Over 1 million tech questions and answers.

Windows Security Shield Alert, windows running half speed and browser hijacked

Q: Windows Security Shield Alert, windows running half speed and browser hijacked

I'm pretty sure I clicked a fake mega upload download page. All the sudden all types of fake spyware diagnostics start running. I'm also pretty sure the problem has made changes to my computer as well. I say this because on start up or shut down I get all sorts of " xxxx cannot close due to runtime error" or " xxx must close would you like to send an email to microsoft". Up to this point I have ran Rkill, Spybot, MBam and VGA. All will run without being terminated by the virus and all find and will remove several trojans and etc. However the browser is still hijacked and every once in a while I get a Microsoft Development Enviroment Run pop up but it stops and shows another error box saying " an exception of type Microsoft JScrip runtime error object was not handled.============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSsvchost.exec:\docume~1\admini~1\locals~1\temp\cdm\{8cbf1a10-827d-4e0d-b360-652dd080b793}\STacSV.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exeC:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exeC:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\IDT\WDM\sttray.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\CTHELPER.EXEC:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeC:\Program Files\Java\jre6\bin\jusched.exeK:\iTunesHelper.exeC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeK:\uTorrent.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\MDM.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\Administrator\Desktop\dds.scr============== Pseudo HJT Report ===============uSearch Bar = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%smSearchAssistant = hxxp://www.google.com/ieBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileuRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hiddenuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [uTorrent] "K:\uTorrent.exe"uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduleruRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exemRun: [Reminder] %WINDIR%\Creator\Remind_XP.exemRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXEmRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exemRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exemRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInitmRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exemRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startupmRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [CTHelper] CTHELPER.EXEmRun: [CTxfiHlp] CTXFIHLP.EXEmRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /backgroundmRun: [<NO NAME>] mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "K:\iTunesHelper.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exeIE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTMLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLLIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1232474645984DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dllLSA: Authentication Packages = msv1_0 relog_apmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"Hosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\1gjvg34e.default\FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1gjvg34e.default\extensions\[email protected]\plugins\npRACtrl.dllFF - plugin: c:\program files\microsoft\office live\npOLW.dllFF - plugin: k:\mozilla plugins\npitunes.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}---- FIREFOX POLICIES ---- ============= SERVICES / DRIVERS ===============R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]R3 AVMNgBasM780;AVerMedia M780 Base Driver;c:\windows\system32\drivers\AVerBas.sys [2009-1-20 57216]R3 AVMNgCapM780;AVerMedia M780 Audio/Video Capture Driver;c:\windows\system32\drivers\AVerCap.sys [2009-1-20 366976]R3 AVMNgTunM780;AVerMedia M780 TVTuner Driver;c:\windows\system32\drivers\AVerTun.sys [2009-1-20 165120]R3 portio32;portio32;c:\windows\system32\drivers\portio32.sys [2009-7-9 2048]S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2010-2-23 28160]S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys --> c:\windows\system32\drivers\netaapl.sys [?]=============== Created Last 30 ================2010-03-25 18:59:33 0 -c--a-w- c:\documents and settings\administrator\defogger_reenable2010-03-25 18:48:51 552 ----a-w- c:\windows\system32\d3d8caps.dat2010-03-25 18:37:54 0 d-----w- c:\program files\Trend Micro2010-03-25 17:52:07 0 d-----w- c:\program files\Spybot - Search & Destroy2010-03-25 17:52:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-03-25 17:50:11 0 d-----w- c:\windows\Twain322010-03-25 17:09:06 0 dc----w- C:\Malwarebytes' Anti-Malware2010-03-25 15:53:12 0 d-----w- c:\windows\system32\wbem\Repository2010-03-25 07:06:19 0 dc----w- C:\$AVG2010-03-25 06:51:23 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll2010-03-25 06:51:09 0 d-----w- c:\windows\system32\drivers\Avg(3)2010-03-25 06:47:35 0 d-----w- c:\program files\AVG2010-03-25 06:47:13 0 d-----w- c:\docume~1\alluse~1\applic~1\avg92010-03-25 05:15:49 0 d-----w- c:\windows\pss2010-03-25 04:44:37 0 d-----w- c:\windows\system32\drivers\Avg(2)2010-03-25 04:40:56 0 d-----w- c:\program files\AVG(2)2010-03-25 04:40:34 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9(2)2010-03-25 04:05:08 4 ----a-w- c:\program files\246953.dat2010-03-25 03:48:37 9216 ----a-w- c:\windows\system32\DockViews2010-03-25 03:36:25 0 dc----w- c:\docume~1\admini~1\applic~1\D62A3BA6C2992077D60395B88708FF822010-03-11 04:56:09 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe2010-03-02 21:36:25 0 dc----w- c:\docume~1\admini~1\applic~1\Browser Not Included2010-02-23 19:01:56 41984 ----a-w- c:\windows\system32\libusb0.dll2010-02-23 19:01:56 28160 ----a-w- c:\windows\system32\drivers\libusb0.sys==================== Find3M ====================2010-03-25 05:50:23 8146 -c--a-w- c:\docume~1\admini~1\applic~1\wklnhst.dat2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll2009-01-21 03:26:02 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012020090121\index.dat============= FINISH: 15:02:49.78 ===============

RELEVANCY SCORE 200
Preferred Solution: Windows Security Shield Alert, windows running half speed and browser hijacked

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Windows Security Shield Alert, windows running half speed and browser hijacked

I forgot to add there is a fake "windows security alerts" icon on my bottom right portion of my tool bar. I haven't touched it but I can tell by looking its a fake.

Read other 4 answers
RELEVANCY SCORE 85.2

Was hit by the FBI MoneyPak ransomware virus a couple of days ago. Seem to have successfully removed that virus along with a number of other ones (ZeroAccess.Trojan; Java/Exploit.Agent.NBD.Trojan; . Unfortunately, my computer continues to show a Windows Security Alert ("red shield") in the start-up tray indicating that "Computer may be at risk" because "Automatic Updates is turned off." Also, while using a cleaning tool (adwcleaner.exe) during the FBI ransomware virus clean-up, a security alert (from AVG Anti-Virus Free-Edition 2012) popped up to warn that the cleaning tool (adwcleaner.exe) was a "rogue" program.Have pasted contents of the ddt.txt below. Also attaching the Attach.txt.Was going to attach Ark.txt (GMER log) once the GMER scan was finished, but got a blue screen saying: "A problem ahs been detected and windows has been shut down to prevent damage to your computer.""IRQL_NOT_LESS_OR_EQUAL""If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:[I will spare you all of the details here and just add technical info.]"Technical information:*** STOP: 0x0000000A (0xFAABDC00, 0x00000005, 0x00000001, 0x806F48EE)Beginning dump of physical memoryPhysical memory dump complete.Contact your system administrator or technical support group for further assistance." Any help in figuring out how to remove this malwar... Read more

A:Windows Security Alert ("red shield") appears in start-up tray & report of "Rogue Virus" threat when using...

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 18 answers
RELEVANCY SCORE 82.4

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:33:23.80 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://newsletters.fool.com/04/index.aspx?source=imysltlnk750252
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5... Read more

A:IE hijacked with porn sites; antivirus system pro alert keeps popping up; windows security alert keeps popping up

Hello pdmuhalk,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 82

Hello,I have been getting pop ups like this:stating "trojan-spy.win32.greenscreen", "trojan-spy.html.bankfraud.dq" or "trojan-downloader.win32.agent.bq"Thanks in advance. Here is a fresh Hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:54, on 9/8/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\SCardSvr.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft S... Read more

A:Pc Hijacked With Fake Windows Security Alert

HiPlease run a Kaspersky Online Scan Please do an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner Click AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make sure that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard)
Scan Options: Scan Archives Scan Mail BasesClick OK Now under select a target to scan: Select My ComputerThe program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:Once finished, save the log to your Desktop as filename KAV.txtTHEN ...Please Download Malwarebytes' Anti-Malware from Here :-http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlor here :-http://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Quick Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When... Read more

Read other 14 answers
RELEVANCY SCORE 79.6

Hello, I have gotten a virus of some kind, I think from a flash drive my gf uses to store homework on. She brought home the flash drive from using it at work (in a hospital for pete's sake!) and the files were all hidden. I figured out how to unhide them thanks to the internet, but I think I got a virus of some sort in the process. Since then my browser has been being hijacked, my computer is super slow, random ad pop-ups show up, and even when I use google to search the results come back with a whole list of crap that is not even applicable to my search. I have tried AVG (the free version) and also Malwarebytes (the free version) and both have located threats and "removed" them, but the problems persist. I don't know what to do next. I have a Dell laptop with windows 8.1. Please help!

A:Hijacked browser, Slow speed, Windows 8.1

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 7 answers
RELEVANCY SCORE 79.2

So i ran a .avi file that I got from a friend and it said something like "the .avi file has code that is not usual for a .avi format would you like to continue" and like a nob i clicked yes. that should have been my first clue that something like this would happen. anyways, after that my browsers (IE and Chrome) no longer worked (displaying page could not be found). I decided to do a few tests, poking around to ensure that i still had internet access as internet disconnections are clearly a cause of browser failure. I pinged google with successful connection meaning my internet is still up and running (and as indicated by my status).
the second thing i noticed after running the .avi is a blue and white striped shield in my notification area that pops up and say in bold "Windows Security alert" and a bunch of other crap. when u go to hover the icon it decides to hide. I checked my programs list (add/remove prog) to ensure that i did not have this as i had not seen it before. I also took a screen shot that I will try to upload (just showing the full msg that came up from the fake anti-virus).

Summary: browsers no longer work, and fake Anti-virus program appearing.

Not sure what other symptoms are occurring but i would rather stop it before it gets worse. I would appreciate any help, in any form. Following are the logs as requested:

DDS:

DDS (Ver_09-11-29.01) - NTFSx86
Run by Kyle at 15:56:23.66 on Sun 11/29/2009
Internet Explorer: 8.0.6001.1... Read more

A:Windows Security alert and broken browser

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download ComboFix and the Microsoft file to a USB drive on another computer and transfer the files to your desktop.

------------------------------------------------... Read more

Read other 4 answers
RELEVANCY SCORE 79.2

Hello! I have been having problems with malware recently and have not been able to remove it with Trend micro, Ad-Aware or Spybot, and I'm at my wits end.

The redirects can occur any time I click a link but its usually after I use a link from a search engine.

One of the more distinctive redirects is a fake Windows Explorer window titled Windows Security, which performs a fake scan on my system and reports various false infections.

Any help would be greatly appreciated.

Jbonna
DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Adam at 16:30:30.47 on Mon 11/29/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4094.2168 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32&... Read more

A:Browser redirects, Windows Security Alert

Hi jbonna, and welcome to Bleeping Computer.Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all.

Read other 2 answers
RELEVANCY SCORE 74.8

After turning my computer on this morning I received a Balloon pop up from Windows security Centre (red shield in the system tray) informing me that No antivirus and firewall are currently running. I have online armour and AVG Free installed and running (and have had for years). I have tried deleting the contents of WINDOWS\system32\wbem\Repository so the data base could be rebuilt upon start up, no success.

Please note:
- I Have XP professional with Sp3 installed
- AVG and online armour are running fine
- I do not wish to tick the monitor my firewall/antivirus Option found in windows security centre recommendations
- I installed Skype’s whiteboard meeting app last night, besides that nothing has changed from yesterday.

Any Help on this would be greatly Appreciated.
Thanks,
Tom

A:False 'No Antivirus' and 'Firewall Running' Alert from Windows Security Centre (system tray)

Never used it myself but this may help: How To Use Dial-a-fix To Repair Windows Internals Problems http://www.bleepingcomputer.com/forums/topic160132.html

Read other 16 answers
RELEVANCY SCORE 74.8

I run XP home version. I had a popup that said computer is infected...puchase this product to remove. I don't remember which one it was at this point. I went to one of your forums and followed the instructions for an identical problem. Ran rkill and did MWAB full scan. Did not pick up anything. Installed Secunia and it could not find the microsoft/security updates. Went to microsoft site to update and the page came back...problem connecting w/the page.I have ran multiple scans with MWAB, Spybot search and destroy, Superantispyware, Immunet anti virus and a online anti virus scat. It was ESET or something close to that. But still cannot get to updates...then my browser gets hijacked...then it freezes up. In safe mode I can run the browser for only a little bit before it gets hijacked. Even after running rkill. Here are recent logs from MWAB, OTL, Security CheckMalwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.orgDatabase version: 6374Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 7.0.5730.134/17/2011 3:00:45 PMmbam-log-2011-04-17 (15-00-45).txtScan type: Full scan (C:\|)Objects scanned: 218796Time elapsed: 27 minute(s), 35 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No ... Read more

A:Browser hijacked and cannot perform windows/security updates

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Administrator at 15:36:54.68 on Tue 04/19/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.476 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Immunet 3.0 *Enabled/Updated* {F1220F1F-7E2E-48CD-846D-B98C6F85CD37}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
svchost.exe 4
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator.OWNER-ETCSUP3UE\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:&#... Read more

Read other 20 answers
RELEVANCY SCORE 73.6

This is my first post, thanks your anyone's help in advance.

My computer running very slow and my browser is hijacked, redirects or opens new windows in IE 7, Google Chrome and Firefox. I have ran several malware removal programs including Spybot, Malwarebytes' Anti-Malware and SUPERAntiSpyware Free Edition. They usually find stuff, but I think whatever it is reinstalls itself or it isn't being detected. Please let me know what my first step should be in detecting the issue and solving this! Thank you!!!

A:Computer Running Slow, browser is hijacked, redirects or opens new windows

Welcome to BCWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.=====================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) ... Read more

Read other 6 answers
RELEVANCY SCORE 72

I thought I just posted but my post disappeared... so if this is a repeat I apologize. I have a Dell XPS 400 with Pentium (R) D CPU 2.80 GHz - 2.79 GHz, 1 GB RAM and use Windows XP SP2. I have Internet Explorer 7, but use Mozilla Firefox version 2.0.0.11. Yesterday a flashing red shield, similar to Window Security's shield, appeared in the bar on the bottom right of my computer. The shield has a pop-up message that says:"System Alert !
System has detected a number of active spyware applications that may impact the performance of your computer". If I click on the shield it open a web site on Explorer that sells Virus Protect Pro (www.virusprotectpro.com).
I ran McAfee virus scan (found nothing) and Spybot (found and removed about 16 things) but neither resolved the problem. I followed your 5 steps and installed and ran SpywareBalster/SpywareGard,Ad-Aware,ie-spyad and ZonedOut and DSS. I don't know what to do next...I hope you can help me! Thank you, Tullia
Panda Sac report:

Incident Status Location

Potentially unwanted tool:Application/MyWay Not disinfected C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll ... Read more

A:Red flashing shield sending Security Alert! message

I am posting again just to add that the computer now is also very slow.
I made a mistake I did not mention in my first post: in ZonedOut I uploaded files under "Local machine" because a message told me some files did not upload under "Current user. After that I read that once they are in "Local machine" I can't move them to "Current user"...so now they are split in two. Should I try to move them all to "Local machine"? I am the only user of this desktop. Thanks...

Read other 18 answers
RELEVANCY SCORE 70.4

Hello,Today my computer encountered a virus called Win 7 Home Security 2012 - Unregistered Version. It kept on spamming with a window telling me that my computer is infected and I should run the scan. Being so frustrated, I went on a clean computer and looked up solutions from this forum to fix the virus because it wouldn't let me access the internet from firefox. Here is an image of what popped up from the virus: "http://imageshack.us/photo/my-images/690/virus3k.png/"I found the website "http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012" and followed all the instructions. - For the RKill scan, my results were:This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 12/17/2011 at 23:00:01. Operating System: Windows 7 Professional Processes terminated by Rkill or while it was running: C:\Users\Mary\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Users\Mary\AppData\Local\owm.exeRkill completed on 12/17/2011 at 23:00:16. - I also scanned my computer with MalwareBytes and it didn't find anything, but here are the results:Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 8391Windows 6.1.7601 Service Pack 1Internet Explorer 8.0.7601.1751412/17/2011 11:56:19 PMmbam-log-2011-12-17 (23-56-19).txtScan type: Full scan (C:\|Q:�... Read more

A:Win 7 Home Security 2012 - Unregistered Version & AVG Resident Shield Alert

What surprises me is thathttp://imageshack.us/photo/my-images/26/virus2d.png/Malwarebytes should have detected this msimg32.dll infection as rootkit.0Access.In your case mbam scan looks clean.Run a full scan in safemode and see if it detects msimg32.dllThanks

Read other 10 answers
RELEVANCY SCORE 70.4

I think i have successfully deleted security tools and antimalware doctor since i haven't been bothered from these again.
But the resident shield alert keeps poping up everytime i log in to windows, unless i turn it off from avg.
I have allready downloaded Malwarebyte's Anti-Malware and have quick-scaned my computer.I also saved the log if its needed.

A:antimalware doctor,security tools,resident shield alert infection

I had start-up things bothering me before. Try running Piriform's CCleaner and analyse and fix the registry section. This will clean up your startup problems

Read other 2 answers
RELEVANCY SCORE 70.4

i just put together a pc with :
giga-byte ga-7vaxp motherboard
amd athlon xp 2600+ w/ 333 front side bus which is supposed to run at 2.1 ghz
my problem is that my computer shows to be running at 1.2 ghz
I'm pretty sure that I have the jumpers set wrong but cannot find any info on how to set them (m/b manual does not help ) any ideas would be greatly apreciated thanks
 

A:cpu running at half speed

Read other 13 answers
RELEVANCY SCORE 70.4

hey i have an asus p4vp-mx thats suppose to have a 2.8 ghz processor with 1.2 gigs of ram but according to some of my games their reading the processor as 1.5ghz so none of these games are properly working even though my computer more than meets the hardware requirements anyway any help would greatly be appreciated
 

A:Cpu running at half speed help please

Sounds like the BIOS is set up incorrectly.

Whaen you 1st boot up, hit Del a few times and you'll enter the BIOS.

Hopefully, on the far right tab, there will be an option to "Load Optimised Defaults". Do that, reboot and see what it's reported as now.

CPUz will tell you what it is actually running at: http://www.cpuid.com/cpuz.php
 

Read other 11 answers
RELEVANCY SCORE 70.4

Hello Everyone! So after reading dozens of threads about the problem im having.. i have to call uncle and ask for help. I installed a new ssd into my pci-e slot of my Dell precision t7400. I found it to be the cheapest way to get the fast speeds i was hoping for. I have a SanDisk SDSSDA240G installed into a PCI-E SATA 3 adapter(Images: pci-express_01 / ssd)info). Im running windows 7. I have made sure i am in AHCI and that i am running the correct Bios. The Card is in the First PCIE (Slot1) and my graphics card is in the other PCIE (Slot4). It is plugged into the only SATA port that was available (Image: MotherBoardSetup). Ive run the benchmark app and it seems like its only running 3G instead of the 6 that i was hoping for.
I have Dual quad cores Intel Xeon e5450. EVGA GeForce GTX 560 2GB Graphics Card. 32G of DDR2.
Windows 7.
Im a 3D artist and use multiple 3d programs. I know its running fast now, but any extra would be helpful. Can anyone please take a look at these pics and help me out?
Thanks -DT

A:SSD running at half speed. Please take a look

I also have this pic from when i startup...and one of the PCIe card i bought...if that helps.

Read other 7 answers
RELEVANCY SCORE 70.4

hey im running my pc with 2x 1GB patriot 6400 sticks of ram on an Asus p5w dh deluxe mobo and an intel core 2 duo E4500 2.2ghz currently overclocked to 2.6ghz. what i have noticed is that the ram on dual channel is running at 180mhz and on the post bios message i see "dual chanel ram 3200" and if i hitch up my processors clock speed the ram speed falls. whats going on and how can i fix this. all help appreciated thanks.
 

A:Ram running at half speed

oh and if i mod the ram speed as well as the cpu speed i get a message from the bios "over voltage or overclocking failed"
 

Read other 8 answers
RELEVANCY SCORE 70

Greetings,

This morning my pc got hit with this awful trojan called "Security Shield"...which has led to browser / search hijacks, Microsoft Security Essentials being disabled and unavailable to restart, and even an annoying flashing Windows login screen that prevents me from putting in my login password if I lock my pc.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thank you for your help!

art_vandelay
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by glindholm at 9:53:50 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\... Read more

A:Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 9 answers
RELEVANCY SCORE 69.6

I have an AMD Sempron 2300 which normally runs at 1.8 Ghz. Now, it says it is running at 950 Mhz, and i dont know why. i tried restoring my BIOS to fail-safe defaults, and i changed the CMOS battery, but it didn't work. I really need help on this, so any thoughts are greatly appreciated.
 

A:AMD processor running at half speed. why?

Try opening up some program like Internet Explorer or something that will stress your CPU. See whether the speed goes back to normal.

Some processors automatically throttle back when idling to reduce power consumption. When you stress them by opening a program or doing something like that, their speed goes back to normal. See if that works.

What socket is your CPU?
 

Read other 10 answers
RELEVANCY SCORE 69.6

I'm running a P111 coppermine 1Ghz on cusl2-c MB. The cpu is continually reported as running at 500mhz, although diagnostics (sandra etc) show cpu range as 500-1000mhz. The bios settings have changed and I cant reset them to 1000mhz because on save & exit the bios just reappears saying that the settings are wrong. (have updated bios etc etc.)It will only work on a lower setting. This is causing me major probs with CAD apps.
What can this be?????
 

A:heeeeeeeelp!!! CPU running half speed

Read other 13 answers
RELEVANCY SCORE 69.6

I had to replace the hard drive in my Pavilion when the original failed. I reinstalled the original software from the Recovery CD set I purchased from HP. The system now identifies my processor as an Athlon running at 750 MHz instead of the original Athlon 1.3 GHz. This 750 MHz figure is the same in the BIOS setup screen and in Windows XP My Computer Properties screen. I have not changed any components other than the hard drive, and the processor is the original Athlon 1.3 GHz. What would account for the decrease in speed and what can I do about it?

Thanks,
John

Windows XP Home Edition
AMD Athlon 1.3 GHz
512 MB RAM @133MHz
A7V-VM motherboard
 

A:AMD CPU running at about half original speed

Go to www.lavalys.com and get the free Everest Home Edition. Run that, it will tell you all about your PC and its components.
You may need to do a reset to basic values or optimised values of your BIOS.
Check the mobo-manual for multiplier settings in the BIOS.
 

Read other 1 answers
RELEVANCY SCORE 69.2

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

A:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

Read other 4 answers
RELEVANCY SCORE 69.2

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Fi... Read more

A:Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 68.8

I have a Inspiron 1520 with a CPU running at half speed. I thought the original CPU, a Core 2 Duo T5450, was failing, as it was running at 1 to 1.2 GHz and it should be 1.6 MHz. I replaced it with a T8300 2.4 GHz, which now runs at 1.2 to 1.6 GHz.
I don't see anything in the BIOS that could change it. I'm going to try and flash the BIOS (it is at the newest version).
Anything else I can check?

A:Inspiron 1520 CPU running at half speed

Does the system correctly recognize the AC adapter, or is it showing "unknown"  (look at the system setup -- F2 at powerup) -- to verify?

Read other 2 answers
RELEVANCY SCORE 68.8

Hello, i have recently purchased a conputer. The processor is a intel pentium 4, 2.8 GHz, however it is running at 1.4GHz. Can anyone help me? Specs from CPUID follow:-

Processor :- Intel pentium 4 (northwood)
Package:- Socket 478 mPGA
Spec:- Intel(R) Pentium(R) 4 2.80GHz
instructions:- MMX,SSE,SSE2
Core speed:- 1400MHz =(
multiplier:- x 14.0
bus speed:- 100MHz
Rated FSB:- 400MHz
MOBO chipset:- intel i845GL
Type:- DDR / Size:- 512MB
DRAM freq:- 133.3MHz
FSBRAM: 3:4
Let me know of any other specs needed.

Regards

Strike191
 

A:Intel pentium 4 running half speed

Read other 6 answers
RELEVANCY SCORE 68.8

Hello, im a new member to the forums but i use it a lot for information. I recently bought a linksys network adapter for my desktop and i did not know the passphrase to connect to the wireless. I then reset my router and i got it all working but it is now running at half speed. Yesterday, before my reset, i was running at 159 mb/s. and today, after reset, it is at 72 mb/s. It was my first time reseting the router and i am not very experienced so i may have screwed something up. any help is appreciated
 

A:Wireless running at half speed after reset

Read other 9 answers
RELEVANCY SCORE 68.4

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

A:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

Read other 4 answers
RELEVANCY SCORE 68

I recently upgraded to windows 2000 from 98 and my computer began running at half the speed. Next I restored 98 using a restore CD and installed 2000 side by side with 98 so I now have 2 operating systems running. In 98 mode, my computer runs at normal speed, 400 mhz. In 2000 mode, it runs at half speed because my front side bus is running at half speed. In 2000 mode, it says my FSB is only 49 mhz while in 98 it reports to be 100 mhz which is the actual speed. Any clues? IBM aptiva 400 mhz, 64 MB RAM, putting in more RAM does not help.
 

A:windows 2000 makes cpu run at half speed

Please don't duplicate post, reply here:

http://forums.techguy.org/showthread.php?s=&threadid=110709
 

Read other 1 answers
RELEVANCY SCORE 67.2

If anyone has any Ideas on this I would appreciate it greatly.

A:AMD Athlon 2650e, 1.6GHz Processor is running at half speed!

Hi and Welcome to TSF!


What happens if you run a game or a large program? The processor should increase the the max power. Today most processors can idle therefore they don't use max power.

Read other 4 answers
RELEVANCY SCORE 67.2

A shield shows up on the lower tool bar looking like
a windows security shield. It has an x on it. I have
not hit it. It wants me to hit so it can do more harm.
Howe to get rid of this?

A:windows security shield

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.============================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Read other 1 answers
RELEVANCY SCORE 67.2

I just downloaded satellite direct to my pc everything went fine until I try to click on the desktop icon. It has a blue and yellow shield in the corner of the icon. What does this mean?
 

A:windows security shield

There are lots of "Reviews" of this software, including one that comes up many times under different names.
I trust Bob Rankin, however, and he says:
"If you're considering buying a software package named "PC Satellite TV", "Satellite TV Elite", "Satellite TV on PC", "Satellite TV for PC 2008 Elite Edition", "TV on PC Elite", "Digital TV 4 PC" or anything similar... they are ALL THE SAME type of scamware. You will pay $40 and in return you'll get a crappy software program that does NOT deliver what it promises. You WILL NOT get any premium or pay-per-view channels for free. The only thing these packages offer is links to online video sites that you could find for free with a quick search on Google or Yahoo."

Google will find some stations, or try here:
http://www.findinternettv.com/
 

Read other 3 answers
RELEVANCY SCORE 66.8

I encountered a virus entitled Security Shield. After running Malware Anti Malware and Symantec and Rkill the virus does not pop up any more or appear anywhere that I can see however I am now having difficulties in other areas of my computer.
When trying to access Steam I get this error message.
Unable to connect to server. Server may be offline or you may not connected to the internet.-102

Unable to connect to server. Server may be offline or you may not connected to the internet.

I also cannot connect to Internet Explorer nor can I successfully run Windows Update.

Please let me know if there is any more information needed to fix this problem and than you for the help!

A:Security Shield and Browser Issues

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 66.8

Hi,
I am dual booting Windows XP home with Windows 7 Pro. I have a 6 mbit connection for this laptop. When I run a test at speedtest.net, it shows that I can download at 740 kbps with a ping of 35ms in Windows 7, but when I run the same test through Windows xp, I only get 365 kbps, with a ping of 90 ms. I have run these tests multiple times, and while the difference is not so large most of the time, there still is a significant difference every single time between these OS.

All the settings are the same in both OS, same DNS servers, with file and printer sharing turned off. I cant figure out what is wrong. Any help is appreciated.
 

A:Windows xp net speed is half of Windows 7

Read other 13 answers
RELEVANCY SCORE 66.4

my daughters pc was infected with the security shield malware, a vicious piece of bleep.
So i ran thru the whole procedure with rkill and malwarebytes, however the full scan didnt detect any suspicious object.
when restarting the pc again in normal mode the virus was active again.

I may have only one route left, a complete windows reinstall (not my favourite).

anybody?

A:windows security shield malware

Hello plese run this. Did you run them in safe mode?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .c... Read more

Read other 3 answers
RELEVANCY SCORE 66.4

So the past day or two, my browser has been redirecting me a lot. I'll open google, search for something, and then upon opening the links, it either opens a new tab with some random website or redirects the page I clicked on to something else. This morning, I start getting Security Shield popups. I downloaded Malwarebytes, ran it in Safe Mode w/ Networking, removed everything that popped up, and reset the hosts file but I'm still having issues with websites redirecting. I haven't seen anymore Security Shield popups. I uninstalled Microsoft Security Essentials because I was given an error every time I attempted to open it that basically said... no, you can't open this.

Here's the requested logs.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:58:29 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Winamp\winamp... Read more

A:Security Shield fake AV and browser redirecting.

Read other 9 answers
RELEVANCY SCORE 65.6

Hey guys,

I'm unfortunately back! The office admin computer at my workplace started having these "Security Shield" windows pop up, and I went through the self-help removal guide in Safe Mode with Networking using Rkill and MBAM and I didn't get it. I need help! Here's the DDS log:

======
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Office at 15:25:21 on 2012-07-03
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8054.5526 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32... Read more

A:Security Shield Virus on Windows 7 Machine

Hi mjcritchfield,My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.Some things to remember while we are working together.Do not run any other tool untill instructed to do so!Please do not attach logs or put logs in code boxes (unless explicitly asked to)Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can also help.Do not run anything while running a fix.If you don't understand a step, please ask for clarification before continuing with any future steps.Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum. You mentioned this is a work computer. I strongly recommend you to ask your IT suppport/network Administrator to fix this. After all they are paid to do so.I say this for several reasons:There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. Any infection could jump terminals in a computer network.There may also be legal issues regarding any loss of business data that I do not wish to deal with.Some people who come here use their comput... Read more

Read other 3 answers
RELEVANCY SCORE 65.6

I have another thread that talked about an XP transplanted internal HD that right-clicking on any folder or file had little UAC? shield icon next to DELETE and RENAME in right-click context menu. When I would delete a file/folder, it would NOT give me a delete confirmation.

I happened to right-click C:\Windows and every other folder in C: (except ones I created) have the UAC shield next to delete. They ARE owned by TrustedInstaller but I just like having the protection in case I accidentally delete them.

Can anyone on their W7 machine, right-click various system folders in C: and report if you have the UAC icon? As well, check your security -> Owner to see if it's TrustedInstaller?

Worrisome. But, I've never done a thing to any C:\ folder re: security or anything. Ever.

A:right-click C:\WINDOWS shows little UAC? shield - security?

Do you mean you see the UAC shield directly next to Deelete in the context menu? I do not see that, but currently have UAC turned off on this computer. What level of UAC are you using?

Regards,
Golden

Read other 9 answers
RELEVANCY SCORE 65.6

My computer (running on Windows XP) was infected by the Security Shield virus ~2 days ago. I googled and found instructions to remove it at bleepingcomputer, including downloading and running Malwarebytes. I eventually got the program running, however as it took >4 hrs to scan someone unknowingly closed down my computer while I was away.

Nonetheless, the next time I started the computer the Security Shield didn't pop up anymore, instead I had a pop-up message saying 'Missing Virus Definitions: VPTray.exe - Ordinal Not Found'. Again I googled and found someone with similar experience, and their problem was solved after using ComboFix. I realise now that I probably shouldn't have done what I did, which was downloading and running ComboFix myself. Anyway, after restarting my computer twice ComboFix found a problem with 'rootkit'.

I ran Malwarebytes again, and it found 2 instances of 'rootkit.0access.h', which it quarantined/deleted.

While I don't get the pop-up messages anymore, I now encounter audio of ads running in the background and clicking noises instead. When I open the Windows Task Manager I can see that there is a few 'QEYV74~1.com' under user name 'system' which is pretty suspicious.

I am fairly certain my computer is still infected by some virus which is beyond my amateur skills to fix, so am asking for help here.

I tried to follow the instructions about DDS and GMER logs, however, my computer crashed tw... Read more

A:audio ads running in the background after security shield infection

Hello xenabc, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.We need to get a little more information before we begin.1.Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.2.Please download ListpartsRun the tool, click Scan and post the log (Result.txt) it m... Read more

Read other 3 answers
RELEVANCY SCORE 65.2

Hello, Samsung 970 is the best SSD in the market and it cost me 460 Euro to buy the Samsung 970 Evo NVMe M.2 SSD 2TB  in order to make my T470 20HD achive Read/Write 3.500 and 2.500 MBps. But this expensive SSD is running half of its speed on T470 20HD read and write 1748 and 1685 MBps. While most Laptops with Intel dual core ( https://www.userbenchmark.com/  )  with Samsung 970 Evo they got ( read and write speeds: 3.500 and 2.500 MBps respectively).   T470 20HD read and write 1748 and 1685 MBps.   From Lenovo website I bought this (Tray 1 for ThinkPad M.2 SSD drive Cost: Euro 30):   I am not fine with T470 20HD half speeds of read and write 1748 and 1685 MBps.Looking forward to hearing from youthank you in advanced.

Read other answers
RELEVANCY SCORE 65.2

DDS (Ver_09-05-14.01) - NTFSx86
Run by Compaq_Owner at 2:48:23.73 on 06/04/2009 Thu
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.949.82.1033.18.702.138 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\e.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1&#... Read more

A:AVG Resident Shield Alert & Web Shield Alert

Hi,* Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Read other 11 answers
RELEVANCY SCORE 65.2

Thanks in advance for any and all help. :)

This one got me by surprise.
Either somethg snuck past Kaspersky, or I clicked on something other than Deny by mistake when a Trojan warning popped up (which was probably the case).

When booting up my computer,
I was greeted by a Windows - No Disk - exception processing message.
If I clicked on Cancel, it would continue to pop up periodically.

Also, the Windows Security Alert box keeps telling me Windows Updates are disabled, and that I have no Virus protection,
even though I am running a continually updated Kaspersky Anti-Virus 7,
and the Windows Update menu in the Control Panel says Updates are enabled.

After running through all the steps you have laid out,
the pop-ups seem to be at bay, and the Windows - No Disk error hasn't popped back up yet

But the machine is sluggish, the Windows Security Alert problem still persists, and my browser continually refreshes as though it is trying to load something.

Below is the HiJackThis log,
as well as the attached Panda scan log.

Thanks so much for all your help!

-------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:31 AM, on 10/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\... Read more

A:Infected machine? - pop-ups / Windows Security Alert problem / Windows no disk error

BUMP, please

------
Also, an update since I originally posted this.

I already had Spybot installed prior to the problem, so I loaded Spybot Tea Timer to give me some sort of added protection while waiting.
It nuked numerous attempts by Run32dll.exe to access various dll files in the System32 directory, as well as adding various strings to the Registry.

During this time, the machine was extremely sluggish, but I could still use it to some degree.

But something happened yesterday, and now my machine won't even boot up. :(
I can't boot up in regular mode or in Safe mode.
All I get is the dreaded blue screen with a C000021A error. :(

I'm fortunate enough to have a backup drive that had all my working files, so I could continue my work on another machine.
But I stopped the backup when the problem popped up to avoid infecting any of the files on my backup drive.
So all of the data from the 3 days the virus problem started up is lost to me at the moment.

Please advise.
Thanks in advance for all your help.
If we clean this up like you did when helping me a year ago on another machine,
I'll be sure to donate again, like last time! :)
Thanks!

Read other 9 answers
RELEVANCY SCORE 65.2

Hi,

Symptoms:
"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.


Hijakthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:12, on 17.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOW... Read more

A:windows security alert "Windows has detected an Internet attack attempt

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

--------------------------------------------------------... Read more

Read other 19 answers
RELEVANCY SCORE 64.8

Please help! For the past few months our computer has been constantly popping up virus messages. Every few seconds we get a Windows antivirus message that says windows has detected spyware... As soon as I close this box it reappears. Every 2-3 minutes we get a Windows Security Alert stating Warning! Potential Spyware Operation! And sporatically we get a Trojan Found message from McAfee VirusScan although I can not delete the infected file.

I looked through some websites and messages on this board looking for help. I downloaded Super Antispyware Free Edition and ran that program. It deleted 450+ items but the computer is running no better and the messages are popping up just as often.

Moreover, I can not access my control panel through the start menu and can not add or remove programs.

I have seen some people post similar problems and they are told to run a Hijack report. I am not sure how to do that or what that means.

Can someone please advise? Thank you so much in advance for your help!!!
 

A:Solved: Windows antivirus, Trojan Found, Windows Security Alert

Read other 16 answers
RELEVANCY SCORE 64.8

Hi, I'm having a problem with pesky malware of some kind. It started with bogus "Windows Security Alert" messages, "Antivirus Software Alert" and "Infiltration Alerts", and "Security Warning / Application cannot be executed. The file xxxx.xxx is infected. Do you want to activate your antivirus software now?". It would also redirect me to different websites in IE8.Based on that info, I found the sticky forum on here that deals with that virus, and I ran RSKill, MalwareBytes, and also Spybot, etc. but the problems come back after the next reboot. I ran through the removal routine several times, but it keeps coming back.At the present time, the computer takes a very long time loading upon reboot, and IE8 blanks out whatever site address I type in -- it replaces the address with "http:///" and returns with a "the address is not valid" page. At the moment, the "Infiltration Alerts" are not happening, so I don't know if that first virus is gone, but it let another one in the door in the meantime, or if this is just a different manifestation of the original virus?I tried running DDS.SCR program as asked in the Preparation Guide. But it just flashed me the little black window with the DDS introduction for a few seconds, but never gave me the DDS.txt or Attach.txt results. I tried several times, without success.I was able to run the Gmer program on the second attempt. The first attempt ended after a... Read more

A:bogus Windows Security Alert messages, Infiltration Alerts, Security Warnings

Hello johntee, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post. I will be analyzing your log. I will get back to you with instructions.

Read other 39 answers
RELEVANCY SCORE 64.8

"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.

[U]HIJACK THIS LOGFILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:06 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\servi... Read more

A:windows security alert "Windows has detected an Internet attack attempt.repl me soon

Hello and welcome to TSF


Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems,follow instructions below.

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

======... Read more

Read other 1 answers
RELEVANCY SCORE 64.8

EDITED BY AUTHOR 2012-02-28PLEASE DISREGARD THIS POST. THANKS TO YOUR INSTRUCTIONS AT http://www.bleepingcomputer.com/virus-removal/remove-security-shield I WAS ABLE TO RESOLVE THIS ISSUE MYSELF. THANKS FOR CONTINUING TO PROVIDE CLEAR, RELIABLE INFORMATION AND SOLUTIONS ON SPECIFIC MALWARE PROBLEMS!Hello.As stated in the topic title, I am humbly requesting assistance in removing "Security Shield" malware from my Dell Latitude D610 running Win XP SP 3.I have attempted to download and run DDS and GMER. However, the malware is blocking both IE and Firefox. I have tried to download DDS and GMER on a separate computer and then copy the downloaded files, via flashdrive, to the desktop of the infected laptop, but neither DDS nor GMER will run. Consequently, I am unable to attach a dds.txt file, attach. txt file, etc.I apologize for not having the latter files available to attach. Any advice on how to create these files would also be greatly appreciated. (Would it suffice to try to create the necessary file(s) in Safe Mode?)Thank you in advance for any reply and assistance you can provide.

A:Request Assistance: Security Shield malware Windows XP

EDITED BY AUTHOR 2012-02-28PLEASE DISREGARD THIS TOPIC.Hello,I need to add that I now have been able to run DDS (perhaps by rebooting and then launching as soon as I have logged on -- ??before the malware can fully load??). HOWEVER, the "Security Shield" malware does not allow the text files created by the DDS utility to appear -- instead, in an initial instance it "blocked" Notepad with a warning message, and in all subsequent instances Notepad with the DDS-created .txt files will not stay on screen for longer than a split-second.More specifically, after DDS finishes checking my system (in the black-and-white command prompt window), I do get the initial DDS popup saying that the files have been created and "shall appear after you have closed this window" (i.e., after clicking OK). But, as soon I click OK, a text file blinks on my screen for only a split-second and then disappears -- faster than I can possibly save it. I have tried multiple times to run DDS and obtain the dds.txt and attach.txt files, but every attempt has failed because of the problem with the text file(s) not staying onscreen for more than a fraction of a second.I also now have been able to run GMER but am still waiting for that process to complete to determine whether it will produce a log that, unlike with DDS, I will actually be able to save. After the GMER process completes, I will post an additional message indicating whether I have been able to save the requisite ark.... Read more

Read other 2 answers