Over 1 million tech questions and answers.

**Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

Q: **Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

Dear helper,

Am I infected ?? What should I do ?

Window XP, Internet Explorer 6, Sony VGN-SZ18GP laptop bought in 2006.

System crash last night, with rapid lost of hard-disc drive space (from 15 GB down to 100 Mb within 2 hours). Norton security (2006 version) & Internet explorer were busted afterward, was not able to run at all. The build-in system recovery programme was also affected.

Was forced to use back-up system recovery CD to restore the laptop back in its origin shipping state.

However afterward it is still not right. Installed McAfee (from my internet service provider) but the update function is not working - repeatly state that it can now update because I am not connect to the internet, when I'm actually conneted to your website typing this email right this moment. Also internet access to microsoft and all other common antivirus website (Norton, McAfee, AVG, Kaspersky, Avast, etc) are all block. Hence I can't even attempt to find out what happen to my laptop.

What virus have I been infected ? What programme should I use to remove the malware now that I cannot access to any of the antivirus website or microsoft website ?

Thank you

Jason

Read other answers
RELEVANCY SCORE 200
Preferred Solution: **Infected, but cannot remove the malware - access to microsoft & all antivirus website are blocked by the malware !...

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 96

Hello. My computer had gotten extremely slow and opening new tabs on Firefox that I don't think I opened, so I downloaded Malwarebytes today. Ever since I downloaded I keep getting a pop up message that states "Successfully blocked access to a potentially malicious website (then the ip address) Type: outgoing. The IP address changes frequently but I have noticed a couple that keep appearing. My scan did show 2 trojan viruses: FakeMS and Agent.MIO. The most common of the IP addresses is 217.23.9.140. Thank you for your assistance.

Sherry

A:Malware popup access to potentially malicious website blocked: outgoing

Hello,would you post that log.Please DownloadTDSSkillerLaunch it. Click on change parameters-Select TDLFS file system Click on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan results.Please download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Click the Scan button to start the scan.On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under scan settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take s... Read more

Read other 12 answers
RELEVANCY SCORE 88

Dear Support Team,

My problems are similar to the ones described in this post

>>Can not access [COLOR=green ! important][COLOR=green ! important]Microsoft[/COLOR][/COLOR] or Anti Virus sites (In Progress<<
Link: http://forums.techguy.org/virus-other-malware-removal/995025-can-not-access-microsoft-anti-2.html
My computer got infected about a week ago, most security related websites are blocked, including ESET online scanner, but fortunately I can access your website.

After reading around similar cases so far I have run Malware Bytes scan, Combofix, TDSS Killer, Bootkit Remover, Spybot Search & Destroy, Superanti Spyware scans.

I had AVG virus scanner, but its resident shield was detecting EVERYTHING as a threat, therefore, I removed it (since it could not stop this malware infection in the first place, I wasn't too impressed with it anyway)

In the other post (link above) you suggested using MSE - but bcoz microsoft websites are blocked I am unable to download it.

I attach a HJT log to give you a starting point for your diagnosis. I would be grateful and happy to donate to your website, if you run such a system.

Thanks in advance.

Roger
Ps. In addition my computer won't start in safe mode ( - If i select safe mode, it laods a bunch of .sys files and gets stuck at one of them
 

A:Microsoft and Antivirus website's Blocked plus Redirects

Read other 16 answers
RELEVANCY SCORE 88

Hi:

My colleague brought me his computer. Apparently, he uninstalled AVG and at some point installed Malware Defense. I've deleted all traces of Malware Defense from the registry and unregistered the associated dlls but I cannot successfully install AVG9--the installation always fails due to not responding in a timely fashion. I can install Spybot 1.62 but it won't launch in either regular nor safe mode. Likewise I can install Malwarebytes Anti-Malware but it won't respond.

Any ideas?

Thanks,

Tom

Read other answers
RELEVANCY SCORE 82.4

Hi,
Just recently I've been having a problem where while connecting to GameSpy in Microsoft Flight Sim 10, Malwarebytes says that a certain IP has been blocked, on multiple ports. I did a WHOIS lookup and it redirected me to the RIPE NCC, which I followed to CJSC ER-Telecom Holding in Nizhny Novgorod, Russia. I ran a scan with MBAM and ESET db 4/24 (it mysteriously lost my username and password) and they found nothing (ESET has found threats before). So I ran a netstat and saw one peculiar result:
TCP on port 49224: www-15-01-prn1 which was established and shown as InHost.
I disconnected and reconnected and now I only have 1 active connection. Anything to worry about, or is it just random? I opened the game and connected to GameSpy again, I am waiting right now and looks like nothing is happening.

Thanks for taking the time to read this long and boring post.
________________
Stats:
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft® Windows Vista&#8482; Home Premium , Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 4
RAM: 4029 Mb
Graphics Card: NVIDIA GeForce 9800 GT , 512 Mb
Hard Drives: C: Total - 466967 MB, Free - 291439 MB; D: Total - 466904 MB, Free - 456389 MB;
Motherboard: Acer, EG45M, ,
Antivirus: ESET Smart Security 4.0, Updated and Enabled
--------------------
Log Contents:

11:42:55 Pierce MESSAGE IP Protection stopped
11:43:01 Pierce MESSAGE ... Read more

Read other answers
RELEVANCY SCORE 81.6

So I was on Facebook the other day, browsing a group I'm a member of.  I clicked on a link that I thought was going to take me to NBC news, and that's when all of my problems began.
My norton antivirus began to warn me of "Malicious Toolkit Activity 3".  I did a full system scan with Norton, it found nothing.  I used norton's power eraser, and the warning popups halted after two scans and reboots.
 
I had no problems for several days, but then norton warned me of a blocked intrusion effort from an external IP.  I scanned again, both power eraser and the nortan antivirus found nothing, so i downloaded Malware bytes.
 
I performed a Flash Scan, which found nothing.  I then performed a Quick Scan, which found nothing.  Lastly, I did a full system scan, which also came up empty handed.
 
To be doubly sure, I downloaded Malwarebytes anti-rootkit, and did another full system scan, which found nothing.  
 
Then, Malwarebytes began to send me notifications such as the following:
2013/08/09 14:42:54 -0500 JOHN-HP John IP-BLOCK 80.82.64.5 (Type: incoming, Port: 19, Process: svchost.exe)
and
2013/08/09 22:40:22 -0500 JOHN-HP John IP-BLOCK 222.186.23.101 (Type: incoming, Port: 1433, Process: svchost.exe)
 
 
I am at a loss as to where to go next, as the strongest scanning tools I know of are not finding anything.  The notifications do not come up very often (maybe once or twice a day), but I am still quite concerned. &... Read more

A:Pop-ups warnings from Malware Bytes about Malicious Website Blocked

Malwarebytes Anti-Malware IP Protection (malicious website blocking) is part of the Protection Module in the Pro version and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. Notification that an IP address has been blocked does not necessarily mean the computer is infected. Some legitimate programs on your computer (i.e. iTunes, Instant Messenger client, P2P programs, web browsers)) have access to the Internet and that action can trigger an IP alert if it tried to access a malicious IP address. These events are stored in the "protection-log". Your firewall should be able to give you a list of such programs so you can confirm if they are legitimate. IP Protection is also designed to block incoming connections it determines to be malicious. Botnets and Zombie computers scour the net, randomly scanning a block of IP addresses, searching for vulnerable ports - commonly probed ports and make repeated attempts to access them. Hackers use "port scanning", a popular reconnaissance technique, to search for vulnerable computers with open ports using IP addresses or a group of random IP address ranges so they can break in and install malicious programs. Malwarebytes is doing its job by blocking this kind of traffic and alerting you about these intrusion attempts and the events are stored in the "protection-log".

More information about IP Protection can be found in the Malwarebytes Anti-Malware I... Read more

Read other 1 answers
RELEVANCY SCORE 81.6

Hi.
I need help. Totally new to all these things.
Sincearound 1 week  I am getting a pop up from the malwarebytes antimalware " "malicious website blocked ,Domain,IP,Port,Type :Inbound ,Process:C:\windows\system32\svchost.exe"
 
each time IP & Port are different , but Type :Inbound  & Process:C:\windows\system32\svchost.exe are same .
 
I googled it but not understanding anything about different malwares & etc .
 
Any help will be appreciated .
Thanks..
 
Following DDS txt file is  pasted & Attach file is attached as told .
 
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by My at 21:44:31 on 2014-06-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.91.1033.18.6052.3474 [GMT 5.5:30]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Pro... Read more

A:Intermittently getting pop up from malware bytes "malicious website blocked"

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the correct version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The... Read more

Read other 17 answers
RELEVANCY SCORE 81.6

Hello computer experts!

My laptop appears to be infected with a plethora of virus/ torjans etc and i have tried all scans etc but things just keep reapprearing.

The problems are:

1) something reconfigured my internet settings

2) continutal blocking by anti malware of 'potentially malicious websites', e.g. 208.87.33.151

3) trojan horses are continally being found by avira anti-vir, e.g tr/kazy.35735.1 (which is flagged as a torjan horse generic 24.bkkc

Please advise guys, i would greatly apprehciate it as i have no idea what else to do.

sam

A:potentially malicious website keeps being blocked by anti-malware

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 50 answers
RELEVANCY SCORE 81.6

I'm writing this post because I'm quite sure I've gotten another virus. I say another because I had an issue a few months back.

About a week or two ago I got constant popups from Malware Bytes stating "Malware Bytes blocked potentially malicious website." I did a scan with Malware Bytes and my AVG and did not get any results for viruses, malware, etc. A few days after, I received a notice from my Gmail that there was a suspicious login attempt that was blocked from Hong Kong. I again tried my virus searches. I got no results and decided to uninstall AVG and downloaded BitDefender to see if it would show any results.

The BitDefender found the virus Gen:Variant.Symmi.7281 located in c:\system volume information\_restore{129201fa-b0ac-49b3-96b2-deb8b91e727b}\rp41\a0017151.dll. The file was deleted and when I restarted the computer an error box popped up stating "Error loading C:\Documents and Settings\Tiffany Stembridge\Application Data\lemse.dll The specified module could not be found."

Today I turned on my computer and got the popup 90% of the time it was turned on. I kept having to turn it off because the hour glass would popup and couldn't click anything. I'm concerned I have a virus, and of course any help would be greatly appreciated.

A:Malware Bytes Blocked Website/DLL Module: VIrus?

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwar... Read more

Read other 9 answers
RELEVANCY SCORE 80.8

Noticed slow PC.
Norton 360 reported poweliks and AdClicker, but could not seem to remove.
Installed MalwareBytes Pro, some issues found and fixed.
But poweliks activity still reported by both Norton and MalwareBytes,
excessive numbers dllhost.exe processes and reports of both inbound and output
malicious internet activity.
 
Ran RogueKiller, found poweliks in registry, followed instruction to 
kill dllhost.exe processes, then let RogueKiller delete registry entry.
Seemed to fix the problems.  Per RogueKiller recommendation on removing PUPs, ran
AdwCleaner, took recommendations for clean.
 
Re-runs of Norton and MalwareBytes not reporting anything.
Do not notice excessive dllhost.exe processes.
 
But, every 30 to 60 minutes notice MalwareBytes pop-up:
= = = = = = = = =
Malwarebytes Anti-Malware
Malicious Website Blocked
Domain
IP: 88.214.193.212
Port: 50707
Type: Outbound
Process: C:\Windows\explorer.exe
= = = = = = = = =
 
Thinking that remnants of some malware remains on this computer.
Need help to resolve if some malware remains or this is a non-issue.
Thanks.
 
dds.txt follows:
******************************************************************************************************

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by NguyenFamily at 19:24:40 on 2014-11-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3983.1234 [GMT -6:00]
.
AV: Norton 360... Read more

A:Malicious Website Blocked After poweliks Removed, Malware Remains?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554476 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 10 answers
RELEVANCY SCORE 80.8

hi
 
i am receiving a frequent popup message from malware bytes from this ip 91.212.124.159 with random port each time
 

 

A:Malicious Website Blocked Frequent Popup From Malware Bytes From 91.212.124.159

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.     HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.    Scan with FRST in normal modePlease download Farbar's Recovery Scan Tool to you... Read more

Read other 4 answers
RELEVANCY SCORE 80.4

Hi there!

Maybe since I downloaded a file, "holdemindicator161_3019.exe (Trojan.FakeAlert)", as is reported by "Malwarebytes' Anti-Malware 1.33", I am no longer able to update my Anti-virus, AVG 8 Free.

I tried going to the Malwarebytes's site but the access was blocked, and while trying to solve my problem, I realized I couldn't access some anti-virus sites either.

I cannot install SpyBot, since it requires server access, and I could only access Malware's software by reinstalling it (it delivered me the error "vbaccelerator sgrid ii control runtime error '0' ").

Since some of the system files are infected, I don't think I should delete them, but I don't know how to heal them either.

I would appreciate your help.

Telmo
 

Read other answers
RELEVANCY SCORE 80.4

Hello, this laptop will not allow McAfee to update and will not allow any anti-malware to be installed. The internet connection fails when trying to do so. I have no idea what to do. Any help will be greatly appreciated!
Here is the DDS.txt report:
DDS (Ver_09-01-19.01) - NTFSx86
Run by Tom at 19:52:47.68 on Wed 01/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.226 [GMT -6:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\M... Read more

A:antivirus and anti-malware blocked

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 78.4

I was recently browsing People of Walmart when I get a message from Avast stating that malware has been blocked. I'm going to guess that it was from an banner ad on the site because the site that it originated from was not People of Walmart, but somethink called Afnolink. That was the only site I was browsing at the time. But when I check the statistics for Web Shield, it says there has been no blocked malware. I've checked all other Shield statistics and they are all clean. So, where did the info for it go? Does this mean that it was not sucessfully blocked?
P.S: If this is in the wrong section, I'm sorry.

A:Avast Free Antivirus not showing blocked malware

I actually don't see a section for blocked malware. I do see a part where it shows number of scanned pages and number of infected pages. This is under Shield Traffic in the Web Shield area. What does the "infected pages" number show?

Orange Blossom

Read other 3 answers
RELEVANCY SCORE 77.6

Hi there... thank you so much for offering this incredibly generous help.

A week or so ago, my Verizon Internet Security Suite started finding and quarantining a lot of viruses and worms, and I was the name koobface come up several times. My computer was definitely being squirrely and slow, but nothing specific was happening that I noticed. The firewall had also brought up two .exe programs over and over trying to connect that I blocked, and eventually looked up (they were viruses, but I never found any the files for one of them to remove where the various help sites said they would be -- the other one I removed... I don't remember the names at this point). The firewall was also showing reports of blocking packets here and there... some every day, which was not usual.

I looked up koobface because it kept coming up, for a starter, and the conventional wisdom seemed to be that I should download malwarebytes scanner and run it, which I did. It found 30 files, which I removed, and things seemed to be better (and much faster) for a few days). Then, all of a sudden a couple days ago, I noticed that my browser search results were sending me to sites I wasn't asking for, and the search page was looking weird.. now I guess I realize this is a browser hijacker. I tried to run malwarebytes again, but it wouldn't open.. nothing happened. That was when I tried to run my Verizon Yahoo virus scanner and realized it wasn't working, and I think maybe hadn't been for a day or two. We... Read more

A:Browser Hihacker (Mozilla) and blocked malware removers and some antivirus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 77.6

Hi,

a week ago my computer started showing signs of an infection (e.g. a couple of blue screens, etc). And suddenly my windows 7 profile got corrupted: whenever I tried to use it, I ended up getting logged in with a Temporary Profile. In this profile the Avast antivirus appeared as if it was an unregistered version (though I had renewed the subscription not long ago). I tried the easier recommendations to repair the corrupted profile (e.g. renaming in registry, etc) but none worked.

From the temporary profile (or a new one I created, not sure), I scanned the hardrive for viruses using Avast. The Quick Scan did not find anything. But the full scan stated that it could not verify around 90 files from the Temporary Internet Files of the corrupted profile, and that it found a possible virus ("Threat: Rootkit: hidden file) though it did not mention any specific names of the virus.

The file that allegedly contained the virus was in the following path:
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

If I recall correctly, then Avast asked for a boot-time scan, which I performed shortly after, though it did not provide any new messages. But I still got logged in with the Temporary Profile.

Though this is a personal computer, people from the IT help desk at work tried to repair the profile and could not do it. They instead created a new one to which I moved all my files. They suggested that I try to re-insert the licen... Read more

A:Suspected Malware Corrupted Windows Profile and Blocked Antivirus

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. Comb... Read more

Read other 8 answers
RELEVANCY SCORE 76.4

My XP SP3 laptop started throwing strange IE 8 popups - sending me to alternate search engines or sites which showed search terms that had been entered into Google hours before. On 6/16/2010, around when these problems began, McAfee Security Center reported:

Generic FakeAlert!jb

and Quarantined it. I was still getting those strange popups and my CPU began to thrash. I tried to run Windows Defender but the Update failed. While investigating that problem, I determined that Windows Update itself was failing with an error saying "Cannot display the web page". I ran Spybot, Adaware, Malware Bytes, SuperAntiSpyWare and even Microsoft's online OneLive scanner. Only OneLive online scanner found anything other than cookies - it found a "Severe Problem" but gave no further information and produced no log file. It wasn't able to deal with the problem so I was left scratching my head.

I then ran across a thread that mentioned Kaspersky's online scanner. I disabled McAfee and ran the Kasperksy online scanner 7.0 and it found:

Trojan-Dropper.Win32.TDSS.bej

in my Temporary Internet Files folder under Content.IE5.

Since the online Ksspersky scanner 7.0 doesn't fix anything, I located that file and performed an On-Demand Scan using McAfee. McAfee now recognized it as a trojan called:

Generic Dropper!dev

and Quarantined it. I have no idea why this wasn't picked up earlier by McAfee.

I then re-ran Kaspersky Online Scanner agai... Read more

A:Malware / Trojan Removed - Somehow blocked Microsoft Update before being exterminated - What to do?

Hello,Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now check if the internet is working again.Now run NcAfee FakeAlert StingerRerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 26 answers
RELEVANCY SCORE 76.4

Malware has hijacked my internet connection.

My desktop is a Velocity Micro Pentium 4 3.0 ghz, with 1.49 gb RAM. 46% of the 120 gb hard drive is free. The OS is MS Windows XP Pro v.5.1.2600, Service Pack 3, Build 2600.

Recently my wife began complaining about an apparent redirection when attempting to access one of her favorite sites. My daughter was still able to access the same site with no problem, so I assumed her Firefox profile had been corrupted. Since everyone but my wife has migrated to laptops, I was in no rush. However, a couple of days ago, she complained that her favorite web site was coming up ?Server Not Found?. After checking on my laptop that the site was available, I decided it was time to do something.

I began by saving her Firefox profile and bookmarks in preparation for creating a new profile for her. However, when I logged onto my user account on the desktop and was unable to reach the site (also getting ?Server Not Found?), I decided something more insidious was going on. At that point, I knew bad things were going on, but it seemed to be limited to this one site, as every other site I went to was accessible.

The desktop firewall/antivirus was expiring, so I renewed it and upgraded to Norton 360. That download and installation seemed to go okay. Figuring I'd need more help, I decided to download and install Malwarebytes. However, typing the URL of Malwarebytes.org produced ?No Server Found.? I wound up downloading it to a USB stick a... Read more

A:Internet Access Blocked By Malware

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.

Read other 2 answers
RELEVANCY SCORE 76

Hello everyone,

This is my first post and I hope i will be quickly helped or will be provided with guidance to resolve my issue.

Now problem is i have made a website magnifyjobs.com and i found that it has been blocked due to malware. Following link with help you to understand better about my problem.

http://support.clean-mx.de/clean-mx/...t=first%20desc

Due to this i am not able to send email to yahoo. I dont know how to resolve this and where the problem lies.
I hope to get reply soon..

Regards,
Mihir

Read other answers
RELEVANCY SCORE 75.6

I received the Antivirus Soft virus/malware on Tuesday, 6/1. I followed the removal instructions and it seemed to be okay. Until I noticed that whenever I click on a link through Google, it will redirect me to a bogus website. If I copy and paste the address into the address bar or type the address directly into it there is no problem, it is only when I click on a link. Occasionally, Internet Explorer will pop up by itself and go to the same fake websites. I have used spybot sd and malwarebytes, but they are not picking up anything anymore. I have copied and attached the information you need. Any help would be greatly appreciated. Thank you for your time.DDS (Ver_10-03-17.01) - NTFSx86 Run by Logictrans at 16:37:58.65 on Thu 06/03/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.379 [GMT -5:00]AV: PC Tools AntiVirus Free *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\PC Tools Security\BDT\BDTUpdateServ... Read more

A:Antivirus Soft Removed / Now Have Website Redirect Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 75.6

So yesterday I found out a new section in the My Computer folder called Network Location. Underneath there was a link called "my websites on msn" linking to msnusers.com. Is there another MS crappy update or is a malware? (I've scanned the website with Identify websites involved in malware incidents, fraudulent and spamming activities and it turned out in one of the 25 sources that the website might contain malware). If so, how can I remove it?

Read other answers
RELEVANCY SCORE 75.6

Awhile ago my computer was infected with malware that appeared as a chrome extension called Dealz. Initially, I tried a few ways of deleting it like malwarebytes and adw, but neither of these detected it. I searched for the extension in my files and deleted it manually but it would always reinstall itself. I also tried reinstalling Chrome and Firefox but the malware would install right along with it.  
 
I got very busy with a new job and left it. This was a mistake and the problem has gotten worse. Web pages will often load slowly and I see that it is running through a proxy. I have tried disabling proxies but I have been blocked from administration access. I have also tried locating errors in my registry but have also been locked out of admin access to do anything on there (don't worry, I didn't change anything on my registry!!). I decided it was time I stopped trying to do this on my own and look for professional help. Any help would be appreciated!
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by Chris Nelson (administrator) on CHRISNELSON-PC (03-10-2015 13:41:22)
Running from C:\Users\Chris Nelson\Downloads
Loaded Profiles: Chris Nelson (Available Profiles: Chris Nelson)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to... Read more

A:Infected with malware and blocked from windows functions

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===ATTENTION: System Restore is disabledTurn System Restore ON - Windows 10.http://www.ghacks.net/2015/08/02/check-if-system-restore-is-enabled-on-windows-10/===This program may have been compromised. Read the remarks.http://sourceforge.net/projects/audacity/I leave it to your to remove or keep this program in bold. Use the Add/Remove Programs applet.Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)p.s.If the problem started after you installed the program I suggest you remove it.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\wnavga.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2392065262-4004807674-2560732715-1000 - (No Name) - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin... Read more

Read other 11 answers
RELEVANCY SCORE 75.6

Hi

OS: Window Vista Home Premium SP2 (Safe mode)
Regular start-up leading straight to blue screen error: *** STOP: 0x0000007F (0x00000008, 0x801EF000, 0x00000000, 0x00000000)

I've managed to get an infection which is terminating all the any anti-malware scans I've tried, avast, malwarebytes. I then tried running rKill but this too was terminated and I cannot reopen it. On trying to re-run these after termination an error message stating "Window's cannot access the specified file." This was acquired while trying to fix a Google redirect virus. (Using Firefox 5.0.0)

Following the malware removal request preparation guide, Defogger and DSS ran fine (log below) but when running GMER.exe this too was terminated mid scan and then on trying to rerun the program the same error message as above comes up.

Thanks in advance
Martin
DDS Log:

DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
Run by Martin Perrett at 14:02:12 on 2011-08-23
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2047.1479 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C: ... Read more

A:Infected - Anti-malware being terminated then blocked

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 10 answers
RELEVANCY SCORE 75.2

hi ,
one of my website s infected by malware . the site s hosted n a shared hosting space and running php and mysql .

on accessing the website from ie8 , avira anti virus gives the alert saying your computer is affected by the following " HTML/Crypted.Gen Description:To avoid detection by antivirus software, authors of HTML malware use browser features like Java and VisualBasic Script. These scripts are small and very often quite simple encryption routines hiding the malicious parts of the script. Encrypted malware is detected as HTML/Crypted.Gen."
with firefox however there are no issues , using noscript firefox addon it was observed that the site is infected by malware and scripts are pointed towards hifgejig.cn , prostmirkost.net,traffics-inspector.cn

I took the site down and dropped the table and recreated it, changed all the passwords.

i verified all the java scripts and found no scripts are altered n the server side.

After cleaning up the site , put the site back and again within a day's time it got infected again

can some one guide me on what steps to be taken when cleaning up the site ?
 

Read other answers
RELEVANCY SCORE 75.2

Whenever I try to to go to my website (www.blueprintgfx.com), Google Chrome tells me it's infected with malware from "iopap.upperdarby26.com". I deleted all the files from my ftp host, scanned all the files that were on my website, and reuploaded them. It worked again for a while then eventually it tells me I'm infected again. I use Webpage Maker to upload my files to the server, and I manually add some files with Filezilla (I scanned them all with Avira Antivir and Malware Bytes Antimalware). Does anybody know how I was infected and how to get rid of it permanently? Thanks...

A:My website is infected with malware

Also when I tried to go to my website with Firefox, Avira said there was a virus attacking my computer. The file 'C:\Users\Richie\AppData\Local\Temp\services.exe'contained a virus or unwanted program 'TR/Crypt.ZPACK.Gen' [trojan]Action(s) taken:The file was moved to the quarantine directory under the name '48432d9b.qua'.

Read other 2 answers
RELEVANCY SCORE 74.8

Hello,

I'm infected with some malicious software, probably more than one culprit. I've tried to follow the advice in other forums, downloaded MBAM, HijackThis, KillBox, ComboFix, and other suggested utilities. But the infection(s) won't allow me to run any of these programs, even when they've been renamed! It is also blocking my access to most of the critical system utilities in the Control Panel and Windows folders.

I suspect one or more of these is the responsible agent.

MalPak.D
Virantix.B
Vundo.Q
AntiVirus 2009

The first symptom was the annoying hijacking of Google search results in Firefox and IE. But whatever was doing that must have recently opened the door to its vile friends, because the infection has become much more insidious, systematic and incapacitating in the past two days.

AV2009 was easy enough to deactivate through Task Manager. I deleted the (obvious) program folder and files and removed some suspicious items from the Start configuration - namely calls to hidden programs named "braviax," "vopereso," "hugupapu." I know it's not a fix, but at least I'm not getting interrupted constantly with the program's fake virus alerts. But it's killing me that I can't go any deeper, since I'm cut off from my tools, and I'm sure the system is still thoroughly littered with vestiges of AV2009. I'm unable to access and edit the registry with either RegEdit. And I can't even ... Read more

Read other answers
RELEVANCY SCORE 74.8

Hi,

I have a malware that I can't remove from my PC. Symptoms:

1) Two DLL's (cbXQhHbx.dll, mlJYrpQi.dll) were added to the system32 directory. (Can't be deleted)
2) These two DLL's appear in IE's plug-in list. Can't be stopped.
3) These two DLL's were automatically run when Windows starts up (under Registry's RUN section, "rundll32 cbXQhHbx.dll" and "rundll32 mlJYrpQi.dll"). I manually removed these entries, but that didn't solve the problem.
4) When using IE, I got popup windows that redirect to malicious/phishing websites.
5) Ad-aware and Norton Internet Security 2008 can't even detect this malware when running a full scan.

Could anyone help? I am attaching below the HijackThis log. Thank you very much.

Marvin K.

====================================

Logfile of HijackThis v1.99.1
Scan saved at &#19978;&#21320; 12:51:05, on 2008/10/7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.e... Read more

A:Solved: Help: Malware (Website redirects, can't remove DLLs)

Read other 11 answers
RELEVANCY SCORE 74.4

Hello,
My name is Wes and I am a Computer IT Administrator by trade. Recently, I came across a problem I could not figure out regarding my home PC. I was infected with Win32:JunkPoly [CRPT] and Win32:Vitro Worms last night while browsing the web. I was up all night removing the infections, and I am certain now that said infections do not reside on my computer any longer. However, I cannot seem to access microsoft.com. I have 8 other computers on my network and they are able to access the site fine, and it is NOT a router issue. I believe that the malware reconfigured something in my hosts file or something of this sort. Can anyone provide insight into this?

Thanks,
Wes Manerro
 

A:Cannot access website after malware infection

can you ping microsoft.com?, should time out but does it resolve?
can you view the site by ip address?
207.46.197.32
 

Read other 3 answers
RELEVANCY SCORE 74

My windows vista 64 pc was infected by an antivirus malware. I followed the instructions for removsl posted on how-to geek. I downloaded and ran superanti spyware and malwarebytes. The scans are now clean but I think I'm still infected because I cannot install or uninstall or run any antivirus program. I have avg 2011 and ms security essentials but neither will run or uninstall and I bought McAfee internet security 2012 but it will not load.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Eric at 11:02:43 on 2012-03-30
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3964.1577 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\A... Read more

A:infected by antivirus malware and can't run legitimate antivirus program

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Nothing suspicious was found on your DDS log.Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopIMPORTANT....1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.3. Do not install any other programs until this if fixed.How to : Disable Anti-virus and Firewall...http://www.bleepingcomputer.com/forums/topic114351.htmlDouble click on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt Note:Do not mouse click ComboFix's window while it's running. That may cause it to stallNote: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instruction... Read more

Read other 8 answers
RELEVANCY SCORE 74

We just started having this problem today at one of our computers at work, we run on Windows XP. Every time I navigate to a new web page (even here), I get a pop up warning:

Internet Explorer Warning - visiting this web site may harm your computer!

Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
Activate Antivirus 360 for secure Internet surfing (Recommended).
Check your computer for viruses and malware.
More information

Can you please help me get rid of this? I have tried to attach the 2 things that came up with the DDS

A:Internet Explorer Warning - visiting this website may harm your computer Antivirus 360 Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 74

One of my systems recently was infected by the Internet Securtiy 2010 malware. I've used your uninstall guide from this site, but I cannot get onto the network. I tried deleting the network adapter and then re-entering the IP address. No luck. I can ping other computers on the LAN but nothing beyond. When I try to ping, the comuter beeps and there are symbols inserted into the command.

A:Internet Security 2010 malware has blocked network access

Log on as an administrator, go Start > Run and type: "cmd". In the window that appears type: "netsh winsock reset". When the program is finished, you will receive the message: "Successfully reset the Winsock Catalog. You must restart the machine in order to complete the reset." Close the command box and reboot your computer.Go Start > Run > type: "cmd" In the window that appears type: "ipconfig /flushdns". Close the command box.Go Start > Control Panel > Network Connections. Right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties. Double-click on the Internet Protocol (TCP/IP) item. Select the radio button that says "Obtain DNS servers automatically". Reboot.Warning: Some Internet Service Providers need specific DNS settings. You need to make sure that you know if such DNS settings are required before you make this change.Also make sure the use a proxy server is unchecked

Read other 2 answers
RELEVANCY SCORE 74

The usually innocuous ads on my browser get replaced with very explicit ones. I downloaded several free malware search programs but I can't run them because they all fail to update when I first start them. If I try to paste the update url's into a webbrowser then I find that access is blocked.
Sounds like a very cunning piece of malware if it truly prevents me from downloading something to attack it with. I also noticed that when connecting to other sites I often see a 'resolving proxy' message before it eventually connects. Sounds like I have been hijacked. I have attached my dds file.

Thanks in advance for looking in to this.

A:webbrowser ads are hijacked and access blocked to malware repair sites

I was finally able to update Malwarebytes with the latest updates by connecting my laptop to my company's network whose firewall somehow foils `the virus blocking my access to update sites. Once I downloaded the updates and did a scan the virus was removed. See attached scan log

Read other 3 answers
RELEVANCY SCORE 73.6

Hello there, to whom it may concern,
I have a problem with a recently downloaded piece of malware that seems to be obstucting me from visiting certain wbesites and instead shows me this: "This website has been blocked for you! steps to gain access to this website again: 1)click the unblock button below 2)Pick survey to verify that you are human 3)complete survey 4)continue using this website." Then it says "This website has been blocked because of your recent activity. Your actions have been marked as a spam bot like, to visit this website again follow the instructions on the left. This is made for security reasons." It also seems to be listing my IP address, country of origin & national flag. Is there any way I can remove myself of this virus? Thank you for your help.
 
DDS LOG:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2
Run by Jgall at 20:20:49 on 2013-11-29
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.2006.742 [GMT -5:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FE... Read more

A:Invisible nameless DNS Malware keeps me from access certain website

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/515835 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 68 answers
RELEVANCY SCORE 73.2

Began developing popups about a week ago, popups of the "your computer is infected!" variety. In addition to links to antivirus 2009, getting popups to search engines, travel sites, and other stuff. Strangely, I run Firefox but the popups are always on IE. I installed the new Microsoft patch to no avail, even tried to uninstall IE completely to cut it off but that failed to work. Bit Defender detects nothing and won't run a system scan. Other scanners detect and dispose of viruses but it keeps returning.

DDS (Version 1.1.0) - NTFSx86
Run by joe at 9:20:06.90 on Sun 12/21/2008
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2327 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Servi... Read more

A:need to remove antivirus 2009 and other malware

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please DO NOT Attach logs to your posts unless you are advised to do so.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs :

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
and Here

===========

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
[*]Double click on combofix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Re... Read more

Read other 11 answers
RELEVANCY SCORE 73.2

I have the AVG anti virus 2011 malware on my lap top (currently using my desktop). I have found the info on this site on how to get rid of it but my problem is that when following the instructions it asks me to turn windows on in safe mode (which i can do). BUT: When ive done this it does not let me use my wireless usb internet provider. Therefore i am unable to download the required program to help remove the malware.

When trying to use the laptop in normal mode the virus is stopping me from using the web (only letting me go onto sites that want me to put in credit cared info EG. bank sites, ebay etc). So i cant access the required downloads that way either.

I don't know much about computers but can fix a problem by following instructions so if anyone has some helpful info i would be really grateful for your help
If you are a bit unsure what i am talking about feel free to write back for clarification.
THANKYOU!!!

A:AVG antivirus 2011 malware. Cant remove

Hello are you booting to Safe Mode with Networking??OR Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Now boot to Safe Mode with Networking,check if the internet is working again.

Read other 2 answers
RELEVANCY SCORE 73.2

hi,

I am using a compaq laptop with windows XP SP2.

The problem is i cant see my hidden files and am also not able to change the option from the folder option. I have even tried changing the registry value and even that does not work.
I have tried both AVG and Norton. Both show some viruses and remove them but those viruses keep coming back.
Mesaages regarding n.com and 83fgj.com keep flashing. When i click on repair or remove the antivirus shows the message access denied.

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:22 AM, on 9/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiViru... Read more

Read other answers
RELEVANCY SCORE 73.2

Hi y'all. A new rogue malware got into my computer. Eset NOD32 and superantispyware both detected it and supposedly removed it with a reboot. Still, I get a popup screen that sows it and a error message saying that windows detected my computer is infected.

Attached are the screen shots that show the popup, message and error screen.

I have tried to scan in safe mode but there is no change.

Please let me know how to clean it out entirely.

Thanks, Steve-x8086
 

A:New Antivirus Suite Malware Can't Remove

Well, some idiot out there blocked the screen shots that CLEARLY showed the problem and are important to understanding the problem.

In any case, here is the HJT log which DOES NOT show the popup that is directly related to the malware.

If anyone would like the 2 screen shots. please ask and I will happily E them to you.

Logfile of HijackThis v1.99.1
Scan saved at 3:31:43 AM, on 4/8/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINNT\system32\l780qpgqqffbk.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Virus Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\... Read more

Read other 1 answers
RELEVANCY SCORE 73.2

Hello, My computer has the Antivirus Pro software malware. My sister downloaded the antivirus believing that it was a legitimate antivirus program. Little did she know that it was a hoax. Now, we can't seem to remove this program in our computer. It constantly pops up that there are certain viruses in the computer and prompts us to purchase the program. The computer literally cannot function without these popups appearing. I have tried following the steps in this website about how to remove it which involved the malware software, but it did not work. I restarted the computer and behold...it was still there. PLEASE HELP ME!!The computer that is contaminated is a Windows Vista. Thank you very much!

Read other answers
RELEVANCY SCORE 73.2

HelloYesterday evening I found myself infected with Antivirus Soft. After searching Google for a while, I stumbled upon this website and a guide to remove it. After following the steps thoroughly and even downloading and using the suggested Malware program, Antivirus Soft is still active and is even acting more aggressive on my computer. I attempted to restart the process with the rkill program only to see that it no longer works. That's when I came here.Following the Preparation guide I have run into an issue as well. Many of the checkboxes shown are unselectable and grayed-out. I am running this all in Safe-Mode (with networking) and I'm not certain if that's the cause. I cannot use the program outside of Safe-Mode due to Antivirus Soft closing it.That being said, when I complete my GMER log it tells me,NO SYSTEM MODIFICATION HAS BEEN FOUNDI am very confused as to what my next step is.. and I hope that you all are able to assist me given that a GMER log is not possible to create..I do not know if this is relevant, but I picked up this Malware from the website mangafox.com.In advance, thank you very much for the assistance. This is turning out to be a very stressful event for me so I cannot express what it mean to find this website!Here is the requested DDS log to be postedDDS (Ver_09-12-01.01) - NTFSX64 NETWORK Run by Siamak Kuntz at 13:07:24.42 on Mon 02/15/2010Internet Explorer: 7.0.6001.18000Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3998.3294 [... Read more

A:I cannot remove Antivirus Soft Malware

Hello againI've read the rules on several times over and I'm aware that double posting drops my priority and that the Staff members here specifically look for 0 post threads, but I'm not doing this for a b.u.m.p. I'm writing because my issue with Antivirus Soft has been resolved. In combination with the guide posted by this website found a working solution when I added a manual removal written on another FAQ. ^^; Yes, I read to be patient and that the Moderators would get to me, but I just couldn't help myself. Please feel free to lock or delete this thread. Thank you for your time and the thoroughly written guides on bleepingcomputer.com

Read other 2 answers
RELEVANCY SCORE 72.8

I am not able to acess symantec.com, or mcafee.com. It seems like they are being blocked, possibly by malware. Any thoughts on how I fix this? I am running windows xp.
 

A:Malware blocking access to anti-virus website

follow advice here and post the logs those programs make
 

Read other 1 answers
RELEVANCY SCORE 72.8

About a week ago a computer that is on my network at work was infected horribly with spyware, we disconnected it from the network but I dont know if it was to late.

I connect with my laptop when I go to the office, and today was on twitter and viewing a image, and a box popped up that said your computer is infected, run a scan to find out how to clean, and the domain was something like smart-pc-scanner9.com - It kept saying infected, so I closed the x out and didnt do anything with it and am running all kinds of scans on my computer, but the problem is - I dont know if my computer is infected, the msgs that were coming up and the domain is the same as the one that was infected on our network, since my laptop is not old and i do a ton of work on it I need to make sure its okay. What can I do to make sure of this? Here is what Im doing so far:

Running full scan with Avast, nothing found so far

Running full scan with malwarebytes, no infections so far

Running windows defender, no infections.

I have a feeling something is there and my software isnt catching it - please advise what to do next. I found the domain on a malware url site that said its a infectious site that will infect your computer immediately.

Please help me!

I have windows vista
HP dv6-1245dx

A:Malware Website pop ups want to make sure computer isnt infected

I'm having the same problem, I feel there is still something hiding but all of my scans come up clean... can anyone help us out? Thanks!

Read other 2 answers
RELEVANCY SCORE 72.4

Need to remove the Antivirus System Pro malware from my netbook. its an Asus Eee 1005HA using Windows XP. Its a new computer so no real antivirus software installed on it. The only thing that came with it was XP support DVD. so we don't have a windows install disc or boot CD.

below is the DDS.txt and attached is the Ark and Attach in the zip file.
thanks.


DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Melissa Maschek at 20:42:32.23 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.761 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Melissa Maschek\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://m.www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsof... Read more

A:Need to Remove Antivirus System Pro Malware from NetBook

BUMP, please.

Read other 19 answers
RELEVANCY SCORE 72.4

I recently accidentally downloaded a virus and I have gotten my computer to a working order but I need some help.

I posted a while ago but since then I have noticed a lot of things in other posts.
I have changed hijackthis.exe to TSG.exe
and I also have a smart fraud fix scan.

So I will repost with my new updated information

Please help I have no clue what to do.

Thanks a tonne!

Logfile of HijackThis v1.99.1
Scan saved at 3:26:44 PM, on 1/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\{74655C02-06A3-1033-0124-030403220001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Hijackthis\TSG.exe

R0 - HKCU\Software\Microsoft\Interne... Read more

A:Help me remove malware like Windows Antivirus pro 2000

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at ... Read more

Read other 3 answers
RELEVANCY SCORE 72.4

I am getting the "your system might be infected" messages over in the right hand corner repeatedly (before using rkill). I have attempted to delete the malware using Anti-Malware Bytes, but whenever I remove it and restart the computer, the Antivirus System Pro messages keep popping up. I am also unable to access the internet on my computer. Any help is appreciated. Thank you.

DDS (Ver_09-12-01.01) - NTFSx86
Run by HP_Owner at 19:02:47.03 on Tue 12/01/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.473 [GMT -5:00]

AV: avast! antivirus 4.8.1367 [VPS 091127-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 6&... Read more

A:Unable to remove Antivirus System Pro Malware - Please Help

Hello mikebos1981, Please show hidden files and foldersPlease go to VirSCAN.org FREE on-line scan service Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page: c:\documents and settings\hp_owner\local settings\application data\sfjvwb\wmyisysguard.exe

c:\windows\repair\acalau.ini2
Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. If Copy to Clipbard does not work, then just copy and paste the output in your next reply.If VirScan.org server is too busy, please submit the file to VirusTotal instead.Please follow the directions herefor removing Antivirus System Pro Post the Malwarebytes log.

Read other 2 answers
RELEVANCY SCORE 72.4

My computer started acting up recently and when I went to run Spybot and Malware bytes, they would not run. Google updater failed messages pop up every so often and google searches either redirect the browser when a link is clicked OR if it is an antispyware/antivirus website, Microsoft.com, I get an error message that the connection has been interrupted. Tried IE7 and got DNS error. Tried Mozilla, blocked too.
I have Spybot resident on my machine along with Trend Micro Internet Security Suite. Trend was last updated on 12/9/08 and when I hit the update button, a notification came up that said the computer could not connect to the host. I loaded Spybot onto a thumb drive and renamed it and got it to work. Then I was able to run Malware bytes and it picked up a bunch of crud and cleaned up the performance somewhat. So I figured it would be a good idea to run the trend Update and see if that was working. No luck, still blocked. Now Firefox is really starting to bog down and I am at a loss as what to do next. It seems like whenever I reboot the problems come back. Thanks!
 

Read other answers
RELEVANCY SCORE 72

Hi Everyone -

So I'm turning to the forums to see if I cant fix the issues I'm currently having with my machine. I'm running WIN XP Pro Version 2002 Srv Pack 3.

My Machine is an AMD Athlon 64 Processor 4000+
2.41 GHz, 3.00 GB of RAM

I've been getting hit lately with the "fake" Microsoft Antivirus crap, and while doing some searching on the internet for help on how to remove it has led me to this site. Well just tonight I spent my second night in about a week trying to clean it up. So obviously it's not "completely" gone and just lingering around to piss me off.

I have currently been running the rkill application and then the Malwarebytes' Anti-Malware scan both times this has happened. Seems to work for a little bit but then....well, here I am again.

What has happened after tonight's episode is now when I'm trying to run an application from my desktop I'm getting a "Run As" window that's asking me "Which user account do you want to use to run this program". Some of my icons have also disappeared.

Could someone please give me some guidance on what I need to be doing. Rather annoying, (as I'm sure you haven't heard that before)

Many Thanks in advance!
Cheers

A:Having troubles with the "fake" Microsoft Antivirus Spyware/Malware

Hello and welcome.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

Read other 8 answers