Over 1 million tech questions and answers.

Avira detects appl/psexec.e reoccured 2nd time this month

Q: Avira detects appl/psexec.e reoccured 2nd time this month

I recently scanned my computer with Malwarebytes Anti-Malware, Spybot Search & Destroy, and Avira AntiVir personal.MBAM and SB S&D came up with nothing but Avira did. This is the 2nd time this month that Avira detected "appl/psexec.e" found in "C:\System Volume Information". There are 3 different instances in the Quarantine.Please look through my HJT log to help stop this recurrence.Also, users on this computer use Firefox Portable from portableapps.com run from 2 different USB drives. Both equppied with the add-ons NoScript, AdBlock Plus, and Web of Trust (WOT) to better protect us from viruses & etc.Thank you for your time.- - - - -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:17:23 AM, on 5/15/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exeC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeC:\Program Files\Digital Media Reader\shwiconem.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\BigFix\BigFix.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\WINDOWS\system32\svchost.exeL:\FirefoxPortable\FirefoxPortable.exeL:\FirefoxPortable\App\firefox\firefox.exeC:\Program Files\trend micro\hijackthis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dllO9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.5.28/harv...t-ob-assets.cabO16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.2.5.28/mahj...g-ob-assets.cabO16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.2.5.28/flin...r-ob-assets.cabO16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.2.4.23/popf...u-ob-assets.cabO16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/whac...n-ob-assets.cabO16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.5.28/word...g-ob-assets.cabO16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS--End of file - 7764 bytes

RELEVANCY SCORE 200
Preferred Solution: Avira detects appl/psexec.e reoccured 2nd time this month

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Avira detects appl/psexec.e reoccured 2nd time this month

Hi PixelPlay,Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Sinceyour log is quite old and alot could have changed, I would like to see a new log please. If you nolonger require any help could you let me no please, so this topic can be closed.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Thanks

Read other 18 answers
RELEVANCY SCORE 70.4

Hello, so my curiousity got the best of me and lo and behold, I downloaded a trojan.I was hoping you guys could guide me step by step through a process that doesn't involve a fresh install. I'm not sure what else I've tried different types of cleaners and running Avira but It seems to come back. Certain settings were replaced. Something changed my proxy settings to 127.0.0.1 when I don't have specific settings. I attached my firewall settings, Is that how it's normally set up? It feels like certain processes have been utilizing a ton of ram and/or turning on services that I do not use (superfetch on my SSD).  The most recent detection was APPL/AD.BitcoinMiner.0d2e28 (Cloud) application.  Does this mean, there may be a chance my iphone is also infected? Please advise.
 
I'd also like to go over my event log/missing tasks, but I'm sure that can wait until after taking care of the virus/trojan problem. This pc has just had a fresh install recently 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Mark (administrator) on CUARESMA (12-07-2016 00:20:34)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery... Read more

Read other answers
RELEVANCY SCORE 70.4

Hello, so my curiousity got the best of me and lo and behold, I downloaded a trojan.I was hoping you guys could guide me step by step through a process that doesn't involve a fresh install. I'm not sure what else I've tried different types of cleaners and running Avira but It seems to come back. Certain settings were replaced. Something changed my proxy settings to 127.0.0.1 when I don't have specific settings. I attached my firewall settings, Is that how it's normally set up? It feels like certain processes have been utilizing a ton of ram and/or turning on services that I do not use (superfetch on my SSD).  The most recent detection was APPL/AD.BitcoinMiner.0d2e28 (Cloud) application.  Does this mean, there may be a chance my iphone is also infected? Please advise. System and compressed memory shoots to highest memory usage.
 
I'd also like to go over my event log/missing tasks, but I'm sure that can wait until after taking care of the virus/trojan problem. This pc has just had a fresh install recently 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-07-2016 01
Ran by Mark (administrator) on CUARESMA (12-07-2016 00:20:34)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.co... Read more

Read other answers
RELEVANCY SCORE 63.6

I uninstalled Trend Micro this morning and installed the free Avira Antivirus. It detected "psexec.cfexe" which has something to do with the "APPL/PsExec.E application". I have included a copy of the scan results as well as a HJT log.

Avira AntiVir Personal
Report file date: Sunday, 9 August 2009 11:26

Scanning for 1618860 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : A-PC

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 05:06:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 02:28:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 03:05:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 02:28:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 04:00:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 00:51:42
ANTIVIR2.VDF : 7.1.5.60 2235904 Bytes 3/08/2009 01:54:52
ANTIVIR3.VDF : 7.1.5.85 445952 Bytes 7/08/2009 01:55:08
Engineversion : 8.2.0.248
AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 05:01:50
AESCRIPT.DLL : 8.1.2.23 455033 Bytes 9/08/2009 01:55:50
AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 01:29:39
AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 01:29:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 05:01:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 01:29:39
AEHEUR.DLL : ... Read more

A:Avira detected "psexec.cfexe"?

Read other 6 answers
RELEVANCY SCORE 63.6

Avira claims 99.99% in malware detection but most of the samples downloaded from MT is undetected only one or two out of ten are detected is Avira going down the hill ?
 

A:Will Avira Really detects 99.99% ?

Yes.

Also known as marketing.

Avira's detection isn't going downhill, because it's not based on missed samples.
 

Read other 18 answers
RELEVANCY SCORE 62.8

Avira started giving me popups this morning about a TR/Vundo.Gen trojan. The popups are continuous - I tell Avira to move it to quarantine every time, but it continues to pop up. Heres the Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:42:36 PM, on 9/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\Autodesk\Inventor 2009\Bin\ad32lw.exe
C:\Users\Stev\AppData\Local\Temp\AdskCleanup.0001
C:\PROGRA~1\Autodesk\INVENT~1\Bin\ad32lw.exe
C:\Users\Stev\AppData\Local\Temp\AdskCleanup.0001
C:\Program Files\Autodesk\Inventor 2009\Bin\bin32\inventor32bithost.exe
C:\Program Files\Autodesk\Inventor 2009\Bin\bin32\inventor32bithost.exe
C:\PROGRA~1\Autodesk\INVENT~1\Bin\ad32lw.exe
C:\Users\Stev\AppData\Local\Temp\AdskCleanup.0001
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\... Read more

Read other answers
RELEVANCY SCORE 62.4

A recent signature update to Avira's anti-virus solution caused the software to detect itself as a trojan or spyware. Due to a bad update, Avira detected its own AESCRIPT.DLL file as "TR/Spy.463227".http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.htmlhttp://forum.avira.com/wbb/index.php?page=Thread&threadID=137969

A:Avira anti-virus detects itself

That's hilarious....LOL

Read other 8 answers
RELEVANCY SCORE 62.4

Hi,

avira has started to give me this warning:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll.

I am normally pretty safe and am wondering if this is a false positive - everything appears to be working normally, and googling the name of the dll has been inconclusive.

Any help appreciated.

cheers

gubar

A:Avira detects trojan - np_gp.dll

why not download malwarebytes anti malware(free edition) and get a second opinion if it shows anything then post the log here

Read other 4 answers
RELEVANCY SCORE 62.4

My system is running Vista Premium. I get a popup from Avira that TR/Vundo.gen is detected in 4 messages. I've selected delete files, but the problem remains. I've run Vundofix, but it didn't find anything.

I've looked for ways to remove it on the web, but all I've found are the forums where the HJT or Combofix logs are required to be viewed (which I have no problem doing), but is there any other way of removing this?

From the descriptions of the Trojan that I've read, saying that vundo causes popups for rogue antivirus software, it doesn't match what I've seen of it yet. It really hasn't done anything overtly to my knowledge other than cause Avira to be alerted.

Anyway, if someone could help, that would be great, thanks.

A:Avira Antivir Detects Tr/vundo.gen

Please print out and follow the instructions for using "Vundofix". -- If using Windows Vista be sure to Run As Administrator.Click the Scan for Vundo button.Once it's done scanning, click the 'Fix Vundo' button.After running VundoFix, a text file named vundofix.txt will automatically be saved to the root of the system drive, usually at C:\vundofix.txt.Please copy & paste the contents of that text file into your next reply.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.The next screen will ask you to select the drives to scan. Leave all th... Read more

Read other 5 answers
RELEVANCY SCORE 62.4

When I try to download games that I have had before (I deleted them) I get a notification from Avira real time protection that the file contains a Trojan (TR/Agent) is there a way I can get rid of it ? I tried a lot of things from forums and all over the internet . But I could not find anything to help my specific problem . please help .

A:Avira detects Trojan in everything i download

Download the 64bit version of this tool:
What is Windows Defender Offline? - Windows Help

Does Avira detect it as bad?

Read other 1 answers
RELEVANCY SCORE 62.4

When I try to download games that I have had before (I deleted them) I get a notification from Avira real time protection that the file contains a Trojan (TR/Agent) is there a way I can get rid of it ? I tried a lot of things from forums and all over the internet . But I could not find anything to help my specific problem . please help .

A:Avira detects Trojan in everything i download

Download the 64bit version of this tool:
What is Windows Defender Offline? - Windows Help

Does Avira detect it as bad?

Read other 1 answers
RELEVANCY SCORE 62.4

I am running Windows XP Home. A few days ago, I had a number of infections that caused a huge amount of trouble. I cleaned most of them up, got a realtime virus checker going, and a better firewall. I seem to still have some infection. I am not sure which details will be useful, so I will start at the beginning.

Among other things, these were the symptoms 2 days ago:
-Fake warnings about virus, directing me to buy removal tools (resolved)
-Google search in Firefox redirected to bogus removal tools to download
(Firefox caught some of these with full page warnings "Get me out of here")(resolved)
-Google search in Firefox redirecting me to advertisement pages
-Desktop image replaced with infection warning(resolved)
-Firewall disabled(resolved)
-Windows Security Center disabled(resolved)
-Malwarebytes (mbam.exe) deleted(resolved)
-system behaving strangely (jumping from window to window, programs closing on their own, etc.)(resolved)

I managed to navigate to some support forums and someone suggested getting free Superantispyware specifically to deal with the mbam.exe deletion. Downloaded it, ran it, detected and removed 39 threats (including trojan.vundo.H, Trojan.dropper, Backdoor.bot, and a bunch of seemingly harmless adware).

I was then able to download, install and run Malwarebytes complete scan, which detected 64 infections but crashed mid scan, because mbam had been deleted again.

This time, I did the SuperAntispyware, (which found and "removed" ano... Read more

A:Avira detects Trojan, cannot remove

I just ran Malwarebytes, and these are the results:
Malwarebytes' Anti-Malware 1.43
Database version: 3462
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/3/2010 4:10:14 PM
mbam-log-2010-01-03 (16-10-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 290480
Time elapsed: 3 hour(s), 28 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Temp\aiqj.tmp\svchost.VIR (Trojan.Dropper) -> Quarantined and deleted successfully.

---------------------------------

I am running another Avira scan now, since my mbam log has said before that I was clean.
 

Read other 2 answers
RELEVANCY SCORE 61.6

Hi,

Avira keeps detecting this trojan. It keeps coming back after deleting.

Thank you for helping:)

OS: Windows XP Professional

Read other answers
RELEVANCY SCORE 61.6

Hello,

for the past tyo days, i have been getting notification from Avira about TR/rootkit.gen and TR/Dldr.FaudLo.sxm
also, task manager shows that braviax.exe is running. So far, the obvious symptoms are a red X next to the clock and spontaneous shutting down of windows.

please find here attached the DDSLog and DDS Attach,

also, I included the HJT log

Thanks for the help

DDS (Ver_09-07-30.01) - NTFSx86
Run by MASTER at 16:29:12,25 on 16/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP ?dition familiale 5.1.2600.3.1252.33.1036.18.1013.604 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
... Read more

A:Avira detects TR/rootkit.gen and TR/Dldr.FaudLo.sxm

Hello again,

I have been researching this issue for the past couple days and have relied greatly on information from others posts in the forum. I have ran MBAM a couple times, cleaned up some junk and tried to gain general understanding of these malware issues.

I have noticed that I have no alerts from Avira when I am offline. I have not reconnected and will not do so until you say so... As it stands right now (offline) there seems to be no infection. However, I am positive that when I reconnect, the alerts will come back.

In the past couple days (since my first post), I have ran:

MBAM (see reports)
Autoruns (could not attach file)
F-Secure Blacklight (found nothing)
GMER (found nothing suspicious)
RootRepeal (see file)

I would like to include the following, to give you the latest and most accurate information:

1) updated DDSlog and DDSattach (dated in the filename for august 19)

2) MBAM logs, including today's that shows no infection

3) Rootrepealreport

4) Latest HJTlog, dated today 19/08

I will not make any changes until I here from you.
Thanks!!
DDSlog:

DDS (Ver_09-07-30.01) - NTFSx86
Run by MASTER at 12:10:31,43 on 19/08/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP ?dition familiale 5.1.2600.3.1252.33.1036.18.1013.604 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\sy... Read more

Read other 3 answers
RELEVANCY SCORE 61.6

Everything started when I got infected with a trojan agent that stole my World of Warcraft account. I deleted the trojan couple of times with Malwarebytes' Anti-Malware but it kept coming back. The reason (I do believe) was that I had a file on my pc that MBAM didn't find which was "0[1].jpg". Dr.Web CureIT found and deleted it though.

Now to the actual problem. Everytime I open my PC Avira detects HIDDENEXT/Crypted, located at "C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content.IE5\8XSZU1W3\0[1].jpg". It's part of the same trojan I already thought I got rid of, called as "Trojan.PWS.Wow" by Dr. Web CureIT. So far I've just moved the file to quarantine everytime it's been detected but I'd like to get rid off it complitely and make sure my PC is 100% clean.

Here is my HjT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:55, on 5.8.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\App... Read more

A:Avira detects trojan everytime I open PC

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 61.6

I was doing my weekly ccleaner cache cleaning as I walked out of the computer room. Upon returning, avira had notified me that it discovered a trojan virus:

Virus or unwanted program 'TR/Gimemo.E.1 [trojan]'
detected in file 'C:\Users\****\AppData\Local\M​ozilla\Firefox\Profiles\j968​nyq2.default\Cache\C\20\9535Ed01.
Action performed: Transfer to Scanner

The thing is, the trojan was detected in a spot that CCleaner was cleaning, so it was already wiped before I could take any action in avira, although I did still click to remove it. Comodo was also requesting a program attempting to change the registry, which I blocked.

Now, I have scanned with malwarebytes, spybot, superantispyware, MSE, Avira, Trend Micro Online, Bitdefender Online. I have now decided to change my security software to Avast! + Threatfire + Comodo. Instead of just Avira + Comodo.

I am doing some boot scans at the moment.

None of the future scans since those first two events have turned up anything, nor have I been redirected or had any symptoms. Internet is a bit dicey, but that is for all computers on this internet at the moment...

...does this mean the Trojan file had not been deployed? Did CCleaner somehow stop it doing anything by deleting it?

How come no other scanners have detected even a whiff of this? They all have been updated prior to scanning.

A:Avira Detects Trojan - All clean on other scans?

The infection is located into the Mozila Firefox profiles cache. It's logic that Avira alerted now, because you were removing the Internet files and other files with CCleaner and then Avira saw the infection.Do you have any other symptom of infection?1. Follow the instructions "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" and create a DDS-log. ===> http://www.bleepingcomputer.com/forums/topic34773.html2. Create a new topic into the forum "Virus, Trojan, Spyware, and Malware Removal Logs" and then past the DDS-log into that topic: ===> Go to http://www.bleepingcomputer.com/forums/forum22.html and click on "Start New topic"

Read other 3 answers
RELEVANCY SCORE 60.8

This is one of my older computers that I have not touched in a few years due to virus I couldn't remove. In the middle of my scan using Malwarebytes, Avira gives me a popup saying 'TR\Alureon.FQ.128 was detected. Everytime I scanned, it comes up and everytime I hit remove, but it keeps coming back. Also, everytime I try to go to google, I get redirected to my ISP search engine.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_24
Run by Johny at 17:03:27 on 2013-06-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1016.474 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files... Read more

A:Avira detects a virus 'TR\Alureon.FQ.128' everytime I scan

Hi there,my name is Marius and I will be assisting you with your Malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.Download TDSSKiller.exe and save it to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start Scan
If Malicious o... Read more

Read other 35 answers
RELEVANCY SCORE 60.8

Hello,
I'm certain my computer has been infected with a virus during all my recent online Christmas shopping. For the past couple days Avira detects the same virus everytime I go to websites such as Amazon or Google shopping. I have been removing the detections each time but it never ends. I contacted my antivirus support and the advice received had no effect as I'm still getting the constant detections. I got this computer last November the only other thing in quarantine was 7 months old so I'm sure this infection is from within the past couple days.
 
I have ran Avira and Malwarebytes a couple times without detection. And in safe mode as well with no detection. That's about as much as I know to do to try and catch these things. I had found a support thread with somebody that had almost the exact issue, with Avira and sites such as Amazon. But they were told to follow some steps in a certain order, and I do not want to make this worse. I'm hoping with my moderate computer skills and some knowledgeable advice I could fix this. This is just an awful time of year for this I concerned about if I can even check my financial statements. Any help in resolving this I would greatly Appreciate.
 
Here is what its listed as in quarantine.
Type: File
Detection: HTML/Rce.Gen3
Source: C:\Users\Me\Appdata\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LG2NBA9L\;sz=728x90;ord=6,449,725,243,365,534,722[1].htm
 
 

A:Avira Pro repeatedly detects HTML/Rce.Gen3 Virus.

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

Read other 13 answers
RELEVANCY SCORE 60.4

Hibernation leads, after a couple of sessions, to the fuzzing out of the top right hand window controls (minimize window, maximize window, close window), and the spontaneous shutdown of applications. For instance, Firefox shuts down with the message "The application or DLL C:\..\xul.dll is not a valid Windows image. Please check this against your installation image". The message "Couldn't load XPCOM" also appears. Upon a reboot, all programs work as they used to. I suspect there's I have some kind of malware problem, but am stumped as to what it could be. I have attached my logs.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-02-2016Ran by Fenix (administrator) on BLUE-ZHREIMHWED (20-02-2016 13:40:58)Running from C:\DownloadsLoaded Profiles: Fenix (Available Profiles: Gryphon & Griffin & Fenix & Unicorn & Administrator)Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)Internet Explorer Version 8 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\WINNT\system32\smss.exe(Microsoft Corporation) C:\WINNT\system32\csrss.exe(Microsoft Corporation) C:\WINNT\system32\winlogon.exe(Microsoft Corporation)... Read more

A:BSOD once or twice a month & Avira's Luke Filewalker errors out

Greetings Zhang Fei and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter proble... Read more

Read other 21 answers
RELEVANCY SCORE 60.4

Background story:


Quote:





Originally Posted by me in previous thread


Everything started when I got infected with a trojan agent that stole my World of Warcraft account. I deleted the trojan couple of times with Malwarebytes' Anti-Malware but it kept coming back. The reason (I do believe) was that I had a file on my pc that MBAM didn't find which was "0[1].jpg". Dr.Web CureIT found and deleted it though.

Now to the actual problem. Everytime I open my PC Avira detects HIDDENEXT/Crypted, located at "C:\Documents and Settings\Local Service\Local Settings\Temporary Internet Files\Content.IE5\8XSZU1W3\0[1].jpg". It's part of the same trojan I already thought I got rid of, called as "Trojan.PWS.Wow" by Dr. Web CureIT. So far I've just moved the file to quarantine everytime it's been detected but I'd like to get rid off it complitely and make sure my PC is 100% clean.




DDS.txt

DDS (Ver_09-07-30.01) - NTFSx86
Run by sik at 22:46:45,93 on ke 05.08.2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1033.18.2046.1405 [GMT 3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
... Read more

A:Avira detects trojan at startup Part II, now with correct logs

bump!

Read other 19 answers
RELEVANCY SCORE 52.4

- x86 (32-bit) or x64 ? 32
- the original installed OS on the system? you ask if its original? yes
- an OEM or full retail version? OEM
- OEM = came pre-installed on system
- Full Retail = you purchased it from retailer

- What is the age of system (hardware)? half year
- What is the age of OS installation (have you re-installed the OS?) i have this BSOD a lot of times, reinstalling my OS like 6 times a month

p.s

how can i know if this problem come from the hardware or anything else inside my computer?

files:

A:BSOD - 5th time this month

Hello Sharon,

I'd suspect these problems are being caused by bad hardware. First, to answer your P.S. question. My typical approach is to address any software issues first, and when that runs out, turn to hardware diagnostic programs to test the components. In some cases, such as yours now, I jump right to hardware because of the looks of things.

I found this error:
Code:
Event[43]:
Log Name: System
Source: Disk
Date: 2011-03-20T11:30:50.801
Event ID: 11
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Sharon-PC
Description:
The driver detected a controller error on \Device\Harddisk1\DR1.

Event[18463]:
Log Name: System
Source: Disk
Date: 2011-03-14T20:48:53.624
Event ID: 11
Task: N/A
Level: Error
Opcode: N/A
Keyword: Classic
User: N/A
User Name: N/A
Computer: Sharon-PC
Description:
The driver detected a controller error on \Device\Harddisk1\DR2.
That seems to indicate that errors were found on both of your partitions. To me, that sounds like a bad drive, so please test your hard drive with SeaTools.

You may also run some RAM and CPU diagnostics, starting with the Blend and Small FFTs Prime95 tests: http://www.sevenforums.com/tutorials...t-prime95.html

You can run Memtest86 overnight: RAM - Test with Memtest86+

...Summary of the dumps:

Code:

Built by: 7601.17514.x86fre.win7sp1_rtm.101119-1850
Debug session time: Sun Mar 20 05:28:41.358 2011 (UTC - 4:00)
System Uptime: 0 d... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

all thanks to my foolish siblings and my even more foolish mother for letting then do as they please to my poor baby

already did Adware 6

here is the log:

C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Adam\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\AproposClient\AproposPlugin.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4... Read more

A:sorry, this is like the 4th time in a month i keep getting spyware

Read other 11 answers
RELEVANCY SCORE 51.6

hi there, I installed Win 7 Ultimate 64 bit last February and it worked fine, but just this month I having an awful lot of BSOD, attached herewith are the minidumps, hope somebody could help me out whats wrong? Thanks in advance....

A:Multiple BSOD in a month's time...HELP Please

Hello !! Welcome to SF !!

I guess lot of issues are going on. Lets start with basics

HARDWARE DIAGNOSTIC:

Run Hard Drive Diagnostic and Memory Diagnostic
Start | CMD | Right Click and Run as administrator | SFC /SCANNOW

One if your Dump file is pointing to MpFilter.sys which is a Microsoft Windows Malware protection system driver file. I would recommend to run a complete scan with Malewarebytes. Also some are pointing to the virtualization driver i.e. luafv.sys so if you have any virtual players like VMWare etc. uninstall it and see if that makes any difference.

Bugcheck:


Code:
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Fri May 14 13:48:10.643 2010 (GMT+5)
System Uptime: 0 days 0:10:24.454
BUGCHECK_STR: 0x1a_41790
PROCESS_NAME: MpCmdRun.exe
IMAGE_NAME: ntkrnlmp.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Sun May 16 21:25:01.574 2010 (GMT+6)
System Uptime: 0 days 3:09:55.260
BUGCHECK_STR: 0x1a_41790
PROCESS_NAME: MpCmdRun.exe
IMAGE_NAME: ntkrnlmp.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Built by: 7600.16539.amd64fre.win7_gdr.100226-1909
Debug session time: Fri May 14 13:48:10.643 2010 (GMT+5)
System Uptime: 0 days 0:10:24.454
BUGCHECK_STR: 0x7F
PROCESS_NAME: msseces.exe
IMAGE_NAME: ntkrnlmp.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~... Read more

Read other 9 answers
RELEVANCY SCORE 51.6

Details:P72.  20MBCTO1WWTx.  Delivered in late December 2018. Win 10 Pro. Two external screens (HDMI + Display port). No other peripherals, printers on Router via Wifi. Problem:On two occasions have left the laptop and upon my return presented with BSOD with displayed message (see attachement)1st time: 3rd Jan Stop code: SYSTEM_THREAD_EXCEPTION_NOT _HANDLED2nd time: 30th Jan Stop code : CRITICAL_STRUCTURE_CORRUPTIONNormally if I leave the laptop it goes into sleep mode, to different degrees depending on the interval (sleep - hybernate) Both instances the P72 cooling fan was on full throttle with the display message on, it said it's collecting some error info and will restart but when I came to it it sat in that state for 1/2 hour or so more until I told it who the boss was (power button). Normally fan is rarely on full throttle, occasionally it does when doing graphics / CAD. Guessing P72 goes into safety cooling function when in BSOD mode. Nothing was running in the background except some static MS Publisher pages, File manager, Thunderbird email and Chrome webpage. History:Once again I hark back to the days of Lenovo W500 and Win 7.  A perfect union. Or before that A21M and Win XP. Those good old stable days.   

A:Brand New P72 BSOD 2nd time in a month

"Nothing was running in the background except some static MS Publisher pages, File manager, Thunderbird email and Chrome webpage."
 
and about 80 "system" processes and about as many drivers, doing who-knows-what.  Things were indeed simpler when we all ran DOS 6.22.  Everything fit on two 3.5" floppies and I could recognize everything that was running.  Now, this kind of problem is difficult to track down.  I would start by running Lenovo Vantage and make sure all the drivers, BIOS, etc. are up to date. I would then look in the event log and see if a device is throwing an error at the time of the the BSOD.

Read other 1 answers
RELEVANCY SCORE 51.6

Hello All,

I have an issue when I open the Date and Time calendar in XP. In place of the month is the number 1. I click on the drop down and they're all 1's.
When I go into Windows Explorer to display the date, the time is shown, but no date.
When going into system restore, there's no month listed anymore, so I can't even do that.

TIA
 

A:Date and Time - Month showing 1

In the Control Panel, open up Regional and Language Options. See if the Date option is correct there (short and long dates). If there is something wrong, you can try Customize and the Date tab.
 

Read other 1 answers
RELEVANCY SCORE 51.2

I need this date (3:44:42 PM)to read military time. I also need to add a month and year (4/15) in the same cell so my end result will be
15:44:42
4/15.
I am able to change to military time. However, when I add the month and year 4/15, the cell content change, and the military time disappears. Is there a way for an excel cell to contain two different cell formats? Or, is there a way to ‘hardcode’ the military time so it doesn’t change.
I am adding the month and year by hitting ALT/Enter to take this piece to a new line within the same cell, but as soon as I do this, the Military time changes and the result I am looking for ’15:44:42 4/15 never shows up. Any ideas?
 

A:Military Time plus month and date in same cell

Read other 7 answers
RELEVANCY SCORE 51.2

First it displays error msgs re. delayed write failed-data lost-event log write failed also. It then boots to the blue screen. Try to boot from the floppy rescue disc and get NTLDR is missing. Booting from w2kp setup, installing sata drivers and repairing the OS fixes it. I suppose setup is running chkdsk. At first it seemed that Comodo antivirus beta was causing the problem since the error screens mentioned the program. Got rid of it and all was fine for a week or so. Then last night it crashed while emule was running and emule was mentioned in the error msgs. Btw the sys evevt log is corrupt now and the rescue disc boots ok
running w2kp on a MSI sata MB
2 60gb sata hds
456 mb ram
Avg antivius finds no problems a (neither did Comodo av)
Aside from the obvious question: WTF is causing this ? I`m wondering if it might be a good idea to install a backup OS to boot from in case the windows repair fails. The OS is on a small (5Gb) partition. Can I create a small partition on the remainder of the drive containing the OS and install either w2kp or dos 6.22 or will I have to format the first sata and install both OSes on the same partition?
Now that I have the hang of it, its an easy thing to fix- just takes a bit longer to boot
The big question is; is a problem going to develop that w2kp setup cant repar ?
Thanks

Believe I can mark this one solved. Apparently the Emule/temp folder, which was on drive C, was too big to fit on it. Apperently this was the same problem with Comodo,... Read more

Read other answers
RELEVANCY SCORE 51.2

Quote:
Google Inc. patched three vulnerabilities in the Windows version of Chrome earlier this week, marking the second time that it has plugged security holes in the browser this month.

Tuesday's update to Chrome 4.1.249.1064 fixed three flaws rated "high," the second-most-severe threat ranking in Google's four-step system. Danish vulnerability tracker Secunia rated the update as "highly critical" under its own severity ranking.

As is Google's practice, technical details of the vulnerabilities were hidden from public view, a tactic the company uses to prevent attackers from accessing the information until the majority of users have updated to the new version.

Researchers credited with reporting two of the flaws were awarded bonuses as part of Google's bug bounty program, which kicked off in January. Most flaws earn their finders $500, but researcher Jordi Chancel was handed $1,000 for the cross-origin bypass vulnerability he found in Chrome's handling of Google URL, a code library used to parse large numbers of Web addresses.


Source -
Google patches Chrome for second time this month - Computerworld

A:Google patches Chrome for second time this month.

Hey, at least they're patching it!

I have the 5.0 beta so I don't get informed to all this jazz :S

Read other 3 answers
RELEVANCY SCORE 50.8

I need technical help, my brand new laptop keeps loosing my profile and boots me up on a temp profile and will not go back to the profile i set up when i got my new laptop less than a month ago.
Anyone else seen the same issue?

Read other answers
RELEVANCY SCORE 50.8

Quote:




Over the past few months, we?ve regularly asked our readers what their experiences with Windows 10 have been like. Most of the time, improvements were fairly obvious to spot with each build, but so were areas where the OS needed more work.

With each iteration we?ve seen Microsoft polish, adapt and push new features to Windows 10. Perhaps the most long-winded argument over time has been the one surrounding the icons and UI found in the new operating system.

Users have complained, yelled and sobbed over what they deemed to be horrible design choices in terms of colors, styles and overall look of icons. Luckily, Microsoft finally listened to the collective feedback of the community and decided to change the icon styling, seemingly appeasing most users.

Then there was the new Edge browser, known for a very long time as Project Spartan. In fact the new browser still carries this name even on the latest public preview. But despite that, and despite still missing some important features, Edge has been getting better and better, so much so in fact that Microsoft decided it to use it as the default browser in Windows 10.




Discuss: With only a month left before launch, will Windows 10 be ready in time?

A:With only a month left before launch, will Windows 10 be ready in time?

it will be but will the forums be ready for all the help that may be needed.

Read other 5 answers
RELEVANCY SCORE 50

My 2001 Northgate Intel Pentium 4, 1.7GHz running Windows XP no longer advances automatically. Is there a battery that is inexpensive to revive this feature? Also, is this a fairly easy replacement?
 

A:Solved: Date & Month, & Time no longer advance automatically

Read other 6 answers
RELEVANCY SCORE 50

A friend of mine has a strange request. You know how in the RECEIVED column of Windows Mail (formerly known as Outlook Express), the date and time are written as follows, e.g., 6/26/07 10:50 p.m.

My friend wants to change this format to what she calls the Universal Dating System, namely as follows 26/6/07. I have looked in vain to find a setting to change this but cannot.

Is there a Windows system setting for this? Or is the setting someplace else?

Any help would be greatly appreciated.
 

A:Solved: How to Change Order of Month/Day/Time in Microsoft Mail?

I use windows live, but I would imagine it is the same procedure.
Open the Control Panel, then "Regional and Language " (in Classic view)
Now just click "current view" and change the option. - you can also customise it.
 

Read other 2 answers
RELEVANCY SCORE 50

So a friend of mine has a problem with his PC, that gets BSOD'd every once in a while for the same reason every time. As far as I can tell that's the error he gets (0x00000101) and the file that BlueScreenView tells the problem comes from is ntoskrnl.exe. (as it can be seen here Screenshot by Lightshot)
I've attached the dump file.
some info that may help you get to the problem is that whenever he unplugs his headphones while he's in skype call, his PC freezes after a few seconds. (no BSOD, but he has to restart)

Thanks for any help in advance

A:Random BSOD (happened last time a month ago). error 0x00000101

Hello Kickurass,

How frequently are these BBODs occurring?

Please try downloading all the latest drivers from your manufacture website and run Windows Update.

Run a scan with Malwarebytes, to make sure your computer isn't infected https://www.malwarebytes.org/

Thank you,
VinnyBuxton

Read other 2 answers
RELEVANCY SCORE 49.6

I would like to "Build" an expression for a date/time field that will query the date and display my query output as "01/01" or "January, 1st", and leave off (omit) the year.

Im trying to print a report of my employees birthdates without displaying the year, so i can post it publicly.

the name of the column is dob (date of birth) and the format is standard date/time, displayed normally as 01/01/2009 etc ....

The best idea i could come up with so far is

= Format (Date(), "dddd, mmm d")

but this displays todays date and not the date stored in my column lol.
 

A:Access 2003, want date/time to show day and month only (& no year) in query

Read other 7 answers
RELEVANCY SCORE 48.4

Hello bleepingcomputer helpers, I hope you can help me fixing this problem, I've been trying hard with my limited knowledge and google skills to find solution for this, but to no avail...
 
First of all I noticed that I cannot turn on Avira Real-time protection few weeks ago, and from google, they said It must be because of Virus/Malware/Adware/Spyware (there's several opinion about this).
- And so, I start with full scan using Avira, found a few trojan (quarantined).
- Then I scan using Malwarebytes, also found few malwares, and fixed it(using the software).
- I also use SuperAntiSpyware, and also found few problems, and fixed it(using the software).
 
But all of it failed to fix the main problem, which is turning on real-time protection. And so I went to bleepingcomputer.com (from google) there was also a previous problem posted http://www.bleepingcomputer.com/forums/t/482982/cant-enable-avira-realtime/
But the thread doesnt have any solution (because the poster never responded afterwards).
And when I read the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help", I also noticed that I can't turn on the Windows Firewall (screenshot included)

 
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by PERSONAL (administrator) on PERSONAL-PC (01-01-2016 10:33:10)
Running from D:\New Downloads
Loaded Profiles: PERSONAL (Available Profiles: PERSONAL & Lidia)
Platform: Microsoft Windows 7 Professio... Read more

A:Cannot turn on Avira Real-time protection and Windows firewall

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-2213181815-4229501440-842373124-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-221318181... Read more

Read other 7 answers
RELEVANCY SCORE 48.4

Hi, I was a big fan of Avira free antivirus, but since version 15.0.17 (I think) it is no possible to choose interactive action on detection for the Real -Time protection module. It always send the detected file to quarantine.

Anybody knows how to restore the old behavior?
 

Read other answers
RELEVANCY SCORE 48

This is an older via chipset 1.5 Sata with a sata 3.0 WDC 1TB drive, and I have the OPT limiter jumper in place
Problems encountered installing SATA 3.0 Gb/s hard drives on SATA 1.5 Gb/s controllers

Before I put the jumper on the drive, the bios ignored the WDC sata drive. With the jumper in place, the bios detects and recognizes the drive.
In the bios setting, I turned on SATA enabled and set from raid to IDE.

But when boot Windows or Linux, the drive is not showing up in disk management or anywhere.

So how can I get the OS to see the drive?

A:Sata drive bios detects, but os not detects neither windows or linux

well it is not solved, but clonezilla nows sees the drive, and is cloning the IDE onto the SATA.
perhaps a flaky connection?

I got a 1tb SATA for an external storage drive and wanted to see if it could work on this older MB 1.5 SATA connector. See if the drive did any better than the 320 GB IDE Maxtor drive.

Drive is Cavier Green Sata WD10EADS

Read other 2 answers
RELEVANCY SCORE 47.6

I just did a lot of playing with all of my computer equipment in order to learn a bit...anyways I took my 300 gB HDD from one computer and put it on a lesser computer, on which I am going to install an evaluation version of Win2000 Server. Then I took the 40 gG HDD from the lesser computer and put in on the better computer.

Ok...now the problem...Win2000 server setup recognizes 131068 mB of hdd space on two seperate unpartitioned spaces. And I find this abnormal for 3 reasons...
first - I know windows will only recognize 137 gB of each partition, but why 131 gB.
second - usually unpartitioned space is combined into one, not 2 seperate spots
And by the way, everything worked fine before the HDD swap and everything reads fine in the BIOS.

I also tried to partition the hdd before the installation with a seagate utility that came with the hdd, but windows wouldn't recognize that properly either.

Thanks for any suggestions.
 

A:Setup only detects 131068mB of HDD space, but bios detects all of it.

The 'lesser' PC may not be able to handle such big HDs. Check that 48-bit support is available and activated in the BIOS. Or get a BIOS update.
Also, check the Master/Slave jumpers. And are you using 40-wire IDE cable instead of 80-wire?
 

Read other 6 answers
RELEVANCY SCORE 46.4

Dear Friends,

I am unable to sort the column from oldest month to latest month in attached excel.

Tried various formula but not working.

Please find attached excel.

Thanks in advance for help.

Regards,
Rashi G
 

Read other answers
RELEVANCY SCORE 46.4

I'm trying to create an Access query that compares invoices generated in May of 2002 to invoices generated in May of 2003 so we can see how much money we made compared to last year at this time.

I've tried datediff, dateserial, dateadd but can't seem to get it right. Can some kind soul give me a hand here?
 

A:(Resolved) Compare this month's sales to this month last year

I figured it out. Had to use "between". I was trying to just hone in on a particular month last year but I guess that was the lazy way out. Anyway, here's what I ended up with to compare May 02 to May 03:

Between DateSerial(Year(Date())-1,Month(Date())-1,1) And DateSerial(Year(Date())-1,Month(Date()),1)-1
 

Read other 1 answers
RELEVANCY SCORE 45.6

I'm trying to create an Access query that compares invoices generated in May of 2002 to invoices generated in May of 2003 so we can see how much money we made compared to last year at this time.

I've tried datediff, dateserial, dateadd but can't seem to get it right. Can some kind soul give me a hand here?
 

A:Compare this month's sales to this month last year

I figured it out. Had to use "between". I was trying to just hone in on a particular month last year but I guess that was the lazy way out. Anyway, here's what I ended up with to compare May 02 to May 03:

Between DateSerial(Year(Date())-1,Month(Date())-1,1) And DateSerial(Year(Date())-1,Month(Date()),1)-1
 

Read other 1 answers
RELEVANCY SCORE 44.8

Disclaimer: I am neither an Avira or Malware-testing expert. Not click-bait either.

For Avira Antivirus users, you can enable this setting to get a notification before Avira wants to a Suspicious File(s) to their Cloud; Avira Protection Cloud (APC) for analysis.

Taken today, as tried to run a file from a simple web search - not recommended. It has a re-assuring fact that it's monitoring for anything suspicious. Avira Protection Cloud asking for permission with a list of file(s):


If found unwanted or malicious, it will be dealt with by Avira Antivirus - Security Alert shown below:


If you like what you see, you can enable this option in the settings window below:
Spoiler: Sending Suspicious Files to Avira (How-to)
Open Avira > Extra > Configuration (F8) > General > Advanced Protection.
Make sure "Enabled Protection Cloud" is checked and then mark "Confirm manually when sending suspicious files to Avira" > Apply and OK to save changes.


Sending suspicious files to Avira may vary depending on your computer usage and downloading habits.

Disclaimer: I am neither an Avira or Malware-testing expert.
 

Read other answers
RELEVANCY SCORE 44.8

The Avira manual update tool, also known as the Fusebundle Generator, allows you to create an entire antivirus update archive incrementally. In other words, you no longer have to download an entire archive for each engine and signature update.

Although automatic updating is the best way to stay protected, you can update Avira antivirus manually anytime. For Windows users, the easiest way is to right-click the Avira icon in the taskbar and select Start update.

You can also use our free Avira update tool to perform an Avira manual update. This utility creates an archive (fuse bundle) containing the latest engine, the Avira VDF update files and the corresponding Avira antivirus update control files (info.gz).

Download
http://www.avira.com/en/download/product/avira-fusebundle-generator

User manual available at http://www.avira.com/documents/tools/pdf/en/howto_avira-fusebundle-generator_en.pdf.
 

Read other answers
RELEVANCY SCORE 44.8

Updated: Prior to submitting my post I was intrigued by the fact Avira Launcher is mandatory for Avira Antivirus.

"Avira Launcher is an important component of the protection package. Therefore, starting with the latest update, Avira Antivirus Pro as well as all the other Avira products require Avira Launcher installed to ensure their functionality at full potential and to stay permanently connected to the Avira Online Essentials Dashboard."​
Find out more: Avira Answers

To use Avira Antivirus, you are NOT required to create an Avira Account, but you are forced to use Avira Launcher, and not all products under the Launcher are free to download without an Avira Account.

In my opinion, Avira should allow users without an Avira Account to remove Avira Launcher from their systems.

Original: Statement retracted following updated infomation.
Reading the comments about Avira 2017 being bundled with bloatware (Avira Launcher, Phantom VPN and Speedup demo), there is a way to download Avira Free Antivirus Free without the other software with a few extra clicks.

Go to Avira Downloads from the Support tab.

Free Downloads of Avira Antivirus Software & Utilities
Click on More Versions for either Avira Free software.


Included packages will be listed under Product Installation Files and there you can click on the download for Avira Antivirus (221MB). It should start automatically.

If not, direct download here:

Code:
https://install.avira-update.com/package/anti... Read more

Read other answers
RELEVANCY SCORE 44.8

What is Ninite?
Ninite tries to behave exactly like a technical friend you've asked to install a few apps for you. This means that Ninite installers, regardless of when or where they were created:

Say "No" to toolbars or other junk
Always install the latest version of an app
Install the right 32-bit or 64-bit version for a PC
Install apps in the PC's language
Skip apps that are already up-to-date
Upgrade an app if it's out of date
We put a ton of effort into making sure Ninite just does the right thing and we think that's a big reason why people like using it so much.

Learn more at How Ninite Works | Ninite Help

As requested.

1. Selected Avira from the Ninite homepage and continued to download.


2. UAC confirmation of Avira from Ninite.com


3. Ninite automatically downloads and installs the software with no user interaction. (It does the work for you!)


4. Avira Antivirus opens without Avira Connect (or other promoted software) - just the AV!


5. A clean Start-up, Installed Programs and Start Menu.


What was not tested:

Avira program updates
How Ninite handles an update
Thanks for reading.
 

Read other answers
RELEVANCY SCORE 44.4

What is APPL/InstallBrain.Gen and how do I remove it please

A:APPL/InstallBrain.Gen

Hello -What Antivirus program do you use, and have you run a Full Scan with it ?? If you are not sure about Antivirus, please run these 3 programs > > Please download Rkill (courtesy of BleepingComputer.com) to your desktop.There are 2 different versions. If one of them won't run then download and try to run the other one.You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.How To Temporarily Disable Your Anti-virusrKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/* Double-click on the Rkill desktop icon to run the tool.* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.* If not, delete the file, then download and use the one provided in Link 2.* Do not reboot until instructed.*  Do not reboot your computer after running RKill as the malware programs will start again.* If the tool does not run from any of the links provided, please let me know.If normal mode still doesn't work, run the tool from safe mode.When the scan is done Notepad will open with rKill log.Post it in your next reply.NOTE. rKill.txt log will also be present on your desktop.  Please download Malwarebytes Anti-Malware Free (aka MBAM)* Double-click MBAM -setup.exe and follow the prompts to install the program.* At ... Read more

Read other 7 answers