Over 1 million tech questions and answers.

Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

Q: Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

Hello all! I'm posting here because I'm trying to take care of my brother's laptop. On Friday (Christmas Eve) he let me know that he'd gotten what appeared to be a malware and or virus attack which appeared initially as a fake anti virus scan ("AntiVirusDoctor") -generating numerous pop-ups and so forth. This was an older Dell (running Windows XP) of his that he'd had to switch to as his newer one is out of service for the moment-so the usual security software he uses and such had either not been reinstalled or not updated for a very long time with the exception of AviraAntivirus (it had just updated itself an hour or so before hand). Avira's gaurd seemed to have caught about 20-30 files trying to come in -almost all of these were tojan's. He'd started it's scan and had found 3 or 4 infections but I suggested he stop the scan and reboot into safe mode so he could run it from there. Meanwhile I went back to my computer and downloaded the newest version of Malwarebytes and after running his Avira again in safe mode ran a full-system scan on his computer in Malwarebytes. This found around 250 or so more infections. I saved the log files from the two malwarebytes scans I ran (I'd forgotten to ensure that all the files had been selected for removal the first time round & when I saw this immediately rescanned and then removed them). I’ve a decent amount of experience in dealing with computers but not so much as to feel entirely confident in attempting anything major without expert guidance. I had a VERY severe infection that hit my laptop about 2 years ago and left it dead in the water for 8 months so I'd like to do my best in helping him clean everything up as much as possible.

Now I want to see what if any remnants of this infection are left on the computer. I looked up information on a few of the file names that stood out to me and am concerned about several of them in particular, especially as I was noting in amongst the many files names what appeared to be not just browser Hijackers but e-mail Hijackers and such, files to grant access to IE’s license stuff, and files that looked as though they were meant to self repair etc. I’ve a bad feeling that there could be a rootkit or two in there –all in all it just looked like a rather nasty piece of work he got hit with. some of the names that popped for me were

AntiVirusDoctor
Vundo
Hiloti
WhiteSmoke

…and several others. there were tons of stuff under the names "mywebsearch" and "funwebproducts" and their supposed "toolbars" etc.
What I'm posting below: (all done in safe mode without networking because we didn’t seem to have full control over the wireless connection –didn’t seem to be able to disable it, etc- and I didn’t want to risk giving any bad programs access to the internet –please let me know if that was wrong of me? )

HijackThis Log

2 Malwarebyte Logs

Events logged by from the Avira’s “Guard”

I also tried to run DDS.rsc but it feels that there is a script blocker running. The thing is- I don’t know what the script blocker could be as I’m in safe mode without networking, so Avira’s guard and thus its script blocker is not running. Also my brother does not have Norton on his computer. (though once in the distant past he did… but I didn’t see any remnants from Norton or semantic that were immediately obvious.)

I also have run GMER however when the scan is done the computer freezes/crashes when I try to save the log file. I’ve tried rebooting (again into safe mode) and rescanning before hitting “copy” so I could try pasting it into a .txt file, but after telling me that the data was copied the clipboard it freezes/crashes again when I try to click anywhere outside the program, even if I try just hitting the windows button.

RELEVANCY SCORE 200
Preferred Solution: Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Malware/Virus Infection: AntiVirus Doctor & other possibly dangerous malware/viruses

Read other 16 answers
RELEVANCY SCORE 91.2

Good Afternoon,

My conputer and internet has been running super slow. Can anyone please help. My sister tried playing some games online one day and downloaded a couple of them. next day i found a registry cleaner in my programs. Im sure some how it downloaded itself since she doesnt have a clue what that is.
Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: AMD Athlon(tm) 64 Processor 3500+, x86 Family 15 Model 47 Stepping 2
Processor Count: 1
RAM: 958 Mb
Graphics Card: ATI RADEON XPRESS 200 Series, 256 Mb
Hard Drives: C: Total - 183633 MB, Free - 154154 MB; D: Total - 7124 MB, Free - 1216 MB;
Motherboard: ASUSTek Computer INC., Amberine M, 1.03, MB-1234567890
Antivirus: AntiVir Desktop, Updated: Yes, On-Demand Scanner: Enabled
HIJACKTHIS LOG

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:47 AM, on 8/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malwarebytes' Anti-Malware\m... Read more

Read other answers
RELEVANCY SCORE 91.2

Today, I noticed that I was getting a lot of unusual pop-ups when I was using firefox. I uninstalled firefox thinking that might solve the problem, but continued having wierd pop-ups when using internet explorer afterwards. My antivirus software (Antivir) was not able to detect any problems, so I tried a few malware detection tools, such as the free one from microsoft's website. However, I don't believe they worked because I am still getting the pop-ups and the browser's performance is noticeably lagging. Also, after running some of these malware detection/removal tools, I am now getting 2 wierd error messages whenever I turn the computer on. One says "Error loading c:\windows\system32\fovisuga.dll. The specified module can not be found" and the other says "Windows cannot find 'logon.exe'. Make sure you typed the name correctly, and try again. To search a file, click the Start button, and then click Search." I am not sure what to try now to get rid of whatever virus I have and then to fix these errors. Any help would be greatly appreciated. Thanks.
 

A:Novice in need of help with virus/malware infection (possibly vondum?)

I just downloaded hijackthis. Here is a copy of the scan results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:21 AM, on 10/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
... Read more

Read other 1 answers
RELEVANCY SCORE 89.6

Having this problem and can't seem to fix it. Checked Aviras' report log and most recently TR/Crypt.XPACK.Gen5 was quarantined. Not sure if this IS the virus or some other one as I'm unable to run any antivirus whether in normal or safe mode. It kills any antivirus software within couple of seconds and I can't launch it again. Tried re-installing Malwarebites' but again the same happens and can't relaunch it. Tried launching online scanner on Firefox but killed firefox too and it seems that deleted Firefox altogether. Tried running RKill but same happened. Also 'No sound card' error comes up when in safe mode. Installed full version of Malwarebytes' and it seems the Guard was running and blocking some things but can't launch the scanner. Tried other various antivirus software but the same happened. Could not run GMR as again the process was killed and I'm unable to relaunch it. The following error pops up when trying to run it again: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." This is the same error that pops up when I try to launch any software that was killed by the virus/malware. Please help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by jonas at 19:03:40 on 2011-10-10
Microsoft Windows XP Home Edition 5.1.2600.3.1257.370.1033.18.1022.613 [GMT 1:00]
.
AV: AntiVir Desktop *D... Read more

A:Virus/Malware > Possibly TR/Crypt.XPACK.Gen5 > Kills antivirus process

Good evening. Please download DummyCreator.zip by Farbar from here and save it to your Desktop - you will then need to unzip it.Right click on the zipped folder and from the menu that appears, click on Extract All...In the "Extraction Wizard" window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish. Double click DummyCreator.exe to run the tool. Copy and paste the following into the edit box:

C:\WINDOWS\1428249252 Click the Create button. Make sure you have a copy of Result.txt that should appear once the tool has completed.
Important: Restart the computer and then let me have a copy of Result.txt in your next reply.

Read other 25 answers
RELEVANCY SCORE 88.8

I'm running Windows XP SP2A few weeks ago, my desktop got a nasty infection. I've been battling it since. Some items get detected and removed, but the problem never seems to be entirely fixed. Here are the current symptoms:1) While browsing any site online, a new window will occasionally open to some spam/ad site.2) If connected to the internet, after a period of normal functionality, elements of my system will mysteriously malfunction. For instance, the taskbar may spontaneously turn from the normal XP blue into classic gray. Internet connectivity may become suspiciously disrupted. 3) The system sometimes seems to be engaged in some robust activity even while I am not actively using it. I know this may actually be innocuous, but the amount of activity seems abnormal. I have Malwarebytes, SUPERantispyware, and Avira. Although all three have detected and removed some items in the past few weeks, none seem to be totally effective. Currently, none of them can detect a problem. I also have rkill, CCleaner, hijackthis and GMER. I have been hesitant to use hijackthis and particularly GMER, for fear of damaging the OS. FOr similar reasons, I have been reluctant to use combofix without advanced direction.A GMER scan revealed, among other things, that a system file "atapi.sys" has a "suspicious modification".Please help! I think something evil has burrowed deeply into the system.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:07:07 AM, on 2/13/2... Read more

A:Malware infection seems dangerous

Hello, kdvmy.It looks like you have a rootkit. We can fix it, but before we do that, I need a better look at your system than HJT. Please do the following scan so we have a baseline and I can see if anything else is going on.Thanks!We need to create an OTL report,Please download OTL from this link.Save it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in:netsvcsmsconfigactivexdrivers32%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%SYSTEMDRIVE%\*.exe/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32ahcix86s.sysnvrd32.sys/md5stop%systemroot%\*. /mp /sCREATERESTOREPOINTClick the Quick Scan button.The scan should take a few minutes.Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts.

Read other 37 answers
RELEVANCY SCORE 88.8

Hello,My machine appears to be infected with Anti Malware Doctor as well as other unknown (to me) malware. I have run several scans with programs like Malwarebytes and Spybot (both of which find problems each time I run them) but the infection on my machine always reappears, even after I clean the problems found by the scans. I have done everything I can based on my relatively limited knowledge of the inner workings of windows XP. Can anyone please help me remove the malware on my machine?Please find my DDS copied below and my Attach and Ark logs attached.Regards,MattDDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt and Kristan at 18:24:41.68 on 03/05/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.280 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUScheduler... Read more

A:Infected with Anti Malware Doctor (and possibly more)

Hello, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Now please Empty Teatimer Cache. Your can do this by doing the following:Download ResetTeaTimer.exe to your desktop.Doubleclick ResetTeaTimer.exe and let it run.2.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted ... Read more

Read other 14 answers
RELEVANCY SCORE 88

this is the error message i get, it pops up all the time with a red circle and white X
and then it keeps starting a program called spyaxe 3.0 and wanting me to buy it

i have adware, avg virus, zone alarm , windows one care and spybot search and destroy, i have done scans with all of them and i stil have this problem

what can i do to get rid of this ??

thanks

noasad

A:Dangerous Malware infection was detected

You need to uninstall Spyaxe. See this:

SpyAxe is an anti-spyware application that may be distributed and installed without a user?s knowledge or consent. The installed application functions up to the point when a user wants to remove a found infection, at which point the software requires purchase. The software may falsely alarm about infections, even prior to conducting a scan.

SpyAxe will falsely alarm the user of a registry key, which the software claims is a component of 2Search, and marks it as a high security risk. The registry key is actually belongs to a scripting component and is a part of the Microsoft Windows operating system.

Spyaxe seems to be downloaded and installed by Trojan-Downloader.Win32.Zlob.

To remove Spyaxe, follow the instructions here: http://www.bleepingcomputer.com/forums/topic36868.html

Hope it helps!

Read other 18 answers
RELEVANCY SCORE 86.4

Hi, I'm running on windows xp, I've followed the guide posted on here to get rid of the malware, but so far it hasn't worked. It will go away after I run MBAM but once I reboot the computer after replacing the Hosts file, the malware returns. Any help would be greatly appreciated! I'll post the log of the most recent scan as soon as it is done

A:Antivirus Action Virus/malware Infection

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5245

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

12/5/2010 5:00:00 AM
mbam-log-2010-12-05 (04-59-51).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 167849
Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Spyware.Passwords.XGen) -> Value: svchost -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Fraga\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> No action taken.
c:\documents and settings\Fraga\local settings\Temp\csrss.exe (Trojan.Agent) -> No action taken.Also, after I ran it again, it asked me to reboot which I did, the malware is still there, I had to run rkill again just to access the internet.

Read other 1 answers
RELEVANCY SCORE 85.6

Hi,
I've already posted a thread about this and was told to post the logs from DDS, so I'm posting them now(The second application said "32 bit systems only" so I didn't run that one since I'm using a 64 bit system, hope I understood it correctly)
I got a bunch of viruses and malicious applications and problems like unable to connect to the internet (Though local network and web browsers work, but Applications like Origin don't) Which could be caused by some Malware.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by pc at 4:09:28 on 2013-01-02
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8147.6116 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Softwa... Read more

A:Virus/malware/network issues(possibly caused by malware)

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 7 answers
RELEVANCY SCORE 84.4

hi. ok, so a few days ago i noticed that my computer was making a sound as if a CD was in it and running full speed. i guess all of the computer's resources were being maxed out. i'm not exactly tech savvy so i don't know. if i open task manager, CPU usage is at 100%.i ran a boot time scan on it with avast and this is what it picked up:i then moved everything to the chest and thought i was good. two days ago my comp was running slow again so i ran avast full system scan on it and it picked these three things up:i wasn't able to move them to the chest OR delete them. i then ran the following:-a boot time scan with avast-malware bytes-a scan with advanced system care-virtumundoBeGone-another boot time scan with avast-another full system scan with avasti also deleted cookies and emptied out my recycle bin and i thought my comp was ok but CP usage is still at 100% or close to it and it still sounds like a cd is in it running full speed.i went ahead and ran hijackthis. the log is attached.oh, i should point out that i'm not able to go to the windows update page at all to run an update. the page won't come up on internet explorer at all. i also keep getting new tabs popping up in firefox which directs me to random sites. please somebody help me. thanks.here are the DDS logs...DDS (Ver_10-03-17.01) - NTFSx86 Run by Queens at 15:58:01.90 on Wed 07/21/2010Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0... Read more

A:Alureon -HF [Rtk] and possibly other malware/viruses

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

My computer is infected with Malware and is running very slowly. I hope you guys can assist me with this issue. Also, regedit and task manager no longer work for me and I have the podmena.dll file on my computerThank in AdvanceLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:32:42 PM, on 6/16/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\System32\avast!Antivirus.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\CA\PPRT\bin\ITMRTSVC.exeC:\Program Files\Java\jre6\bin\jqs.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\... Read more

A:HijackThis Log: Malware Doctor (possible antivirus system pro)

Hello HelpmeDan,Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document.***************Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file th... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Hi, I have been infected with malware doctor and virut and need some help removing them, i followed the preparation guide, but I could not get .DDS to run. I was getting this error:Since then I was told to download RSIT, here is the log:Logfile of random's system information tool 1.06 (written by random/random)Run by Admin at 2009-06-11 13:53:51Microsoft Windows XP Professional Service Pack 3System drive C: has 11 GB (28%) free of 40 GBTotal RAM: 1535 MB (73% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:13 PM, on 6/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20627)Boot mode: NormalRunning processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\VistaDrive.exeC:\Program Files\AGEIA Technologies\TrayIcon.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS.0\system32\RUNDLL32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\ctfmon.e... Read more

A:Malware Doctor, Virut infection

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Let me tell you up front that if you are actually infected with virut, it is unlikely that we'll be able to completely rid your computer of the infection without having to format completely and reinstall. It's not impossible, but in most cases a format is the best option. You may want to backup any vital media files that you don't want to lose. Don't backup any .exe files as they may be infected.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to ... Read more

Read other 25 answers
RELEVANCY SCORE 82.8

Hi: Since yesterday I have been infected with the above virus. I am posting on another computer so getting logs might be a little tricky. I have tried everything in my power to eradicate this problem but to no avail. Can you help me? I am running windows XP SP3 and I have AVG.

Thanks
Janeyliz
 

Read other answers
RELEVANCY SCORE 82.8

Hello - long time lurker, first time poster. Finally found something that I can't solve from reading other people's problems and solutions!
I seem to be havng the same issues as the poster a few doors down - I had Anti-Malware Doctor, thought I'd removed it, but I'm still getting a C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll Rundll error on startup, and problems running certain files (I get a popup telling me to run chkdsk). Running AVG which isn't reporting problems, and I've run Malwarebytes which doesn't find any problems.
However, I've been a bit naughty because I usually just follow advice that I Google, and I've run Combofix. This found evidence of a rootkit and also warned that I may have 'virut'. On searching this, I think it may be onto something - it has a fairly consistent filesize and I (stupidly) downloaded something of the sime size just before the infection started.

Any help gratefully received.

A:Another Anti-Malware Doctor infection

Try this: Removing Anti-Malware Doctor?

Read other 1 answers
RELEVANCY SCORE 82.4

Help would be greatly appreciated in minimalizing this problem.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:36:32 PM, on 12/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\aol\ACS\acsd.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\System32\svchost.exeF:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\sy... Read more

A:Computer Possibly Infected With Adware, Malware, And Other Viruses.

Hello Vile I am SifuMike and I will be helping you. Any idea where you go whataboutadog from? Whether or not it's helpful, we're interested in knowing where it came from so that we can get it ourselves. We need to further analyze this infection. We've had reports of users becoming infected while looking for Vanessa Anne Hudgens pics. Download FindAWF: http://noahdfear.net/downloads/FindAWF.exe Save the file to the Desktop Double-click the FindAWF icon. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 1 then Enter to scan for bak folders The scan may take a while, please be patient. When done, a text file, Find AWF report is produced that we need to look at. Please post it in your reply.

Read other 28 answers
RELEVANCY SCORE 81.6

Hoping for some help removing a stubborn problem. From the start:Blackhawks fan without Versus so I went to livesportscafe.co.cc to try and stream the game. Managed to do this on my mac without any problems so I assumed it would be ok on my PC. Not so much. Got hit with anti malware doctor. This was the second time I have been infected with this (I own McAfee but they have not been very good about protection against this). The first time I was infected I found your site with walkthrough and was able to clean it out with MBAM. This second time I have not been so lucky. I'm usually pretty good at figuring this stuff out and have been working on it for a few weeks (original infection was Jun 02, 2010) so my memory is a bit blurred on when I did what. I will do my best to give as much info as I can.Operating System:Win XP Home Edition v2002 SP2Browser:I was using google chrome when I was infected and have since been unable to get Chrome working again (crashes immediately with no pages load, not even the thumbnail page), despite numerous attempts to install, uninstall, report bug, etc. Internet Explorer does still work but will pop-up random pages on new tabs and runs slow. Firefox works best however it "shudders" as it seems to attempt to alt-tab switch to a new app even with no other apps running.Games: While running an online game it runs slower than normal, experience lag when this had not happened before, and it will randomly switch to the desktop as ... Read more

A:Persistant anti-malware doctor infection

bump - pls help!

Read other 2 answers
RELEVANCY SCORE 81.6

Hi There,

Looking for some help with my PC which was infected with the Anitmalware Doctor virus on Monday.

The software took complete control of my computer and without really thinking i closed down. Now i am getting on boot "PXE media disconnected, check cable" then " No operating system found"

I have tried using the recovery console on the XP disk but it does not even show that i have a C Drive?
Commands
fixboot C:
chkdsk
do not work.
i do not get the option to boot into safe mode.
I tried using the Kasperski anti virus CD, but the scan location only showed "boot files & startup items" and nothing about my C: drive and it only lasted around 30 seconds. So i am pretty sure it never worked.

Any help guys would be great!!

A:Anti-Malware Doctor Infection,PC will now not boot.

bump

Read other 5 answers
RELEVANCY SCORE 81.6

I must have visited a website and gotten a fake program (that I deleted quickly) that auto-downloaded itself to my computer somehow, and I now somehow can't use regedit or system restore and have yet to find out what else I can't use.I want to post the ddr and gmer logs but for some reason the ddr one would not download properly from the link provided by this site, and the gmer gives an error saying that it can not find the system or something.I'm very afraid that this is from the malware. I have done a malwareremoval scan (malwarebytes) which has identified and eliminated part of the virus(es)Thank you for helping!

A:"Malware Doctor" infection changing settings

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 38 answers
RELEVANCY SCORE 80.4

Problem started with decreased processor speed, constant "warning infected" pop-ups, and my Internet Explorer home page had changed to Google and Internet Explorer was closing automatically after a couple minutes.McAfee identified as Malware.bc, but could not quarantine or delete. No removal method listed at their site either.Googled "Malware.bc Removal" and found this wonderful forum. One user had succesfully used ComboFix and HijackThis. I did same and ComboFix seems to have removed most bad files. I have posted both those original logs below.Joined this forum and read Grinler's VERY HELPFUL prep guide. Followed his instructions and ran:1. Ad-Aware (already using)2. Spybot3. Housecall Anti-Virus (found 98 grayware items?)4. McAfee AVERT Stinger5. Windows Updates6. Re-Activated Zone-Alarm Firewall (after using McAfee's for a year)7. Ran HijackThis again and posted as final log belowPlease look at my initial Combo-Fix and HijackThis logs and my HijackThis log after Grinler's suggestions and let me know if I'm clean.Thanks in advance, Big Sven.^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ComboFix 08-02-24.4 - Jeff Whitehead 2008-02-24 10:48:51.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.219 [GMT -6:00]Running from: C:\Documents and Settings\Jeff Whitehead\Desktop\ComboFix.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))... Read more

A:Malware.bc (& Possibly Other) Infection

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.When posting your logs please post them directly into the reply. Do not attach them.Also make sure you have already followed the steps outlined below:Preparation Guide For Use Before Posting A Hijackthis LogThank you for your patience.

Read other 1 answers
RELEVANCY SCORE 80.4

Hi,

I had this problem yesterday but you resolved this with system restore but it seems to have come back after I update thunderbird and firefox.

so again every time I log in I get a box asking which account I would like to use to run programs.

they then directed me to you saying possible malware and you might want to check it out?

Thanks.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_33
Run by wayne at 11:36:53 on 2012-07-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1499 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\CachemanXP\CachemanXP.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.... Read more

A:Possibly a malware infection

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

System Restore is seldom the answer. Download EXE File Association Fix and Save it to your Desktop.
Extract the reg file to your desktop and double-click xp_exe_fix.reg
Answer 'Yes' to merge/add it to the registry.
If necessary, download to USB drive and run it from the drive.
Click 'OK'.
X out of the window.
------------------------------------------------------

Reboot. Will applications run now without the Run As prompt?

------------------------------------------------------

Now see if gmer will run. Also try disabling COMODO before the run.

If you still get a BSOD, try running gmer in Safe Mode: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode and press 'Enter'.
Login on your usual account.
------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 80

I am attemping to clean out a family member's notebook pc. I have already followed both the TDSS and Antimalware doctor guides on this website. The antimalware doctor infection seems to be cleaned and the tdsskiller scan comes back empty after a previous success. The only lingering affects seem to be google redirects.

Hopefully I haven't made things more difficult bumbling around on my own, many thanks in advance for any help this community can provide.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Run by Erika at 23:13:27 on 2011-06-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.362 [GMT -5:00]
.
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
(Sophos is a leftover from university network, doesn't want to uninstall away from that network. Any suggestions for this?)
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:&... Read more

A:Google Redirects, TDSS, and Anti-malware doctor infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 79.6

i recently got rootkit.ODG trojanMy ESETSS4 dectected it and couldnt fix ittoday i got Windows security center(wscsvc32)i tried to scan with mbam but it wouldnt startso instead i opened hijackthisright now im using windows xp home edition 2002 sp3 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:43:27 PM, on 9/5/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe modeRunning processes:C:WINDOWSSystem32smss.exeC:WINDOWSsystem32winlogon.exeC:WINDOWSsystem32services.exeC:WINDOWSsystem32lsass.exeC:WINDOWSsystem32svchost.exeC:WINDOWSsystem32svchost.exeC:WINDOWSExplorer.EXEC:Program FilesInternet ExplorerIexplore.exeC:WINDOWSsystem32ctfmon.exeC:Program FilesInternet ExplorerIexplore.exeC:Program FilesMalwarebytes' Anti-Malwarembam.exeC:Program FileshtHijackThis.exeR1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.localO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dllO2 - BHO... Read more

A:--help-- I have a malware infection , possibly due to rootkit

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 79.6

Hello -

I recently started having many popups on my computer and saw that a "shop to win" was running. I uninstalled this program & ran MalwareBytes but the constant popups continue. I have followed the protocols listed and will attach the text files as directed. I have a 64-bit system so did not do the gmer.

I thank you in advance for taking the time to help me resolve this frustrating situation.

A:Malware Infection - Possibly "Shop to Win"

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 40 answers
RELEVANCY SCORE 79.6

Hello!

From what others have posted here, it appears my computer has a malware problem. It is currently isolated from the internet. I&#8217;m transferring HJT scans and whatnot to and fro with a flash drive. It has the following symptoms:

- The following message occurs in an apparently random fashion:
&#8220;Windows Security Alert
Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to prevent [sic] and unauthorized access
to your files! Click YES to download spyware remover &#8230;&#8221;

- When browsing the internet, the following error message comes up:
&#8220;Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files\Internet Explorer\iexplore.exe
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application&#8217;s support team for more information&#8221;

- When I attempt to perform system tasks that I can find (the Control Panel has disappeared), or get into regedit, this appears:
&#8220;Restrictions
This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator&#8221;

I have never pressed &#8220;OK&#8221; or &#8220;Yes&#8221;/&#8221;No&#8221; etc. on any such message

I&#8217;ve pasted an HJT log here. Thank you very much to anyone for a response. I&#8217;m quite computer savvy, so I hope you&... Read more

A:Malware infection - possibly Winavxx and etc.

Read other 16 answers
RELEVANCY SCORE 79.6

Hi, yesterday I installed a program from a friend and I saw my antivirus go crazy. After using MalwareBytes and a few other scanners, it looks like I was infected by a Trojan. I am at a loss at how to remove it, as most scanners don't show I'm infected. Attached is my log file for dds.

DDS (Ver_09-05-14.01) - NTFSx86
Run by XXX at 12:14:45.97 on Sun 06/21/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2038.760 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Cr... Read more

A:Malware Infection, Possibly trojan.vx

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 22 answers
RELEVANCY SCORE 78.8

I know bios level issue sounds a bit over the top, but I have cleaned a drive and reinstalled win8.1 at least 5+ times with persistence of infection. attaching fsrt logs.
 
Your help is greatly appreciated; I'll provide whichever reports the machine currently lets me run.

A:Malware - not sure, wmi involved, quite possibly bios infection

72 views, no replies. adding more results.
 
attached: aida64 report, aswmbr, another rootkit tester that normally exits before can save...

Read other 4 answers
RELEVANCY SCORE 78.8

Referred from here: http://www.bleepingcomputer.com/forums/t/290296/internet-explorer-problem/ ~ OBI was visiting a website and for some reason, my laptop just slowed down. I'm not sure if it's because of the current loaded website because it's an official website and I used to visit it and it was fine, but before that I visited a recommended website by a friend which converts songs to a different format, which to be honest doesn't look very good but I went on it anyway.Anyway, I'm not sure which website it came from but the Internet Explorer stopped working so I closed it by going on the task manager. It closed, and then I opened it again and my homepage doesn't load properly. It loaded up about 80% of the page, but some stuff was missing and it kept saying loading, but nothing is happening and I can't move around and do anything on the website.Also, when I go to some other website, it does the same. It loads some of the contents but the others doesn't and takes ages to load. It kept doing that, no matter how many times I closed the explorer. So I tried using Firefox and it was fine. So, there must be something wrong with IE. So I clicked on the "Reset IE Settings" and then the problem was solved.But now, there's some little things happening which doesn't use to happen. It might just be me but I think I've got a malware or something. Sometimes if i click on something once, it double click it, then sometimes the page just slow down for a while before the mouse pointer moves. ... Read more

A:Unknown Infection, Possibly Malware/Worm

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will o... Read more

Read other answers
RELEVANCY SCORE 78

Please help. Computer barely running due to possible malware and virus infection. Gmer log located below. DDS did not work.....log only printed symbols. Thank you:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-06 08:30:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75CAA0 rev.16.06V16
Running: gmer.exe; Driver: C:\DOCUME~1\EDGARR~1\LOCALS~1\Temp\fxtdypow.sys
---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1612] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB14 C:\WINDOWS\system32\IEFR... Read more

A:Possible infection of Malware and Viruses

Hello AgainI want you to use link 2 or 3 for DDSI have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Noti... Read more

Read other 20 answers
RELEVANCY SCORE 78

Hey, I have been having virus problems and use to have kaspersky on free trial but don't have it anymore, and not going to pay for it. I have used the free spyware doctor from google and the norton anit virus from google and they seem to find some rogue spayware and cookie trackers and from time to time the virtumonde trojon along with another trojan. I use the remove feature but always seem to just reinstall themsleves onto my computer like an hour later. Anyways, i am posting my logs on here and hope to hear something soon. ThanksDeckard's System Scanner v20071014.68Run by Administrator on 2008-05-26 15:03:27Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --83: 2008-05-26 22:03:31 UTC - RP581 - Deckard's System Scanner Restore Point82: 2008-05-26 21:45:55 UTC - RP580 - Spyware Doctor: Cleaning Threats81: 2008-05-26 01:03:26 UTC - RP579 - Spyware Doctor: Cleaning Threats80: 2008-05-25 02:24:27 UTC - RP578 - Spyware Doctor: Cleaning Threats79: 2008-05-25 02:23:19 UTC - RP577 - Spyware Doctor: Cleaning Threats-- First Restore Point -- 1: 2008-05-12 21:52:09 UTC - RP499 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 6.66 GiB (less than 15%) free.-- HijackThis (run as Administrator.exe) -------------------------... Read more

A:Virtumonde Infection/malware And Possibly Other Worms And Trojans.

Hello wesmantooth and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Additional Folder Scans
Do n... Read more

Read other 1 answers
RELEVANCY SCORE 77.6

Someone inadvertently allowed "Virus Doctor" to run on my mother's computer. I have spent a day and a half trying to find a way to get rid of it.

She purchased ESET NOD32 which my husband and I use and find to be a great program. But Virus Doctor is not being "read" as a virus, so there is no help there.

And I've tried SpyBot Search and Destroy, and HijackThis with no results. The stinkin' program is hiding very securely. I tried following manual instructions, but did not find the items that the instructions listed.

The thing is that the person who allowed it to run works from the Guest desktop and it is just running under that log on. I think it "tried" to run on my mother's desktop, but she had the presence of mind to call us and ask what to do, and my husband told her to right click and click close, which she did and it has not appeared since then, but it continues on the "Guest" desktop. When I hover my mouse over the application name in the Programs list on the Start up Button, the location "C:Documents and Settings/All Users/Application Data/5be5679" shows, but when I look in explorer following that path, I do not see 5be5679. This is truly aggravating.

This forum is perfectly named ... bleeping computer ....

Thanks for any help you can give.

FloCat

A:Virus Doctor (malware)

If you are using Spybot's Teatimer function, disable it for now------------------The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The ... Read more

Read other 3 answers
RELEVANCY SCORE 77.6

Hello, my lingering problem is I cannot access the Microsoft update site to update my Windows XP.
I get a bunch of clicks and then: "The website has encountered a problem and cannot display the page you are trying to view". Sounds almost like a pop up blocker but I am going almost insane disabling and enabling the Windows pop up blocker trying to solve this And I have deleted the Google pop up blocker. And it's probably not that at all - I don't know ? help!.

And - I had to delete the Google and Yahoo toolbars from both Internet Explorer and Firefox as after any searches in them clicking on any of the hits were misdirected to advertisements and advertisements that try to look like search sites. If I go to the Google search site I'm fine. I guess I can live with this but any links I click on any web pages are also now sometimes (most times) misdirected similarly ? again ? help!

This all started with a nasty program called ?Antimalware Doctor? that tries to look like a program telling you all kinds of things are wrong with your computer and wanting money to fix them.
At the same time my volume control??? and Windows firewall were disabled, both Google and Yahoo toolbars in both Internet Explorer and Firefox were hijacked. clickable links now go to advertisements and I cannot up date Windows.

After hours and hours of trying I believe I have got rid of the Antimaleware Doctor and restored my Firewall and volume control but all the other problems ... Read more

A:"Antimalware Doctor" malware infection, now I can't update Windows, searches and links are misdirected, firewall wo...

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 77.2

People, I am curious (not a good thing as it tends to get costly !) as to what is the most common, current means by way ones system becomes infected with Malware/viruses?

Andy

A:Malware/Viruses. What is the most common way of getting infection?

  
Quote: Originally Posted by keebsuk


People, I am curious (not a good thing as it tends to get costly !) as to what is the most common, current means by way ones system becomes infected with Malware/viruses?

Andy


Hi Andy,

This might answer your question

How does a computer get infected with a virus or spyware?

Read other 9 answers
RELEVANCY SCORE 77.2

I am the System Administrator on my computer, but I keep getting Access Denied whenever I try to get into the System Configuration Utility to change the Startup choices. I also logged in as System Administrator in the Safe Mode, but still get the same "Access Denied" error. It was suggestd from one of your tech support people that it is possibly a malware problem. What is your thinking on this problem?

A:Access Denied Error Message, possibly a malware infection?

Please follow MicroBell's 5 Step process outlined here:

http://www.techsupportforum.com/secu...tml#post342651

After running through all the steps, please post the requested logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 76.8

Ok so I previously had Anti-Malware Doctor and after getting rid of this i think I got a DNS Virus. Sometimes when i search in google I get redirected to like an advertisement. Ran HijackThis and this is what I found.

A:Anti-Malware Doctor/DNS Virus?

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds file to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.

Read other 2 answers
RELEVANCY SCORE 76.8

During my vacation in Alabama my computer became infected with a virus. I have 3 sides on my computer, one for my mother, one for my brother, and one for me. Each side has administrator. We allow guests to use my little brother's account. My little brother went with me on vacation.So the virus only appears on my little brother's account and I highly suspect my mom is trying to protect someone from getting in trouble, and trying to blame it on, "Leaving the computer running and my side not going to user select after screen saver." The virus had first shown itself on 5/5/10, I know this because I went searching by, "date modified" and had shown a huge increase in items modified that day.Now this virus wouldn't be too much of a problem for me to handle on my own if it didn't freeze my computer every 2-5 minutes on any side I went on. I even created a dummy account which didn't help much. I've been trying for a day of trying to figure out how the virus works so I can access the internet for longer periods of time.I use Mozilla with Noscript and so far have found that it wont allow me to open Firefox if I have Skype Application enabled, so I disabled that and could open my browser with no problems.Then I google searched, "PBR.exe" and found out that it allows other computers to access my computer so I uninstalled that. Or something along those lines, it had something to do with Pando something something.My computer would still ... Read more

Read other answers
RELEVANCY SCORE 76.8

Hi--

I am running a Windows Vista 32 bit system, Service Pack 2, and have been infected by a fake malware virus---Antimalware Doctor. How do I get rid of it? Thanks.

Stevelinda

A:malware virus---Antimalware Doctor

Hello please follow the Automated Removal Intructions in our Guide here.Remove Antimalware Doctor Please post back the scan log and let me know how it's running.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 15 answers
RELEVANCY SCORE 76.8

To whom it may concernI have experienced problems with my computer ever since I started recieving fake alerts from anti malware doctor. Having use the self help guide on this website, malwarebytes and rkill appear to have resolved the majority of infections, but rootkit.bubnix remains! I have tried running malwarebytes several times to get rid of this bug, but although it is recognised after restart the bug will appear again on malwarebytes( full) scan. Although the bug does not appear to have severe affects on my computer's performance and speed, I am experiencing internet connection problems. Weirdly when i attempt to connect to the internet on my desktop and then attempt to connect on my unaffected laptop, I cannot get a connection while my infected computer is running. I would appreciate a quick reply and have attached dds and Gmer logsRegards algore 81

A:anti malware doctor virus

Hello algore 81Welcome to BleepingComputer ==========================Download OTL to your desktop.Double click on OTL to run it. When the window appears, underneath Output at the top change it to Minimal Output.Under the Standard Registry box change it to All.Under Custom scan's and fixes section paste in the below in boldnetsvcs%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\system32\drivers\*.sys /90%systemroot%\system32\Spool\prtprocs\w32x86\*.dllCheck the boxes beside LOP Check and Purity Check.Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Read other 6 answers
RELEVANCY SCORE 76.4

Hello, this is my second time at doing this so please be patient with me and walk me through everything I need to do. My daughter had a friend over last night and they infected our family computer with spyware/malware and viruses. I have already gone through the KRC Anti-Spyware Tutorial at www.greyknight17.com/spyware and performed all the steps (I think) Cleanup, Windows Update, Online virus scans, Ewido Malware, CW Shredder, Ad-aware SE, Spybot S&D and Hijackthis. However, I know I still have malware and viruses on my machine. Below is the log file that I got when I ran the HijackThis. See what you think and let me know what I need to fix or remove. I have also posted the results of the Kaspersky online scan that showed I have 3 viruses on my machine. This is pretty good considering my Grisoft AVG found 10 this morning when it ran the daily scan. Thanks for all your help and remember, I am still a novice, so walk me through everything I need to do. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 11:27:21 PM, on 1/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avg... Read more

A:Malware/Spyware Infection & Viruses & HijackThisLog Help

I forgot to mention the most disturbing thing about this infection and that is that my Windows Security Center has basically been completely disabled. Based on the items found by Spybot, it appears that all my security features have been overridden and the notifications have all been disabled. This is of great concern to me. I definitely need help in getting my Windows Security Center turned back on and operational again. Thanks again for your help!

Read other 19 answers
RELEVANCY SCORE 76.4

Hello. I have been trying to run several different malware tools on my machine with no success. There seems to be issues with my ie8 32bit. It does not want to connect to any web pages. I have no issues with ie8 64bit. I am running on windows 7 64bit. I also have no issues with firefox. However, i am experiencing a very slow web browser. I also receive a powershell service error upon start up. I have tried running several malware tools after doing some research, but most did not work. I tried using the poweliks cleaner by ESET in both safe mode and normal, but it won't start. I was also told earlier to run RKILL and MBAR, but again both fail to run both in safe and normal mode. Sometimes, i click and they appear like they are going to start, but then nothing happens. I was able to run cc cleaner and adwcleaner with no issues, but problems continue. Other programs i tried were JRT and tdsskiller, but can't get these to run either. The last tool i tried was DDS, but it only gave me the attach log (tried safe mode and normal). Any help would be grateful.

A:tricky poweliks infection possibly, ie 32bit not working,can't run malware tools

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.Let's see if FRST will run. If not, we can use the Recovery Environment.Please download Farbar Recovery Scan Tool and save it to your desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Read other 9 answers
RELEVANCY SCORE 76

hi!
I?m from sweden so excuse me if my english is a bit hard to understand.
My problem is that i got the malware doctor virus to my computer and ive googled it a lot and found bleepingcomputer?s guide here. but when I try to launch rKill the computer just restarts. Does anyone here ever had this problem with launching rKill? And do you guys think it is going to work without rKill and just directly go on with malwarebytes?

And my last question, if I cant get this "bleep" away from my computer I think im going to "reformat my computer". Is it 100% sure that all the malware doctor files will dissapear after that? Because I cant stand this virus anymore!

Please help me! Best regards Jakob

A:questions about removing malware doctor virus

Hello Jakob. First I will move this to the Am I INfected forum.Let's try fixing it this way.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next ... Read more

Read other 9 answers
RELEVANCY SCORE 76

Hi, I was infected with Anti-Malware doctor and managed to remove the main virus itself, it originally kept explorer from running and was restarting my comp every 1 min when the net was connected. I managed to get rid of all of that but now I am stuck with redirects to various websites when I search using google. I am on firefox, and it also happens with Internet Explorer. I have ran combofix multiple times while following previous problems on this forum of the same type, however I cannot manage to fix it on my own it seems as the redirects continue to occur. I see you do not want Logs to be posted until asked for so I will wait patiently until I get a response. Emails will come to my phone so I will be ready to reply as soon as I hear from someone. Thank you.

A:Anti-Malware Doctor Redirect Virus

I see I got moved for not following procedure, sorry, i did not notice the sticky, after 2 days of constant trying and endless frustration i've gotten into a rush as I need to get back to work and this is keeping me from it. I disabled "dom.ipc.plugins.enabled" within firefox's about:config and that has completely fixed the problem, however I realize this does not mean I removed the problem files, I hope this helps point towards what my problem is. My other plugins that were running but I disabled long before disabling this are

dom.ipc.plugins.enabled.npctrl.dll
dom.ipc.plugins.enabled.npqtplugin.dll
dom.ipc.plugins.enabled.npswf32.dll
dom.ipc.plugins.enabled.nptest.dll

They were all disabled and yet my redirect problem kept occuring so hopefully that means these files are all okay.

Thanks for any help.

Read other 3 answers
RELEVANCY SCORE 76

I was away from my computer for a good couple days and came home to a big fat Antivirus 2009 banner on my desktop so i ran my AVG antivirus which removed Bankerfox.a & win32/nuqel.e and restarted and found antivirus 2009 still there... so i looked it up and cleaned it out with Malwarebytes antivirus. But the problem now is that whenever i use firefox my pages get redirected. What am i to do? Is it an easy fix?

A:Removed antivirus 2009 and other malware/viruses but system isnt the same

Moved from HJT forum.

Read other 8 answers
RELEVANCY SCORE 75.2

I got infected with Anti-Malware Doctor a while ago and I eventually got rid of it by giving my computer to my uncle, who ran his antivirus software on it and got rid of it. When I got the computer back, I ran rkill, Malware Bytes, SUPERAntiSpyware and AVG Free. All the scans found and removed the virus or parts of it. But there's still a lot of problems with the computer.1 - Security Center will not turn on. If I try, I get an error stating 'The Security Center Service can't be started.'2 - Windows Update cannot search for updates, and the update website doesn't work on Chrome, FF, or IE. The error code I get is 80072EFE.3 - Windows Defender cannot search for updates, and it gives me the error code 0x80072efe.4 - I have that nasty google redirect virus, despite trying to get rid of it with Malware Bytes, rkill, SUPERAntiSpyware, AVG Free, Hitman 3.5, and TDSSKiller. The only scan to find anything was Hitman 3.5, which would freeze after I told it to remove the rootkit causing the issue.5 - Long startup times and sometimes the computer will freeze and I'll get a message stating "Host Process for windows services stopped working and was closed". So I need any help I can get on any of these problems. I am running Vista 32bit on a wireless connection to a BT Homehub. I have HiJack This installed if I need to post a log to help solve the problems. Thanks in advance.

A:Lot of problems after removing Anti Malware Doctor Virus

I'm sorry to bump this, I know it's a busy forum but I'd love any help for any of the problems I've came across

Read other 53 answers
RELEVANCY SCORE 74.8

Windows Xp Professional service pack 3
I have a problem in my USB drive. I have posted a picture. I cant remove the infected files it say
Error deleting file or folder:Cannot read from the source file or disk. They also have been renamed to weird characters.
My computer is not infected by this even if i use my usb drive. Its just the usb drive. I have opened revo uninstaller file there is ... folder i cannot access it or delete it and a video which extension has been renamed to Mbox4 instead of mp4 where as i can delete office files.

http://i59.tinypic.com/2nk1c3n.jpg

A:Possibly virus or malware.

Good evening.
I would copy any files that there are on the flashdrive to your PC that you want to keep and then reformat the flashdrive:
 
Navigate to the flashdrive using My Computer/Windows Explorer.
Right click the flashdrive icon.
Select Format..., ensure that the Quick Format box is checked and then Start.
 
The above is how it works on Windows 7 but it should be similar enough on XP that you can sort it out. All this does is reset your flashdrive back to how it was when you first connected it to your PC. Let me know how you get on.

Read other 6 answers
RELEVANCY SCORE 74.8

Heya,About a week ago my girlfriends laptop suddenly got infected with a fraud I can't recall the exact name of but rather similar to malware doctor. After some attempts to remove it, her laptop started acting up worse and worse, but it was already rather old and had issues before (it is often used in a lab environment, so the hardware generally doesn't last all that long) and eventually broke down completely 2 days ago. Then yesterday, my desktop PC suddenly gets hit with a cocktail of malware as malware doctor and the other similar fraud I can't remember the name of pop up. After some searching around and scans from my AV (AVG free), spybot S&D and Malwarebyte's Anti-Malware, these frauds seem to have been removed. Unfortunately, since then I've had 2 types of problems in my browser (Firefox 3.5.11). The first is mainly when using google searches, I'll click the link I get through the search and end up on a completely different website. These can be all kinds of sites, but most commonly is what looks like the Ask Jeeves site with a search already filled out. The second is that seemingly randomly another browser window opens up on a seemingly random website. Lastly, during the AVG scan it found a number of infections it classifies as Trojans, including 1 in svchost that it was unable to remove or disinfect, as far as I could tell. I'm really hoping you guys can help me because I am at a total loss as to what to do. Many thanks in advance.Sorry... Read more

A:Malware and possibly a virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 6 answers
RELEVANCY SCORE 74.8

Windows Data Execution Prevention blocks explorer.exe, I believe this is being caused by a virus or trojan. I have run AVG and RegRun they both found and cleared a number of problems and now both come up clean. I'm currently navigating as best I can with Windows Task Manager and the Run function. Any help is greatly appreciated.

HijackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:02, on 25/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=548... Read more

A:Malware, possibly virus.

bump
 

Read other 1 answers