data\s?mbols\msdtc.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXEC:\WINDOWS\system32\RAMASST.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\System32... Read more

A:Popup Virus

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 11 answers
RELEVANCY SCORE 38.8

I have a very persistent, malicious virus that doesn't allow any other applications or programs to run and continues to create pop ups that appear like anti virus software. It appears to have shut down Microsoft Essential. I can't get into control panel, task manager, etc. Tried to boot up in Safe Mode and only could do it in diagnostic mode. Tried running Rkill, Malewarebytes and CCleaner in Safe Mode. When I booted back up in standard mode the pop ups were still there. Any suggestions?

A:Popup virus

Hello and welcome. Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs ... Read more

Read other 4 answers
RELEVANCY SCORE 38.8

hi ... here's a copy of the hijackthis file... any help would be greatly appreciated... i've been on this for 2 days! thanks...

Logfile of HijackThis v1.98.2
Scan saved at 12:51:49 AM, on 9/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\1140715449\ee\AOLSof... Read more

A:Need help w/ popup virus

here's also the combofix log (Part 1)

thx

ComboFix 07-09-08.7 - "Owner" 2007-09-08 12:25:20.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -4:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.

2007-09-08 02:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-08 02:26 <DIR> d-------- C:\Program Files\Words
2007-09-08 02:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-08 02:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-07 19:26 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-07 14:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-09-07 14:03 69,960 --a------ C:\WINDOWS\Unwash6.exe
2007-09-07 13:01 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\PC Tools
2007-09-07 13:00 22,528 --a------ C:\WINDOWS\system32\drivers\AVHook.sys
2007-09-07 13:00 15,872 --a------ C:\WINDOWS\system32\drivers\AVRec.sys
2007-09-07 13:00 15,872 --a------ C:\WINDOWS\system32\drivers\AVFilter.sys
2007-09-07 12:59 <DIR> d-------- C:\Program Files\PC Tools AntiVirus
2007-09-07 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-08-24 13:44 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-08-24 13:44 <DIR> d-------- C:\WINDOWS\PrimoPDF
2007-08-24 13:44 <DIR> d-------- C:\Program Files\activePDF
2007-08-21 19:23 <DIR> d-------- C:\DOCUME~1\O... Read more

Read other 3 answers
RELEVANCY SCORE 38.8

Hi there,

I seem to have gotten a virus or etc where i get continual popup messages about my computer having been hijacked and my browser keeps getting redirected to antivirus sites and etc.

I run Trend Micro PC-cillin and it keeps picking up various viruses, but cant seem to repair them or etc. I'm running Windows XP Professional SP 2.

If anyone can help that'd be most appreciated!

Here is the logfile from HJT.

Logfile of HijackThis v1.99.1
Scan saved at 5:07:25 PM, on 16/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\PROGRA~1\NOKIA\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Progr... Read more

A:Popup Virus?

Read other 16 answers
RELEVANCY SCORE 38.8

While downloading a file a few days ago I accidently opened a file called "mscache" from the same website, ever since opening this I have been getting popups periodicly, my virus scan picked it up as "Trojan.Adclicker" (info on it can be found here "http://securityresponse.symantec.com/avcenter/venc/data/trojan.adclicker.html")

However after following the instructions it has not stopped the problem, the following is my Hijack This log, if there is anything anyone can spot, or if you know of another way to get rid of this, pls help! thx guys

Logfile of HijackThis v1.95.1
Scan saved at 2:51:39 PM, on 7/21/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\msbb.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\winservn.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program ... Read more

A:Popup Virus?

Read other 9 answers
RELEVANCY SCORE 38.8

I've been told to post my logs on here, as I think I did it in the wrong place before! I've just done the Panda Virus Scan, the log is below - apologies if it's wrong, I'm not really sure what I'm doing! :-


Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\UNINST~1.DLL
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
Potentially unwanted tool:application/altnet Not disinfected c:\windows\smdat32a.sys ... Read more

A:Popup Virus

Here's my log from DSS:

Deckard's System Scanner v20071014.68
Run by Hayley on 2008-02-09 16:23:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Hayley.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:08, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\s... Read more

Read other 10 answers
RELEVANCY SCORE 38.8

Hi,

Last week, I tried viewing a video file on my computer.
A message appearing to be from QuickTime, I think, popped up
saying I needed a codec to view the video. Since it is a company
that I trust (or trusted!), I autorized the file to execute. However, this was a
virus, as I found out later. I was then infected with the Privacy Center virus.

I think I managed to delete the virus, and a few others that my
antivirus software detected during the next few days, but I'm still plagued
with a popup that opens a webpage every now and then (dodofit dot com).

So I think I might still be infected. That's why I have come here for help.

I have followed the NEW INSTRUCTIONS before posting.
I have two CDs that, if used, will put back my computer as it was when
I first bought it. I'm not sure if that's what you mean by Install disc or Boot CD.

You will find below the contents of the DDS scan.
I have also attached a zip file containing the Attach and Ark files.

Thanks a lot in advance!


_____________________________
Here are the contents of the DDS scan:

I have uninstalled McAfee long ago, not sure why it still appears in the scan.
SERVICES DE S?CURIT? COGECO is my antivirus software (provided by FSecure).



DDS (Ver_09-12-01.01) - NTFSx86
Run by proprietaire at 12:45:06,34 on 2010-01-04
Internet Explorer: 8.0.6001.18865
Microsoft? Windows Vista? ?dition Familiale Premium 6.0.6002.2.1252.2.1036.18.3071.1947 [GMT -5:00]

AV: McAfee VirusSc... Read more

A:Getting rid of this virus/popup

Hello snowyday Welcome to the TSF Virus/Trojan/Spyware Help forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.




After 3 days if a topic is not replied to we assume it has been abandoned and it is closed.


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you enc... Read more

Read other 15 answers
RELEVANCY SCORE 38.8

Hello, i have the CID popup virus on my PC. everytime i open IE loads of popups popup on my screen. also my pc is now very slow

any help would be very appreciated

Cherie

A:CID popup virus

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 38.8

My brothers computer has got a popup virus and he cant get red of it, hes internet isnt working properly so im using my computer to post the hjt report..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:53, on 03/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\keyhook.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SPP\SPP.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com... Read more

A:popup virus

Read other 7 answers
RELEVANCY SCORE 38.8

Just had a window appear that reads as follows:
The file is infected and you must follow the steps we provide to eliminate the virus completely.
Then in blue and underlined it reads:
Consult step-by-step guide

I have not clicked the consult as of yet. Anyone have any idea what this is and the best way to handle it. I have closed internet and rebooted with no luck.
Computer is running win7, HP M8000n, Dual Core 5200, 2 gram

Just noticed in the top right in[1].htm. Thought it was from the open window underneath.

I have found the virus is js/agent.nru. Can't seem to find a way to get rid of it.

A:virus popup

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 38.8

i think i have a popup virus, heres my hjt report...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:31, on 07/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\defragActivityMonitor.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.e... Read more

A:popup virus

can sum1 help plz
 

Read other 1 answers
RELEVANCY SCORE 38.4

Hi When I strat intrnet explorer four ads windows will popup every 10 minutes or so, I uesd Ad-Aware 2007, Spybot search & destroy & kaspersky 8 but the problem still there and I have no other broblem but this one and freezing screen some times. My operating system is Window Vista and here is my DSS reports :main.txtDeckard's System Scanner v20071014.68Run by ADMIN on 2008-05-13 15:15:19Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 2 Restore Point(s) --2: 2008-05-13 10:23:34 UTC - RP515 - Installed Kaspersky Anti-Virus 2009.1: 2008-05-13 10:13:52 UTC - RP513 - Avira AntiVir Personal - 5/13/2008 13:13Backed up registry hives.Performed disk cleanup.Percentage of Memory in Use: 77% (more than 75%).Total Physical Memory: 1014 MiB (1024 MiB recommended).-- HijackThis (run as ADMIN.exe) -----------------------------------------------Unable to find log (file not found); running clone.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-13 15:19:13Platform: Windows Vista Service Pack 1 (6.00.6001)MSIE: Internet Explorer (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\System32\dwm.exeC:\Windows\explorer.exeC:\Windows\RtHDVCpl.exeC:\Toshiba\IVP\ISM\pinger.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program F... Read more

A:Ad - Popup Trojan Or Virus

Hi,Please ComboFix from the links above and follow all instructions for running the tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:"If you downloaded ComboFix previously, delete that version and download it again as the tool is frequently updated!"Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyBe sure to re-enable your anti-virus and other security programs, after ComboFix finished.Note: Do not mouseclick combofix's window while its running.... Read more

Read other 13 answers
RELEVANCY SCORE 38.4

Starting the night of 12/9, I started getting spontaneous popus after opening IE 8. Mostly a notice saying I won $1000 from Walmart, but others too. I noticed yesterday that my google searches were being hijacked and redirected to fake pages with ads related to the topic of the search. I've spent all of today trying to fix this, but so far nothing has worked (Windows Defender, Microsoft Security Essentials, Microsoft Malicious Software Removal Took, Spybot, and now HijackThis). So far, one of the MS utilities found a Trojan virus that, when I searched it said it was a redirect virus that also monitored keystrokes, but the Pop-ups are still occurring (I moved to Firefox and they are not occurring with Firefox, but when I try using IE8 they are back) and the redirects are continuing in IE as well (not quite as much and mostly around searches for fixing the problem). One of the sites I checked suggested HiJack, so I tried that and selected the Analyze this option which suggested posting the results to one of the forums (I picked this one). Below are the results - any assistance is greatly appreciated!Results:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:06:14 PM, on 12/11/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18975)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Syna... Read more

A:IE Popup and IE redirect virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 12 answers
RELEVANCY SCORE 38.4

Got a popup box on all my machines that have internet access through ADSL. cant attach as too big so here goes

MESSENGER SERVICE

Message from www.thebuny.com to <IP Address> on 23/01/03 at 11.23
.......INTERNET MESSAGE.........
WWW.THEBUNY.COM

Live sex show - real online sex
Gallery of photos - all categories, porno movies -hardcore

WWW.THEBUNY.COM

Unlimited access and download

WWW.THEBUNY.COM

Remember and rewrite adress

WWW.THEBUNY.COM

Then there is an OK button. This popped up even though IE was not open

Is this a virus?
 

A:Internet popup. is it a virus?

Run Spybot Search and Destroy, from http://lurkhere.com/~nicefiles

Before scanning,click the Online button, Check For Updates, check all the boxes, Download Updates.
 

Read other 2 answers
RELEVANCY SCORE 38.4

Hello All

I'm having real problems with my PC after picking up a trojan/virus. Popups keep appearing and disconnecting my internet. Certain programs (online games etc) have stopped trying to connect to the internet and the computer is real sluggish...

Having followed the advice for first time posts I have run Ad-Aware and deleted any found. I also run Spyware Doctor which finds 2 popups which it cannot do anything about. I ran the online virus scan and this is what it found:

Trend Micro - Free Online Virus Scan 18th February 2005

Virus Scan Result File

TROJ SMALL.XO Non Cleanable C:\WINDOWS\Temporary Internet Files\Content.IE5\U367U16F\v3cab_SerialSpot[1].cab*v3.dll*
TROJ DLOADER.BP Non Cleanable C:\WINDOWS\Temporary Internet Files\Content.IE5\U367U16F\silent[1].exe
TROJ VL.LD Non Cleanable C:\WINDOWS\Temporary Internet Files\Content.IE5\4LOJGZW3\rraut[1].exe
TROJ DLOADER.BB Non Cleanable C:\WINDOWS\Temporary Internet Files\Content.IE5\S1I9M3AZ\dll[1].exe
BKDR AGENT.AD Non Cleanable C:\WINDOWS\winagent.exe
TROJ VL.LD Non Cleanable C:\rraut.exe


I didn't delete any of these files yet - incase they help with any solution.

I made sure I put back everything I turned off manually with msconfig.

I next ran HiJack This and then HijackThis Analyzer and this is the log it made.

I would greatly appreciate any help someone can give me - a poor woman in distress is pulling her hair out :)

===========================================================... Read more

A:Virus & Popup Help Required

Welcome to TSF.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Go to Start->Settings->Control Panel and double-click on the System icon. On the Performance tab click File System. Click the Troubleshooting tab, and then check Disable System Restore. Click OK. Click Yes when you are prompted to restart Windows. When we have confirmed that your log file is clean, you may enable System Restore again by following the s... Read more

Read other 4 answers
RELEVANCY SCORE 38.4

When I log onto the internet I get a pop up warning I need a update to block the Beagle Virus and should download the patch. When I click cancel I am taken to the www.amaena.com website where they want me to buy anti virus software.

How do I stop this message?
 

A:Beagle Virus popup

hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.


Please download http://www.atribune.org/ccount/click.php?id=4 to your desktop.
· Double-click VundoFix.exe to run it.
· Click the Scan for Vundo button.
· Once it's done scanning, click the Remove Vundo button.
· You will receive a prompt asking if you want to remove the files, click YES
· Once you click yes, your desktop will go blank as it starts removing Vundo.
· When completed, it will prompt that it will shutdown your computer, click OK.
· Turn your computer back on.
Go here and downlaod the latest version of java, once
downloaded, go to add/remove and uninstall all previous versions of java
from add/remove and then instlall the latest version you just downloaded!
http://java.com/en/download/manual.jsp
· Please post the contents of C:\vundofix.txt and a new HiJackThis log.
 

Read other 1 answers
RELEVANCY SCORE 38.4

Recently my Microsoft Security Essentials warned me of a severe threat to my computer of a Trojan virus, I allowed it to quarantine the virus, waited a couple minutes, scanned again, it detected the virus again, I allowed it to quarantine again, then I did one more scan and it told me my computer was safe. Shortly after this my Microsoft Security Essentials stopped protecting my computer and does not allow me to restart it or even open it.

Since then google links have been redirecting to other search engines or different sites, also I am having constant Internet explorer ads pop-up.

I am not very computer literate and tried to follow the Preparation Guide, but had troubles with almost all the steps. The DeFogger would not open at all. The DDS opens to the black text box, loads for a bit, however never finishes, and notepad never opens. Also DMER doesn't work either, it freezes then closes itself when I try to open it (this may be because of my Windows, not sure if it's 32-bit or 64-bit)

If someone could help me with these issues, it would be greatly appreciated! Thank you

A:Help with popup and redirect virus

Hello and welcome.. I am moving this to the Am I Infected forum for now.For the connection try these...Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrato... Read more

Read other 13 answers
RELEVANCY SCORE 38.4

XP Operating system with SP2 - scanned with Adaware and my HiJack this log is below. I keep getting a virus popup with computer associates etrust and I get this Ceres popup all the time. Please help!!

Logfile of HijackThis v1.99.1
Scan saved at 10:53:42 AM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jucheck.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Java\j2re1.4.2_... Read more

A:Have a virus and Ceres popup.....

Move HiJackThis.exe to a permanent location like C:\HJT

Add remove programs remove limewire and any other P2P – the likely source of your infection

Print this and boot to safe mode (Start tapping F8 at the first black screen after power up)
Fix these with HJT

O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

View Hidden Files
Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
Make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files".
Uncheck hide extensions
Now click "Apply to all folders", Click "Apply" then "OK"

Delete these files

C:\WINDOWS\wupdt.exe
C:\WINDOWS\ceres.dll

Delete these folders

C:\Program Files\LimeWire

START – RUN – type in %temp% OK - Edit – Select all – File – Delete
Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp
Empty the recycle bin
Boot and post a new log

Please give feedback on what worked/didn’t work and the current status of your system
 

Read other 1 answers
RELEVANCY SCORE 38.4

I keep getting unwanted popups in the lower right hand corner of my browser. I get redirected to a different website about half the time. I am not sure what the computer is infected with, but there is definitely something wrong. Any help would be greatly appreciated.

Thanks
 

A:Redirects and popup virus?

thanks
 

Read other 1 answers
RELEVANCY SCORE 38.4

Hi, my computer has a popup called "internet security 2010" and "antivirus live". I can't run most programs nor can i use dds or gmer

A:Popup virus on my computer

DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 17:05:04.45 on Sat 12/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.415 [GMT -5:00]

AV: avast! antivirus 4.8.1351 [VPS 091219-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\C... Read more

Read other 13 answers
RELEVANCY SCORE 38.4

Hello, I have had a virus for about a month now, Popups are constantly popping up, along with a warning from my current antivirus software letting me know that this is not a safe site. I have tried to get rid of it, but Its very difficult. I have seen a few other people on your site, with similar problems, and I am going through alot of the steps that they are taking. I have just decited to sit down this weekend, and work away at it, and hopefully get it fixed. I will post my 'Hijack This' Log file now, I have downloaded OTMoveIt, VundoFix, ComboFix and SUPERAntiSpyware. I will be going through the steps that have been suggested to others, please advise me, if there are any files specific to my Hijack this Log, that I need to get rid of. I would appreciate any assistance, as this is a frusterating virus, and I would just love to get rid of it.

Regards,

Fireman_311
 

A:Popup Virus, I am in Desperate need of help! Please!

Read other 11 answers
RELEVANCY SCORE 38.4

Hello:
 
I have been trying to remove a virus on my windows 8.1 computer which redirects my browser to new tabs of unwanted ads and slows down the overall operation of the machine. I have tried advice on this site similar to my problems. For example, I ran malwarebytes and quarantined the virus multiple times, I ran adware cleaner and "cleaned" the virus but it keeps returning. I pasted the last attempt of adware cleaner to remove the virus below. Any help would be greatly appreciated!! 
 
 
# AdwCleaner v4.106 - Report created 30/12/2014 at 22:52:28
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Dennis - DENNIS
# Running from : C:\Users\Dennis\Downloads\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Defa... Read more

A:Popup Browser Virus - Please help!

install malware bytes.  reset your google chrome settings

Read other 6 answers
RELEVANCY SCORE 38.4

I recently been infected with an adware that I can not remove. I use Spy Sweeper as my virus protector and when I did a virus scan, it said I had "Adware: rouge security.." I deleted it, and restarted my computer, but the ads keep coming back. I am on a different user on my computer, so I am able to post. I can't go on the internet on my user screen, and I can not do a system restore.

First, when I had the Adware, Pop ups from the internet started to come up, from Porn sites and what not. After my first scan, there were no more pop ups, but the Anti-Virus Adware is still there.

A:Anti-Virus Popup.

Hi,Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say ... Read more

Read other 7 answers
RELEVANCY SCORE 38.4

Well hello, everyone. I've got an interesting problem (for me, anyway), because most of the viruses I have run across have been fake anti-virus ones that clearly give you a name to hunt down and destroy. This new thing my laptop has isn't trying to pretend to be one of those, which makes it difficult for me to do searches for it online. Thus I am resorting to your expertise.I am running Windows XP SP2. This virus (I guess it is a virus) does two things. One, it brings up a dialog box once every 30 seconds or minute (after closing the previous one) that gives one of the following messages:ErrorYour computer is infected with Spyware! Detected malicious programs can damage your computer and compromise your privacy. It is strongly recomended to remove them immediately.ErrorSurfing without protection tool installed may cause spyware intrusion through security holes in the Web browser or in other software.If I try to run an anti-virus tool it pops up with this nice message instead:ErrorInternal software conflict detected! Some application tries to get access to system kernel (such behavior is typical to Spyware/Malware). It may cause crash of your computer.Spelling and grammar and capitalization are all as they appear in the box.The second thing it does is bring up a bubble from the Quick Launch toolbar with the yellow caution triangle that says one of two things:System warningKeep your computer safe from viruses and malicious programs that can slow down or break yo... Read more

A:Dialog box popup virus?

Welcome aboard Please download GMER from one of the following locations and save it to your desktop:Main Mirror
This version will download a randomly named file (Recommended)Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.IMPORTANT! If for some reason GMER refuses to run, try again.If it still fails, try to UN-check "Devices&q... Read more

Read other 9 answers
RELEVANCY SCORE 38.4

I randomly get redirected to random sites from clicking on the search results from Google and I also get popups random if I were to enter a web address directly. I've scanned my computer with Nortons, MBAM, Hitman Pro, TDSSKiller, Emsisoft Anti-Malware, and SUPERAntiSpyware, and none of them found anything. After all that, I went and reformatted my computer only to find that nothing changed, except I now have shorter scan times.EDIT:Windows updated after I had shut down. Not sure if the updates affect anything but on the safe side, I rescanned and updated all the logs accordingly.DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 7:33:44.27 on Sun 06/06/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2045.1301 [GMT -4:00]SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svch... Read more

A:Redirect/Popup virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 38.4

Hi all,
It's my 1st time here
I hope this will help many.

I watch soccer matches via online streaming. Its free thats why..
Each time I watch, I get the pop up virus ad. I just press back and carry on. I do not click on the screen.

Is there a chance a malware could have gotten through to my phone?

Also are there android viruses out there or only malware?

Im also curious to know can a malware show people the sites I visit? Cause the soccer websites of course are illegal.
I do watch the bpl and recently euro 16...thats all...

Is there ever any cases of malware showing others what an individual does on his phone? It's a scary world for thise not good in technology.

I would really appreciate any help, as paranoia is getting the better of me recently.
 

Read other answers
RELEVANCY SCORE 38.4

Hello,
 
I keep getting a popup when I'm on my internet browser that says to call some number because I "have a virus."  Not sure what to do.  Thanks.

A:Possible virus -- keep getting popup that says to call #

Hello nmiller07 and welcome to Bleeping Computer.Are you by chance using Windows 10? 

Read other 10 answers
RELEVANCY SCORE 38.4

Hey Guys I just recieved a Popup from A and it Says the following:

'Attention! System detected Win32.MT.Rs virus on your computer that infects executable files. Your private information and PC safety are at risk.
To get rid of unwanted spyware and keep your computer safe you need to update your current security software'

I've run a Virus ( kaspersky ),Spyware
( searchandestroy,AVG) and HiJackThis and Its not found anything, Is this just a bogus popup trying to get people to download something?

A:Amaena Popup Says I Have A Virus

You should never post a link to a known or suspected bad site! If a mod doesn't get to it before you do, please remove it.Install the program in the link below to remove the popups.http://www.superantispyware.com/ Let us know if it worked or not.

Read other 1 answers
RELEVANCY SCORE 38.4

Hi all,
It's my 1st time here
I hope this will help many.

I watch soccer matches via online streaming. Its free thats why..
Each time I watch, I get the pop up virus ad. I just press back and carry on. I do not click on the screen.

Is there a chance a malware could have gotten through to my phone?

Also are there android viruses out there or only malware?

Im also curious to know can a malware show people the sites I visit? Cause the soccer websites of course are illegal.
I do watch the bpl and recently euro 16...thats all...

Is there ever any cases of malware showing others what an individual does on his phone? It's a scary world for thise not good in technology.

I would really appreciate any help, as paranoia is getting the better of me recently.
 

Read other answers
RELEVANCY SCORE 38.4

Hey guys, I know someone else has posted this problem. I am having the same problem, below is a copy of the guys post who was having this problem and it also describes mine.

When I log onto the internet I get a pop up warning I need a update to block the Beagle Virus and should download the patch. When I click cancel I am taken to the www.amaena.com website where they want me to buy anti virus software.

How do I stop this message?

Here are my results from a hijack this scan.

Logfile of HijackThis v1.99.1
Scan saved at 8:52:54 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\j... Read more

A:Beagle Virus popup

Read other 7 answers
RELEVANCY SCORE 38.4

Hi im a bit new here.
I've read a bit on the forums about the adultfriendfinder popup and i found out it was a virus. Now i know the first step is to get the log from HJT, so here it is. Please help.
Thanks in Advanced

Logfile of HijackThis v1.99.1
Scan saved at 7:00:47 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\A... Read more

A:Solved: Popup Virus help

Read other 7 answers
RELEVANCY SCORE 38.4

Hello Wise Wizards of Bleeping Computer:
I'm back for what seems to be an annual infection of one of the kids computers. This time it is (I think) the Hiloti virus. Tried run Malwarebytes and it said it found and removed stuff but it comes back when I re-start. A windows defender alert window popped up and I don't know if it is real or fake. It looked real and so I ran it and tried to remove it via the Windows Defender tool but honestly it seems to have made things worse. Constant popups that tell me legit programs are viruses or are infected and barrages of alerts asking me to run some security service. Sounds fake to me. I did the prep work mentioned and have a DDS log and gmer log attached. I ran the gmer and DDS and defogger by d/loading onto a flash drive and then running form the flash drive. I'm posting using the home computer rather than the infected laptop. So there may be a lag because I will be d'loading things onto a flash drive plugging in the flash to the infected laptop (which is in safe mode). The laptop is a tablet made byy acer running windows 7 home premium edition. Thanks in advance for the assistance.

A:hiloti.gen!D virus/popup

I went to other portions of this board and tried a few things. It seems to have worked so you can consider this closed. I'll repost with a new topic if things come back. Basically, I restored the system to a month earlier date. Updated all the anti virus software. Ran malware and the AVG scans and things are working now. But if there is a return I will repost.

Read other 2 answers