Over 1 million tech questions and answers.

Please, help me healing this one virus :|

Q: Please, help me healing this one virus :|

Listen, guys,
MY OS: WinXP
Antivirus: AVG
VIRUS NAME: Trojan Horse PSW.Generic2.QEO ... i didnt find single link on internet.
File size: 3,88kb

I noticed the file keeps popping up -- C:\Windows\system32\CsdDriver.sys , I was reading a post here http://forums.techguy.org/security/502809-solved-virus-keeps-popping-up.htm , but there is a bit different, it pop ups again and again, I updated my AVG, its fixing it, but it appears after a few seconds. The thing is that there are no C:\WINDOWS\system32\UpperHost.dll file... And this is quite odd, if there was, I could act as the man said in the previous Link..

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:16, on 2006.11.14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\WINDOWS\notepad.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=217.37.1.225:4144;gopher=217.37.1.225:4144;http=217.37.1.225:4144;https=217.37.1.225:4144;socks=217.37.1.225:4142
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Download Master - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\PROGRA~1\DOWNLO~1\dmiehlp.dll
O3 - Toolbar: DM Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3C} - C:\Program Files\Download Master\dmbar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files\Download Master\dmie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra 'Tools' menuitem: &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files\Download Master\dmaster.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: MemMan - {523455E4-ABCD-ABCD-1114-D709ADD3DDAB} - C:\WINDOWS\system32\MemMan.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Please, could u help me ?
Thanks

RELEVANCY SCORE 200
Preferred Solution: Please, help me healing this one virus :|

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Please, help me healing this one virus :|

Read other 8 answers
RELEVANCY SCORE 59.2

Somehow my computer contracted a Win32.HEUR virus off of an accidental spam site visit, and now my computer is full of infections.

At first I tried using AVG, but the virus basically overpowered it and tried to uninstall it.. So I got Kaspersky's virus removal tool. It seems to have taken care of the heur for the most part, but now I have a rootkit.tdss that just won't go away.

The problem is, I can't kill any processes, it's locked my taskbar out, I can hardly open any programs, it just says "This file does not have a program associated with it for performing this action. Please install a program or, if one is alread yinstalled, create an association in the Default Programs control panel." I can run programs if I select "run as administrator" but thats the only way they will work right now..

There are other symptoms as well, the whole pc is a complete mess right now, I've been working on it all day and night trying to get the infections cleared out. I just ran Hijackthis and I have a log I can post if necessary.

Is there anything else that I can do get this thing off of my computer??

-EDIT

I forgot to mention that when running malwarebytes or kasperskys virus removal, before I can complete the scan, the computer forces a shutdown.

A:Got a nasty virus on my laptop now, need some help healing it.

Hello and welcome let's do these. tell me how we are after.>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyTDDS Killer Please read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make... Read more

Read other 1 answers
RELEVANCY SCORE 58

Does anybody have any information on this virus in English, the only references are in Russian that I can find.

After AVG has scanned and healed the thing it comes up with warning box saying it has been found (Krepper.V) and to run AVG but it does not show up after scanning.

A:trojan horse virus and AVG healing THEN displaying warning

Sophos KrepperSee this link for info on Krepper from Sophos. There's also removal instructions but this means running Sav32Cli but this is command line based if you aren't happy using the command line I suggest using my tool RescueME see the sig.I would also suggest taking a hijack this log before and after cleaning and post both http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/ here for analysis to ensure that you are clean.

Read other 3 answers
RELEVANCY SCORE 56.8

AVG keeps on detecting "virus found exploit" with the file extensions of .htm/.html. while in the healing process, it would result in error along in the process...
i dunno what to do but here is the HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 947 PM, on 12/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSch... Read more

Read other answers
RELEVANCY SCORE 46.4

I recently wrote a review of a just-being-released addition to the ThinkPad line, the 14? T490s.  My writeup was based on the one system I had in front of me and, as always with pre-released systems, documentation was sparse at best.  The computer had very early drivers and system software but was remarkably stable and reliable.  New system software started to appear, and I noticed a new BIOS image, that was described as the initial release, but was substantially newer than what was on my computer.  I always try to apply updates as early as possible on any machines I review, hoping to identify any unexpected issues before the general market.  During the BIOS update, a message I had never seen flashed by.  As a result of nothing more than blind luck, my camera happened to be within reach and the battery was charged.  I apologize for the quality of the photo, but there was no time for staging.
 
New message
 
Based on what I can ascertain, the process is intended to be completely invisible to the user, other than the message I noticed.  After a BIOS update, the BIOS restarts and, after initialization, the image is backed up before booting into Windows or another operating system.   On subsequent startups, if there is a problem starting, the backed-up BIOS image is restored automatically.  In some ways, this is similar to the way Microsoft handles drivers in Windows. 
 
As I would expect, Phoenix Techno... Read more

Read other answers
RELEVANCY SCORE 46.4

Hi,

I have AVG internet security installed on my computer. It runs really well (despite it slowing my computer slightly )

However when I run a scan, reaching the end, it automatically begins "healing" any threats it may have come across. This is all well and good but when it gets right to the end of this process it seems to get stuck almost like it crashes. My cursor turns into the sand timer and "(NOT RESPONDING)" appears in the top of the window?!

It's not a massive problem but I thought I'd post the query in case there's either something I'm doing wrong or in case anyone else has encountered this problem before.
 

A:AVG Stuck Healing

Hi Mr C, Please stop creating new threads on same subject. You have 2 going already and a moderator will have to close 1 of them.
 

Read other 2 answers
RELEVANCY SCORE 46

Hi, for the last few months I have been using AVG, and in that time I have encountered a few viruses, mainly called JavaByte/Verify, that will not heal, delete, or move to virus vault. Can someone tell me why?
Thanks a lot.

A:Help with AVG removing/healing viruses.

I have ran into this on a clients computer he wanted me to fix. The only way I removed it was to slave the his drive into my test bench computer and used F-Secure to remove it.
Another note. Turn off system restore when removing viruses or removing spyware/malware.

Read other 3 answers
RELEVANCY SCORE 46

Logfile of HijackThis v1.99.1
Scan saved at 4:01:52 PM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\fscagent.exe
C:\WINDOWS\System32\update\1.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\update\7.exe
C:\WINDOWS\System32\8.exe
F:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Sec... Read more

A:AVG detects threat and keeps healing

Read other 16 answers
RELEVANCY SCORE 45.6

I am using AVG Free version 7.5 and it is updated but it doesn't heal viruses anymore example RavmonE.exe that can be healed by other computers with AVG FREEMoved from the "XP" Forum. ~acklan~

A:My Avg Free Is Not Healing Viruses Anymore!

Do you have any other anti-virus software on your computer or something loike security suite?

Read other 1 answers
RELEVANCY SCORE 45.6

I spent the night at my sister's the other day. She was agitated while using her laptop. Typical complaints, it is slow to respond, some programs won't open at all, and pop ups. I ran a few of the scans that I've used in the past and it's more responsive, there aren't any more popups flashing, but it still lags. I am hoping some wise soul on here can take it to the next level.

Thanks in advance!
 

A:Healing my sister's slow laptop

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Cyndy (administrator) on SANDERS on 24-04-2015 11:28:21
Running from C:\Users\Cyndy\Downloads
Loaded Profiles: Cyndy (Available profiles: Cyndy)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Sear... Read more

Read other 20 answers
RELEVANCY SCORE 45.6

I have had this issue for many months, now. I loaded Vista x64 Home Premium to run in a dual-boot configuration with my XP Pro. I do critical work so I didn't trust going to Vista exclusively. I mainly wanted it to see if I could utilize all my RAM and speed up Photoshop processing.
I have had it working three or four times, (except for tablet functionality) then when I must re-boot because of SP1 and other security updates or in one case, I installed Office 2007, it does nothing on restart; black screens and just sits there, totally unresponsive. No blinking of the LED which shows drive activity. When re-booting, F8 isn't working (nothing happens). Regarding the previous instances, I gave up trying to get it to respond and went back to booting into XP, which always works fine. Then after a period (usually a month or more) I will try booting into Vista, on restart, and viola, it works again!
WTF is going on?

ASUS A8N32-SLI Deluxe motherboard
AMD Athlon 64 X2 4400+ Toledo: 2,400 Mhz on air (10% OC)
Thermalright XP-90C with 92MM Thermoflow temperature sensing fan
4 Gig of OCZ Titanium DDR400 (PC3200) dual channel, unbuffered RAM
MSI NX6600-TD256E video card & dual 24? wide screen LCDs setup
2X - WD 250Gb 7200RPM SATA main drive, w. 16Mb cache
(one for XP Pro and one for Vista x64 Home Premium)
2X - Fujitsu MAU3036NP (15K RPM hard drives running SCSI 0 [striped])
Lian 7077A - full tower case with optional 120mm fan in top,
90mm fan (stock AMD-CPU) angled facing MB chips... Read more

A:No reboot after updates and then mystery healing

How did you set up the dual boot?

Read other 8 answers
RELEVANCY SCORE 45.6

I'm currently disturbed by this popup every time i open my computer. Whatever user I log-in the same popup appears. The title of the popup is "C:\WINDOWS\system32\keyboard\services.exe" Below that, a message says that Windows cannot find 'C:\WINDOWS\system32\keyboard\services.exe'.This started when I transferred video clips from an mp4(ipod). Of coarse, I scanned it first using my updated AVG free edition and found no threat. After that i downloaded a free realplayer11 from cnet (here's the url: http://download.cnet.com/RealPlayer/3000-1...-10073040.html). It was saved to my desktop so as the video clips that I transferred. Then I tried to install realplayer but upon running the downloaded installer, it warned me that the computer will be restarted after the installation. So, I decided to cancel it first and remove first the mp4(ipod) and the flash drive of my cousin (which was already there when I used the computer). I failed in safely removing the mp4(ipod) but succeeded in removing the flash drive. I then, decided to forcefully remove the mp4(ipod) and started a computer scan. As expected, I found 1 trojan and successfully healed it. AVG asked for a restart and I clicked 'yes'. From that time, this annoying popup shows.The incident happened while I'm using the Administrator Account.I'm using Windows XP Professional SP2Please help me with this problem....

A:Popup After Healing Infected File

Hi and welcome..Its not unusual to receive such an error after using specialized fix tools.A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error returns.Next run MBAM:Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via ... Read more

Read other 17 answers
RELEVANCY SCORE 45.2

Xi'an Double Road Import and Export Co., Ltd. is the production and sales of biotechnology products, has always focused on high quality, is China's biotechnology industry's leading enterprises supply.
Since 2010, China in production and sales of our products have been ranked first in the industry, has become a silver antimicrobial technology and products, including silver antibacterial agent 1-MCP preservation of professional manufacturers, the company has a complete and scientific quality management system, integrity, strength and quality of being recognized products, welcome friends from all walks of life come to visit and negotiate business.Skin Wound Healing Cream suppliers
website:http://www.zgxianbilu.com/
 

Read other answers
RELEVANCY SCORE 45.2

Quote:
We?ve covered how to use the old school CHKDSK command check on disk in Windows 7 yesterday but what we didn?t touch is actually even better. It?s a nice new feature that I didn?t realize its existed either until very recently.

Basically, once the feature is turned on, Window will detect a physical file system error and automatically fix it on the fly without you even noticing it happened. Because of this, you actually have a lot less chances having to run CHKDSK to check the disk manually because most likely the errors you suspected may have been fixed by this self-healing process already.

NTFS Self-healing is turned on by default in Windows 7 but if you are not sure you can use the following command to make sure. Note that the command has to be run as Administrator.

fsutil repair query c:



However, there is a possible downside that you may have already been thinking and wondering. Yes, the data may potentially be removed silently without user?s knowledge during the self-healing process. To address this issue, Microsoft added BugCheckOnCorrupt option that does something you may think it?s crazy.

It throws a BSOD (blue screen of death) and shuts everything down instead of attempting to fix the error, if the system discovers any NTFS corruptions.

Yes, not every BSOD is bad. Some of them happened in purpose, just like this as designed. It does sound crazy because why you would want the system crash, but from the data safety perspective, this att... Read more

A:NTFS Self-Healing is An Overlooked but Useful Feature in Windows 7

Thanks Nick, interesting read.

Read other 2 answers
RELEVANCY SCORE 40

Panda


Incident Status Location

Adware:adware/ilookup Not disinfected c:\windows\iLookup
Adware:adware/comet Not disinfected c:\documents and settings\all users\application data\Starware
Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\FunWebProducts
Adware:adware/s... Read more

A:Weird "can't find file" message on startup, viruses not deleting or healing

Please go HERE and carry out the instructions that are posted.Thankyou..

Read other 19 answers
RELEVANCY SCORE 23.6

Hey!!! Please help me. About two days ago, my computer got infected with Vista Anti-virus 2011. I spent the whole day trying to remove it, I finally did with the help of Malwarebytes. Its seems to wipe it out until today when Vista Anti-virus emerged again. I ran Malwarebytes and removed it again. Rebooted and ran it again and came up clean. I also ran systematic antivirus and it also came up clean. The only problem now is that about every minute a commercial audio plays without anything else running. Nothing pops up or anything, just the audio file. Also when I try to go in the internet either with internet explorer or firefox, I get alot of redirects. Please help me!!!Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs..DDS (Ver_11-03-05.01) - NTFSx86 Run by Garrett N at 0:51:43.25 on Sat 05/07/2011Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_22Microsoft? Windo... Read more

A:Vista anti-virus (virus) and Commercial Audio virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 28 answers
RELEVANCY SCORE 23.6

Topic Title edited to show original Post Title ~KoanYorelHi I posted original post on the 6th July and have not had a replyThanks for any help that may come my wayCheers Johttp://www.bleepingcomputer.com/forums/t/98897/w32-alcra-f-virus-trojan-popper-virus-with-2-downloader-viruss/I am so sorry for double posting for some reason I cant post in the ' havent had a reply in 5 days ?'I have also tried to clean up my computer since the original post so I will put my new HiJack This log in this posting..... hope that isnt a problem.ThanksLogfile of HijackThis v1.99.1Scan saved at 6:22:43 PM, on 13/07/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\NMSAccess.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\HP... Read more

A:W32 Alcra F. Virus + Trojan Popper Virus With 2 Downloader Virus's,

Welcome to the BleepingComputer HijackThis Logs and Analysis forum magic23My name is Richie and i'll be helping you to fix your problems.Please download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Also post a new Hijackthis log please.

Read other 9 answers
RELEVANCY SCORE 22.8

Hello,

Well today my brother and his wife were using my computer and when I got on the first thing I was met with was this little problem. A black rectangular box in the middle of my desktop with red lettering stating:

YOUR SYSTEM IS INFECTED!

The program that suddenly showed up on my hard drive is called Advanced Virus Remover. The desktop background has been changed to a plain blue background and the task manager has been blocked by the so called "administrator" even though I am logged into the default admin account.

For an anti-virus on my system I currently use Avast Home Edition but it seems to have been unsuccessful at removing the entire virus and it just keeps coming back. I have not personally had a virus like this in some years now. I want to find a method that is going to COMPLETELY eliminate everything that has been placed onto my PC 100%.

I do have a complete backup of my system made. When I first installed windows XP on my machine I made a complete backup witch I can use if all else fails to completely wipe out this situation. However since I did a complete recovery to my system about a week ago just before I got internet hooked up to it again I really do not want to do everything all over yet again.

Any recommendations to completely rid myself of this garbage is much appreciated.

A:Virus alterting me of a virus - Advanced Virus Remover

I appears as if I have removed it completely, but I am always a bit worried whenever something like this happens even it seems to be gone. Any pointers would still be helpful.

Read other 2 answers
RELEVANCY SCORE 22.8

I have an HP running XP.All microsoft updates are current. Adobe Reader is the latest version.I have started in safe mode removed proxy and run both Malware and Super Anti Virus multiple times. Infections included multiple trojans and rogues.Some but not limited to AV, Wireshark, trojan dropper etc.I get pop ups that state "overstack" i also get other pop ups with 000000000000000000000.0000I also had redirect issues on google search but went away when i went in and cleared out the ip it was directing it to. Trojans and rogues keep coming back.Please help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:11:57 AM, on 8/9/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exec:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\CheckPoint\ZAForceField\IswSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\CheckPoint\ZAForceField\ForceField... Read more

A:AV Virus then WireShark Virus now Google redirect Virus

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your ... Read more

Read other 2 answers
RELEVANCY SCORE 22.8

I have recently purchased a HP All-In-One computer running Windows 7. This past Friday I chose a link from Google news thinking I was going to a news article. Instead, I was taken to a website that appeared to be a virus scanner. I recognized that this was a scam and X'ed out of the screen. Now the computer is slow when navigating the web and periodically returns to the virus scan scam. The virus shows as AVG8 virus scan.

I've run both Avast virus scan and Malwarebytes malware scanner and both show up with 0 infections.

Can anyone provide me a direction that would eliminate this browsing re-direct problem?

(Ironically, I have an old dell laptop running Windows XP that has the same problem. Since it is old and I got so frustrated I just stopped using it. I bought the All-In-One for my wife for Christmas and now it's doing the same thing.)

Thanks

A:AVG Anti-Virus Virus or browser redirect virus

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 22.4

Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean

A:Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windo... Read more

Read other 1 answers
RELEVANCY SCORE 21.6

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at ... Read more

A:XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 17 answers
RELEVANCY SCORE 21.6

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 21.2

so i have registry cleaner installed because ive been getting the blue screen of death and i heard it helps ( no help)
i have Malwarebytes' Anti-Malware and its pretty good,removes viruses and all
and i JUST installed Safereturner

ok so everytime i run MAM it says only 1 infected (torjan.bubnix) remove and restart. i restart and run again...still there! so i install safe Returner and it found viruses in dell and quicktime and stuff but no malware found no bubnix found....so i restart and run MAM AGAIN and still have Trojan.bubnix.
i think that has been the reason for my re-occuring blue screens of death and looooads of spam e-mail! i really am sick and tired and i need it installed fast,easy and free,pleeeeeeeeeeeeease help!

A:apparently i have a virus? one virus and two virus removers...help!

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 21.2

Hi,

Please help!

I have a Fake Virus Alert Visus on my PC.

When booting the machine it comes up as:
" Application cannot be started - the file wltuser is damaged. Do you want to activate Antivirus now?"

Internet Explorer will then be locked and will only link to the Fake AntiVirus software.

Can someone please help? I have ran Malewarebytes a few times but it has not worked. I am currently in Safemode and re-running once again.

Thank you very much!

A:Virus - false Virus Protection Virus

Lots of people have been getting this recently. Is it similar to Vista Internet Security 2011? Thats the one i got. Dunno if it matters if urs is windows 7 or xp. When it pops up and the the shield icon shows up in the taskbar tray, open task manager. Look for .exe's pw.exe and MSASCui.exe. For me it was uuj.exe.

Right click on it and then click open file location. If you cant see it, then go into folder options and click show hidden files and show system files too. Once u can see it, u can delete it.

The pop up should be gone now but you still wont be able to load you .exes. You can only use them by running as admin.

So click start and type in regedit. Right click on it and run as admin.

In regedit look for these entries;
HKEY_CURRENT_USER\Software\Classes\pezfile
HKEY_CLASSES_ROOT\pezfile
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\pezfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\pw.exe" /START "%1" %*

For me, i could only find the third one. I deleted replaced it with "%1" %*

Then i downloaded and used that vista/windows7 exe fix from this site and fixed the problem
http://www.winhelponline.com/articles/105/1/Fil... Read more

Read other 2 answers
RELEVANCY SCORE 21.2

My anti-virus said it removed a trojan. When I restarted my computer my anti-virus was turned off and it won't turn back on. I ran MalwareBytes and I didn't find anything, so I need some help.

A:Anti-virus removed virus now anti-virus won't turn back on.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 11 answers
RELEVANCY SCORE 20.8

Hello
I have been experiencing some problems with my computer recently. Firstly, my virus scanner (AVG) keeps on finding a virus called 'not-a-virus:RemoteAdmin.Win32.WinVNC-based.f' and some trojans called 'Trojan.JavaClass'. I have also been getting random pop-ups whenever I have been browsing the internet, and my computer seems to be running very sluggish, especially at startup.

I also believe that, last week, someone gained remote access to my computer, as all of a sudden, my mouse wouldn't move properly and the computer became really slow. This only stopped when I engaged the internet lock on my Zonealarm firewall.

Today, I was asked by Zonealarm to give a program called spoolsv.exe "access to privileged rights" which I have never seen before for this program. When I looked at the properties of spoolsv.exe, it said that it was created in 2006 but modified in 2005 (???), and so therefore didn't allow the program access. (I don't know if that has anything to do with the problems that I am having but thought I would mention it)

I have done "the 5 things you need to do" before posting a blog; here are the files requested:

Panda Scan:

Incident Status Location ... Read more

A:[SOLVED] &quot;not-a-virus&quot; virus and &quot;javaclass&quot; trojan keep appearing on virus scans

Bump.

Read other 4 answers
RELEVANCY SCORE 20.4

My computer: Dell Inspiron 15inch Windows 8 64bit 500gb hardisk
 
 
I have this virus that will established connection to remote hacker and download virus etc. Currently Im using Sterjo Netstalker to block suspicous connection and its many. I believe its a rootkit virus that hide inside hard disk if not anything else. I have only 1 harddisk attach and I even flash bios and format hardisk. I use to format using DBAN nuke despite not finish (it takes 20 hour) though have gone 1 round and 2 pass but the virus is back after fresh Windows 8 install.
 
Its annoying as it slow down internet and keep use up my hard disk and its getting hot. I wish to remove this virus or had to buy new PC. I attach GMER scan here
 
Too bad though I take prevention step by using AVG and disabled my laptop wireless device and using external usb wireless instead. In the attachment you cant see the real original virus before like its infected svchost and create "auxiliaryseed..." inside the value something like that. But now maybe just ignore the AVG and see around if you can find anything in the attachment. Help much appreciated.
 
Thank you

A:rootkit virus csrss, svchost spyware virus hidden in hardisk even reformat

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus definit... Read more

Read other 16 answers
RELEVANCY SCORE 20.4

Please can anyone help me clear my laptop of whatever has hijacked it. It blue screens on me and will only access the internet with add ons disabled. It completely locked me out at first but used malware removal and found yura 94.exe I have tried using several malware removal tools since but think I need to leave it to you experts as it really seems to be in a mess and i can't fix it !!!!
Thank You in anticipation.
Here is the HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:31:12, on 27/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NCH Software\Fling\fling.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxdicoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Pro... Read more

Read other answers
RELEVANCY SCORE 20.4

Hi,

Virus doesn't allow me to startup my computer, apparently even if safe mode.

Symptoms were:
- Pseudo-anti virus program launched itself, and gave spurious results
- Messages were displayed in red over the screen background
- I rebooted, and could no longer run browsers or other programs, including Norton
- Rebooted again, and no screen display
- Tried to reboot in safe mode, but that appears not to work also
Help!
 

Read other answers
RELEVANCY SCORE 20.4

Hello, i'm new to this site, so if i say something stupid please be understanding.
(i'm running vista to clarify)

I had a while ago gotten a virus which would play sounds randomly, and i was able to temporarily fix it by going to task manager and killing the process. after a while the virus stopped bugging me (i guess the antivirus software caught the culprit.)

recently i downloaded an installer, and it happened again. this time i hit ctrl alt del, and task manager had been removed from the list. i tried accessing it through control panel and it told me it had been blocked by the administrator (me) i then looked up how to re-enable it, and went to run REGEDIT and that was blocked too. i've tried several scripts to re-enable regedit, all to no avail.

whenever the sound stops playing i get a message saying:
"Host Process for Windows Services stopped working and was closed

A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

i also found these 2 files in system configuration: BtwSrv (by Microsoft Corporation) and fastnetsrv Service (by Sigma Designs Inc)

I googled the second one, and found it to be a virus (yayy google!)
I am unsure about how to remove these, and i also found several remote applications which i would like to disable... help would be appreciated

McAfee identified a virus and removed it, however it keeps re-appearing

Detected: Artemis!F245638D7283 (Trojan),
Artemis... Read more

A:Random Sound Virus + Registry editor and task manager disabled by virus

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for malware removal assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 20.4

I hope that this is in the right section but I am having a problem with my computer. I can constantly hear programs running in the background. I currently have two anti spyware/malware installed on my computer. One is SpyHunter and the other is CyberDefender. They both are picking up on some virus called Vundo and everytime I delete it, it just comes right back. It is so frustrating surfing the internet because it freezes or moves extra slowly. Figured I'd ask you guys before I take a hammer to it lol.

Thanks

A:Windows XP SP2 running slow, virus protection catches it but the virus keeps coming back

Hello,i am moving yjis to the Am I Infected forum from XP.Please disable those apps while we do this.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the St... Read more

Read other 9 answers
RELEVANCY SCORE 20.4

OK i just got into the Econo Lodge hotel i got my computer and i started to realize it would keep getting hot. So sometimes it would crash or go into hibernation. But now its worse the computer keeps shutting down like in sleep mode where the screen dims and the wireless button becomes red accept now it shuts off is my harddrive shot or is there a remote accesser or worm in this. Let me note i do download ROMS and emulators but are these the cause. Even when my computer is just 34 or 48 degrees Faranheit it will do shall i call it a "sleep-mode shutdown" is this my BIOS doing a fail-safe worm by someone or is my hard-drive shot or is someone invading my computer and infecting it or remotely hacking and shutting it off with a .BAT i should also tell you i am in Safe Mode with Networking while i post this and my computer is Windows 7 Ultimate bought in 2007 and upgraded to Win7 2009.

Thank you. Ryan

- I will post a log as soon as i get a reply with what to do.

EDIT: I also get my ROMs from Emuparadise.com and since i use a hotel wireless access point i get a lot of pop-ups.

A:Weird virus??? (Remote access/WIN32.Worm/file virus/SHUTDOWN.exe PLEASE HELP)

My guess is your computer is getting to hot and being shutdown to protect it.

Read other 1 answers
RELEVANCY SCORE 20.4

Hello,I've been figthing with this for some time now, with no joy. I found that somebody has an identical problem here: http://www.bleepingcomputer.com/forums/topic279534.html So in any broswer (MSIE8, Firefox, Chrome etc), google search results are hijacked to searchwebnet.info, and then redirected to various other locations - e.g. it seems the first point is searchwebnet.info, and then my browser makes a couple of other hops, before it eventually lands on some dodgy site. Results from search engines other than Google (e.g. Yahoo! or Bing), are not hijacked.Also, same as described in the topic above, MSIE sometimes doesn't start, or sometimes bluescreens my machine when I attempt to run it.One thing I noticed, whether is relevant or not, when the redirection happens, in windows task manager I see SearchProtocolHost.exe process starting up. And staying there, running..Interestingly, my problem also started happening around 17th Dec 2009, which is the date when the above topic was posted. Any help is greatly appreciated!

A:Unknown redirect virus(es?), A virus that often redirects to searchwebnet.info from google results 2

Please find my DDS.txt pasted below (created with AV & AS software off, and with network off). I've attached DDS' Attach.txt zipped, and NT Boot Log, if it's of any help.Many thanks!DDS (Ver_09-12-01.01) - NTFSx86 Run by Owner at 23:32:13.41 on 29/12/2009Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Business 6.0.6002.2.1252.1.1033.18.1021.296 [GMT 0:00]SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\syste... Read more

Read other 3 answers
RELEVANCY SCORE 20.4

Hello, I have some weird chinese "anti-virus" virus that I cannot delete, also Malwarebytes Quarantine doesnt let me press the finish button.
Some weird chinese programs tend to appear out of nowhere.
Please help.

A:Weird chinese "anti-virus" virus + malwarebytes quarantine doesnt let me finish

Hi Snajpi My name is Aura and I'll be assisting you with this issue. Please give me a few hours to review your logs and prepare a reply.Thank you!

Read other 15 answers
RELEVANCY SCORE 20.4

Hello,I'm usually good enough with my computer to avoid and/or repair these kinds of things on my own, but have never had this.It changed my desktop background from a picture to text warning me about malicious content, and at the same time my Windows Update icon flashed red, and my AVG anti-virus warned me about the bugs.Ad-Aware found and removed/quarantined some of them. AVG found and removed others.My task manager still runs properly and found a few programs that looked suspicious "fff.exe", "msctrl.exe", "16627184.exe", & "EtEngineU.exe".I run daily scans for all of my anti-virus and ad-aware, and nothing has come up previous to this stuff today, so I know it's new.One pop-up that looked like it came with a new Windows XP update I downloaded claimed it was "Windows Total Security" and that it would clean up malicious content, but that I'd have to pay.Thankfully I wasn't stupid enough to fall for that, just stupid enough to get it on my computer.I deleted a bunch of those programs from my task manager (ended the process tree completely), removed the programs from the control panel, searched out the files in "My computer" > "C:" > "System", etc.However, there are items in "startup" when I run "MSCONFIG" with the same names that claim they're going to run as soon as I start the program up again.I ran HJT, and the other scans this site recommends before posting a new ... Read more

A:Total Security virus - FFF.exe virus, 16627184.exe, EtEngineU.exe, perdm32.exe, msctrl.exe, & other viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Received a link to clik from business colleague. I started receiving messages from friends on my Facebook buddy list asking me why I would send them a link to clik on. Apparently, the links are different but my McAfee said it blocked it when I tried to download whatever he sent me. I started getting virus alerts to download programs to clean it, which I knew was not from McAfee. I performed a manual scan and it found 6 virus and malwares which were quarantined. One of my friends said that her McAfee didn't even detect anything and had to pay them to get deep into her computer to get rid of it. Today, I awoke to find a similiar ploy to download a virus and malware program to rid my problems. I print screened and am posting that. I again ran a McAfee virus scan and it found 4 which again were quarantined.

How can we get rid of whatever is causing this?

I ran a Lavasoft Ad Aware scan which detected 2 cookies and were removed. I also ran Spybot Search & Destroy which found 25 Ask toolbar which I removed. It is 1 day after rerunning the McAfee scan above and so far no recurrence of the virus. But is it still in my computer?
 

Read other answers
RELEVANCY SCORE 20.4

hello guys/gals. this is my first post here. wonderful helpful site you have here ! thanks !
alright i may provide too much info, but i figure too much is better than not enough.
for starters, my wife's cousin was using my laptop to do online school work when the screen went blank, then changed to a solid red screen. all of those fake "windows restore" type error messages started popping up saying things such as failed hard drive, etc. then it started doing this scan and showed all of these problems that it detected. it prompted you to purchase their "bogus" program. luckily i was home and told her that was not legit and to avoid that. i grabbed the laptop from her, closed all of these 60 or so error messages, closed out this fake scan screen, and rebooted my pc. after reboot, everything appeared to be gone. my desktop icons were gone, my desktop image was gone and replaced with a solid red screen, everything in my start menu was gone.

i quickly realized that everything was not gone, but whatever had infected my computer had "hid" everything. i shut down again and hit my f8 key to reboot into safe mode. i have windows xp professional (5.1,build 2600) 32-bit. after hitting my f8 key, it pulled up the "windows advanced options menu" where i selected "safe mode with networking" so that i could troubleshoot and research the internet from the safety of safe mode. after selecting "safe mode with networking", i... Read more

A:possibly had / have root kit virus or restore / recovery virus that hid EVERYTHING and would not allow me access to safe mode

adding update. following your "remove system restore (uninstall guide)" in the exact order it was listed, after posting my initial post as suggested, i continued on to the next steps. i downloaded malwarebytes and ran a full system scan. here is a copy of the notepad txt file created with threats detected placed here as an attachment. i removed these threats as directed and restarted pc when malwarebytes prompted me to. my question is do i still need to run your step 19 which is to run the unhide.exe program ? i'm asking that because it APPEARS that everything is working like it should after me running the "pc recovery". i am now going to leave safe mode and reboot into normal mode without running unhide.exe, hopefully that will be ok. thanks again.

Read other 17 answers
RELEVANCY SCORE 20.4

Hi, my computer was struck with that hideous virus AntiMalware and its various forms such as Trojan-Downloader.JS.Multi.ca and Virus.Win32.Gpcode.ak. I kept getting frequent messages or Security Center alerts whenever I used my computer saying those trojans were present and I had to install their program. I managed to stop getting those alerts by deleting some entries from a HijackThis scan such as -ex_08.exe and others stored in the temp folder in the scan that seemed suspicious and those that I verified on Google as trojans. But I still can't use system restore, malwarebytes antimalware program or super anti spyware. I went into safe mode and everything I described above as well trying to install Malware bytes but it's stuck at finishing installation. It just doesn't work so I cant remove all the malware. Im posting a Hijackthis log. Please help.

A:AntiMalware program infection and virus disabled all antispyware/virus/malware programs

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:03 PM, on 9/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\BRMFRSMG.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\DMXLauncher.... Read more

A:Please diagnose Hijackthis log: Personal Guard 2009 virus (fake anti-virus)

DDS (Ver_09-07-30.01) - NTFSx86
Run by Admin at 14:22:35.14 on Wed 09/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.580 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Progra... Read more

Read other 3 answers
RELEVANCY SCORE 20.4

Accidental double post.  Here is the link to my real thread: http://www.bleepingcomputer.com/forums/t/524143/virus-possibly-paladin-virus-avoids-all-scanners-and-crashes-desktop-on-start/Edit: Merged two topics for continuity of context and MR Team topic management.~ Animal

A:Virus (possibly Paladin virus) avoids all scanners and crashes desktop on start

Computer: Windows Vista 64 bit / / Dell XPS 420
 
Problems started occurring out of the blue when I tried to resume my computer from sleep mode and it froze. I had not downloaded anything recently, not anything I was aware of anyway. My computer has had several corrupted files that contained error messages on start up. I have been able to fix these but my computer freezes soon after I start up. I am only able to access safe mode. 
 
I have been able to remove 42 entries of malware via Spybot. And 1 virus via Avast. The virus was called Paladin. However, in my virus chest there are multiple entries each named unknown, all with the same date of quarantine. Despite my quarantining of this virus, a [Paladin] program still pops up very briefly in normal mode in my start-up tray. 
 
I have been able to install and update a number of anti-virus and malware removal programs despite being infected. Although initially, the virus had somehow removed Adwcleaner, I was able to reinstall it and scan my registry. The problem, however, was not fixed. For some reason, despite downloading them, I have been unable to fully install Avira Anti-virus and am unable to get AVG to run.
 
Everything else comes up with zero results despite continuing problems. MRT says I have 1 infected file on a Full Scan, however, it always locks up when attempting to scan: D:\dell\Image\Factory.wim\Windows\Help\Windows\en-US\mail.wmv
Custom and quick scans yield no results.
 
... Read more

Read other 41 answers
RELEVANCY SCORE 20.4

Windows XP Machine IE 7
Noticed a few days ago that whenever I was doing google searches I would find my item, click the hyperlink and was supposed to go to the intended website, but instead would hit a variety of Porn, Healthcare, Pharmacy etc website having nothing to do with my search criteria.

I had McAfee installed at the time but found that it had not updated itself in a few days and when I tried to run it for virus scans it wouldnt work. Finally removed the program and tried a number of others: Kasperia, Ad Aware, etc. The same problem exists in all of them.....I install it, I try to start a scan and either it starts scanning and then just disappears from my screen a few seconds later (program stopped and is gone from screen - try to restart and either it crashes instantly or does the same each time) or I cannot even click the scan button (it just doesnt do anything when you press it over and over again).

Have been for last few days reading through website help forums and downloading various programs to ID, fix etc...with little results.

Hijack installs and when I click the .exe file it gives me a popup error saying:

Windows cannot access the specific device, path, or file. You may not have the appropriate permissions to access the item.
I have managed to get Win32kDiag.exe to work with a log.....I currently have Erunt, HijackThis, SysRestorePoint, TFC, MGADiag, and Malware Bytes programs on my desktop.

Maleware is doing same as all other scanners....Either star... Read more

Read other answers
RELEVANCY SCORE 20.4

Operating System: Windows XP

I'm hoping that someone can help me! I am also getting three pop-up messages on my system. One is to download anti-virus software, another is a warning about the Blackworm virus, and the third is an Adult Friend Finder pop-up. My hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 5:05:45 PM, on 4/4/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Clarisys\Claritel-i750\Ipnappgw.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Program Files\Charter High-Speed Security Suite... Read more

A:Solved: Blackworm virus, anti-virus software and Adult Friend Finder pop ups

Read other 9 answers
RELEVANCY SCORE 20.4

Here is teh log, I think I have a redirect virus, it seems like every uyahoo or google search I do the links take me to random places, I also cannot access my virus scanner or its update. Also teh computer is running very slow. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:40:28 AM, on 4/22/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\Program Files\Java\jre6\bin\jqs.exeE:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeE:\WINDOWS\system32\nvsvc32.exeE:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeE:\WINDOWS\system32\HPZipm12.exeE:\WINDOWS\system32\svchost.exeE:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeE:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeE:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exeE:\WINDOWS\Explorer.EXEE:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exeE:\Program Files\Java\jre6\bin\jusched.exeE:\Program Files\Sharp\Shar... Read more

A:Hijackthis log I have a redirecting virus that wont allow virus scanners or internet explorer to work

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 20.4

Hi seem something got into my computer!!!
  Noticed yesterday my Norton’s popup said it caused an error and had to close. I rebooted the computer and ran a scan, came up fine? I notice my pointer would blink back and forth to the hourglass. I opened my task manager and it seems to be switching with the CSRSS.EXE & N360.EXE (CPU) counter jumping up and down, FAST! Never saw anything like it before, usually what just system idle, maybe Firefox??? I tried running Norton's again, I really forget if it crashed or didn't do anything. Tried the standard online virus scans and ran into all kinds of troubles. Some seem to start to load and then the popup window disappeared? Think it was Kasp., when I reloaded it, it ran and found nothing! Others froze or crashed, restarted the computer, without finishing. It seems to have gotten worse, the last few time I looked at the Task Manager and I see
 
CSRSS.exe       KSS.EXE       N360.EXE       AVG***.exe
 
All these (CPU) counts are jumping up and down I have never seen my task manager list jumping so much! It seems so much worse now that I tried all these scans, even with the computer freezing and crashing now. I rebooted in safe mode and came right here. You help me once so long ago and hope you can again! One thing, now when I look at the Task Manager, all those virus program names are gone, list is very short.  Plus (C... Read more

A:virus chk, no run! Task Manager show CSRSS.EXE & Virus prgs crazy switching??

Are you really surprised? You have kaspersky, norton, and AVG installed. There I was thinking that I like a bit of tin foil head gear. The executable CSRSS.exe as you typed it has reputation for being exploited, and although it should be a legit bit of XP, it could also be a trojan according to some of the webz? This support article from Micro$oft may be more practical/applicable use to you, and they suggest that it's caused by a corrupt user profile. The suggested remedy is to delete your user account after backing up stuff, and then restart followed by re-creating your user account.
 
PS
 
Being a Linux user I'd have to chip in as to why don't you try a linux live DVD/USB, there is no need to make changes to your hard drive or computer with the possible exception of changing the BIOS boot order. If you cannot afford a hardware/software upgrade then just boot into free linux, and try it out. There is no obligation to buy, and little/no risk of damage. Visit the BC linux forums, where people are very friendly and helpful.
 
windows XP ==
 
Linux ==

Read other 22 answers
RELEVANCY SCORE 20.4

Hi. I am new here. I have had constant problems with my computer crashing for over two weeks. Also I have noticed that I haven't been able to update my anti virus software...both ad aware se personal and avg 7 free have not been able to update for some 16 days now.
I have run your recommended online scanners, pandasoftware, housecall, and macafee. I believe macafee discovered the WIN32.ATAK.B and NEW POLYWIN 32 viruses, but said it could not remove them.
something seems to be eating up my ram, simple rendering tasks cause my computer to crash now.

I have updated to windows sp1a. I am running windows xp pro. I would appreciate any help.

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 18:47:14, on 19/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\sv... Read more

A:virus WIN32.ATAK.B, NEW POLYWIN 32 viruses, can't update anti-virus software

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
F3 - REG:win.ini: load=???
??? ???
?
? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://66.117.37.13/dba1402.exe

Please remember to close all other windows, including browsers then click Fix checked.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.
At the end of the scan click on see report. Then click Save report
Please post that log in your next reply.

In your next post please include:Panda Activescan Log
A new Hijackthis! Log

Read other 19 answers