Over 1 million tech questions and answers.

btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

Q: btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kueHi,My antivirus program, BitDefender Antivirus 2010, has blocked the above trojans. The main trojan that keeps popping up however is: Trojan.Agent.AMPC. It is located in my temp file as 94.tmp. I have deleted my temp files, some of them wouldn't delete so I downloaded and ran CCleaner.After successfully deleting files that windows alone wouldn't allow me to do, I presumed my problems were over. (haven't had the antivirus program pop-up in 12 hrs now)I opened up google and typed in the topic I wanted and clicked on the link I wanted & I was redirected to btcar.com. I closed it, clicked on another link and I was directed to virtualway.info among other annoying sites. So I blocked these sites in IE, and proceeded to download & run SpyBot S&D. 4 Issues were found and I repaired them.I then did a deep system scan with BitDefender and it said no viruses or spyware were found:BitDefender Log File Product: BitDefender Antivirus 2010Version: BitDefender Antivirus ScannerScanning task: Deep System ScanLog date: 5/6/2010 2:36:47 AMLog path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1273077407_1_00.xml Scan paths: Path 0000: C:\ Scan Level: Scan for viruses: YesScan for adware: YesScan for spyware: YesScan for applications: YesScan for dialers: YesScan for rootkits: YesScan for keyloggers: Yes Virus Scanning Options: Scan registry keys: YesScan cookies: YesScan boot sectors: YesScan memory processes: YesScan archives: YesScan runtime packers: YesScan e-mails: YesScan all files: YesHeuristic Scan: YesScanned extensions: not configuredExcluded extensions: not configured Target Processing: Default first action for infected objects: DisinfectDefault second action for infected objects: NoneDefault first action for suspect objects : NoneDefault second action for suspicious objects: NoneDefault action for hidden objects: NoneDefault first action for encrypted infected objects: DisinfectDefault second action for encrypted infected objects: NoneDefault first action for encrypted suspicious objects: NoneDefault second action for encrypted suspicious objects: NoneDefault action for password-protected objects: Log only Scan Engines Summary Virus signatures: 5745705Archive plugins: 43E-mail plugins: 6Scan plugins: 13System plugins: 5Unpack plugins: 10 Basic Scanned items: 139771Infected items: 0 (no infected items have been detected)Suspect items: 0 (no suspected items have been detected)Hidden items: 0 (no hidden items have been detected during this scan)Resolved items: 0 (no threats have been detected during this scan)Unresolved items: 0 (no issues remained unresolved) Advanced Scan time: 01:26:12Files per second: 27Skipped items: 17223Password-protected items: 7Over-compressed items: 0Individual viruses found: 0Scanned folders: 5234Scanned boot sectors: 4Scanned archives: 925Input-output errors: 32Scanned processes: 36Infected processes: 0Scanned registry keys: 0Infected registry keys: 0Scanned cookies: 0Infected cookies: 0 Not scanned objects:Object Path Reason: Final Status C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallBypass1.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn.zip=>2086076851 Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn1.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn2.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn3.zip=>sbRecovery.reg Password-protected Not scanned (file was password-protected) ---------------------So I had a go at googling again and the redirection to that btcar website is still happening. I'm connected to a wireless network, and it's going MUCH slower than normal with the dongle light constantly on (not just flashing),when I have no programs running or downloads happening. It also feels like this computer is getting slower and slower, it was only reformatted a few days ago. So I'm very frustrated. HELP! ---------------------DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 5:41:25.76 on Thu 05/06/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.123 [GMT 10:00]AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exeC:\Program Files\BitDefender\BitDefender 2010\vsserv.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Belkin\F5D9050\Belkinwcui.exeC:\Program Files\Analog Devices\SoundMAX\Smtray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\BitDefender\BitDefender 2010\bdagent.exeC:\Program Files\DNA\btdna.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\BitDefender\BitDefender 2010\seccenter.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Matt\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com.au/uInternet Settings,ProxyOverride = *.localBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No FileBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dlluRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exeuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exemRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.htmlIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabNotify: 7c5701b3899 - c:\windows\system32\glmf3232.dllAppInit_DLLs: c:\windows\system32\glmf3232.dllHosts: 127.0.0.1 www.spywareinfo.com============= SERVICES / DRIVERS ===============R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2010-5-3 19968]S?4 BKNDIS5;BKNDIS5 NDIS Protocol Driver;c:\progra~1\belkin\f5d9050\BKNDIS5.SYS [2010-5-3 15872]=============== Created Last 30 ================2010-05-05 19:31:17 20 ----a-w- c:\documents and settings\matt\defogger_reenable2010-05-05 19:04:57 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-05-05 18:53:28 0 d-----w- c:\program files\Trend Micro2010-05-05 16:17:18 817 ----a-w- c:\windows\system32\20860768512010-05-05 15:01:28 0 d-----w- c:\program files\Spybot - Search & Destroy2010-05-05 15:01:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-05-05 13:18:50 1152 ----a-w- c:\windows\system32\windrv.sys2010-05-05 12:25:34 0 d-----w- c:\program files\CCleaner2010-05-05 04:13:20 35 ----a-w- c:\windows\system32\2cd706b42010-05-05 04:13:20 1900 ----a-w- c:\windows\GnuHashes.ini2010-05-05 04:06:03 1103 --sha-w- c:\windows\system32\7386772192010-05-05 04:04:51 0 d-sh--w- c:\windows\system32\SysWoW322010-05-05 04:04:48 113 ----a-w- c:\windows\system32\sl13069689452010-05-05 04:04:28 203776 --sh--w- c:\windows\system32\unrar.exe2010-05-05 04:04:28 0 d-----w- c:\windows\system32\13152683082010-05-05 04:03:59 1081856 --sha-w- c:\windows\system32\3.tmp2010-05-05 02:44:11 215920 ----a-w- c:\windows\system32\muweb.dll2010-05-05 02:44:11 16736 ----a-w- c:\windows\system32\mucltui.dll.mui2010-05-05 02:44:10 274288 ----a-w- c:\windows\system32\mucltui.dll2010-05-04 19:46:33 183296 ------w- c:\windows\system32\glmf3232.dll2010-05-04 11:39:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Messenger Plus!2010-05-04 11:38:28 0 d-----w- c:\program files\Messenger Plus! Live2010-05-04 10:33:23 0 d-----w- c:\program files\Windows Journal Viewer2010-05-04 10:11:29 0 d-----w- c:\documents and settings\matt\Tracing2010-05-04 09:43:21 0 d-----w- c:\program files\Microsoft2010-05-04 09:42:54 0 d-----w- c:\program files\Windows Live SkyDrive2010-05-04 09:31:53 0 d-----w- c:\program files\common files\Windows Live2010-05-03 10:07:58 0 d-----w- c:\program files\BitTorrent2010-05-03 03:33:05 850 ----a-w- c:\documents and settings\matt\Application DataProductTweaks.xml2010-05-03 03:33:04 385 ----a-w- c:\documents and settings\matt\Application Datauser_gensett.xml2010-05-03 03:33:03 376 ----a-w- c:\documents and settings\matt\Application Dataprivacy.xml2010-05-03 02:49:50 0 d-----w- c:\program files\common files\ODBC2010-05-03 02:49:45 0 d-----w- c:\program files\common files\SpeechEngines2010-05-03 02:49:06 0 d-----r- c:\documents and settings\all users\Documents2010-05-02 20:50:17 0 d-----w- c:\program files\directx2010-05-02 20:47:47 0 d-----w- c:\program files\GameSpy Arcade2010-05-02 20:24:49 0 d-----w- c:\program files\Aspyr2010-05-02 20:12:32 0 d-----w- c:\program files\BitDefender2010-05-02 20:12:32 0 d-----w- c:\docume~1\matt\applic~1\BitDefender2010-05-02 20:12:32 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender2010-05-02 20:11:15 0 d-----w- c:\program files\common files\BitDefender2010-05-02 20:07:34 0 d-----w- c:\docume~1\matt\applic~1\FrostWire2010-05-02 20:04:48 0 d-----w- c:\program files\FrostWire2010-05-02 20:00:54 0 d-----w- c:\docume~1\matt\applic~1\DAEMON Tools Pro2010-05-02 20:00:54 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro2010-05-02 19:00:34 0 d-----w- c:\program files\iPod2010-05-02 19:00:19 0 d-----w- c:\program files\iTunes2010-05-02 19:00:19 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}2010-05-02 18:52:01 0 d-----w- c:\program files\Bonjour2010-05-02 18:44:38 0 d-----w- c:\docume~1\matt\applic~1\BitTorrent2010-05-02 18:44:29 0 d-----w- c:\program files\DNA2010-05-02 18:44:29 0 d-----w- c:\docume~1\matt\applic~1\DNA2010-05-02 18:23:43 0 d-----w- c:\program files\Analog Devices2010-05-02 18:22:18 0 d-----w- c:\program files\Lenovo2010-05-02 17:26:46 0 d-----w- c:\program files\Belkin2010-05-02 17:10:14 0 d-sh--w- c:\documents and settings\all users\DRM2010-05-02 17:09:43 0 d--h--w- c:\program files\WindowsUpdate2010-05-02 17:08:49 0 d-----w- c:\program files\common files\MSSoap2010-05-02 17:06:33 0 d-----w- c:\program files\Online Services2010-05-02 17:06:25 0 d-----w- c:\program files\Messenger2010-05-02 17:06:20 0 d-----w- c:\program files\MSN Gaming Zone2010-05-02 17:05:29 0 d-----w- c:\program files\Windows NT==================== Find3M ====================2010-05-05 19:07:38 1744 ----a-w- c:\windows\system32\d3d9caps.dat2010-05-02 21:30:28 1632 ----a-w- c:\windows\system32\d3d8caps.dat2010-05-02 20:01:30 697328 ----a-w- c:\windows\system32\drivers\sptd.sys2010-05-02 17:26:53 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys2010-05-02 17:06:57 21640 ----a-w- c:\windows\system32\emptyregdb.dat2010-04-08 03:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 03:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll2010-02-16 23:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll============= FINISH: 5:44:55.04 ===============

RELEVANCY SCORE 200
Preferred Solution: btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: btcar popup, trojan.agent.apmc, trojan.script.14303, trojan.fakeav.kue

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy and Paste the entire report in your next reply .Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.Then please post back here with the following: log.txt info.txt mbam logThanks

Read other 2 answers
RELEVANCY SCORE 127.2

Hello all,

My laptop was hit with a multiple virus infection while using Firefox.
Symantec seemed to have taken care of things at the time but I was still having some problems, and it didn't seem to be able to get rid of TDSS. I disabled system restore and tried to clean the registry manually, but wasn't able to find all the entries listed on the Symantec site. I disabled the TDSS driver via the control panel.
MBAM wouldn't install, so I tried Spybot which found a few other issues. Finally I was able to install MBAM and HJT from a disc, and connected back to the internet again briefly to update both.
I ran CCCleaner then MBAM in safe mode and MBAM seems to have cleaned everything (both MBAM and HJT scans looked ok afterwards, though there are still a few entries in the HJT log that look suspicious to me).
Everything seems to be fine now, and I proceeded to uninstall the old Java updates, got all the latest Windows updates, and then turned system restore on again.
I'm basically looking for some advice on what to do to make sure everything is in fact gone as there are those few HJT entries that look suspicious to me.
Thanks in advance!
DDS (Version 1.1.0) - NTFSx86
Run by mo at 16:50:17.96 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2532 [GMT -6:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ====... Read more

A:Multiple Virus Infection: Trojan.Vundo, Trojan.VundoH, Trojan.BHO, Trojan.TDSS, Trojan.Agent, Trojan.Downloader, Malware.Trace...

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 12 answers
RELEVANCY SCORE 120

Hi experts,
 
I have a windows 7 system which has not been allowing downloads. When I try to download a file, it stops just prior to completion with the message "The *** download was interrupted." 
 
After I select Resume, the download finishes with the message "The signature of **** is corrupt or invalid."
 
When I attempt to execute the file, I get the message: "Installer integrity check has failed. Common causes include incomplete download and damaged media.  Contact the installer's author to obtain a new copy.  More information at: http:/nsis.sf.net/NSIS_Error"
 
I ran MyTurboPC which may of been a mistake. 
                                                                             
I also tried stopping all the non Microsoft processes, and also all the startup programs.
 
 
I ran SUPERAntiSpyware, with the below log:
SUPERAntiSpyware Scan Log:
. . .
Adware.Tracking Cookie
               C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q5BPIVL8.txt [ /doubleclic... Read more

A:Trojan.Agent/Gen-FakeAV and Trojan.Agent/Gen-Tracur

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.
IMPORTANT

If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
Please download
Junkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your sys... Read more

Read other 2 answers
RELEVANCY SCORE 112.4

I have ran my super anti Spyware and it picks up the Trojan.Agent/Gen-Fake AV but won't remove it or quarantine it either . My virus protection (Avast) does not pick it up. I have tried adware cleaner and nothing is helping. PLEASE someone help.
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 12240 Mb
Graphics Card: NVIDIA GeForce GTX 660M, -2048 Mb
Hard Drives: C: Total - 285710 MB, Free - 209104 MB; D: Total - 407733 MB, Free - 407050 MB; E: Total - 357700 MB, Free - 357116 MB; F: Total - 357701 MB, Free - 357117 MB;
Motherboard: ASUSTeK COMPUTER INC., G75VW
Antivirus: Windows Defender, Disabled
 

Read other answers
RELEVANCY SCORE 111.2

Windows7pro/ Dell Dimension 5150 Desktop/ IE11 and Google Chrome Browsers (Chrome is Default)

The above virus was detected by SuperAnti-Spyware (Free) and identified but that program will not clean or quarantine the virus??

I Googled the Title and saw any number of long drawn out procedures provided, so as a long time member of Tech Support Guy, I decided to come to the people that can REALLY help me solve this issue-YOU!!!

I know this Forum is very busy but please respond as soon as someone is available!

I was not displaying any strange activity but the TSG SysInfo will not download so that is probably an issue. I read previously that the virus in many cases will not allow downloads and that seems to be what is happening right now!!!

Thank you,

manofmarin
 

A:Trojan.agent/gen-fakeAV on my computer

Sorry, I forgot to note that Trojan.agent/gen-fakeAV is apparently from a Microsoft program PRO PC CLEANER 2.5.6 by Rainmaker?
 

Read other 1 answers
RELEVANCY SCORE 110.8

I am running Microsoft Security Essentials, Malwarebytes' Anti-Malware, Superantispyware Professional. I was running McAfee Security Suite when I got infected. None of the programs find the infections except for Superantispyware. It quarantines and deletes the infections. I restart the computer and then when I run the scan again they are still there.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by akparker at 19:54:02 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2046.1066 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.e... Read more

A:Infected with Trojan.Agent/Gen-IExplorer[Fake], Trojan.Agent/Gen-PEC, and Trojan.Downloader-Winlogon/FAS

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 18 answers
RELEVANCY SCORE 110

Hi Boopme
Are you here?
Do I need to post everything that I have already posted to you here?: http://www.bleepingcomputer.com/forums/forum103.html
or is someone else going to help me? if so please let me know and I will give details to them.
By the way - this morning before work - I deleted my quarentine folders from SuperAntiSpyware and the logs from my desktop and ran a scan and it didn't pick anything up! But my Malwarbytes will not load again from the task bar when I click on it - it would not let me stop it by right clicking either so hoping it wasn't running a script for the DDS scan? - so I'm afraid my trojans might be back! I was going to run the Rkill one more time - but I didn't
I couldn't run GMER - I have Windows 7 64 bit and it would run but it didn't give me any options to check mark. I was using the 34 bit explorer (does that matter?)
Also the defogger - I'm not sure it worked as it didn't come up for me to click the finish button - it just went back to the little box that says disable? But I did get the DDS logs.
Here is my DDS Log:

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by tamhbrih at 18:15:58.57 on Mon 02/14/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.802 [GMT -7:00]

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/... Read more

A:Infected with Trojan.Agent/Gen-IEFake, Trojan.Agent/Gen-IExplorer[Fake] &Trojan.Agent/Gen-PEC

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 23 answers
RELEVANCY SCORE 110

Hello,
Last week HitmanPro and RogueKiller found a few viruses that my Kaspersky missed. Also SuperAntiSpyware says it found 35 file threats. I'm afraid I got a little desperate and downloaded a tool Im now reading that I shouldn't have ..sry. Also, when I attempt to open cleaning utilities a few image errors pop up & my pc is running slower then usual. I would really appreciate take a look to see if my pc is still infected?

Windows XP Professional (5.1, Build 2600) Service Pack 3

TYVM!

A:Rogue.Agent, Trojan.FakeAV Found

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 14 answers
RELEVANCY SCORE 108.8

cmd and anything that uses it stays open for at most a minute so unable to get a dds log. gmer does run so I will attach its log.Other information I can provide:Sophos detected, quarantined, and cleaned up:Mal/Iframe-VMal/Generic-LMal/EndPk-ALMal/FakeAV-CS (returns shortly thereafter)AdAware 6 hour scan found nothing.Spybot finished an hour long second scan and found win32.agent.chh but there is no option to fix it the way it previously fixed virtumonde.prx on the first scan.MalwareBytes full scan and 10 minute quick scan have the same outcome:Trojan.Agent and Trojan.Hiloti removed by the first scan which also finds 3 or 4 Trojan.FakeAlert entries which require a reboot to remove but reappear along with the most visible sign of the problem: Taskbar System warning baloons.OTL - by OldTimer attached in lieu of ddsAll attachments are a problem since I cannot writed into the attach box nor will browse open an attachment box. The flash uploader doesn't load either... here is the content from gmer log ark.txt:GMER 1.0.15.15641 - http://www.gmer.netRootkit scan 2011-09-15 10:14:09Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980825A rev.3.06Running: gmer.exe; Driver: C:\DOCUME~1\km\LOCALS~1\Temp\pxtdqpow.sys---- System - GMER 1.0.15 ----SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF757187E]SSDT Lbd.sys (Boot Driver/Lavasoft AB) ... Read more

A:Persistent Trojan.FakeAlert, win32.agent.chh, Mal/FakeAV-CS

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedur... Read more

Read other 26 answers
RELEVANCY SCORE 108

Malwarebytes' Anti-Malware 1.34Database version: 1876Windows 5.1.2600 Service Pack 23/20/2009 4:06:56 PMmbam-log-2009-03-20 (16-06-56).txtScan type: Full Scan (C:\|D:\|)Objects scanned: 119370Time elapsed: 21 minute(s), 29 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 5Registry Values Infected: 7Registry Data Items Infected: 3Folders Infected: 0Files Infected: 13Memory Processes Infected:C:\WINDOWS\services.exe (Trojan.Agent) -> Unloaded process successfully.C:\WINDOWS\system32\reader_s.exe (Trojan.Agent) -> Unloaded process successfully.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msile (Backdoor.IRCBot) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LO... Read more

A:Trojan.Agent,Trojan.NtRootkit.Agent,Backdoor.IRCBot,Trojan.FakeAlert.H

I have posted at Geekstogo to help you already.
Please do not post at multiple forums for help.

Read other 1 answers
RELEVANCY SCORE 106.4

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 106.4

Hello, I'm sadly back again. I was here in the summer. My computer has been acting up. Lots of activites that point to infection. I also have seen my CPU usage jump and pretty much stay at 100% with no active applications open, virutally locked up, or locked up. Fan runs like crazy. My firewall was set to off, without me doing it. Poltergeist in this computer! Prep work as listed on the *Before you post* section is complete. I'm sorry that this posting is so long, but I'm including virus scans as well as the HijackThis log. I used Pandascan, and Bitdefender and my own Trendmicro ran overnight as well. Results for Pandascan:Incident Status Location Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Ab scissor.url Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Laurie Gassman\Favorites\Sites about\Broadband comparison.url ... Read more

A:A Boat Load Of Trojans! Smitfraud, Trojan.winshow.js.b, Trojan.winshow. Trojan.agent.em, Troj Agent.oz, Tro Dloader.qf,tro...

Hello pacificoast, Since you are so infected, I want you to run some additonal scans.***************************************************Please download, update and run the a-squared Free 2.0 Select the "Deep Scan" button and press the Scan button.If malware is found, click the button "Remove Selected Malware"and save the log file by clicking on "Save Report". Let it delete whatever it finds. *************************************************** Download and install AVG Anti-Spyware 7.5 (formerly Ewido) 1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray. 6. The main "Status" menu will appear. You can select "Change state" to inactivate 'Resident Sheild' and 'Automatic Updates'. If you choose to do this, then right click on ewdio in the system tray and uncheck "Start with Windows". 7. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full d... Read more

Read other 37 answers
RELEVANCY SCORE 106.4

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 106.4

At first it started as pop-up internet explorer windows while browsing in Firefox and re-directs in Google when I clicked on a link (however I can copy the link from a google search and paste it in a new window). Then whatever I have seemed to disable my internet connection after a couple of minutes (almost like it new I was trying to figure out how to get rid of it!). I have done some work at trying to remove the problem and it seems like everything is better EXCEPT that Google keeps redirecting - so I know not everything has been cleaned! I have a spotty and slow wireless connection for this computer so I would rather not use an online scanner if I don't have to but I will do what it takes if that is the case.

Looking forward to some help. Attached is my HiJackThis Log from earlier today. Thanks!

A:Trojan.Agent, VBS/Disabler.NAB Trojan, Win32/Kryptik.AKJ Trojan and maybe others! Google Redirect in Firefox

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 41 answers
RELEVANCY SCORE 105.6

Hello I have an Acer Aspire 5100 laptop running Windows XP Home. All microsoft updates current to Sept 15. Using Avira Antivirus, Malwarebytes, Super Anti Spyware, Spyware Blaster, Spybot Search and Destroy, CCleaner and Windows Defender. All updates current to Sep 15. Windows Defender has disappeared from the task bar.Problems are as follows: all started on Friday, Sept 17 in the morning, no problems before that at all- Ccleaner had entries in registry that looked very suspicous (one included nqagoxiw in the entry) - cannot get to Windows Update site (page says Internet Explorer cannot display the webpage) - could not get Avira, etc to update (some have since started updating)- could not get to forums page (redirect to Godzilla Malware or something close to that) - I connected via the cached link so I could print the instructions- cannot load Task Manager- could not get Control Panel to work (It is now working)- if I try to run Avira or Malwarebytes in safe mode the computer shuts down (also shut down once in regular mode when I was running Malwarebytes)- fixed in time debugger keeps popping up- messages saying Windows Explorer has encountered a problem (could not save error message so this a summary of the message)- gmer runs but freezes and I cannot save the log or copy it - indeed I have to shut down with the power button as laptop becomes totally nonresponsive (I hand copied the last fews lines of the log that were displayed and have posted those at the bottom of this me... Read more

A:TR/Crypt.XPACK.Gen3 Trojan ; Trojan.Hiloti ; Trojan.Agent/Gen-Falint

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 28 answers
RELEVANCY SCORE 105.2

Added in content from newer topic on same issue and adapted wording for flow. ~ OBredirect/kept trying to download something and it was a virus scan: the file it wanted to download was unpack or something like that. was trying to get me to allow a start item that was something unpack, but I would not.Avira completed routine scan and found 3 TR/Hosts.AQ.1 Trojan. It quartentined those items.I know you do not ask but incase here is avira results:Avira AntiVir PersonalReport file date: Monday, September 13, 2010 12:00Scanning for 2803359 virus strains and unwanted programs.The program is running as an unrestricted full version.Online services are available:Licensee : Avira AntiVir Personal - FREE AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows XPWindows version : (Service Pack 3) [5.1.2600]Boot mode : Normally bootedUsername : SYSTEMComputer name : TOSHIBA-USERVersion information:BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/201... Read more

A:TR/Hosts.AQ.1 Trojan / tr.dldr.fakeav.bj trojan / PE_Patch.UPX, Avira detected this

i did a reinstall.

Read other 2 answers
RELEVANCY SCORE 105.2

Question sys detected potential hazard trojan spm/lx
I have what I presume is a fake windows security message that tells me to download a probable fake anti-spyware program on my sons computer.

He was watching tv on computer and trying to log on to facebook the sound stopped he got a warning which closed before he could read it. The browser worked, fb worked he minimized the browser and the desktop was blue there was a warning that said he had spyware and had to run a scan and he clicked on the red circle x's thinking that was McAfee and it didn't do anything so he disabled his internet so nothing further would happen.
last thing he downloaded was the movie a night or two before and it ran that night fine. When I checked frostwire was running and I turned it off

He's running Windows Xp and there are two red circular icons with a white X on the taskbar and task manager is greyed out when I right click the taskbar and if I ctrl alt del it's greyed out as well.

This is what pops up:

Attention! System detected a potential hazard (TrojanSPM/LX) on your computer|that may infect executable files. Your private information and PC safety is at risk.|To get rid of unwanted spyware and keep your computer safe you need to update your current security software.
* Windows XP
* McAfee Security Center
I googled the virus and came across a page from this website that said to run malware bytes so I did that and saved the log and did as instructed and it seemed to go away bu... Read more

A:HTML/FakeAV Trojan, Total Security Virus, hazard trojan spm/lx

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 2 answers
RELEVANCY SCORE 105.2

My Macafee and symantec anti virus will not run. On startup/boot I get the following messages.On boot up macafee gives 2 popup boxes that say"Macafee Virus Scan - some components of Active Shield are missing or not installed properly" "Macafee Security Center components might not have been installed or launched properly. Restart to fix this problem... if that doesnt work reinstall the program" I first received the messages on Saturday (5/8/10) morning. A process named kkcekwmtssd.exe was running and had also installed itself into my Startup in msconfig, I unchecked it there. I found no information about it on the internet, so I stopped it and deleted it and the folder it was in. I ran Symantec which found nothing. Macafee is out of date but I keep it because it tells me when a program trys to access the internet. As of today I have another gibberish program running wingrj32.exe and it also has installed itself in Startup in System Configuration Utility. There are 2 entrys for it and I have unchecked bothI ran Malwarebytes on Saturday which found 2 registry keys infected which it repairedI just ran Malwarebytes today and it found: Trojan.downloader (wingrj32.exe); Trojan.agent (svchost.exe); malware.trace (avdrn.dat). The last two were quaranteed and deleted. Trojan.downloader will be deleted on reboot which I am doing as soon as I post thisI have been unable to install AVGWhen I click on the Symantec (Corporate Edition) icon I get the error box ... Read more

A:infostealer.snifula.c, trojan.fakeAV, trojan.downloader, malware.trace, etc

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 5 answers
RELEVANCY SCORE 104.8

I've been getting messages from my virus software "symantec version 8.1.0.825" constantly stating that it is finding and quarantining Trojan.FakeAV and Trojan.Vundo viruses when running windows in normal mode. Sometimes the messages come in at more than 1 a second and eventually clean and quarantine fail with a message access denied. Along with this are constant messages stating my computer is infected and to purchase the fake antivirus software. I have disabled system restore and run virus scans in safemode which usually catches a file or two. I have also run trendmicro scans which catches 13 files or so. As soon as i boot up in normal windows they come back very quickly. It also appears that the viruses disable any ability to open a command line, task manager, regedit, msconfig, properties of my computer, launch the system icon from control pannel, or launch the firewall window from control pannel when running in normal mode. In safe mode i can get the task manager back with a registry edit, but thats about it. I've tried installing malwarebytes through safemode but it will only work for 2 seconds after initial installation and then the window disapears and can't be reopened. I'm here because i have nowhere else to turn short of hitting the computer with the big hammer and just reloading windows. (something i'd like to avoid of course!!!)

DDS log:

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by Katie at 22:33:22.42 on Wed 10/14/2009
Internet ... Read more

A:Trojan.FakeAV, Trojan.Vundo, Antiviruspro 2010, windows police pro, advanced virus removal

Thanks for all that reviewed my logs. I was able to solve the problem by starting the computer in safemode and installing malwarebytes. The problem was the virus was deleting the malwarebytes program before i could run it. I was able to install and quickly copy the executable file to the desktop before it was deleted. The virus deleted the file out of the program files folder. I added it back in from the desktop and it worked!!! Great program, cleaned everything up!!!

Read other 2 answers
RELEVANCY SCORE 104.8

Norton 360 detected and said it blocked Trojan.FakeAV and Trojan.Mijapt today but then I was getting hit with a crazy amount of intrusion attempts. My feeble googling led me to combofix which I did run and I haven't received any more intrusion attempt notices but I would like to make sure that everything is okay before I do much with this computer. I won't run anything else til i'm told to!!I read the instructions and ran DDS and tried to run GMER but got a blue screen after GMER had run for a while - PFN_LIST_CORRUPTDDS (Ver_10-03-17.01) - NTFSx86 Run by nessa at 0:08:16.50 on Wed 05/26/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2387 [GMT -5:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\... Read more

A:Trojan.FakeAV, Trojan.Mijapt, Multiple Intrusion Attempts

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 9 answers
RELEVANCY SCORE 104.4

Hi, a friend gave me his machine to look at as it was getting pop ups.

I couldn't run in safe mode as machine wouldn't boot.

I changed the names of malware bytes and super anti spyware as they wouldn't install.

Did the compaq windows system restore and tried again.

I ran them both, mbam found 706 entries, superanti found 698.

I then installed nod32 and it found 5 entries.

I rebooted into safe mode, ran scans again with each - mbam said clean, super anti still says,:

Trojan.Rootkit/Gen - 19 entries
Trojan.Agent/Gen - 1 entry
Trojan.Downloader-TinyProxy/Mstre8 - 1 entry

Any help on removing these would be really appreciated, many thanks.

Regards

A:Trojan.RootKit/Gen Trojan.Agent/Gen Trojan.Downloaded-TinyProxy/Mstre8

Hello and welcome to TSF

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 104.4

Hi Mike !

Don't know what happend !! My windows starts normally, after selecting the user, it dispalys ' loading personal settings'.. After that getting an error ' userint.exe application error' . Reference memory problem. Then it shows my desktop without any Task bar/Status bar and all the icons on my desktop are not displayed. i am accessing the explorer through Task manager using Ctrl+Alt+Del ..

Let me know whether this is an virus infection or some problem with windows registry.
thanks
clement

A:Infected with Trojan.Virtumonde/Trojan-Downloader.Agent.OGP, Help me in removing the trojan

Welcome to BCThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all obj... Read more

Read other 4 answers
RELEVANCY SCORE 104.4

Hello! I am so new to all of these! I already searched for the removal of these viruses and read in a lot of forums. All of these forums have logs, etc. involving the precious system files. I don't even understand the logs and I have read instruction on how to remove these but they do not guarantee anything. I am afraid that the PC might malfunction and be sent to the Repair Shop again. (It just got sent 4 days ago) I ran Malwarebyte's Anti-Malware and scanned my computer and found 46 infections. It shows the option that removes the selected files but I'm afraid because these files are categorized as 'Registry Keys, Registry Values, Memory Modules, and Registry Datas'. Should I delete them anyway?

And so, I want a professional, expert, etc. in all of these since I am such a sucker to all of these virus removal stuff.. I want that pro to walk with me through all of these. From the very first step to the very last and that is when the virus will be wiped out.. Please help..

A:Infected With Trojan.vundo, Trojan.bho, Trojan.agent, Malware.trace

Please copy/paste the MBam scn log for us to review.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner... Read more

Read other 10 answers
RELEVANCY SCORE 104.4

I've used Malwarebytes and Norton 360 to scan and re-scan my computer to remove any intrusions. I've also read other posts online to remove particular entries in my registry that were associated with these viruses. So far, my MBAM and Norton is saying my computer is clear, but the programs also said that the other day and found something new today. I've backed up my registry as well just in case. The trouble started when I opened up a flash movie file the other day and the security suite kept popping up. So I researched the suite and I knew (general virus knowledge) not to click yes on anything or to download anything. I finally got it to stop but I feel my computer is vulnerable now. Also my Norton 360 is picking up tracking cookies now when it scans, when I never used to have a lot of tracking cookies detected. I'm not 100% confident that my computer is safe. I haven't really used it since I got the Security Suite virus. I've only been running scans and searching online for more information on the removal. I also used Rkill in the process of removing the Security Suite. Your assistance in removing this issue for good is greatly appreciated.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by James Brinson at 22:45:14.70 on Wed 09/15/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3070.1843 [GMT -4:00]SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}=====... Read more

A:Security Suite, Trojan.Hiloti, Trojan.Zefarch, Trojan.Agent.U

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 12 answers
RELEVANCY SCORE 104

DDS (Ver_10-03-17.01) - NTFSx86 Run by XXXXXX at 14:07:30.08 on Mon 04/12/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.1944.966 [GMT -5:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\DTS.exeC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\AtService.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC: ... Read more

A:Trojan/Trojan.Agent/Trojan.FakeAlert/Trojan.downloader

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 102.4

Avast first alerted me to an infection, which I quarantined, called Win32:malware.gen. I followed some forum info after quarantining the malware which suggested I download Malwarebytes and run a scan. I have done this several times and Malwarebytes continues to find infected .dll files described as TROJAN.HILOTI.GEN, TROJAN.AGENT, and TROJAN.VUNDO.I followed all the prescribed methods from this website from here:http://www.bleepingcomputer.com/virus-remo...undo-virtumondeNeither Vundo Fix or VirtumundoBegone found anything. Malwarebytes keeps finding .dll files every time I run it.Note: I had to rename the mbam.exe file in order to run it. I could download it, but it wouldn't run unless it was named something else.I am now following the instructions from here:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Note: I can not run GMER without my machine crashing so I can not attach the required ark.txt log. Finally, once when running MBAM my Avast kicked up a warning that it had stopped malware from executing and gave the reason that Malwarebytes had triggered it.I would appreciate any help on this. I'm at the end of my rope. I've been trying to eradicate this for 3 days now. All my important files have been burned on a CD-R so I am willing to nuke the whole drive/OS if that is required.Thanks in advance and I hope to hear from someone soon.So I will now post the DDS.txt report as requested a... Read more

A:Infected with TROJAN.HILOTI.GEN, TROJAN AGENT, TROJAN VUNDO

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 4 answers
RELEVANCY SCORE 102.4

I am fairly new to this process, so I hope I do this correctly. I have Spybot S&D and just downloaded Malbytes. They both seem to help somewhat but cannot remove reader_s.exe or services.exe. I am experiencing internet popups and redirects, the Windows firewall is disabled, as is my Symantec antivirus. There is a login screen when I start Windows XP that did not used to be there. I am getting number of random error messages, and Malbytes is sometimes deleted and I have to reinstall it. Also, random .tmp files seem to popup. Thanks in advance for any help you can provide.
DDS (Ver_09-02-01.01) - NTFSx86
Run by Jordan at 1:53:18.65 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1437 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program File... Read more

A:Infected with Trojan.FakeAlert.H, Trojan.Agent, Trojan.Downloader?

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 3 answers
RELEVANCY SCORE 102

From: Eric

I received a computer running XP Media Center Edition from a friend. Its desktop was being hidden automatically unless I told it to "show desktop". I ran SuperAntiSpyware and MBAM on it. They seemed to have removed the viruses. In preparation of this topic I ran GMER, which would not run so I ran TDSSkiller. TDSSkiller got rid of a rookit virus. What I need now is to make sure that the computer is completely clean. Here are the DDS and GMER reports.

Thank you

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by sherri cordry at 20:08:08 on 2011-11-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1770 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Comp was infected with Trojan.Agent/Gen-Fake AV, Trojan.Agent/Gen-Hullo[short], Rootkit virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426646 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 26 answers
RELEVANCY SCORE 101.6

I frequently get a report that symantec has deleted the adclicker and fakeAV. I've tried antimalware and superantispyware which showed nothing; the spyware removed some of the problems initially but I continue to get the symantec notifications.DDS (Ver_10-03-17.01) - NTFSX64 NETWORK Run by hp at 0:17:07.04 on Mon 07/05/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3998.3204 [GMT -5:00]AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) post:18531095SP: Symantec Endpoint Protection *enabled* (Updated) post:18531094SP: Windows Defender *enabled* (Updated) post:18531093SP: SUPERAntiSpyware *disabled* (Updated) post:18531092FW: Symantec Endpoint Protection *enabled* post:18531091============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k L... Read more

A:trojan adclicker and Trojan.FakeAV!gen30

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 14 answers
RELEVANCY SCORE 101.6

Today nasty trojan symtoms launched. I have Internet connection, but cannot access sites b/c of the hijacking. Getting tons of Security Warnings ("Application cannot be executed. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?"). Also a motherlode of red shields (with "x") in the bottom taskbar. A new lime green shield (slanted) has also appeared in the taskbar.I have read your preparation guide and downloaded/transferred the DDS and Root Repeal files from another computer. Below are the contents of my DDS.txt. Attached are my attach.txt and ark.txt files.I won't touch anything until I hear back from you. Thank you in advance for your assistance with this!DDS (Ver_09-12-01.01) - NTFSx86 Run by Larry at 14:24:49.31 on Sat 01/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1367 [GMT -5:00]AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared ... Read more

A:Nasty Trojan - Possibly: Trojan.FakeAV

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 101.2

It looks like Thursday afternoon a virus started to take over my laptop.  Initially, the computer slowed way down.  I tried to clean up the hard drive with windows utilities.  Then I ran Malwarebytes, which temporarily improved performance.  The next day, it was once again running very slow.  I re-ran Malwarebytes and then ran SuperAntiSpyware.  As I recall, both times that I ran Malwarebytes, it found trojan files.
 
I never received any messages asking for ransom money or anything else announcing the virus prior to running Malwarebytes.
 
The virus has encrypted all of my files.  Most of my files are on an external hard drive.  I have not found any that are not encrypted.
 
The virus has also used up all of the previously available 30+ gb of hard drive space on the internal drive.
 
I have since ordered a new laptop.  I'm ready to move on from the HP Elitebook.  What I really need is to be able to unencrypt the files that are on the external hard drive.
 
Any help would be greatly appreciated!
 
DDS Log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64  
Internet Explorer: 9.0.8112.16592  BrowserJavaVersion: 10.25.2
Run by 467065 at 15:31:59 on 2015-01-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3887.209 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabl... Read more

A:Infected with Trojan.Agent.0BGen & Trojan.Agent.ED - hard drive files encrypted

I just found the Cryptowall 3.0 files on the hard drive.  I read the FAQ at
 
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information
 
so, I guess that's all I really need to know.  Thank you for the information.

Read other 3 answers
RELEVANCY SCORE 100.4

Internet Explorer was popping up windows, 3 at a time, regardless if I was on the Internet. These popups are continuous, making it almost impossible to do anything. I downloaded and installed Malwarebytes, performed the Quick Scan, and 18 infections were identified. They were quarantined and I deleted them. I then performed a Full Scan and it was clean. However, IE is still launching new windows as quickly as it closes them and placing them at the forefront of everything I do.I was not able get a Gmer log as these popup windows interrupt its process. I tried at least 5 times. Following is my DDS log. I am also including the Malwarebytes log in case that might help as well. Please note that I replaced the user name with [name] in the logs.Many thanks!EDIT: If it helps to know this, when I had Task Manager up to kill IE each time it launched it's trio of windows while Malwarebytes performed its scan, every time the URL it launched with was www.webcrawler.com, and then it redirected to another site. It seemed to be referring to a list of sites as some were repeated..DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702Run by [name] at 17:51:16 on 2011-08-07Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.513 [GMT -7:00]..============== Running Processes ===============.C:\Program Files\Fingerprint Sensor\AtService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.... Read more

A:IE Popups Still Highjacking My Computer, After Removing Trojan.BHO, Trojan.FakeAlert, Trojan.Hiloti, Adware.Agent, Adware.DeepD...

Hello Alda B. Woods and welcome to BC.

Sorry about the delay, do you still need help?

Read other 8 answers
RELEVANCY SCORE 100

Hi all,
Since 2 days I have a nasty thing on my laptop with XP and it really got on my nerves. Usually I can handle the most simple stuff "with a little help from my friends" (forums), but now it looks like I need a real-time help exactly for me.

The symptoms are:
- disabled registry;
- disabled task manager;
- disabled safe-mode;
- Runtime error 6002 on Media player classic and DC++ which requires replacing the *.exe files; also, Spybot doesn't run;
- random-named *.exe files created in \local settings\temp\
- the problematic line in HiJackThis keeps reoccuring:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1.

So the other day I learnt how to re-enable the TaskMan, RegEdit and SafeMode when i need to use them.
Spyware Doctor find the detects the things from the topic name: "Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer".
The thing stays. I'd be very grateful to a little help.

A:Trojan.Agent, Trojan-downloader.agent, Hacktool.spammer, nasty stuff

DDS (Ver_09-03-16.01) - NTFSx86
Run by Alexander at 16:00:39.71 on неделя 26/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.1791.1190 [GMT 3:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\RAMpage\RAMpage.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\wintmlls.exe
C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\winxjcakb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ale... Read more

Read other 3 answers
RELEVANCY SCORE 100

I was getting popup windows saying "MSVideo.dll is not a valid Windows image". (See previous discussion in link). Norton Internet Security 2011 and Malbyteware found nothing. SuperAntiSpyware found the above viruses and removed them. I continued to see popup windows after doing this. To see if everything is gone I was instructed to create log files with DDS and GMER. The dds.txt file is pasted below. The attach.txt and ark.txt files are attached. I just tried to run SuperAntiSpyware and got the same error page about msvideo (see attached image). So something is still wrong.DDS (Ver_10-12-12.02) - NTFSx86 Run by Les at 11:48:20.37 on Fri 02/25/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1331 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Nero\Nero 7\InCD\InCDsrv.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Motive&#... Read more

A:Rogue Agent and Trojan Agent/Popup windows

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 32 answers
RELEVANCY SCORE 98.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:36:39 PM, on 8/31/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ltmoh\Ltmoh.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\Touch and Launch\PadExe.exeC:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exeC:\WINDOWS\system32\TPSMain.exeC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exeC:\tos... Read more

A:Trojan Agent, Trojan Fake, Trojan Generic

HiDisable Spybot's TeaTimer Run Spybot-S&D in Advanced Mode If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools Then click on the Resident icon in the list Uncheck
Resident TeaTimer
and OK any prompts. Restart your computerPlease visit this webpage for download links, and instructions for running ComboFix tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the following reports for further review, and so we may continue cleansing the system:C:\ComboFix.txtNew HijackThis log.A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a ... Read more

Read other 2 answers
RELEVANCY SCORE 98.8

Ive been fighting the Zlob.Downloader.vcs and Virtumonde-C Viruses for a few days now. Im hoping these logs are telling me that Ive finally won the battle, but I need a second opinion, any help? Greatly appreciated!!Deckard's System Scanner v20071014.68Run by Jack Schmitt on 2008-04-20 18:52:47Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --85: 2008-04-21 01:52:55 UTC - RP85 - Deckard's System Scanner Restore Point84: 2008-04-20 18:10:03 UTC - RP84 - Removed Sunbelt CounterSpy.83: 2008-04-20 17:40:54 UTC - RP83 - Installed Sunbelt CounterSpy.82: 2008-04-19 23:21:58 UTC - RP82 - ComboFix created restore point81: 2008-04-18 18:02:13 UTC - RP81 - Last known good configuration-- First Restore Point -- 1: 2008-04-18 18:01:54 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jack Schmitt.exe) ----------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:53:35 PM, on 4/20/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\l... Read more

A:Trojan.vundo, Trojan.agent, Trojan.fakealert

Hello! Welcome!I see you already have Malwarebytes installedDouble-click the Malwarebytes IconOnce the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please copy and paste the entire report in your next reply. Extra note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.If you have run this tool before please post all previous logfiles.

Read other 1 answers
RELEVANCY SCORE 97.2

Hi, I?m a newbie and this is my first post. Thanks ahead of time for existing and for helping me!My computer is an HP,AMD Athlon 64x2, 1.0GB RAM, WIN XPsp2 desktop with lots of virus/Trojan/adware/malwareNot sure where they all came from but the surfing the web for fantasy football stuff yesterday morning and landing on www.athlonsports.[com] or www.grogansports.[com] was the final virus that started me crashing and generating the wonderful ?Error Message: Stop c000021a {Fatal System Error} The Session Manager Initialization System Process??After failing to reboot multiple times and not being able to use my XP recovery disks, the computer loaded up somehow in Normal Mode. I disconnected from the Internet and I ran Avast! Antivirus before it crashed again and it found the following virus/etc.Found by Avast! AntivirusJS:Redirector-B[Trj] in a temporary internet fileWMA:Wimad[Drp] in a temporary internet fileWin32:Monder-GB[Trj]? in ?c:windows\system32\opnmlccs.dll? file?Win32:Trojan-gen{Other}? in ?c:\Windows\system32\prunnet.exe? file ?Win32:adware-gen[Adw]? in a program that came with computer that I?ve never used: C:\program files\online services\peoplepc\isp5900\branding\ppal3ppc.exe\$instdir\ppcttoolbar.dllI deleted/quarantined those viruses and tried to do a system restore to a couple days before and it wouldn't let me do it although I had just saved a system restore on 12/31. And t... Read more

A:Win32:Monder-GB[Trj], Win32:Trojan-gen{Other}, Adware.PopCap, Trojan.Vundo, Trojan.Agent and more

Seneka Rootkit Please read this post by Quietman7http://www.bleepingcomputer.com/forums/ind...t&p=1074915and tell us how you want to procedeYou might want to procede with a partial cleanup so you can finish backing up those pictures

Read other 6 answers
RELEVANCY SCORE 96.4

Hello!
 
Every month, I scan my computer just in case i had a virus, using "deep scan". I have the clasic "pack 3" (Avast free, Free Comodo firewall and Malwarebytes Premium),  so i scanned with those.. well, only with avast and malwarebytes. They didn't find nothing bad.
I found another Scanner ( Kaspersky Security Scan ) to scan a last time, "just in case" again, but it found 1 trojan:
 
Kaspersky Security Scan
HEUR:Trojan.Script.Agent.gen
- C:\ProgramData\InstallShield\Update\isuspm.ini
 
Is that a real virus/trojan? or a false positive?
 
The computer doesn't have any typical problem ( slow, pop ups, or weird behaviors)
 
After that, i scanned again with tdsskiller in safe mode but it didn't show nothing bad.
 
 
What should i do?
I had Windows 10, Avast free, Free Comodo firewall, Malwarebytes Premium
Thanks!

A:HEUR:Trojan.Script.Agent.gen inside isuspm.ini ?

Heur...heuristic....meaning something about that file caused Kaspersky to point to it as possibly malware.
 
I doubt that it is malware as the INSTALL SHIELD UPDATE is a legit program. If you are not experiencing well
known malware or adware issues I would suggest considering it a false positive.

Read other 3 answers
RELEVANCY SCORE 96

Hi,

I was encouraged to post a new topic, after reading the instructions provided here:

http://www.bleepingcomputer.com/forums/topic395475.html/page__st__15

For the past few weeks, I've noticed that my CPU has been running higher than usual, even when I have no open software.

Additionally, upon shutting down Windows 7 (x64 Professional), the screen would darken, asking to shut down open programs, however, whatever process was running, it was hidden and was not identified by Windows.

Last week, I decided to re-install Windows, however it did not solve the problem.

After running several anti-virus, malware removal, anti-spyware tools, SAS identified these:

Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC

I went ahead and backed up all my data and reformatted the partitions and re-installed Windows 7. However, after being careful to install a firewall and an anti-virus before doing Window updates, I am afraid that the problem is still there. As I shut down Windows, it detects that something is still running in the background.

Please find below the DDS log. Your help is highly appreciated.

Thank you.

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by BIGMIG at 22:00:11 on 2011-07-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6126.4776 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
S... Read more

A:Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC Virus Need Help!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/408650 and follow the instructions there. If you do not still need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have p... Read more

Read other 1 answers
RELEVANCY SCORE 96

Hi there,

First time here
My computer started being quite slow yesterday (all applications) and fan is running on full blast (even though it's clean, I have a fan cooler, and only run Firefox, Skype and a couple of other applications I use everyday that normally work fine). I have had internet connectivity problems as well but could be unrelated? Nothing else major but afraid could be compromised.

Ran a full scan using comodo which came up with above trojan agent. Then downloaded Malwarebytes and same came up. Seems to be moving after quanrantine... but what do I know? I am somewhat useless when it comes to these things... So I need a bit of help to figure out if I should be worried about this, and if so how to remove. Hope I did everything correctly.

Here are my logs. Any help appreciated Thank you for your time!

Karine

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by K at 11:09:07 on 2011-10-19
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: J... Read more

A:[12:17:38 PM] J Webster: Ahk2Exe.exe (Trojan.Agent) & A0039785.exe (Trojan.Agent)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424138 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 96

I have two virus' that I cant remove (Trojan.Agent/Gen-PEC and Trojan.Agent/Gen-IExplorer[Fake]). I have ran Super Anti Spyware a dozen times and it flags these two virus'. However, every time is removes them they come back. Also, they only show up after I run Rkill. Any advice?

A:Trojan.Agent/Gen-IExplorer[Fake] and Trojan.Agent/Gen-PEC Virus

Hello ,lets run these and see. You did update SAS prior to running?Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives select... Read more

Read other 19 answers
RELEVANCY SCORE 96

Hello,
Having some trouble with many trojans. I keep SuperantiSpyware/Malwarebytes/SpyBotS&D quite up to date but recently caught something they are unable to remove. They removed a large amount of other trojans but currently there are a few pesky ones which refuse to budge! namely Trojan HBO, Trojan.Agent & Rootkit.Agent. Other dodgy processes such as BN1.tmp BN2.tmp and many iexporer.exe in the task bar.

Even scanning in safemod under administrator would not budge them.

They seem to be having quite a party redirecting my webpages and even after 1 blue screen explorer.exe has gone on holiday leaving to me to open my own programs manually. Writing this from safemode with networking on and will post a HJT log and hope for some help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:58, on 11/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOW... Read more

A:Unable to remove Trojan HBO, Trojan.Agent & Rootkit.Agent

Read other 16 answers
RELEVANCY SCORE 94.8

Hi,It seems that I have trojan activity on my home pc.I am running Vista and when I log in to my user profile I get a blue desktop with a box saying 'Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer'I have tried a few malware removal programs, Malwarebytes, CCleaner, Adaware and ran virus scans in an attemp to try and remove it myself without bothering you guys but I just can't shift it, so I'm hoping you may have the time to help?What I have noticed is that I only get these warnings when I am logged into my user profile, not as administrator or as another user on the pc. I also get no warnings when running in safe mode.I run Avast and that brings up a warning soon after the blue desktop comes up that points to infection with C:\Users\Guy\AppsData\Local\Temp\tt991.tmp.vbs. The numbers/letters after the tt (in this case 991) change each time I log in. It also states Malware Name: VBS:Malware-gen, Malware Type: Virus/Worm, VBS verison 080805-0,08/05/08 which I try and delete from the warning box.I then am greeted with a windows script host message box that will say the above file (tt991.tmp.vbs) failed (Access Denied).I also regularly get Windows security alert message boxes come up on the screen saying that Windows Firewall has detected activity of harmfull software with mention of one of many trojans. These have been:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan... Read more

A:Vbs:malware-gen - Trojan-clicker.win32.tiny.h, Trojan-downloader.win32.agent.bq, Trojan-spy.win32.keylogger.aa

Hi,I am hoping you can help me.My computer keeps telling me it is infected with spyware/malware. I get a blue desktop on startup with regular warnings saying the computer is infected with:Trojan-Clicker.Win32.Tiny.hTrojan-Downloader.Win32.Agent.bqTrojan-Spy.Win32.KeyLogger.aaTrojan-Spy.Win32.GreenScreenTrojan-Spy.HTML.Bankfraud.dqStrange thing is that these only show up when I log in to my user account. If I log in as administrator, another user or as any user in safe mode I get no warnings and nothing shows up on scans.The pop up warings direct me to this site: www.antispyware-review.info/?wmid=46638&pwebmid=uWfLn0pimL&a= which is Smartsoft reviews to buy PC Antispy or PC Clean pro.Malwarebytes scan picks up Fake.Dropped.Malware, Malware.Trace, Trojan.FakeAlert and Hijack.Wallpaper and even if I remove these and restart the PC they come back.A spybot scan pointed to 2 entries of VirtumondeI'll attach the latest HJT log, Malwarebytes log and Spybot logs in case you need them. Please help me with this, I cant seem to shift it Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:54:34 AM, on 8/7/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Ado... Read more

Read other 5 answers
RELEVANCY SCORE 94.4

Hello All!..it's my first post trying to get help with this annoying pop up i have inherited on my computer.It keeps popping up stating 'Critical system error- trojan win32 agent AKK' it then asks you to download anti virus software..I have saved a Hijack this! logfile, (first time! heh!) and was wondering if anyone can help me find the problem.Cheers! KurskLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:17 PM, on 12/8/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\Java\jre1.6.0_02\bi... Read more

A:Critical System Error Popup-trojan Win32 Agent Akk

Welcome to the BleepingComputer HijackThis Logs and Analysis forum KurskMy name is Richie and i'll be helping you to fix your problems.Please move HijackThis to a permanent folder on the hard drive such as C:\HJT. Create a new folder and place HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.If you run Hijackthis from the desktop, the files it removes will not be backed up properly.How to create a new folder named HJT1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:2. From the 'File' menu choose 'New'.3. From the 'New' menu choose 'Folder'.4. Type the folder name: HJT5. Then press Enter.If you need help,follow the info in the link below:http://russelltexas.com/malware/createhjtfolder.htmYou have ClamWin and AVG7 installed.Its not a good idea to have more than one antivirus program installed on your computer. Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.You should uninstall one of them now,then restart your pc.If you have previously downloaded ComboFix,please delete that version now.WarningYou should NOT use Combofix unless you have ... Read more

Read other 1 answers
RELEVANCY SCORE 94

Help! My computer is infected! I ran Kaspersky full scan and it found the following, but is unable to get rid of them:virus HEUR:Trojan.Script.IframerTrojan program Exploit.JS.Pdfka.btaBelow is the hijack this log. It's also attached. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:27:25 PM, on 3/29/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint2K\Apoint.exeC:\Windows\PLFSetI.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeC:\Program Files\uTorrent\uTorrent.exeC:\Windows\system3... Read more

A:Infection! Trojan.Script.Iframer, Trojan program Exploit.JS.Pdfka.bta

Help! My computer is infected! I ran Kaspersky full scan and it found the following, but is unable to get rid of it:Rootkit.win32.agent.bdkqBelow is the hijackthis log. Thanks!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:27:25 PM, on 3/29/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Apoint2K\Apoint.exeC:\Windows\PLFSetI.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\system32\igfxext.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exeC:\Program Files\uTorrent\uTorrent.exeC:\Windows\system32\conhost.exeC:\Program Files\TrendMicro\HiJackThi... Read more

Read other 18 answers
RELEVANCY SCORE 94

KASPERSKY ONLINE SCANNER 7 REPORTSaturday, November 29, 2008Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Friday, November 28, 2008 18:35:48Records in database: 1424124Scan settingsScan using the following database extendedScan archives yesScan mail databases yesScan area My ComputerC:\D:\E:\F:\Scan statisticsFiles scanned 94300Threat name 4Infected objects 4Suspicious objects 0Duration of the scan 02:45:29File name Threat name Threats countC:\Documents and Settings\All Users\Application Data\FreeApp.exe Infected: Trojan.Win32.Agent.arng 1 C:\Qoobox\Quarantine\C\Program Files\tinyproxy\tinyproxy.exe.vir Infected: Trojan-Proxy.Win32.Agent.bcw 1 C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe Infected: IRC-Worm.Win32.Small.x 1 C:\WINDOWS\bolivar24.exe Infected: Backdoor.Win32.Agent.ubx 1 The selected area was scanned.----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Logfile of random's system information tool 1.04 (written by random/random... Read more

A:Infected: Trojan.Win32.Agent.arng, Trojan-Proxy.Win32.Agent.bcw, IRC-Worm.Win32.Small.x, Backdoor.Win32.Agent.ubx

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 4 answers