Over 1 million tech questions and answers.

Help with AVG removing/healing viruses.

Q: Help with AVG removing/healing viruses.

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

RELEVANCY SCORE 200
Preferred Solution: Help with AVG removing/healing viruses.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers
RELEVANCY SCORE 69.6

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers
RELEVANCY SCORE 61.2

Panda


Incident Status Location

Adware:adware/ilookup Not disinfected c:\windows\iLookup
Adware:adware/comet Not disinfected c:\documents and settings\all users\application data\Starware
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\FunWebProducts
Adware:adware/s... Read more

A:Weird "can't find file" message on startup, viruses not deleting or healing

Please go HERE and carry out the instructions that are posted.Thankyou..

Read other 19 answers
RELEVANCY SCORE 47.2

Fixing a friends computer.

Windows XP Professional 2002, SP 2.

The laptop Takes forever to boot, Even longer to load a program.

I have removed 4 infections with malwarebytes, and a few things with Superanti Spyware.

i would very much appreciate it if someone would kindly look at the HJthis Log...

I will post the Malware bytes log and the superantispyware logs in my next two posts...
Cheers all
Neb.
 

A:Need help removing Viruses

Malwarebytes' Anti-Malware 1.44
Database version: 3537
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

10/01/2010 22:27:00
mbam-log-2010-01-10 (22-27-00).txt

Scan type: Quick Scan
Objects scanned: 140062
Time elapsed: 52 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.74.0 (Adware.Zango) -> ... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

I am running Windows XP with Symantec Antivirus & Webroot Spy Sweeper. Symantic Antivirus has scanned & found the following:
Backdoor.Tidserv!inf
Trojan Horse
Trojan.Fakeavalert
Infostealer

My virus software will not let me remove or delete those and I think one of them dissabled my virus software because Windows Security Center is telling me to turn Symantec Antivirus on when it should all ready be. Below will be my dds log file, please help me with the next step.
DDS (Ver_09-07-30.01) - NTFSx86
Run by HP_Administrator at 21:01:02.67 on Sun 08/02/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Prog... Read more

A:Need help removing several viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

Hi,

My system has been affected by a "Browser hacking" virus...

Here im attaching my HijackThis Log with this post, please check and help me in resolving this issue...

Thanks in advance.

Here is my HijackThis Log ..

Logfile of HijackThis v1.99.1
Scan saved at 7:26:39 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Intel\Wirele... Read more

A:Need help in removing viruses...

Welcome to TSG
Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

Hi,

I have ran
Cleanup! Ad-Aware SpyBot S&D Panda ActiveScan Pc-Cillin ewido

but still have problems. here is my HJT log thanx in advance

Logfile of HijackThis v1.99.1
Scan saved at 2:18:07 PM, on 12/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Go... Read more

A:HJT log need help removing viruses

Read other 7 answers
RELEVANCY SCORE 47.2

There is music playing through the speakers.  There are constant popups from norton about mutechrome.dll, chromeautoapprovetb.dll, np-mswmp.dll, tbverifier.dll, tbmessaginghost.exe, nc-cwmp.dll, apisupport.dll, widevinecdm.dll, and conduitchromeapiplugin.dll coming up. 
 
malwarebytes keeps picking up viruses, when i try to do the scan, the popups fly and the viruses keep copying themselves, and it never lets malwarebytes remove anything.  it always stops responding.  tried several of the removal tools from a thread i seen here from the end of last month.  either they dont remove all of them, none of them, or they cannot complete much like the malwarebytes cannot.
 
 

A:Need help removing viruses.

Also, its not showing any programs running on the task manager when i am getting all the popups.  Nor did i see any unknown programs on the programs list to uninstall.

Read other 38 answers
RELEVANCY SCORE 47.2

I first thought I had a virus when I was on the internet and clicked a link and it redirected me to some random site. So I ran "Malwarebytes Anti-Malware" and "SUPERAntiSpyware Free Edition", they both said I had viruses. I removed all of them and restarted my PC. I was then notified by Microsoft Security Essentials that I had a "potential threat" on my computer. I selected remove, but it said I needed "Standalone System Sweeper" I clicked 'download now' and I was taken to a microsoft.com link telling me how to get "Windows Defender Offline Beta." (Notice that it's not the same program it said it was before). However, I still decided to download WDOB. I had to put it on a flash drive and boot the computer from the USB.

Upon restarting the computer from the flash drive, WDOB performed a scan for potential threats and found two items. I selected to remove them both, then continued with the restart of my computer and when I got to the desktop, MSE notified me again that I still had a virus. That's when I decided to post this.

Thanks for any help!!

EDIT: I remember some of the virus names: blacole and cleaman.g

A:I need help removing viruses

First, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, let's get rid of the Java script ... (temp cache)
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 fo... Read more

Read other 9 answers
RELEVANCY SCORE 47.2

Hi,

It seems that i have really messed up my computer. I have tried to clean it my self, but i'm not that efficient at it. The symptoms I get include: Fatal error and the computer just turning into a blue screen, the computer freezes, when i click on a google link it takes me to a site completely different from what it should be and pop-ups.
Here is the DDS log.
and the Attached file
DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 23:29:36.79 on Sun 05/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.61 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32&... Read more

A:I need help with removing viruses

hi,

sorry for delay, no shortage of posters. Your log is several days old, if you still need help reply to my post.

Read other 11 answers
RELEVANCY SCORE 47.2

I was purchasing a Registry Cleaner and could not get it running. Called for support and they took control of my computer. They brought up a file of what I think were 3 years of old viruses and informed me that I would have to purchase new software from them to delete these items, because that is what was causing my computer to run slowly. For the price of the software it would cost me half of what a new Tower would cost. I cannot find this file. Does anyone know where this file is?

A:Removing old viruses

Hello joewag747 and welcome to TSF,

Having a company take control of your computer when you can't get their program running sounds much like a scam - do NOT purchase it. What is the name of this Registry Cleaner?

Also, since you gave them access to your computer, I think it would be most prudent to check for malware. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 19 answers
RELEVANCY SCORE 47.2

Hey, I have run into some problems with some sort of Win32 virus. After running Ad Aware I found and deleted all of the files found. Some of them stayed deleted while others would return after reboot. They are all hidden files located in the system 32 folder and here is a list of the ones I cannot delete:
bszip.dll
cmd.exe
netstat.exe
ping.exe
regedit.exe
taskkill.exe
tasklist.exe
tracet.exe
Although some of these files look legit, they are indeed clones of the original which are part of Win 32.
I can easily find and delete these files, but the problem is they come back after reboot. Can anyone help me? Thank you very much in advance.
Adam

A:Help Removing Some Win 32 Viruses

Run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/Also this online Trojan scanner:TrojanScanIf the above doesn't help rid you of the problem, then:Read How to post a HijackThis Log. Please read, and follow, all directions carefully.Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.A member, of the HJT Team, will help you out.It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.NOTE:Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.

Read other 1 answers
RELEVANCY SCORE 47.2

I've got viruses on my computer.

Anyway. Can someone tell me how to get rid of them? Is there a freeware utility
for this?

Need help baad.

Thanks.
 

A:Help removing viruses

Hi, We reccommend posting a log made by a small free utility called HijackThis...often, what seems to be one or two "viruses" is not easily fixed with a few online scans or a download or two....not these days...

I can get you started:

dvk01 said:

Getting Hijackthis and installing it correctly

go to here and download 'Hijack This!' double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
Click on the entry in start menu or on the desktop to run HijackThisClick to expand...
First open a reply here in your thread to have it ready.
Run Hijackthis.exe, and
Select the "Scan and save a log" button...

When it is done scanning> the Save box will become available, save the log as hijackthis.txt which will open with Notepad. Hit the EDIT> Select All then the EDIT>Copy button at the top of your log, Go back to TSG, and click once in the blank reply space, then go to the top of your browser window and select EDIT>Paste.
Please do NOT use HJT yourself to remove anything, most of what it shows is good and needed by the system.
 

Read other 3 answers
RELEVANCY SCORE 47.2

My Gateway computer (XP Operating Syst) has been infected. Inappropriate icons appear on the desktop (and come back when deleted), and I get countless explorer windows opening. I also get repeated warnings and pop-up adds for virus protection, but I don't know if they are legit. I've tried to run the free registry scan from this site but I get an error message that a problem was encountered and it just hangs up. Here is a hijack - would greatly appreciate any help !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:14:59 PM, on 2/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\wltrysvc.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe... Read more

Read other answers
RELEVANCY SCORE 47.2

Hello all, I have a serious problem with my computer. I believe I have a virus that originates from the programs win32, but I am no computer expert so I don;t really know. If someone could please analyze my hijackthis log and let me know what I could do to fix it I would really appreciate it. Let me know if I need to download any more programs to help me in my quest.Here is a description of the things that are wrong with my computer: When I open my firefox internet browser, sometimes internet explorer will start opening popup after popup and I can't stop it. Overall, there are alot of popups that come up all the time. Also, Firefox does not allow me to open many links; it just freezes and doesn't allow me to proceed. Also, I cannot copy and paste by right clicking inside the internet browserLogfile of Trend Micro HijackThis v2.0.2Scan saved at 8:28:52 PM, on 10/28/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18319)Boot mode: NormalRunning processes:C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exeC:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exeC:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files (x86) ... Read more

A:Help removing viruses. Win 32 maybe?

I've seen that alot of posters have been posting DDS logs. Here is my DDS log. Any help at all would be appreciated
DDS (Ver_09-10-26.01) - NTFSX64
Run by Owner at 8:02:37.59 on Thu 10/29/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3932.1910 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Syst... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

I am getting notices that there are threats and malicious malware infecting the computer, I do not know how to get rid of them and I am afraid of installing a antivirus I do not know of. The computer had some problems in the past and I ended up installing without knowing Antivirus plus, which after having it installed I read it was not good at all, but it stopped the popups for a while, a tech came to fix it and ended up removing the antivirus and installing Personal Antivirus, which I have also read about, and the results are not so good now. Having some worms and trojan viruses. It took a week for it to start giving me trouble, and I desperately needing of help, I am afraid of downloading any antivirus, and making it worst.
I have not been able to get rid of the Personal Antivirus also, and need to know how to get rid of it.
Please help.

A:Need help removing viruses

Hello and welcome to TSF.

Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 47.2

How to know that your computer is infected with virus ?
 

Read other answers
RELEVANCY SCORE 47.2

i have some viruses on my computer could some one help me get rid of them?
 

Read other answers
RELEVANCY SCORE 47.2

do you have to pay to remove viruses?

A:removing viruses

No.
Please read here.....http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
 
Good Luck !....and btw...Welcome to BC !
 
Brian

Read other 3 answers
RELEVANCY SCORE 47.2

OK so my computer has recently got infected with lots of viruses,i have used NOD32 and it has found and cleared two or three viruses each time i use it, however i used Prevx 3.0 and it found many more viruses that NOD32 didn't find but wont let me remove said viruses unless i buy a key for it which will cost around ?30, i would just find a key but I've look everywhere with no success.

My older brother suggested i should reinstall Windows 7 but i really cant be bothered to install many of my programmes again, so i ask is there a way or a good "free" anti virus software to fix my problem or do you think reinstalling Windows is for the best?

All my thanks to any advice.

A:Removing Viruses

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 46.4

Listen, guys,
MY OS: WinXP
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files... Read more

A:Please, help me healing this one virus :|

Read other 8 answers
RELEVANCY SCORE 46.4

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
 
New message
 
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
 
As I would expect, Phoenix Techno... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi,

I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.
 

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.
 

Read other 2 answers
RELEVANCY SCORE 46.4

Hi,

My computer was infected by a trojan virus. I have tried to clean the computer several times using Spybot, AVG, & Spyware Terminator. They have shown infections, and it looked like these programs removed them, but I'm sure the computer is still infected. I have also restored the computer to earlier dates using windows, more than once.

Different things are happening. First about 90% of my pictures and documents disappeared. Then most of the desktop themes I had downloaded disappeared, and I'm unable to apply the ones that are left. The latest problem is video's are not running properly.

Please let me know if you need more information. I appreciate any assistance someone is willing to offer.


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 3998 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 1807 Mb
Hard Drives: C: Total - 292206 MB, Free - 179853 MB; D: Total - 12836 MB, Free - 1786 MB;
Motherboard: Hewlett-Packard, 306B
Antivirus: PC Cleaners, Updated: Yes, On-Demand Scanner: Disabled
 

A:Trouble removing viruses.

Read other 7 answers
RELEVANCY SCORE 46.4

Hello and thanks for viewing my thread.
I've been tortured by this virus(s) for quite some time. I'm fairly sure it's a rootkit of some sort, I had managed to remove it before, but it's back again.

Rundll32.exe runs under User, not System, and it starts through, what I assume is part of the virus process, When running Iexplorer.exe.

I don't use Internet explorer, so it may not be triggered but, even if it isn't i'm sure there are other ways that this virus is triggered and ran.

I might also add that When I Do open Iexplorer.exe, 2 new ones popup, one under user, another under system.

So obviously iexplorer.exe shouldn't be running under system, and so forth.
I also have some sort of annoying redirect virus or cookie, whenever I search anything, or click a link it redirects me to a random site, always ending with search.php.

I had removed something called Zip.exe, which i understand is some sort of information stealing trojan, i'm not sure if it's still running.

I'm sorry that I cannot post an HJT log, since one of these things are blocking me from opening virtually anything.

I cannot open text files, executables, NOTHING.

It's really annoying and I could really use some help.
Thanks.
 

A:Need Help Removing Multiple Viruses

I also forgot to add that it almost seems as if it's activating random payloads, my browser will randomly open, and cmd prompt opens from no where.

I've also started having problems with Cftmon.exe, I had disabled it because it was using massive cpu so I had to.

But it randomly opens nearly 5 of them when I click anything, but they disappear as fast as they show up.
 

Read other 2 answers
RELEVANCY SCORE 46.4

I downloaded AVG to remove a Trojan virus that was on my friend's HP Pavillion computer, he has Windows XP. I could not get Windows to update, nor could I get the newly installed AVG Free to update no matter what...so I ran the virus scan anyway in hopes of eliminating the virus that was causing this... When I restarted the computer, like AVG told me to after the virus scan and subsequent removal of said viruses and trojan downloaders, it came on, offers to let me go into setup or restore...goes to the blue Intel screen, then a black screen and then to the Windows XP startup screen. XP seems to be loading, then the screen will go black and the computer will go back to the beginning and just keeps looping this process over and over with no changes. It will not respond when I click on F10 to restore, all it will let me do is click F6 for the system specs which is doing me no good. There were some viruses and loaders that were in his C drive in the Windows and in his System.

My question is; is there anything that I can do to bring his computer back or is his pc ready for the graveyard officially now? I assume that by removing those viruses, his system was seriously damaged, or his pc was only working because the viruses were "allowing" the pc to work. Maybe he had the Conficker (sp?) worm??? I feel like I destroyed his computer now though.

Thanks to anyone that can give me advice! I really do appreciate it!!!
 

Read other answers
RELEVANCY SCORE 46.4

One of the more common questions I hear from readers with computer virus infections is, ?How do I get rid of a virus if I can?t even boot up into Windows to run an anti-virus scan?? Fortunately, there are a number of free, relatively easy-to-use tools that can help on this front.

The tools in this review are known as a ?rescue CDs.? These are all free, Linux-based operating systems that one can download and burn to a CD-Rom. Once you?ve configured your PC to boot from the CD you?ve just burned, you can use the CD to scan your hard drive, and ? depending on the type of rescue CD you choose ? even copy files to a removable drive.



Source -
Removing Viruses from a PC That Won?t Boot &mdash; Krebs on Security

Read other answers
RELEVANCY SCORE 46.4

I'm having real trouble trying to remove some nasty viruses. I seem to have a few viruses/spyware on my laptop that are seemingly removing components of programs so that they no longer work, For example iTunes say its missing certain compents and wont load. I have re-installed programs many times as they keep getting changed.
I have seen andt.sys, indt.sys. perfs.exe and routing.exe, all flagged up by one firewall or anti-virus. But wen i delete them they reappear or i cant find them and the problem still persists. I've tried just about every removal program recommended but nothing seems to work, so help would be greatly appreciated.
thanks


Deckard's System Scanner v20071014.68
Run by KRISTIAN on 2008-03-30 00:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as KRISTIAN.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:00, on 30/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Update 3\VA... Read more

Read other answers
RELEVANCY SCORE 46.4

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Helene (administrator) on HELENE-PC (31-08-2015 20:01:35)
Running from C:\Users\Helene\Downloads
Loaded Profiles: Helene (Available Profiles: Helene)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Micro... Read more

A:Viruses not removing after scans

C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-27 07:45 - 2015-07-22 12:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-27 07:45 - 2015-07-22 12:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-27 07:45 - 2015-07-22 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-27 07:45 - 2015-07-22 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-27 07:45 - 2015-07-22 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-27 07:45 - 2015-07-22 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-27 07:45 - 2015-07-22 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-27 07:45 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-27 07:45 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-27 07:45 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-27 07:45 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-27 07:45 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-27 07:45 - 2015-07-09 13:42 - 00067584 _____ (Micro... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

I am helping a friend sort out his computer. He has a W2K Dell with a dial up connection and was having problems with a slow computer and malicious spyware popups - he had no antivirus software or a firewall installed. Because his connection is so slow I took his computer home and connected it up to my router which has a broadband connection.

I purchased SpyHunter for him and this showed that he had over 10 malicious cookies and register entries etc and I got rid of these. I was concerned that I was using an open connection so wanted to install a firewall and some antivirus software. I downloaded the free versions of ZoneAlarm and BitDefender and disconnected the router connection. I tried to install ZoneAlarm but had trouble with this so went on to try installing BitDefender. This seemed to be going all right - it searched for viruses and found a very large number which apart from 2 it deleted and quaranteed the others. The installation didn't finish however - it seemed to want an internet connection at this stage, which I was reluctant to give it. However I did reconnect my router but the installation still didn't finish and I had to wind it back. His computer is still very slow.

My question is then how should I proceed to install the firewall and remove any viruses remaining. I don't want to go back to my friend's house and use his dial up connection - it's much easier to deal with it at my house because of my faster connection and the fact that I can... Read more

A:Removing Viruses And Spyware

Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the Administrator's account or an account with administrator privileges?If you don't have any anti-malware programs, see BC's list of Freeware Replacements For Common Commercial Apps. There are several free online anti-virus scans listed which you can perform. I would also recommend that you download and scan with SUPERAntiSpyware Free in "SAFE MODE".Please update the defintions before performing a scan. If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.If the computer still seems to be slow, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.

Read other 13 answers
RELEVANCY SCORE 46.4

Hi

I need some help removing some trojans and smitfraudc virus. I am also receiving a message stating "winrscmde is not working and was closed A problem caused the program to stop working correctly"
any help would be greatly appreciated.

A:need help removing smitfraudc and other viruses

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 15 answers
RELEVANCY SCORE 46.4

Hello everyone,

I recently got a trojan virues in my computer but i dont know how to take it out. I used Mcafee virus scan it found the viruses but didn't remover them. I used Panda anti-virus it found them it deleted two of them and renamed two of them. The other files look like this: C:\RESTORE\TEMP\A0000338.cpy.
Is it safe to delete these files. There are 14 of these files that are infected with Virus trojan.Netbus.160, Virus Trojan/PSW.FakeGina,
Virus Trojan/PSW.Dripper, Virus Trojan.HakTek. How do i get rid of these files or and are they safe to delete. I tried to delete them anyways but it couldn't cause it said they were in use. Can someone help me out please?
 

A:hi, im having trouble removing some viruses.

I take it you have Windows Millenium and these undeletable files are now a part of its restore archives.

This MS link should provide the answer:

http://support.microsoft.com/support/kb/articles/Q263/4/55.ASP

Let us know how it goes.
 

Read other 3 answers
RELEVANCY SCORE 46.4

upon reboot C:windows/system32/xxxxxx.dll (xxxxxx=sisazibo, ferazolu, and togitata)

After removing all vundo viruses and malware, spyware etc. I am left with the those file still being called for. Is there a way to remove this?
Thank you in advance.
PS .. I have tried searching the registry for the file names to no avail, and the dll are also no longer listed in system32.

A:Getting error after removing viruses

Hi your scans all come back clean now? Have you run MalwareBytes? This may be your situation.Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns , search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click HERE if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.

Read other 1 answers
RELEVANCY SCORE 46.4

Hello... I managed to get rid of a bunch of stuff with Spybot, Malwarebytes, and Avanti antivirus, but I cannot get rid of these Trojan viruses. I did have the blue screen with warning window wanting me to buy something, but that is gone now; however, I continually get the pop-up window warning of different viruses. I ran a Kaspersky scan awhile back and there were only 3 viruses--now there are 8 showing. I just recently added Avanti and Comando firewall, but I lost them when I did a system restore--I thought I would wait to put them back on until I checked here. Thank you, and let me know what else you need.

Here is a very recent HJT log, and I also included a recent Kaspersky scan showing the 8 viruses:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:02 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi fellow computer users. I'm sort of in a problem. My computer has taken a turn for the worse. After setting my computer factory reset. I thought I had fixed everything but my computer became even slower. I read the rules for using malwarebytes but I'm scared to use it. I just want to be able to use my computer without any "lag" It was perfectly fine but I reset after many problems with many. dll files. I also have a tendency to turn off my computer by holding the power button instead of normally turning it off. well longstory short Can anyone help me in removing these malware from my comp.

A:Removing Malware and Viruses

if you just reset your computer to factory, then there should not be any malware. not sure what you mean by rules for running malwarebytes but if you have it installed, then run it. also since you just reset your computer to factory, it could be slow because it could be indexing your drive for search. Until it is finished your drive will be slow. also since you just restore your coputer to factory, there are all kinds of windows and factory updatingbeing done in the background. That will also slow your computer. Finally if you want this forum to help with possible malware, then you need to post in the proper section. NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Read other 3 answers
RELEVANCY SCORE 46.4

I have a network admin friend that claims to remove viruses "by hand" using command prompt. He says he does not use tools or scanners (besides autoruns maybe). Do you think this is possible? Or am I being BS'ed

And apparently he gained this skill by being a programmer.
 

A:Removing viruses without tools?

Yes it is possible
 

Read other 1 answers
RELEVANCY SCORE 46.4

Hey, I have run into some problems with some sort of Win32 virus. After running Ad Aware I found and deleted all of the files found. Some of them stayed deleted while others would return after reboot. They are all hidden files located in the system 32 folder and here is a list of the ones I cannot delete:
bszip.dll
cmd.exe
netstat.exe
ping.exe
regedit.exe
taskkill.exe
tasklist.exe
tracet.exe
Although some of these files look legit, they are indeed clones of the original which are part of Win 32.
I can easily find and delete these files, but the problem is they come back after reboot. Can anyone help me? Thank you very much in advance.
Adam
 

A:Help removing some Win32 viruses

Welcome to TSG

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.

Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

Now Start KillBox. Paste the first file listed below into the full pathname and file to delete box:

The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tracert.com

Then on Killbox top bar, press Tools/Delete Temp files and follow those prompts and say Yes to everything.

Reboot.
 

Read other 1 answers
RELEVANCY SCORE 46.4

I just reinstalled Windows and appear to have been struck by viruses already. Here's my HJT log:

Logfile of HijackThis v1.98.1
Scan saved at 7:09:39 PM, on 19/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiphexx.exe
C:\WINDOWS\System32\Winregs32.exe
C:\WINDOWS\System32\VTTimer.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
D:\Tim\Cable Login\bpcable.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\TIM\AVG\avgserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Tim\Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
D:\Tim\mIRC\mirc.exe
D:\Tim\Hijack This\HijackThis.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Tim\DAP\DAPBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Tim\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ati control panel] atiphexx.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] Winregs32.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe&qu... Read more

A:HijackThis Log - Need help removing viruses

Read other 16 answers
RELEVANCY SCORE 46.4

I keep running malwarebytes back to back, each time with threats detected, but my system is still infected. I googled the title of this thread, and came to http://www.bleepingcomputer.com/forums/t/453695/malwarebytes-is-not-removing-a-trojan-ransom-virus/ and downloaded and ran TDSSKiller, theavast thing, and ESET Online Scanner (which is currently still running) -- all of which are showing threats detected. I Also ran FarBar. I ran these simultaneously, while windows was installing updates, so i hope that didnt mess with the logs. I'm running a 64-bit windows 8.1 Asus. 
I thank anyone that is able to pull be out of this mess. I tried to just factory reset the system, but get a "missing partitions" error, and a system refresh says windows is locked. :/
Attached is the FarBar logs, aswel as the TDSSKiller log and aswMBR log.
 

 TDSSKiller.3.0.0.44_20.04.2015_21.19.46_log.txt   232.53KB
  2 downloads
 

 FRST.txt   51.07KB
  1 downloads
 

 Addition.txt   44.96KB
  2 downloads
 

 aswMBR.txt   2.87KB
  1 downloads
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by David Doyle (administrator) on TITSMCGEE on 20-04-2015 21:50:44
Running from C:\Users\David Doyle\Downloads
Loaded Profiles: David Doyle (Available profiles: David Doyle)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet... Read more

A:MalwareBytes not removing viruses

Greetings and to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:
Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
Make sure to read my instructions fully before attempting a step.
If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
Important information in my posts will often be in bold, make sure to take note of these.
I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
Lets get going now
==========================
 
Hi dwdoyle8854,
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box:
C:\WINDO... Read more

Read other 17 answers
RELEVANCY SCORE 46.4

I have noticed various trojans and spyware on the computer. Of course, the spyware is causing tons of popups.

Here are some of the trojans that Trend Micro's PC-cillin found:

TROJ_DLOADER.DXD - C:\windows\system32\TQ0\am52.exe
TROJ_BHO.FD - C:\windows\system32\T3\am67.exe

Also here is the results from HiJackThis log. Can someone please tell me which things to check off to remove? Thanks.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:53:51 PM, on 6/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\svhost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\stsys... Read more

A:Need help removing various spyware and viruses

Read other 10 answers
RELEVANCY SCORE 46.4

As WHS frequently reminds SevenForums members, nothing beats having a good image backup of your computer. (See his tutorial, Imaging with free Macrium)

However, not everyone follows good advice. So, in the event you find your computer infected and unbootable, see Brian Krebs article, Removing Viruses from a PC That Won?t Boot.

A:Removing Viruses from a PC That Wont Boot

Great post! NOD32 offers this option also.

Read other 2 answers
RELEVANCY SCORE 46.4

Hello Everyone,
I'm having a couple computer issues, and I'm hoping someone might be able to help me, please. The two issues I'm having are:
1. My computer is shutting down on it's own. I received a message in a window that popped up that read,
 
            
             "Windows must now restart because the DCOM Server Process Launcher service terminated unexpectedly"
 
At the top of this message window (which had a yellow exclamation point) it says,
 
 
             "You are about to be logged off"

 
Then, roughly a minute or so later, whatever I have open closes and my computer shuts down on it's own.

2. The other issue I'm having is that sound is randomly playing on my computer. It comes and goes, and I have no idea where it is coming from!
I've run Microsoft Security Essentials multiple times since all this started, to no avail. I downloaded and ran a couple of other anti-virus/anti-malware programs...still, to no avail.
 
 
I am obviously seeking to eliminate these two issues.  Might anyone be able to help me, please?  Thanks in advance!!!
Best,
~mybcun

A:Need Help Removing Possible Viruses or Malware!!!

Hello mybcun, to analyse your problems we need to run a FRST-scan:  Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
Please copy and paste these logs in your next reply.

Read other 12 answers
RELEVANCY SCORE 46.4

ive neglected my computer so long and just started using it agian i would do a system recovery but so many important documents and files would be lost so im struggling to fix the problem myself but it is no doubt infected some of the programs i belive are infections are, the most common- ID09.exe (keeps trying to acces the internet is what my norton pop up says), winvagoge.dll, rundll32.exe, and SymWSCNo.exe and several others exist i belive. My norton will not let me update because it requires a windows update first but then windows update will not work the website refuses to load correctly. i tryed windows defender but it stops scanning in the process and gives and error message and says check for new defintions or updates but when i click check for updates it fails with and error found: Code 0x80070422. one scan the does go through is A-squared which finds high risk files but does not delete all of them (one of which being winvagoge.dll). i saw it looks like my owner file under documents and settings has been copied one or more times not allowing me to access certian ones although i am the only owner and computer admin, so this does not make since to me.... someone please help me

A:Need Help identifying and removing viruses

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

EDIT: I was confused reading the sticky, about posting the dds app, I am currently running it and will post asap.

Hello, TSF. Recently I have been infected by the CoolWWWSearch.Olehelp hijacker, and am currently attempting to remove it Using SpyBot SnD (yes I read the sticky not to use removal programs on my own, but I have used Spybot before and it was useful) and that may not be the main issue at the moment, unless it pops back up after using Spybot.

I have Avast 4.8 Professional, and it is detecting the SVCHOST.EXE that the CoolWWWSearch worm is masquerading as, and it keeps detecting shellu.exe. Now I am not sure if this is also the cool-search worm doing this, or if I got double-whammy wormed. I am aware that shell.exe helps windows display certain things, and I don't know if it makes any difference if it's "shell.exe" or "shellu.exe".

Any absolute and proven method to getting rid of the coolsearch worm in case my self-remedy doesn't work? Also, advice about the shell.exe?

I do not have a boot disc, but a restore partition the factory installed in a separate drive on my computer.

Thanks in advance.
DDS (Ver_10-03-17.01) - NTFSX64
Run by Kevin at 16:52:02.55 on 29/09/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.2.1033.18.3838.1999 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes =========... Read more

A:Need help removing viruses, possibly 2 of them

I am very sorry, re-read the intsructions. Above dds info is outdated as of now. I have uninstalled all P2P programs and other misc useless stuff I do not need.

I have edited my first post too much and must add a new post, forgive me :). Will be attaching new info hopefully to THIS post.

Read other 2 answers
RELEVANCY SCORE 46.4

Hello, I am writing with the concern of having viruses on my computer. Originally I had a virus that kept popping up security windows that said things like "someone is trying to hack your computer from ip address... and your computer is infected would you like to remove the virus now." I knew that something was wrong because it wasnt my anti-virus program which is McAfee. I was reading through some threads on this site about people having the same issue so i followed some of the advice. I thought i was in the clear however recently after a security update my virus scan found several new trojans. This made me realize that maybe my computer is not clean. This computer is a dell xps laptop running windows xp. If you could offer any advice that would be great. thanks for your help

HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:37 AM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system3... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi all,
I've been spending my day trying to help my mom clean up her Windows 7 computer, with no luck. There're pop-ups galore and Chrome has been closing a few seconds after I've opened it. I downloaded the Microsoft Windows Malicious Software Removal Tool from their site, and it's been doing a full scan for almost 9 hours now... it's 70% done and hasn't found a single infected file. I went into Programs and Features and noticed the A1PCCleaner has installed itself three days ago, which is what the pop-ups were from. Of course, when I click to uninstall it, it doesn't work. So I suspected I needed to manually get rid of it and go into Task Manager. I've been staring at the processes for a couple of hours now w/o ending anything, because I have no idea which is the malware. I need help, please! Also, how can I detect other malware in Processes?
 

A:Need help removing viruses on Windows 7...

Welcome

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.

 

Read other 1 answers