Over 1 million tech questions and answers.

Help - Potential Worm Actvity Detected

Q: Help - Potential Worm Actvity Detected

I am getting this popup from myy McAfee virus scan multiple times a day. But when I run virus scan, nothing is found.

Potential Worm Activity Detected
The last few sent emails contain similar subject or body content
Email Subject - Susan 5982 - Clipboard
sent to [email protected]

I haven't sent any emails with that subject and I don't know anyone with that email address.

What should I do?

Thanks,
Susan

RELEVANCY SCORE 200
Preferred Solution: Help - Potential Worm Actvity Detected

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Help - Potential Worm Actvity Detected

It would appear you have a keylogger or similar which is emailing your keystrokes or a record of visited sites etc to this email address.
You need to immeadiately run the following scans and fix what they find and then post a hijackthis log on the hijackthis log board.Moderators please move this to hijackthis log board


Please download
Mcafee stinger multivirus removal tool
Install and run

Spybot search and destroy
Ad aware personal form Lavasoft
Install, update,run, check for problems , fix problems.
A Squared trojan remover
Download, install, update, scan and fix.

Read other 15 answers
RELEVANCY SCORE 79.2

Mc Afee is reporting a WORM....have ran both STINGER & Virus Scan, both not having found any VIRUS...here is my HIJACKTHIS log file......donation on the way.

ogfile of HijackThis v1.99.1
Scan saved at 6:29:20 AM, on 12/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\Service.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_06\bin\j... Read more

A:Worm Actvity

Hi and welcome

Download the Hoster from here:
www.funkytoad.com/download/hoster.zip
Run Hoster and press Restore Original Hosts, OK, and Exit Program.

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other... Read more

Read other 1 answers
RELEVANCY SCORE 78

My McAfee is driving me crazy, it keeps popping up saying "Potential Worm Activity Detected" and it says that emails are being sent out. It also keeps blocking a trojan but not getting rid of it. I've done a full system scan it could not recognize it, i also did spybot s&d, lavasoft ad-aware, the trend online scan and the multi_av scan. I don't know what's going on. I'll give you my hijackthis log. I would really appreciate if someone could help me.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:24, on 04/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\SOUNDMAN.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\Autodesk Shared\Ser... Read more

A:Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 78

Please help me. I'm running Windows XP, and McAfee VirusScan. My system won't stop sending emails

"Potential Worm Activity Detected! The last few sent emails contained similar subject or body content."

I'm given three options

1. Stop this e-mail
2. Find out more information
3. Continue what I was doing

No matter which option I choose, a similar message will subsequently appear. I can't seem to get out of this endless loop.

I ran AVG antivirus, and cleaned detected infections. but it has not solved the problem.
I then have Norton antivirus installed on the system. But similar messages of email being sent keep popping up. Please help as I am in a desparate situation.

The following is the hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:19 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
... Read more

Read other answers
RELEVANCY SCORE 78

I've seen several other members experience the same problem, where McAfee keeps telling me that "Potential Worm Activity Detected!". It goes on to say "The last few sent e-mails contained similar subject or body content." and the subjects are random, as well as the emails they are sent to. Here is a copy of my HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:21 AM, on 1/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\vso\mc... Read more

A:potential worm activity detected

Hiya and welcome to Tech Support Guy

Are you still having this problem? If so, do the following:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Download and scan with SUPERAntiSpyware Free for Home Users
Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click &q... Read more

Read other 1 answers
RELEVANCY SCORE 78

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:Potential Worm Activity Detected!... Please Help.

Closing duplicate thread, please continue here: http://forums.techguy.org/security/578825-my-mcafee-keeps-popping-up.html#post4766708
 

Read other 1 answers
RELEVANCY SCORE 78

When I am trying to e-mail individual pictures - the e-mail in Outlook Express in the "sent" folder keeps staying in there and my computer keeps trying to send it. Then a pop-up from McAfee comes on saying:

"Potential Worm Activity Detected! The last few sent e-mails contained similar subject or body content. Then it gives the E-mail Subject and then it says I want to......
Stop this e-mail
Find out more information
or Continue what I was doing."

Even though I am just sending it to one person, not multiple addressess - that box comes up.

What is causing this and how do I correct this problem? I've never had this problem in the past. When I send pictures as "attachments" this does not happen. The only time this happens is when I try to send an e-mail with the pictures being shown in the message.
 

A:Potential Worm Activity Detected ?

Download hijackthis and do a scan then copy and post the log here for someone to analize. as well do a scan here. .
 

Read other 3 answers
RELEVANCY SCORE 78

Hi, strange emails are being sent from my computer to random email addresses with subjects advertising prescription drugs and I keep receiving alerts from McAfee saying Potential Worm Activity Detected. I ran Hijack This and have posted my log below. Any help on what to do to stop these emails would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 14:32:56, on 21/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spmsg2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmew... Read more

A:Potential Worm Activity Detected

If anyone could check my hijack that log I would really appreciate it.
Thanks
 

Read other 1 answers
RELEVANCY SCORE 77.2

Often on my computer McAfee pops up an alert saying that "5 e-mails have been sent within the last 30 seconds. This condition might indicate a worm is attempting to send e-mail." I ran a virus scan and spyware scans but they didnt turn anything up.

These emails are being sent to addresses i have never seen before and the email subject is always something "sexually-explicit"

I'm pretty sure the problem is similar to this one

Here is the HJT log i just ran...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:28:53 PM, on 6/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DO... Read more

A:McAfee: Potential Worm Activity Detected

Bump, any help is appreciated!!
 

Read other 3 answers
RELEVANCY SCORE 77.2

I have Mcafee Internet Security 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 2 emails have been sent within the last 25 seconds. This condition might indicate a worm/virus is attempting to send email. The email subject varies from "about your health", "Your health, your care", to viagra messages. I use outlook and it is not open. I have run McAfee virus scan, CA-etrust online virus, and downloaded AVG virus software to identify this virus. But have not been able to identify it or fix it.

Windows xp professional sp2. I would appreciate any help you can offer.
I've pasted my HI Jack log below.

Logfile of HijackThis v1.99.1
Scan saved at 7:10:35 PM, on 11/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\Gri... Read more

A:Solved: Potential Worm Activity Detected

Read other 6 answers
RELEVANCY SCORE 76.4

Hi,

I've seen other forums on this topic but none of them have really helped me.

My McAfee Virusscan keeps popping up with

Potential Worm Activity Detected!
The last few sent e-mails contained similar subject or body content
E-mail Subject: Can you imagine that you are healthy

I ran my McAfee, Ad-Aware and also Spy Sweeper but none of them has helped. On another forum i saw a program called VundoFix so i downloaded and ran that but it hasn't helped. Ive posted my hijackthis logfile below, I'm Fairly computer Illiterate so please try to dumb it down , thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 2:30:13 PM, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\... Read more

A:My McAfee keeps popping up with Potential Worm Activity Detected! Please help

hi, welcome to TSG.


Download SDFix and save it to your Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press Enter.
* Choose your usual account.

* Open the extracted SDFix folder and double click RunThis.bat to start the script.
* Type Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Download AVG Anti-Spyware

http://www.ewido.net/en/
* Once you have downloaded AVG Anti-... Read more

Read other 3 answers
RELEVANCY SCORE 56.8

Upon using Adw Cleaner, I found out on Tuesday that they have an additional option to install "Hosts Anti-Pup/Adware" as extra protection.  Adw Cleaner (French download) appeared to not be infected, as no virus warning appeared when I scanned and cleaned before and after restarting my computer, but when I tried to install Hosts Anti-Pup/Adware, the following appeared:
 
! AVG Detection
 
Worm/Autoit AZCI Infected
Worm/Autoit AZCH Infected
 
Remove All
 
Additional Information:
 
HOSTS-Anti-Adware-main.exe
HOSTS Anti-Adware.exe
 
At the same time, I spotted in my add-on bar that an extra icon had suddenly appeared.  When I clicked on it, six listings of the following details were listed with all downloads stating webm, mp4, flv and 3gp video files, which relate to the Firefox add-on Flash and Video Download:
 
Flash Files to Download
Watch-as3.swf
Videos to Download
DomaIQ: Fake Flash / Java - You Tube
 
I assume that as "Fake Flash" was listed among the details, I was wise to not click on any of those files, which would probably have infected my computer further.
 
I then clicked on "Remove All" and the AVG report changed to "Secured" next to both files, which I had assumed meant my computer was now clean and I deleted the Desktop shortcut to the worm program.
 
In between, this appeared and the http://www.malekal.com/2012/01/10/hosts-anti-pupsadware link appeared (the Firefox add-on Trust My Web gives this site a Gr... Read more

A:Potential Worm

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop For 32bit system or For 64bit system Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+=======Please run tha AdwCleaner and if prompter to update please do.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.e... Read more

Read other 49 answers
RELEVANCY SCORE 56

I have Mcafee Internet Security 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 5 emails have been sent within the last 25 seconds. This condition might indicate a worm/virus is attempting to send email. I use outlook and it is not open. I have run McAfee virus scan, XSoftspy SE & Registry Mechanic and cannot get rid of it...once I close outlook, I can't even open it again till I reboot.

I ran Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:01:45 AM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C... Read more

A:Potential worm activity...

Read other 16 answers
RELEVANCY SCORE 56

My computer is sending mass emails and the mcafee warning is driving me crazy. I have looked at other posts with my situation. It seems that I need to give my hijackthis log. Here it is. If anyone can see what I need to get rid of, please let me know.
Windows xp
Service Pack 2

This v1.99.1
Scan saved at 4:22:28 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1126029153\EE\aolsoftware.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\McAfee.com\VSO\mcvs... Read more

A:Potential worm activity...

Read other 11 answers
RELEVANCY SCORE 56

Hello,

I followed the steps to run a HJT Report however once I click the DDS link it acts like it wants to run but then nothing happens. I seem to have this problem with other programs as well. I have two computers I am trying to clean up so I will post two HJT logs as soon as I can get this resolved. Any help would be appreciated.

Thanks.

A:Need help with potential virus/worm

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 3 answers
RELEVANCY SCORE 56

I got this Potential Worm Activity Detected from McAfee that I installed. I did full scan with several antivirus but it didn't cure the problem. I used McAfee, Lavasoft Adware, AVG anti spyware, AVG 7.5. My OS is Windows XP professional SP 2. Following is logfile of Hijack This v.1.99.1. I would really appreciate if someone could help me. Thank you in advance.

PS: in the log file you can see "Yahoo!???????" which is Yahoo Messenger Japan.. The question marks due to Japanese characters not properly appeared.

Also, "O10 - Broken Internet access because of LSP provider 'c:\windows\system32\msnetax.dll' missing" is because the AVG quarantined the msnetax.dll.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:16 PM, on 4/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGE... Read more

Read other answers
RELEVANCY SCORE 56

My computer is constantly freezing/ slowing down to a snails pace. i have done everything from running Malwarebytes anti-malware and AVG (seperately), to defraging my hard drive, to stopping the indexing of my files for microsoft searches. I'm hoping that it's something simple, as it is starting to affect my ability to do school work. And just to clarify, when any of these events occur, there is no message that pops up with a message about any error.
Here is the log:
DDS (Ver_09-10-26.01) - NTFSx86
Run by Rees at 1:30:06.92 on Mon 10/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.89 [GMT -5:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGI... Read more

A:Potential worm and/or malware

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

Read other 4 answers
RELEVANCY SCORE 56

Okay, my computer has been going a bit funky here lately. This morning while it booted I didn't look at the screen right away but when I came back there was a command prompt window open, saying something about worm patterns loaded and on top of the command prompt window at the end was something about STC.exe, I immediately closed it and rebooted the system. As you can see it's loaded up and I can access the internet but I would like it someone could look at my HijackThis log. Also when I run Spybot, a Ras Profile Dialler keeps coming up, spybot can't remove, any help around that would be appreciated greatly.

Logfile of HijackThis v1.98.2
Scan saved at 11:59:28 PM, on 10/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Grisoft\AVG6\avgw.exe
C:... Read more

A:Potential Worm Problem, Please Look at my HJ Log

Sounds like STE.exe is "2nd Thought" adware.

Download Ad-aware SE.

Ad-aware SE download

Configure Ad-aware:

First in the main window look in the bottom right corner and click on "Check for updates now." then click Connect and download the latest reference files.

From the main window, click "Start" then under "Select a scan Mode" select " Perform full system scan ."

Next deselect "Search for negligible risk entries."

Click the "Next " button.

When the scan is finished mark everything for removal and get delete the selections. (Right-click within the window and choose "Select All" from the drop down menu and click "Next")

Restart your computer.
 

Read other 1 answers
RELEVANCY SCORE 55.2

Hey guys, I just joined BleepingComputer because i see you've helped out a lot of people with similar problems. Recently 85% of the time when i click on a link from google it brings me to a different site which give me tracker cookies which show up in spybot. I thought it wassent a big deal until i ran Malware Bytes and for 28 infected objects. It got rid of 26 and two will not delete. Here are the logs...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:21:44 PM, on 7/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\st... Read more

A:Google redirection potential of a worm??

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Hi

I am hoping someone will be able to help me i keep getting a message "5 e-mails have been sent within the last 30 seconds. This condition might indicate a worm (/virus) is attempting to send e-mail. I ran HJT and got this log. Any help would be very much appreciated

Thanks
John

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:21, on 10/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Smart PDF Converter Pro\sspdfagentd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\TEMP\ugpfwlqbwq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Progra... Read more

A:Potential Worm Activity Dected!

bump
 

Read other 1 answers
RELEVANCY SCORE 55.2

Hello,

I received help with a Virtumonde infection on a separate computer a few years ago on the BleepingComputer forums, but I forgot my username/pass. Anyway, I was hoping I'd be able to get similar help with a recent infection. I have had a Conficker A infection on my USB drive, which was removed by an Anti-spyware program on a work computer, however I used that USB drive on my home computer (the one I'm posting with) before I was aware it was infected. I didn't transfer any files from the USB to my home computer, and I've run Malwarebyte's anti-malware and Spybot S&D with no detected infections, however I'm still a bit concerned that my home computer may have become infected during the process or in the past to transmit the infection to my USB. My laptop may also have been the source of the infection - I am almost certain that it has some form of malware/spyware on it as it runs extremely slowly at times and has had problems with programs crashing recently.

I am posting here with my home computer because I would like to be able to work on a computer in the meantime that I can be sure is clean. Later on, could I also post my problems with my laptop? I'd be willing to wait to allow new posters to get help before I do if that were the case. I'd be really grateful for any help I can get.

Anyway, here are my logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Chew Ng at 20:3... Read more

A:Potential Conficker A worm infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Hello I'm a newcomer and I think my computer could be infected. In addition, I don't have a lot of experience on how to diagnose or clean my computer. I have run many scans with many different software's. For example, I've done scans with Norton Anti-virus Suite, Ad-Aware, Spy Bot, Mal-aware bites and many more. Most of my scans except Norton's I have found infections ( At least that is what I think they were), and unfortunately I did not save the logs of any of this scans and I can't find them in my pc. Also, I've try running this software's again but no further infections found, but infections had something to do with "something, something... DNS." Sorry for not providing you with the specific name but I just can't find it and I don't remember. Thank you for your help and I hope my information can help. Attached find all my scan logs.
DDS (Ver_10-10-21.02) - NTFSx86
Run by kokoroko at 17:49:55.23 on Sun 10/24/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.85 [GMT -7:00]

AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe... Read more

A:Potential virus, trojan or worm.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/m... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Websense Security Labs has had reports of a new worm that uses Skype to propagate. We are still investigating the issue but here are the details so far:* users receive messages via Skype Chat to download and run a file* the filename is called sp.exe* assuming the file is run it appears to drop and run a password stealing Trojan Horse* the file also appears to run another set of code that uses Skype to propagate the original file* the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)* the file connects to a remote server for additional code* the original site has been black holed and is not serving the code anymore* the number of victims is still TBD* the original infections appear to be in APAC region (Korea in particular)More details will be published later today when we get more details.Special thanks to the Shadow Server for research assistance.Source http://www.websense.com/securitylabs/blog/....php?BlogID=101

Read other answers
RELEVANCY SCORE 55.2

Potential Koobface gang Worm Infection caught from facebook. Hijacks browser from search engines and takes me to various malware sites that say that my computer is infected with a virus and that i need to download software to fix it. Have run SUPERAntiSpyware and Malwarebytes Malware programs. It finds two Trojans and fixes them, but the problem still persists. Logs attached. Thanks for any help.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Emily at 20:08:47.06 on Sun 08/23/2009
Internet Explorer: 8.0.6001.18813
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1917.982 [GMT -4:00]

SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:�... Read more

A:Potential Koobgang Worm Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 55.2

continual pop up box (about 300 times today) mcafee viruscan 'potential worm activity detected' saying i've sent emails (hundreds apparently!) i cant get rid of it and my computer also keeps powering down and restarting by itself
email addresses are not known to me - if i 'stop this email' i just get another, and another............... i can't delete these emails from message queue as suggested because i dont know where they are being sent from - i have just transferred from aol to sky so i haven't even used my new email addresses!!
at a suggestion i have downloaded 'hijack this' program and have copied the results below
Logfile of HijackThis v1.99.1
Scan saved at 21:06:18, on 05/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WatchGuard\Mobile User VPN\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vs... Read more

A:PLEASE!! help mcafee potential worm/virus

Hi, Welcome to TSG!!

Click on the link below to get lsp-fix.
Run that to fix your internet connection.

http://www.cexx.org/lspfix.htm

Check the box that says "I know what I'm doing".
Remove msnetax.dll only that one!

Click Here and download Killbox and save it to your desktop.
Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
Copy the following list of files to clipboard, CTRL+C to copy

C:\WINDOWS\SYSTEM32\sysfldr.dll
c:\windows\system32\msnetax.dll
Now in Killbox go to File, Paste from clipboard.
Click the All Files button.
Click on the button that has the red circle with the X in the middle.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.
Note: It is possible that Killbox will tell you that the file does not exist.

If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Please move hijackthis.exe into a permanent folder.

To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.
Put your HijackThis.exe into that folder and post another log.
 

Read other 1 answers
RELEVANCY SCORE 55.2

Hi there,I've used this forum before and reused some of the tools from a previous bad experience to try and remove a dodgy file that Winpatrol keeps saying is trying to gain startup access: winlogon_63.exe. This is apparently listed under "Microsoft Security Essentials" and a search has led me to believe it's Worm:Win32/Ainslot.A. I was editing my hosts file to try and gain access to a website that has had trouble recently with access, and searched for hosts file editing help. Seems a random pdf file popped up out of nowhere, which never actually loaded, I just got an error about it not displaying properly, and now I've wound up with a sluggish computer and dodgy looking startup requests.I scanned using Malware Bytes, restarted to remove the file, and I'm still getting the startup access request, and it still exists in the WinPatrol window, so I thought I'd come here.DDS.txt file:DDS (Ver_10-12-12.02) - NTFSx86 Run by !Vicky at 18:39:18.46 on 07/02/2011Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2815.1610 [GMT 0:00]AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\... Read more

A:Potential Worm:Win32/Ainslot.A

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 55.2

I have Mcafee Internet Security 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 5 emails have been sent within the last 25 seconds. This condition might indicate a worm/virus is attempting to send email. I use outlook and it is not open. I have run McAfee virus scan, XSoftspy SE & Registry Mechanic and cannot get rid of it...once I close outlook, I can't even open it again till I reboot.

I ran Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 4:33:19 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\GhostSurf 2005\DeleteSatellite.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:... Read more

A:Hijack logfile PLEASE HELP for potential worm

Please do not start more than one thread for the same problem.

Closing duplicate.

Please continue here:

http://forums.techguy.org/security/527014-potential-worm-activity.html#post4261521
 

Read other 1 answers
RELEVANCY SCORE 54

I have McAfee VirusScan 2006.

I repeatedly get the potential worm activity detected message from McAfee VirusScan. It says 5 emails have been sent within the last 30 seconds. This condition might indicate a worm/virus is attempting to send email. The email subject is mostly read "ACR0BAT 8 PR0 & 0FFICE 2OO7 $79 NOW at <varies of first name> WebShop". I never use Outlook Express and MicroSoft Outlook 2003. I have run McAfee virus scan to identify this virus. But have not been able to identify it or fix it even though it is cleaned before VirusScan. I have no other virus along with it. Everything is fine except that dang pipsqueak "Potential Worm Activity" notice from McAfee repeatly.

This is from my Toshiba Laptop Satellite
Intel(R) Celeron(R) M
processor 1.50GHz
240 MB RAM

MicroSoft Window XP
Service Pack 2

************************************************

Here is my laptop hijack log below:

Logfile of HijackThis v1.97.7
Scan saved at 9:38:41 AM, on 12/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.ex... Read more

A:Solved: Potential Worm Activity frequently by McAfee...Please Help.. Thanks

Read other 16 answers
RELEVANCY SCORE 54

Hi.I am carrying this topic here from the Am I infected? What do I do? and the topic Ie: Xpc Infosystems, IE Homepage hijacked !!!. All troubleshooting included in the earlier post. The problem in short is that the IE7 Homepage is hijacked to "http://nvr.xpc.co.in" and the IE Window Title has changed to XPC Infosystems. 1. Performed an scan using Kaspersky Online Scan, which showed Worm.VBS.Small.n as the infection. result attached. 2. Perfromed a scan using Deckard's System Scanner. However, I ended up closing the notepad files "main" and "extra". How can I locate them on the system drive?3. Have followed the steps as mentioned in the topic Ie: Xpc Infosystems, IE Homepage hijacked !!! but enabled the Windows Scripting so that it could be caught by the scans. Please help to solve this.ThanksThe HJT Log is attached below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:13:57 PM, on 22/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24Ev... Read more

A:Ie7 Homepage Hacked: Potential Malware (worm.vbs.small.n)

Saurav RaajSorry for the delayYou have a suspicious file I would like to look at Please go HEREPut Your Name, and Bleeping Computer HJT forumand In the file to submit box, click Browse. Locate the fileC:\WINDOWS\system32\NewVirusRemoval.vbsIn the comments tell them that I asked you to upload the fileThen Select Send File.Thanks2. Rerun Hijackthis (scan only) and place checks beside the following entriesR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nvr.xpc.co.in/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XPC InfosystemsF2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\NewVirusRemoval.vbs Close all other open windows except Hijackthis and Select "Fix checked"Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log

Read other 15 answers
RELEVANCY SCORE 54

I have what I presume is a fake windows security message that tells me to download a probable fake anti-spyware program on my sons computer.

UPDATED INFO He was watching tv on computer and trying to log on to facebook the sound stopped he got a warning which closed before he could read it. The browser worked, fb worked he minimized the browser and the desktop was blue there was a warning that said he had spyware and had to run a scan and he clicked on the red circle x's thinking that was McAfee and it didn't do anything so he disabled his internet so nothing further would happen.
last thing he downloaded was the movie a night or two before and it ran that night fine. When I checked frostwire was running and I turned it off

It's running Windows Xp and there are two red circular icons with a white X on the taskbar and task manager is greyed out when I right click the taskbar and if I ctrl alt del it's greyed out as well.

This is what pops up:

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer|that may infect executable files. Your private information and PC safety is at risk.|To get rid of unwanted spyware and keep your computer safe you need to update your current security software.

The internet seems to have been disabled on this computer as well so I can't download hijack this to run it.
Windows XP
McAfee Security Center
Windows Xp
 

Read other answers
RELEVANCY SCORE 54

I was informed early this morning that our PC was potentially infected with reported activity of opening undesired web pages, programs opening/closing automatically, and Windows Vista Home Security popping up with a list of infections.

I am still in the very early stages of back tracking this problem but it appears that a member of our household was visiting a website, when they must have clicked on a sponsor link for that took them to another site. There is no history for the second site, but the time stamp was about 15 minutes before the problems started to occur. Everything else in the history log is pretty average for our household.

AVG scans came up clean, but there is a line item in the virus vault around that time with this entry:

Infection Type: Warning
Virus Name: Found registry key with reference to file C:\ Users\Computer\AppData\Local\oxp.exe
Path to File: HKCR\exefile\shell\open\command\\
Date of storage: 5/8/2011, 7:14:01am

Perhaps I?m incorrect in thinking that one click to a mystery website caused all this ? but I?m not sure how to look and find out where all these came from? Any help diagnosing and correcting this would be greatly appreciated. The infected PC has been completely disconnected from the internet and I will be using our backup for the duration of the recovery.

Here is a complete list of Malware identified by Windows Vista Home Security:
Email-Worm.JS.Gigger
IM-Worm.Win32.Kelvir.k
MWME.Tw... Read more

A:Several Malware Detected & Potential Rootkit

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 79 answers
RELEVANCY SCORE 53.6

Hello, I am new to this forum and was wondering if someone could help?

I have run Mcafee virus scan 9 and it detected nothing. On restart I keep getting the pop up "Potential Worm Activity Detected!"- it appears my computer is trying to send emails to a range of email addresses I do not know.
I ran the scan in safe mode nothing was detected.

Here is my HJT logfile - can anybody help?

Thanks
Logfile of HijackThis v1.99.1
Scan saved at 10:37:24, on 04/02/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\HPConfig.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIProviders\HPAlertWMI.exe
C:\Program Files\Hewlett-Packard\TopToolsWMI\WMIWDog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C... Read more

A:Newbie! Run Mcafee virus scan still have potential worm activity!

sorry iam not a pro so i can't help you with your virus but you have a lot of program on your startup [04] you don't need. here are 2 websites to help you trim it.
http://www.netsquirrel.com/msconfig/

http://www.castlecops.com/StartupList.html
 

Read other 3 answers
RELEVANCY SCORE 53.6

I restarted my computer after uninstalling and reinstalling my antivirus (pc tools antivirus) and when I booted up I got the error message

"This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown was initiated by NT Authority/system.
Message: Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly."

I went to this website to fix it and have followed the directions on the site http://kb.wisc.edu/helpdesk/page.php?id=2048 apparently windows was already patched when I tried to patch it so I skipped that step and i am scanning with the symantec w32.blaster.worm fix tool right now.

what I want to know is how this happened and how to prevent it next time.

thanks for any and all help.

A:might have w32.blaster.worm COMPLETE DESCRIPTION OF PROBLEM AND POTENTIAL SOLUTION

If your computer was already patched, it should not have gotten the worm...Worms have a tendency to crawl around the web installing itself on people's unprotected computers. We don't offer security advice in the Microsoft forums, we actually have a security section specifically for this type of situation.

Look over the First Steps at Removing Malware . Make a note of any steps you cannot complete, and post that information, along with any required logs in the HijackThis Log Help section.

Please be patient as our security team recieves a lot of logs every day. If you do not recieve a response after 24 hours, you can post again to bump it back to the front page.

Read other 3 answers
RELEVANCY SCORE 53.2

Hello,

I am trying to help a friend, and I am not sure if this is the result of an actual virus or not.

Although my computer on their network is having no problems resolving google etc, their computer will not connect to search websites.
I have tried changing their dns settings to 8.8.8.8 to no avail.
Their computer is running Windows XP with automatic updates turned on and service pack 3 installed.

They are running AVG 2012 Free, with all updates applied till today 03/April/2012
A full computer scan popped up one instance of a generic trojan, but this was supposedly solved by the anti-virus.
A rootkit scan shows:
"";"<unknown>";"Corrupted section atapi.sys[.text] +0x6852, size 1 bytes";"Object is hidden"

Is this actually a virus?

Thanks for any help,

Donat

A:search engines are not available, and AVG has detected a potential rootkit

Please download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 3 answers
RELEVANCY SCORE 52.8

The problem started yesterday (9/19). I was prompted by McAfee to fix a lack in security on my computer. Not long after I did that Internet Explorer crashed and would not open again. I received the following message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions or access."

Upon further attempts, I also received this message: "Application cannot be executed. The file is infected. Please activate your antivirus software."

I tried to run a scan with McAfee, but got this error: "Scanning has encountered a problem from which it cannot recover. Here are the problem details - Error starting on demand scanner."

I opened a Firefox browser and was able to use it temporarily - but then it crashed also and will not open again.

Other applications have also failed - Outlook Express, etc.

I tried running Ad-Aware - it also crashes.

I tried running HijackThis, and the preferred methods suggested on this site (DDS.scr and RootRepeal). These executables all seem to start but do not run to completion. They just seem to disappear.

I'm sorry but I have no logs to post at this time. First off, I guess I need help figuring out how to get these logging tools to run in the current state of this machine.

Finally, I have also received this lengthy message: "Attention! System detected a potential hazard (Trojan SPM/LX) on your computer that may infect executable files. You private... Read more

A:attention! system has detected a potential hazard (Trojan SPM/LX)...

Moved from HJT to a more appropriate forum. Tw

Read other 10 answers
RELEVANCY SCORE 52

Hello Forum,

My Dell Precision T3600 originally came with Win7 x64 which I upgraded to Win10 successfully. However I wanted to do a fresh install of Win10 to get rid of accumulated OS mess that cluttered most of my 256GB SSD drive. So I created a bootable USB thanks to MS create media tool. From the bootable Windows 10 setup, I deleted the old partitions (OEM recovery and such which was taking almost 1GB) selected the new clean primary partition and installed Win10. All was looking good until after install it rebooted and got a 'No bootable device detected' error. I will spare you the hell I went through to find the following simple solution:

In the BIOS, you need to change the boot sequence type from 'Legacy' (you know, the old one since forever which you put diskette above HD) to the new fancy UEFI which apparently is a new industry standard where everything is taken care of by the devices. Here's a screenshot of my BIOS:
After this BIOS change, restart the computer with the bootable Windows 10 installation, when the setup shows the available partitions, I had a little warning beside mine saying it couldn't install windows on that partition. I deleted it and then I could install it. Rebooted and everything was perfectly fine.

Hopefully this will help someone save some time.

TB,

A:Potential Solution 'No bootable device detected' after fresh install

Also the screenshot was taken after everything was working. When I originally set it, there was no 'Windows boot manager' and SCSI HD there. It seems UEFI let's OSes write to the BIOS or something.

Read other 1 answers
RELEVANCY SCORE 52

Hi all, there is something that ESET detected as a potential threat and I'm not sure which option to take: disinfect it or to ignore it (as this within Winzip folder)
If this within Winzip folder, which I installed from a CD (not downloaded from internet). So it is false or positive ?

I was using the pc as usual, then turn off the monitor (approximately 30 minutes), I turn it on again and i see that message.

A:ESET Antivirus detected a potential threat in Winzip Utilities

  
Quote: Originally Posted by 3Colors


Hi all, there is something that ESET detected as a potential threat and I'm not sure which option to take: disinfect it or to ignore it (as this within Winzip folder)
If this within Winzip folder, which I installed from a CD (not downloaded from internet). So it is false or positive ?

I was using the pc as usual, then turn off the monitor (approximately 30 minutes), I turn it on again and i see that message.


I believe that is a false positive but you can check.

You can use an online service such as Online MD5|SHA1 Hash Generator For File And Text

At the top right you can browse to the file in question.

Go here Malware scan of WINZIPSSRegClean.exe (WinZip System Utilities Suite) 2e498be0979ea3d16fc25812c29ba7c37a2ac69b - herdProtect and compare md5/sha1 hash. Towards the bottom there is a list of more sha1 hash's for different versions of WinZipSSregclean.exe

If your sha1/md5 don't match with any of them, its possible the file is corrupted in some way.

Read other 9 answers
RELEVANCY SCORE 48

Hi ,, I hate to be a bother, I've had this same problem for over two weeks now...

When I click on "reply" to assorted friends emails.. I get from McAfee.. "A potenial worm".. Do I want to send/or not send..

Over the last 2 weeks.. I"ve listed my hijack log. and it "seems clean".. but my question is this..

What is happening. and WHY is McAfee saying there's a "potential worm"..

As I've done in the past.. I"ve run McAfee, Ad-aware, Spybot, Stinger, CW Shredder. and even a Panda scan. and everything seems to be clean.. also, Spyware blaster, and Spyguard..

So, what is this.. Could it just be a 'bug in McAfee it'self". Is it something I need to worry about?? Help please..LOL

Okay, heres my latest hi jack log.

and THANK YOU - for all the help you've been given me..

Helene

Logfile of HijackThis v1.97.7
Scan saved at 10:21:59 AM, on 1/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\... Read more

A:"Potential Worm- Hijack log enlosed"

Read other 9 answers
RELEVANCY SCORE 48

I just ran adware scan and it detected C:/win32.p2p-wormalcan.a reg key Ihave zonealarm running
thx

A:HJT worm detected

Please read and follow the five step process outlined in this post.

Then download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. Open up the result.txt file created. Copy the whole result.txt log and post it back here. Do not fix anything in HijackThis since they may be harmless. Make sure to include the System information at the top of the log as well.

Read other 1 answers
RELEVANCY SCORE 48

mcafee detected a worm on my computer. and just to be sure that it's really clean, i scanned it with hijackthis, but i'm not sure if there's any problem. would appreciate it if someone could point out to me if there's something not right. and i've been getting alot of these worms attack lately. what can i use to guard my computer against these attacks?

Logfile of HijackThis v1.99.1
Scan saved at 10:47:21 AM, on 1/25/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\iVasion\WinPoET\WrOS.EXE
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\S3apphk.exe
C:\Program Files\iVasion\WinPoET\WinPPPoverEthernet.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\eMule\emule.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Windows Media Player\mplayer2.exe
C:\Documents and Settings\Administrator\My Documents\my folder\cleaners\HijackThis.exe
C:\Documents and Settings\Administrator\My Documents\my folder... Read more

A:worm detected

i ran ewidow too. this is the results. 14 infected and cleaned.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:53:02 AM, 1/25/2006
+ Report-Checksum: 8B7293B6

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Adm... Read more

Read other 17 answers
RELEVANCY SCORE 48

This is my first post so bear with me. My laptop would boot up, icons load and then shut down.

Took it to have repaired, they did a system restore and loaded a anti virus program.

I had to re-load Aol software. Now, when I got on computer this is the message I received.

threat detected filename/user/patrick/patrick.exe
threat name virus identified worm/vb.7.a
detected on open

Details:
process name c:/program files/common files/aol/1256342570/ee/aolsoftware.exe
process id 3644

Then I have to answer this question before I can shut down or anything.
move to vault
go to file
ignore

I am totally lost as to what this means and what I need to do next.

Please help!!!
 

A:Worm detected

Read other 9 answers
RELEVANCY SCORE 47.6

My oldest son just graced me with the computer of his finance'. With lots of applications and the Windows 2000 Professional operating system, it would be great if it did not shut down soon after turning it on.

They bought a bundled computer at Costco and claim they never had any operating system discs.

Is there anything I can do to help mend this thing so that it will stay on and remain stable?
 

A:LSASS and no Worm Detected! Now What?

If you can stay on-line long enough, please do this. Click here:

http://www.sherrylynn.us/HijackThis.exe to download Hijack This. It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the log and advise.

If you're having trouble staying on-line long enough, probably due to a virus like Sasser, you can abort the shutdown by doing this:

To stop the computer from shutting down, go to Start - Run - and type in
"shutdown /a" (no quotes)
 

Read other 2 answers
RELEVANCY SCORE 47.6

please help.. AVG anti-virus has detected several viruses in my computer. it has been placed in the virus vault. But after this, I have been receiving a pop-up error everytime i open any application from my computer that says "The application or DLL C:\WINDOWS\system32\kernel32.sys is not a valid Windows image. Please check this against your installation diskette." what shall i do? please help...
 

A:Solved: worm detected

Read other 11 answers
RELEVANCY SCORE 47.6

AVG detected a few trojans, couldn't heal them, but moved them to the vault
Trojan horse downloader.Dsfica.3.AK
Trojan horse downloader.Generic.DTH
Trojan horse backdoor.Generic3.REW (3 times)

AVG also popped up with this message,
C:\SYSTEM.SAV\MSMoney\MONEY\IE\AXA.CAB:\unaxa.exe
virus identified 1-worm/generic.APW
infected, embedded object
infected, archive

Pretty sure the files are harmless now that AVG moved them to the fault, but to double check here is the hijack log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:22 PM, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Craig .OFFICE\Desktop\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=w...1w4FlSX+sAMtg7
R1 - HKCU\Software\Microsoft\Internet... Read more

A:Trojan and worm detected...

Bump.

Read other 12 answers
RELEVANCY SCORE 47.6

Hi Guys

I ran a Malwarebytes scan and it detected Worm.autorun.

I have run allthe necessary scansandhopeyoucan assist me in cleaning up my pc.

Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:20 PM, on 23/09/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program ... Read more

A:Worm Detected Malwarebytes

Read other 8 answers
RELEVANCY SCORE 47.6

Hello, I have recently acquired a worm through a security hole that was downloaded by shareware (My Fault). This worm Disabled - Task Manager, "Run", Control Panel, "All Programs" on the start Menu, and most links on the right side of the Start menu. From my research, i conducted that this virus (or worm) is a very high danger. It acts like a key-logger, and displays the following message and other pop-ups -(Yellow Triangle with "!" Mark (Picture))Title - "Security Warning!"Message - Worm.Win32.Netbooster detected on your machine. This virus is distributed through the internet via the e-mail and Active-X objects. This worm has its own SMTP engine which means it gathers e-mail and re-distributes them. In worst cases... (Continued)Skipped a line - "Type" - "Virus"Skipped a line - "Security Risk" 5/5Etc. These and several other messages pop-up which lead to a rouge anti-virus known as WebAnti-virus 2008. I have tried scanning Trend, Spybot S&D, Malbyte's Anti-Malware, Kaspersky, and Nortorn, but they all do NOT detect it. This virus is manually controlled, up to an extent. When i try to download an anti-virus, or any other protection file, it starts bombarding me with pop-ups, slowing the speed dramatically. The same goes with scans. This might be programmed to do that, but it looks like someone is manually controlling it. Also, 3 new icons appeared on my computer labaled - "System Error Fixer... Read more

A:(Not Detected By HJ) Unremovable Worm

Hi ,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Note 1. Please refrain from making any changes to your system from now on as it might prolong handling your log and make the job for both of us more difficult.To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Note 1:The logs will be created in this folder: C:\rsit

Note 2:The tool takes not more than one minute to scan the system.Tell me if you have run any other tool other than those you have mentioned.

Tell me about the current condition of your computer.

Read other 23 answers