Over 1 million tech questions and answers.

! Infections/threats On My Windows Xp !

Q: ! Infections/threats On My Windows Xp !

Hello, I have an IBM ThinkPad computer that runs using Windows XP. I used the Google Updater that comes with the Google Desktop program I downloaded to my computer to download NortonAntiVirus, Norton Security Scan, and PC Tools Spyware Doctor by PC Tools Software. Apparently they picked up some possible infections or threats. I would like to know if these security programs are actually reliable, and if so how i can resolve my problem. If you need to know more about these infections just ask.I recieved these results from each after doing full system scans:NortonAntiVirus found nothing.PC Tools Spyware Doctor found 275 infections in my computer. They included:Trojan.Popuper - with 14 infectionsZango Search Assistant - with 2 infections1 infection from a Bad SitePSGuard Desktop Hijacker - with 14 infectionsRiskTool.Reboot!sd5 - with 2 infectionsWindowEnhancer - with 242 infectionsNorton Security Scan:Norton Security Scan said: Unresolved Threats:Adware.ZangoSearch Virus ID: 4294906905 Risk: Low Categories: AdWare State: UnhandledPlease help my with my problem. Thanks, Matt

RELEVANCY SCORE 200
Preferred Solution: ! Infections/threats On My Windows Xp !

For anything regarding erasing your history and maintaining privacy, I really recommend downloading History Fixer. It deletes all traces of online and offline computer activity including Internet searches, history and chat sessions. Includes a file shredder feature.

You can download it direct from this link http://goo.gl/7JS9gZ. (This link will automatically start a download of History Fixer that you can save to your computer.)

A: ! Infections/threats On My Windows Xp !

Download and scan with SUPERAntiSpyware Free for Home Users* Double-click SUPERAntiSpyware.exe and use the default settings for installation.* An icon will be created on your desktop. Double-click that icon to launch the program.* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)* When done, select "Scan for Harmful Software".* There are three scanning options. Choose "Perform Complete Scan" and click "Next".* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".* Make sure they all have a checkmark next to them and click "Next".* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.* Click Preferences and then click the statistics/logs tab.* Click the dated log and press View log. A text file will appear so you can see the results.* Select close to exit the program.* Scan in SAFE MODEPlease download AVG Anti-Spyware to your Desktop or to your usual Download Folder.http://www.ewido.net/en/download/* Install AVG Anti-Spyware by double clicking the installer.* Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.* On the main screen under Your Computer's security.o Click on Change state next to Resident shield. It should now change to inactive.o Click on Change state next to Automatic updates. It should now change to inactive.o Next to Last Update, click on Update now. (You will need an active internet connection to perform this)o Wait until you see the Update succesfull message.* Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.* Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.If you are having problems with the updater, you can use this link to manually update ewido.AVG Anti-Spyware manual updates.Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.Close ALL open Windows / Programs / Folders. Reboot in safe mode Please start AVG Anti-Spyware and run a full scan.* Click on Scanner on the toolbar.* Click on the Settings tab.o Under How to act?+ Click on Recommended Action and choose Quarantine from the popup menu.o Under How to scan?+ All checkboxes should be ticked.o Under Possibly unwanted software:+ All checkboxes should be ticked.o Under Reports:+ Select Automatically generate report after every scan and uncheck Only if threats were found.o Under What to scan?+ Select Scan every file.* Click on the Scan tab.* Click on Complete System Scan to start the scan process.* Let the program scan the machine.* When the scan has finished, follow the instructions below.IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.o Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)o At the bottom of the window click on the Apply all Actions button. (3)* When done, click the Save Scan Report button. (4)o Click the Save Report as button.o Save the report to your Desktop.* Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.Reboot in Normal Mode.THan* Clean your Cache and Cookies in IE:* Close all instances of Outlook Express and Internet Explorer* Go to Control Panel > Internet Options > General tab* Under Browsing History, click "Delete".* Click "Delete Files", "Delete cookies" and "Delete history"* Click Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):* Go to Tools > Options.* Click Privacy in the menu..* Click the Clear now button below.. A new window will popup what to clear.* Select all and click the Clear button again.* Click OK to close the Options window* Clean other Temporary files + Recycle bin* Go to start > run and type: cleanmgr and click ok.* Let it scan your system for files to remove.* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.* Press OK to remove them.If that does not clear up matters than please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You may have performed some of these steps already. About half way down are instructions for downloading HijackThis and creating a log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.If after 5 days you still have received no response, then post a link to your HJT log here.After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.After you have run the cleanmanager, prior to go over the steps for HiJackThis please post back how this computer is running now

Read other 2 answers
RELEVANCY SCORE 70.8

Hello, I have an IBM ThinkPad computer that runs using Windows XP. I used the Google Updater that comes with the Google Desktop program I downloaded to my computer to download NortonAntiVirus, Norton Security Scan, and PC Tools Spyware Doctor by PC Tools Software. Apparently they picked up some possible infections or threats. I would like to know if these security programs are actually reliable, and if so how i can resolve my problem. If you need to know more about these infections just ask.I recieved these results from each after doing full system scans:NortonAntiVirus found nothing.PC Tools Spyware Doctor found 275 infections in my computer. They included:Trojan.Popuper - with 14 infectionsZango Search Assistant - with 2 infections1 infection from a Bad SitePSGuard Desktop Hijacker - with 14 infectionsRiskTool.Reboot!sd5 - with 2 infectionsWindowEnhancer - with 242 infectionsNorton Security Scan:Norton Security Scan said:Unresolved Threats:Adware.ZangoSearchVirus ID: 4294906905Risk: LowCategories: AdWareState: UnhandledI posted a topic on the Am I infected? What do I do? forums list, and had a guy give me some advice on what to do. Then he had me create a HijackThis Log for this forum category. So here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 10:34:32 PM, on 4/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32 ... Read more

A:! Infections/threats On My Windows Xp !

Hello matt, I am SifuMike and I will be helping you. Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.******************Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. You already have installed AVG Anti-Spyware 7.5 so I want you to run it in the Safe Mode. See the following instructions.Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here. Exit AVG Anti-Spyware 7.5 when done - DO NOT perform a scan yet. Reboot your computer in "SAFE MODE" using the F8 method so Windows will start with minimal drivers and running processes. To do this restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repea... Read more

Read other 8 answers
RELEVANCY SCORE 61.6

hi, when i run the avg anti virus software it displaying some threats and infections, when i tried to fix those it is telling that you have to use power user, or forcebley trying to heal the threats may cause your system crash, please some body tell me how i have to fix these threats

A:how to clean threats and infections

AVG Anti-Virus Free User ManualNo single product is 100% foolproof and can prevent, detect and remove all threats at any given time. The security community is in a constant state of change as new infections appear. Each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using several anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense and safe surfing habits provides the most complete protection. I recommending downloading and scanning with Malwarebytes Anti-Malware and SUPERAntiSpyware Free.

Read other 1 answers
RELEVANCY SCORE 58.4

I made an error in judgement yesterday and now my computer seems to have an infection. There is a blinking yellow triangle in my system tray that has an attached bubble claiming,

"System Alert: Malware threats - Your computer is infected with a back door Trojan that allows the remote attacker to perform various malicious actions. Click this baloon to download malware removal software."

This alert pops up every minute or so. I'm also getting a critical Alert saying I'm infected with something called Cyberlog-X. I ran Ad-aware, Norton-Antivirus, Spybot S & D and AVG anti spyware (I ran AVG in safe mode). I also ran ActiveScan and saved the report.

Below, I wil paste my current Hijak This Log, my AVG Anti-Spyware - Scan Report, and my Activescan report.

Reports:

Hijac This:

Logfile of HijackThis v1.99.1
Scan saved at 11:46:14 AM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program... Read more

A:Solved: PSW.X-VIR Trojan, Malware Threats, Spyware.cyberlog-X and other Spy/Adware infections

Read other 10 answers
RELEVANCY SCORE 57.2

Having the same issuse as this guy on computers running xp and vista: http://www.bleepingcomputer.com/forums/ind...hl=themed32.dllOS won't boot fully saying themed32.dll needs to be reinstalled I appologise as i am new here but i'd just like to continue the topic by posting the results of the OTLPE scan:Note I have selected minimal output - OTL logfile created on: 6/18/2010 12:30:23 PM - Run OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPEWindows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = SystemInternet Explorer (Version = 8.0.6001.18904)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 223.12 Gb Total Space | 162.03 Gb Free Space | 72.62% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedDrive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGOCurrent User Name: SYSTEMLogged... Read more

A:RE: Multiple threats - infected svchost exe - and more, Browser redirections - recurring infections - attempted hijack

Hi, Richisup Is the themed32.dll error in your Windows VISTA computer? Do you have the VISTA Installation DVD?Boot to the OTLPE CD .Your system should now display a REATOGO-X-PE desktop.Double-click on the OTLPE icon.When asked "Do you wish to load the remote registry", select YesWhen asked "Do you wish to load remote user profile(s) for scanning", select YesEnsure the box "Automatically Load All Remaining Users" is checked and press OKOTL should now start. Change the following settingsChange Drivers to AllChange Standard Registry to AllUnder the Custom Scan box paste this in/md5startmouclass.sysShell32.dlleventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.syseNetHook.dllahcix86.sysKR10N.sysnvstor32.sysahcix86s.sysnvrd32.sys userinit.exeexplorer.exentoskrnl.exe/md5stop%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /s%systemroot%\System32\config\*.sav Press Run Scan to start the scan.When finished, the file will be saved in drive C:\OTL.txtCopy this file to your USB drive.Please post the contents of the C:\OTL.txt file in your reply.In addition:While in the Reatogo Environment, navigate to the C:\WINDOWS\System32 folder. Locate the Shell32.dll file and copy it to the flash drive. Upload this file to the Spykiller Forum as follows:Please go here:The Spy ... Read more

Read other 1 answers
RELEVANCY SCORE 48.8

Can some one please help me out with this problem i woke up this morning and turned on my computer and i started getting these SYSTEM ALERT: MALEWARE THREATS saying that my computer is infected with a back door trojan that allows the remote attacker to perform malicious actions and when i try to go on the internet it goes to this IESECURE web page and it say they ran a scan and i am at risk,also i keep getting these porno pop ups and i dont no were they came from because i have pop up alert when i try to report abuse it say that some body downloaded to watch free videos and i pay with the pop ups

so i went to best buy and bought a spy ware and anti virus program because i didnt have ne protection the program i bought was TREND MICRO internet security and i ran all the scans i caught some trojans then i deleted them and i had like 120 spy ware things infected if some body can please help me out i would really like it

thank you
 

A:HELP:iesecure, maleware threats and constint back door virus threats

Read other 9 answers
RELEVANCY SCORE 47.2

If malwarebytes found threats and i delete all the threats will it broke my pc?

A:If malwarebytes found threats and i delete all the threats will it bro

Hi,
Depends it doesn't look like it did yet ?
See this,
Malwarebytes Anti-Malware Free

Read other 7 answers
RELEVANCY SCORE 45.6

I run:
AMD Athlon 64 2.40 GB
512MB RAM
Windows XP (SP2)
80 GB hard disk

It's been intermittently running slow. Crtl-Alt-Delete > Performance will show CPU usage at 99%-100%. I ran XoftSpy which came up with the following threats or high threats.
Vendor / Type / Category / Object

CWS.Googlems / Registry Value / Malware / Software\Microsoft\Internet Explorer\main/search bar

VX2 / Registry Value / BHO / Software\Microsoft\Internet Explorer\toolbar\webbrowser

1st Alert 1.3 / File / Carding / C:\File_Id.diz

Haxdoor / File / Trojan / C\WINDOWS\system32\w32tm.exe (High Threat)

EPS E-Mail Password / Sender File / Password Capture / C:\What’sNew.txt

Tracking Cookie File / Data Miner / C:\Documents and settings\first user\cookies\first [email protected]

What is the best way to deal with them? I could buy a XoftSpy licence for $40, but I am asking this question because every anti-virus or spyware programme seems to pick up different issues, so will any one safeguard me? Can I get rid of these without buying a licence, and what is my way forward? Thanks.
 

A:Threats and High Threats on XoftSpy

Read other 9 answers
RELEVANCY SCORE 42.8

just to discuss, are they any possible treats to windows 7?

A:Threats to windows 7?

No OS is bullet proof ... not even Windows 7, but with a good dose of common sense and a decent anti-virus/firewall you should be fairly safe...

Welcome to the forums!!

Read other 9 answers
RELEVANCY SCORE 42.4

Hiya

The Threats and Countermeasures Guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. This guide details the different threats, potential countermeasures, and the potential impact of configuring these settings
System Requirements
Supported Operating Systems: Windows Server 2003

Adobe Acrobat Reader
http://www.microsoft.com/downloads/...93-147a-4481-9346-f93a4081eea8&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 42.4

Hiya

The Threats and Countermeasures Guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. This guide details the different threats, potential countermeasures, and the potential impact of configuring these settings.
System Requirements
Supported Operating Systems: Windows Server 2003

Adobe Acrobat Reader
http://www.microsoft.com/downloads/...93-147a-4481-9346-f93a4081eea8&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 42

As the title said, AVG 2014 (free version) detected 10 threats, but I'm pretty sure they are not threats, so I want to check with someone who actually knows what he/she's doing. I tried to google them, came up with no results. I have Windows 8.1. The report is below. Thank you!
 

Scheduled Scan

 

 

 

 

 

 

 

High priority;"10";"0";"10"

 

 

 

 

 

 

Folders selected for scanning:;"Scan whole computer"

 

 

 

Started:;"2014-02-27, 11:14:00 AM"

 

 

 

 

 

Finished:;"2014-02-27, 11:33:26 AM"

 

 

 

 

 

Total object scanned:;"352504"

 

 

 

 

 

User who launched the scan:;"SYSTEM"

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Name;"Description";"Result";"Status";"Priority"

 

 

 

 

C:\Program Files\WindowsApps\Deleted\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe51269377-c1e2-42d0-ad49-aa267... Read more

A:AVG detected threats, but I'm not sure they are really threats

The JS file type is primarily associated with JavaScript.When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder for quick execution later and better performance. Both legitimate and malicious applets (malicious Java class files) are stored in the Java cache directory and your anti-virus may detect them as threats. The detection can indicate the presence of malicious code which could attempt to exploit a vulnerability in Java which could be used to allow adware, phishing programs or other types of fraudulent software to be installed on a computer. For more information about Java exploits, please refer to Anti-Virus has detected a virus. Is it related to Java?.In your case, these .js files appear to be stored in the WindowsApps folder found on Windows 8.Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality.

Read other 4 answers
RELEVANCY SCORE 42

Not really sure what's going on. Used Malwarebytes AntiMalware to remove Rogue infections but still some problems. Spontaneously, open programs will just close on their own. System freezes...etc. I'm hoping it is not still infected but that is why i am here, looking for help.
Thanks for any help.....
DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 20:30:25.35 on Fri 01/16/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.300 [GMT -5:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C: ... Read more

A:Recent infections: multiple "Rogue" infections, Trojan.Agent,

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please update Malwarebytes' Anti-Malware and run a full scan and post the logs with the DDS log. * Download DDS by sUBs from one of the following links. Save it to your desktop. ... Read more

Read other 6 answers
RELEVANCY SCORE 41.6

Recently got this spyware threats detected. Ultimate defender ad. I don't want to buy that. I have already run AVG FREE scan, CCleaner, Spybot Search & Destroy and now Stinger is running a scan. Hopefully I will be able to extract the hijackthis setup file to run it next. I did not have it installed prior to. Whenever I try to install it, the window automatically closes so I can not continue. Also, google search for hijackthis would cause the explorer window to close. Any suggestions?

A:Windows Xp Pro--"spyware Threats Detected"

Go to the Hijack This file you downloaded. Right click on it and change the name to "Lasthopescan". Now see if it will install.Rogue Remover may get rid of this for you. http://www.malwarebytes.org/rogueremover.php

Read other 1 answers
RELEVANCY SCORE 41.6

Hello.
 
I just wish my first topic in these forums was not under these circumstances, but it appears my computer has a problem with multiple hundreds of items.
 
I was running an AVG Free Edition 2014 in a whole computer scan, and it found 571 threats - I tried to remove them after the scan was finished, but AVG did not allow me to remove these threats. Most of these threats were under some sort of listing such as Windows\Crypto\RSA\Machine Keys (or something like that - I have my AVG log posted later), but some had a different listing, which made me more fearful of my issue.
 
Under suspicion, I decided to boot my computer into Safe Mode and run another AVG scan (in Safe Mode) again in hopes of trying to remove these issues, but to no avail (aside from three medium threats it could eliminate). As a last resort, I have made a post here to request help. As my computer is a lifelink for me to do many things I will need to do in the future (I want to enter the job market soon, so having a secure computer would help me), I please ask for assistance in dealing with this issue.
 
My computer's specs:
Model: Acer Aspire 5254-BZ692 (Purchased early 2011); has 320 GB HDD (And that's all I know, as my sticker with the info on it has not stood the test of time very well)
 
My AVG Safe Mode scan log:
 
AVG 2014 AntiVirus command line scanner
Copyright © 1992 - 2013 AVG Technologies
Program version 2014.0.4117, engine 2014.0.3604
Virus Database: Version... Read more

A:Acer Windows 8 - Too many threats not checked by AVG

Welcome aboard
 
Those are not threats but files locked by Windows.
Some files are locked for security reasons.
It's pretty much impossible to infected locked file.
 
Are you having any issues with your computer?

Read other 22 answers
RELEVANCY SCORE 41.6

Windows Defender has detected the following 3 threats on my system and I need help removing them:

Program: Win32/Winfixer
Spyware: Win32/C2Lop.A
Adware: Win32/Virtumonde.A
Can someone help me with the removal of these threats please?

Thanks SO much!

A:Windows Detected 3 Threats! Need Help Removing

Follow the instructions in How to Remove WinFixer / Virtumonde .Then download and install SUPERAntiSpyware. Run the scan in Safe Mode and allow it to quarantine whatever it finds.

Read other 7 answers
RELEVANCY SCORE 41.6

Hi, help appreciated.The only symptom I can think of experiencing currently on my machine is not being able to use internet in any way while using Windows XP in normal mode. IfI try to browse with firefox for example, it seems like it doesn't even tryconnecting, and all it says is "Unable to Connect". I've had to do all networking in Windows XP Safe mode w/ networking, and it worksfine. Another symptom I experienced was having some kind of ad (can't remember exactlywhat kind of) pop up every time Windows loads, but I got rid of that already.--UPDATE #1: After my Windows has been up for a few hours or so, I get this error message box:"svchost.exe - Application ErrorThe exception unknown software exception (0xc0000409) occurred in the application at location 0x5b86a3c0."This has occurred before as well, but I didn't report about it until now because I had to wait to see what it says exactly.UPDATE #2: I've experienced another error message, and the error box says:"xRun-time error '10055':No buffer space is available"This occurred in the same uptime session in Safe mode, several hours after the occurrence of the error message described in UPDATE #1.**The first line of both of the error messages is what reads on the message box, the rest was in the text box.--So far I have scanned my computer with Symantec Antivirus, Ad-Aware SE,Spybot S&D, Ewido Security Suite 3.5, McAfee Stinger, Trend Micro Scan and Panda Activescan. All scans were made in Win... Read more

A:Infections: "securityerror" And "startpage.cbx" (panda Scan), + Possible Other Infections

Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). We?ll get them next step.Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm========================You have an old version of Ewido and it is now called AVG AS 7.5 http://www.ewido.net/en/download/ ================You may want to print this or save it to notepad as we will go to safe mode.Fix these with HiJackThis ? mark them, close IE, click fix checkedF2 - REG:system.ini: Shell=Explorer.exe scvhost.exeF3 - REG:win.ini: run=C:\WINDOWS\scvhost.exeO3 - Toolbar: (no name) - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - (no file) O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exeO4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exeO4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exeDownLoad http://... Read more

Read other 6 answers
RELEVANCY SCORE 41.2

Hi guys,Hopefully someone can point me in the right direction.I've got an ACER 5750 laptop with Win7 Home Premium with a couple of problems.- I can't turn the windows firewall on (error 0x80070424)- MSE has picked up: * Trojan:Win64/Sirefef.Y * Trojan:Win32/Sirefef.AB * Trojan:Win64/Sirefef.U * Trojan:Win32/Alureon.FP * Trojan:Win64/Sirefef.P * Program:Win32/CoinMiner- Malware Bytes has picked up: * RiskWare.Tool.CKSo, sadly its a bit of a mess...I have run MSE to remove the above which states a successful removal but when completing the requested restart Win7 wont boot and pops up a repair program which will only let the system run if I complete a restore in which case the whole lot starts over. I've also run Malware Bytes which sometimes clears the problem but on restart the problem still exists.It seems to be a very similar problem to TommyC11's issue here: LinkI have run TDSSKiller.exe which doesn't return any threats.Should I follow on with the process outlined in TommyC11's thread?Many thanksStu

A:Windows Firewall Error, Threats found in MSE

No,dont follow the instructions given to another user.

We need advanced tools to remove this infection

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Read other 3 answers
RELEVANCY SCORE 41.2

Hi guys,

Hopefully someone can point me in the right direction.
I've got an ACER 5750 laptop with Win7 Home Premium with a couple of problems.
- I can't turn the windows firewall on (error 0x80070424)
- MSE has picked up:
* Trojan:Win64/Sirefef.Y
* Trojan:Win32/Sirefef.AB
* Trojan:Win64/Sirefef.U
* Trojan:Win32/Alureon.FP
* Trojan:Win64/Sirefef.P
* Program:Win32/CoinMiner
- Malware Bytes has picked up:
* RiskWare.Tool.CK

So, sadly its a bit of a mess...

I have run MSE to remove the above which states a successful removal but when completing the requested restart Win7 wont boot and pops up a repair program which will only let the system run if I complete a restore in which case the whole lot starts over. I've also run Malware Bytes which sometimes clears the problem but on restart the problem still exists.

It seems to be a very similar problem to TommyC11's issue here: Link

I have run TDSSKiller.exe which doesn't return any threats.

Many thanks
Stu

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sarah and Stu at 17:26:25 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.1654 [GMT 12:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firew... Read more

A:Windows Firewall Error, Threats found in MSE

Hi Stu!!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you ha... Read more

Read other 26 answers
RELEVANCY SCORE 41.2

The system I am using is an Acer Aspire with Windows 8 installed. Recently Avast has been detecting threats in C:\Windows\SysWOW64\explorer.exe.
This brings up constant popups by the notification tray that usually goes something like:

Object: (A .biz URL, one which I remember is dufeloveteuv.biz, there were one or two others as well, they always had pages extending from that base URL) 
URL(I don't remember exactly what this field is named): Mal
Location: C:\Windows\SysWOW64\explorer.exe
 
It's killed all use of Internet Explorer (10), which whenever I open it brings up a window saying that Internet Explorer has been terminated because of a malicious addon (I checked the addons, there was nothing but Avast there), Chrome still works though.
 
So what do I do from here, I'm safely assuming that the laptop has been infected with something, but what is it, how would it have come about, and how do I remove it?

A:Avast is detecting possible threats in C:\Windows\SysWOW64

You mentioned IE, there is one Toolbar Cleaner, from Visicom Media Inc, that might help -- if there is an errant toolbar within IE.

Read other 1 answers
RELEVANCY SCORE 41.2

Yesterday, I mistakenly opened one shitty website that tried to install addons but failed cuz i got ublock origin, scriptsafe and https everywhere, it managed to block it i think and for the sake of trust i ran adwcleaner which found 4 threats, trovi trovi start up urls and avg... i did everything couldnt remove them and reinstalled windows now i installed google chrome agian ran adwcleaner and found the same things... what to do? help
 

Read other answers
RELEVANCY SCORE 41.2

This is my dad's computer problem, I don't really knwo how it happend.
I suppose he sufred some porn websites (I really do think so).
this is a Windows XP operating system, it's a portable computer nothing to special to declair about.. a regular simple computer that is used to surf the internet, no spiel programs installed.
I add some pics and of course the Hijackthis log file
Thank's very much for your help!
 

A:Hijackthis logs - malware threats from windows

please, help anyone?
thank's
 

Read other 3 answers
RELEVANCY SCORE 40.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:50 AM, on 3/14/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exeC:\Program Files\Maxtor\OneTouch&... Read more

A:ran adaware yesterday had 176 infections; but, i think i still might have a few remaining infections

Hello akatheon,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

Read other 2 answers
RELEVANCY SCORE 40.4

Long story short - I'm having literally the same exact problem this guy was having:

http://forums.techguy.org/malware-r...xplorer-problems-audio-video.html#post6431160

But I saw that no one answered his question, so I'm hoping maybe you'll give me a shot! This is a very important computer with my work stuck on it and I must get it working again!

I could tell my computer was asking slow for a week or so and that I had a virus. I finally decided to do something about it. Ran Malwarebytes..found viruses.. deleted.. but still it was running a little slow.. so I Purchased and ran Norton 360, it detected and deleted all kinds of files, rebooted, and immediately it seems my windows shell is corrupted! No taskbar, no startbutton, (even when I hit ctrl/esc) most windows functions are inoperable. No drag and drop.. no copy/paste.. 90% of programs won't work.. No internet, most startup items don't load... Sys restore doesn't work, it's messed up in Safe Mode and command prompt mode also.

I really must know what to do! This is horrible!
Please help!
If you need the hijack log I should be able to post it later tonight.
(if it allows me!!) It may not! It no longer lets me install or run programs without an error. I tried to reinstall Malwarebytes and I get
"failed to load vbal6grid.. vbalsgrid6.ocx"
This is one of 100 different errors I get when I try to do anything now.

Maybe corrupt dlls?

S
 

Read other answers
RELEVANCY SCORE 40

The penetration testing and security auditing platform called Kali Linux is now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.

For those not familiar with Kali Linux, it is a Linux distribution geared towards penetration testing, forensics, reversing, and security auditing. Using Kali you can download a variety of security related programs such as Metasploit, Armitage, Burp, and more and use them to test your network for security holes.

In order to use Kali, you will first need to install the Windows Subsystem for Linux from the Windows Features control panel. Once installed, you can go to the Windows Store, search for Kali Linux, and install it for free.

Once you get Kali running and start installing tools, though, you run into a problem. Kali will appear to hang and ultimately error out, while Windows Defender begins to display virus alerts.

It appears that the developers in Microsoft's WSL team forgot to tell the Windows Defender team about Kali Linux's availability. This is because some of Kali's packages will be detected as hacktools, viruses, and exploits when you try to install them!
Windows Defender Quarantined These Kali Packages
If you take a look at one of the detected threats details, you can clearly see that some of the Met... Read more

Read other answers
RELEVANCY SCORE 39.6

Microsoft persuades customers to upgrade to Windows 10, citing increasing security threats

For the past few months, Microsoft has been touting the security features available to customers using Windows 10, especially with the increase in ransomware attacks. It even vowed to raise the bar for security with the upcoming Fall Creators Update.

Now, the company has published yet another blog post persuading customers to upgrade to the latest version of Windows 10, citing increasing security threats.

Microsoft explains that it previously used to release major Windows updates once every few years because only a few exploits existed at the time, mainly Stack overrun, Return Address Corruption, and Shell Code.

However, the scenario is very different nowadays, with new security threats and exploitation techniques popping up frequently. Some of these include Sandbox bypass, Heapspray, ASLR bypass, and ROP Shellcode. As a result, Microsoft has transitioned to the Windows as a Service (WaaS) model where updates are released every six months to offer new features and combat security threats.
Microsoft has also detailed the various threat mitigation techniques utilized in Windows 10 that are enabled by default, regardless of the Windows 10 edition being utilized. These include Heap and Kernel pool protections, Win32k Syscall filtering, Less Privileged App Container (LPAC), and Control Flow Guard.
The company notes that Universal Windows apps, and even Classic (Win32) applications do... Read more

Read other answers
RELEVANCY SCORE 39.2

Below is the HJT log with all services and softwares running.

Please take a look, and advise.

Thank you in advance.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:58:25 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1184298866\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:... Read more

A:Spy Eraser says 90 infections? registry key infections?

Bump Bump



Thanks

Read other 3 answers
RELEVANCY SCORE 39.2

Paste your log into this section.
I got some virus in my computer yesterday; It's troijan and some rootkits.
After that my windows defender won't work; I can't put it into action-> it keeps saying it isn't active and when I try to active it-> error-code comes.Same thing happens with the firewall.
I tried to get the viruses cleaned from the computer by AVG and then with Malware; both finds those and puts them in caranteen, but can't delete them. Overall 8 threats was yesterday and now is 6 threats; 2 troijans and 4 rootkits.
I tried to fix windows defender and firewall with window's fix it- exes, but those didn't fix the problem and some site said that computer must be clean from troijans and etc. after those can be fixed.
AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits.
I wish to have Troijan+rootkits deleted and windowsdefender+firewall to work right again.
Here is the DDS.txt.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Jenni at 21:41:48 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.358.1035.18.3326.2131 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
=... Read more

A:AVG is alerting of threats and the windows defender+firewall isn't working and Malware can't delete Troijan or rootkits

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 38.4

I have been working on a laptop windows XP, SP2 Sony Vaio for about 7 hours now.
Originally it had no functionality due to the Windows Recovery Virus, but having tackled that (using ComboFix) I have now found further problems. It was first apparent when Windows IE redirected and Google Chrome failed to load. Programs are failing to install properly and my memory sticks are infected every time I insert them into the laptop. However after following instructions for obtaining diagnostics using the following as a guide;
http://www.bleepingcomputer.com/forums/topic368072.html
I would like some further guidance. Hopefully it should be a simple case but the sooner the better, until then I'll continue to see if I can do anything myself.

Thanks for your time.

Nick.

A:Windows XP initially with Windows Recovery Virus, but subsequent infections found.

Well...I don't think that it's wise to use a malware topic for a specific person on a specific system...with perhaps other problems...as a "guide" for self-troubleshooting.

That said, I will move your topic to the Am I Infected forum where those experienced with malware situations...can advise/suggest.

Louis

Read other 2 answers
RELEVANCY SCORE 38

Hello! This is my first post on here, hopefully one of my last regarding this particular issue. I am trying to help a friend out with their computer. It is an HP, bought around '02-'03 with Windows XP. I don't know how and the details are a bit iffy, but they had a ton of infected files on there that I found with Malwarebytes Anti-Malware - nearly 250. After that, I removed and quarantined what I could, got rid of some other programs (including several fake anti-virus programs, I believe), and ran Malwarebytes again. There are still eight infected files on there, and I have a log if that is necessary and can post by request.
Also, they wound up actually buying one of those fake anti-viruses for about sixty dollars - and the name of it escapes me. I forgot to check before I left whether or not it was still installed on their system, but it wasn't on their control panel under "add or remove programs." I also can't get rid of a couple of things under the control panel, either. I am really hoping to avoid a full system restore - and actually, would that even help?
Thanks so much in advance, everyone.

P.S. I am not currently on their computer; I will be tomorrow, though.

A:Infections on Windows XP

Hello, yes please post that MBAM log.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malwa... Read more

Read other 5 answers
RELEVANCY SCORE 37.6

Started out saying win32.banker.FS trojan, I ran AVG spyware and deleted 155 items, then got Norton, it detected around 45 items infected and 3 as clean on the scan. now it still says my privacy is in danger. I think it was from me clicking on a link ot download flash player, and it was a virus really and I had no protection.

I ran the hijackthis scan, it is right here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:31, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec\Symantec Endpoint ... Read more

A:Infections C:\windows, spyware.

Hi Welcome to TSG!!
Download SDFix and save it to your Desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the c:\SDFix folder and double click RunThis.cmd to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool ... Read more

Read other 1 answers
RELEVANCY SCORE 37.6

Hi there!

Last week my pc didn't open C: by double click anymore, and then when I started My AVG FREE edition, it detected this files: Trojan Horse psw.onlinegames.z and asked me to heal it, which I did.
Apparently, it still wasn't because when I inserted another external hard disk in the USB drive to copy some files to the external hard disk, AVG found the same files.
I did ONLINE SCAN AT www.bitdefender.com for both hard drive (external and internal) and 2 Trojans were found and fixed in the hard drive and there were no reported Trojans found in the external hard disk I used.

I still wasn't convinced that everything is fixed though so I tryed to scan with AVG again my two hard disks but it couldn't heal infected files anymore.

Now I've read something on the web so I've downloaded COMBOFIX and got the windowsXP pro bootdisk but I dont really know what I have to do.

Thanks in advance for the help
 

A:Trojan Infections in Windows XP

hi
this is my combo fix log

ComboFix 08-05-21.3 - ale 2008-05-24 10.34.25.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.571 [GMT 2:00]
Eseguito da: C:\Documents and Settings\ale\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ale\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2008-04-24 al 2008-05-24 )))))))))))))))))))))))))))))))))))
.

2008-05-24 10:22 . 2008-05-24 10:22 85,520 --a------ C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-10 12:05 . 2008-05-10 12:06 <DIR> d-------- C:\Programmi\iTunes
2008-05-10 12:05 . 2008-05-10 12:05 <DIR> d-------- C:\Programmi\iPod
2008-05-10 11:58 . 2008-05-10 11:58 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-08 08:30 . 1998-09-02 10:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-05-08 08:30 . 1998-08-27 06:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-05-08 08:30 . 1998-08-20 13:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-05-08 08:30 . 1998-09-02 10:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-05-08 08:30 . 1998-09-02 10:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-05-08 08:30 . 1998-08-17 11:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-05-08 08:30 . 1998-08-17 11:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-05-08 08:30 . 1998-08-17 11:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-... Read more

Read other 1 answers
RELEVANCY SCORE 37.6

Having some issues with Windows XP that are not showing up through various scans. Hoping to resolve issues. The Attach.txt file is zipped and included as per instructions
DDS (Ver_09-09-29.01) - NTFSx86
Run by Owner at 14:11:46.40 on Thu 10/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.592 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds(3).... Read more

A:Hidden infections Windows XP

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Post the contents of C:\ComboFix.txt in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: Combofix.txt log.txt info.txtThanks

Read other 2 answers
RELEVANCY SCORE 37.6

Greetings! I recently got a bad infection. It started with Windows Police Pro. It locked me out of task manager, would not allow exe files, and the works. It seems to be a newer version, as it would not allow me to merge the reg fixes I could download onto the desktop. I followed the WPP removal guide, but could not run malwarebytes software from the desktop, as the exe file was lost during (several attempted) installations. I finally installed it on a memory stick on another computer, and when the "file not found" popup came up, i directed it to the memory stick. Not sure how I was able to stop WPP initially - oh yea. I found a site that used group tools or something with XP pro - to stop it.

Anyway - then I was re-infected with Security Tool. Although it blocks task manager, I restared the machine and was able to start Task Manager before ST loaded. I could then stop it with task manager. I seemed to be able to remove it, using the wonderful logs here at bleepingcomputer.

Still - I am not clean. When I open IE or Firefox it they open, but if I click on a link I am taken to a bogus site. Something is monitoring my browsers, and attacking me. Even links in firefox start an IE window bogus site.

I need help. I will begin downloading the tools mentioned as I signed up.

thanks!

A:windows police pro, other infections

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

Read other 14 answers
RELEVANCY SCORE 37.2

Hi,

I have been infected with multiple viruses and can't seem to get them to go away. Now when I start my computer, I get multiple "bad image" errors, Everytime I close one another starts up. I'm crippled.

Thanks in advance for your help.

Eric
DDS (Ver_09-05-14.01) - NTFSx86 MINIMAL
Run by Eric at 19:57:37.32 on Wed 05/13/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.693 [GMT -7:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Eric\Desktop\Autoruns\autoruns.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eric\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comedysportz.net/forum/
mSearch Bar = hxxp://red.clie... Read more

A:Windows XP multiple malware infections

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 37.2

Hi everyone, as far as I knew my pc was running fine. I run Malware bytes every now and then to check it out, and had no reason to be suspicious of any activity on my pc.
I was a little behind with my windows updates though, and updated my system last night. It installed 90 or so updates, all with vagues names along the line of 'windows update'. 
I run Malware bytes after the updates, found 12 threats and removed them all (the only one i can remember was the conduit search engine and bar) and have run malware and couple of times since then and found a couple more threats. 
My steam insisted on updating when i opened it. I tried to played Skyrim but the game was riddled with uncharacteristic lagging, the same went for Saints Row 4, and I couldn't even open battlefield 4.
 
I would just like to be reassured my computer is safe and fixed if not. Any help is appreciated, thank you. 

A:Windows Update Filled With Infections?

Installing updates from Microsoft Update was not responsible for installation other software.Conduit is a toolbar engine installed (bundled) alongside many free applications which allows users to add applications directly to their browser without a community toolbar. Conduit offers a distribution option for Conduit-powered offerings and is used in order to generate ad revenue for the company. While not explicitly malware, it is often installed stealthily without knowledge or consent from the end user and is considered a Potentially Unwanted Program (PUP).Many toolbars, add-ons/plug-ins, screensavers and browser extensions come bundled with other free third-party software you download (often without the knowledge or consent of the user). These can often be the source of various issues and problems to include Adware, pop-up ads, browser hijacking which may change your home page and search engine, and user profile corruption.Toolbars and add-ons install themselves in various areas of your operating system to include your browser and Windows Registry. Since some of their componets and behavior are determined to be harmful, anti-virus and anti-malware tools may detect and remove them as Potentially Unwanted Programs (PUPs).Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values,... Read more

Read other 1 answers
RELEVANCY SCORE 37.2

Wife's PC is running Windows XP and we have been relying on Microsoft Security Essentials to help protect the PC. Some malware and or virus's have slipped through and infected the system.

Her PC seems to be locked up when booting in normal mode. We are not able to run our normal programs. We keep getting messages that the application was infected and it would close out.

I shut down the PC and booted up in safe mode. I am able to bring up MSCONFIG and unchecked all items in the startup tab. This allowed me to boot up in normal mode with out the virus warning. I downloaded McAfee Security Scan Plus, Microsoft Security Essentials, and MalwareBytes.

I ran McAfee Security Scan Plus and it found several Trojans infections. I attempted to clean using Microsoft Security Essentials and MalwareBytes.

Found the following with updated Microsoft Security Essentials definitions file 1.105.1563.0 for both virus and spy-ware definitions.

Trojan:DOS/Alureon.A -> Quarantined
Trojan:Win32/Alureon.CD -> Removed
Trojan:Win32/Wimpixo.E -> Removed
TrojanClicker:HTML/IFrame.J -> Removed

MalwareBytes Anti-Malware found and either Quarantined or removed the following:

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 21

Almost every file and shortcut is marked hidden. All of my program list has been stripped out with the exception of a few prog... Read more

A:Windows XP SP 3 Virus's and Trojan infections

I updated Malwarebytes's Anti-Malware again and now I am getting an error that says:
An error has occured. Please report this error code to ou rsupport team. PROGRAM_ERROR_UPDATING (5,0,CreateFile) Access is denied. OK button. This occured after the update reached 100%

Running another Full scan on all local hard drives C: D: F: and P:

Read other 20 answers
RELEVANCY SCORE 37.2

Hi all,

I'm not sure if repair install could help me but I've never had anything of the sort occur with my computer before.

Last night I was surfing away, just looking at a few websites. I opened a new one (from google search) and either AVG or Windows Defender came up informing me of 2 infections. One was in the roaming directory, that is all I saw. I asked it to fix and remove said infections. It had just managed to do it when another one popped up. At this moment Yahoo messenger started acting in a bizarre manner and my computer just crashed. It rebooted and Startup Repair appeared. It told me it would try to fix it and then restarted. After the second time it told me it could not fix the problem automatically. The problem seems to be a corrupt file according to the extra information it provided. I think it's a virus as I believe (but may be mistaken in thinking) startup repair cannot protect against those.

I tried to do System Restore though I was sure that would not work and it didn't. Like an idiot I have not backed up any of my data. I would prefer not to have to re-install anything but and to fix it without all the hassle but at the very least I would just like to get all the files etc. This is what is most important to me. I don't mind having to spend hours reinstalling everything as long as I can access and somehow back-up my files.

Can repair install help? Any other options? I'd appreciate any help at all. Thanks for reading this rather verbose post.

-Tunde

A:AVG or Windows Defender came up informing me of 2 infections

I suspect an infection and a Repair Install at this stage may be premature and probably would fail anyway.

Try booting to "Safe Mode with Networking" which is choice number 2 on the menu that you should get by tapping F8 repeatedly while booting up.

In that mode you should be able to access the Internet while at the same time preventing any malware from running

Go HERE and download the FREE version. Update it once installed (important) and then run a full scan and let it remove anything it finds, do all this in that mode. Reboot if it asks you to. Hopefully that will remove the bug whatever it is and then you can proceed with the rest of your life ;-)

Read other 9 answers
RELEVANCY SCORE 37.2

I was asked by a relative to check into why her computer was running slowly, primary symptom was web browser pages were taking 10-15 minutes to render. The computer was running McAfee Internet Security product. I verified that the signature files were updated, and ran the most detailed scan available. Results were clean. Suspicious, I ran a deep scan using Avast Aniti-Virus from my U3 USB drive, and identified a bunch of malware hiding in files that appeared to be in directories create by some of the manufacturer's bloat ware (games and screen savers). Avast had its way with all of the files, either deleting them or quarentine. I then deinstalled (from the Windows Control Pannel) all of the products that were not being used. I rescanned using Avast again and came out clean. I updated all of the computer drivers and software relevant to the HP/Compaq laptop model, then updated with the available MicroSoft OS patches (applied SP3 and IE8 as the computer had not been updated since SP2). The updates that checked for malware did not report any errors or infections. I rescanned with Avast, and then again with McAfee, verified clean scans. The browser slowness continued, and started experiencing network timeouts.

The computer also had the unusual behavior of displaying a file window at startup c:\program files\common\ with a file named helper.sig. I searched for a registry entry matching with the directory and/or file name. Not there. Checked the startu... Read more

A:Multiple Infections - \windows\batmeter16.dll

I have surrendered. There is no chance I can trust this computer after having so much malware installed. I am zeroing the HD and loading OS from scratch.

Thank you to anyone who has read my post and considered solutions.

I do not have any idea as to the source of the malware, as the computer was owned by my Father-in-law, who who passed away last year (no way to figure out what sites he might have visited, or files downloaded).

Good luck, all. Thanks for the great tools!

Ed

Read other 2 answers
RELEVANCY SCORE 37.2

Hello everyone-
This is my first post to the forum, hope this is in the right place. I have spent a good amount of time trying to clean my brothers laptop. I have reinstalled win 7 4 times, every time I reinstall, the viruses come right back. This last time, I formatted the drive, reinstalled win7, and upgraded to win10. Once I installed the nvidia drivers, there were 9 infections. They were as follows: Gen. Variant. Strictor ( multiples), Gen. Variant. Graftor (multiples) and Gen. Varient. Symmi (multiples). I ran Bitdefender rescue but it could not delete them. I used grant perms to unlock the files and manually deleted. So, I need to know if it's finally clean. Apologies for posting a novel.
Thanks Big Orange

Read other answers
RELEVANCY SCORE 37.2

OK so first my cursor keeps getting re focused so i do a scan with my malwarebytes and it finds and removes 1 infection... i go on and google chrome starts crashing repeatedly within like a 20 minute period it had crashed 4 times. then as i am about to close it and do another scan everything starts closing and shutting down! in the process of everything closing i get a little box impersonating a windows essentials infection found... now i know i didn't install windows essentials so i tried to close it. of all the things that where closing this one thing i actually wanted gone wouldn't close! that is until the entire system rebooted itself.... i let it boot and start normally but just as it got to the user sign in i got a blue screen... so i then moved to reboot in safe mode. the fake error message popped up again so i figured from it popping up in safe mode and the blue screen earlier it was something starting with the system. so first i run another Malwarebytes scan which finds 56 infections which it then removes and i check out my Avast anti-virus to turn on a boot scan hoping i could catch it before it starts again. i find that not only are all my shields off but i cant turn them back on! also it wont let me set the boot scan.... i attempt to open windows task manager and of-course whatever is screwing with my system doesn't allow it. it closes as soon as it opens... i figured id reboot in safe mode and try a system restore... but it tells me that s... Read more

A:false windows essentials and possible other infections

Hello script-kitty,Given what you stated in Chat,[23:41] <script-kitty> i do however know im also infected with a TDSS type thing which i can take care of after all thisyou have a bad rootkit aboard. Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic, a description of your computer issues.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 37.2

I had quite a few infections invluding smitfraud, vundo, w32. I think I cleaned them all out but I wanted to have my log checked and make sure. This is on a windows 2003 terminal server.Deckard's System Scanner v20071014.68Run by Administrator on 2008-06-21 21:55:11Computer is in Normal Mode.--------------------------------------------------------------------------------Backed up registry hives.Performed disk cleanup.-- HijackThis (run as Administrator.exe) ---------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:58:21, on 6/21/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\dllhost.exec:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\HP\Cissesrv\cissesrv.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\cpqr... Read more

A:Windows 2003 Multiple Infections

Hello, Anthony R.. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.Please run Deckard's System Scanner again, this time using these instructions:(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)Click on Start, click on RunCopy and paste the following in the open window and then click OK:
"%userprofile%\desktop\dss.exe" /configThis will open up DSS configurationClick on Check All.Click Scan.
DSS will now run again.Please post back both logs that open in notepad.
Main.txt and Extra.txtIn your next reply, please include the following:DSS's Main.txtDSS's Extra.txtBilly3

Read other 2 answers
RELEVANCY SCORE 37.2

Hi there!

Last Friday, I had a few pictures developed in the nearby developing center. When I got my flash disk back, the AVG in my laptop detected this threat: Trojan Horse psw.onlinegames.z and asked me to heal it, which I did. Apparently, it still wasn't because when I inserted another flash disk in the USB drive to copy some files to another computer (desktop), the AVG installed there reported the same Trojan. I downloaded Spyware Terminator and TrojanHunter 5.0 for both computers and 2 Trojans were found and fixed in the hard drive and there were no reported Trojans found in the flash disk I used to copy files from the laptop to the desktop but then again, maybe it was because I reformatted the flash disk after AVG asked me to heal the trojan.

I still wasn't convinced that everything is fixed though so I checked my AVG Virus Vault in the desktop (still haven't done that in the laptop because I found so many infections in the desktop so I want to fix it one computer at a time). I found the following infections with their corresponding details:

attribute name: value
object name: uulaqvl.cmd
object path: g:\
discovery: Trojan Horse psw.onlinegames.aq
date of detection: 4/10/2008 1:55:23PM
file size: 145.72kb
healable: no
source: backup copy
status: infected

attribute name: value
object name: uulaqvl.cmd
object path: g:\
discovery: Trojan Horse psw.onlinegames.aq
date of detection: 4/09/2008 11:29:10AM
file size: 145.72kb
healable: no
source: backup copy
... Read more

A:Solved: 6 Trojan Infections in Windows XP

Read other 14 answers
RELEVANCY SCORE 37.2

Hello,
 
First time posting here.  I have 2 Rootkit infections on my laptop according to Spyhunter: Google Update   and   Googleupdate.exe    
 
Spyhunter was unable to remove them.
 
Not sure if its associated with these infections but my keyboard is not working properly, cursor is jumping all over the place and I seem to be losing memory at a fast pace and I'm not sure whats causing this.  
 
Any help in removing these infections would be appreciated.
 
Thank you,
 
Arclight Marine

A:Rootkit Infections on my Windows 7 Laptop

Sorry I forgot to my DDS file:
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.17.2
Run by Mike at 13:09:06 on 2013-11-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6058.3377 [GMT -8:00]
.
AV: Trend Micro Titanium Antivirus+ *Enabled/Updated* post:32121101
SP: Windows Defender *Disabled/Updated* post:32121100
SP: Trend Micro Titanium Antivirus+ *Enabled/Updated* cached-Mon, 23 May 2016 13:49:46 +00009
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files (x86)\Com... Read more

Read other 55 answers
RELEVANCY SCORE 36.8

**Vista is the OS, I use windows 7... brain fart apologies**
 
I'm working on a family member's PC, they complained of slow speed, pop-ups and redirected browser.  Numerous trojans were found in our initial scans from the "Am I Infected" forum as expected.  dllhost.exe*32 is using an extremely high amount of memory, and their CPU fan goes to full throttle randomly even while the machine is idle (so something is definitely still amiss!).
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Home at 12:38:45 on 2013-12-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3966.1066 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.... Read more

A:Windows 7, Several infections, Attachment Management gone Haywire as well

Hello Sezneg I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

Read other 27 answers
RELEVANCY SCORE 36.8

this is my logLogfile of HijackThis v1.99.1Scan saved at 11:25:15, on 06-07-2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Archivos de programa\ewido anti-spyware 4.0\guard.exeC:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exeC:\Archivos de programa\Eset\nod32krn.exeC:\WINDOWS\system32\nvsvc32.exeC:\Archivos de programa\Eset\nod32kui.exeC:\Archivos de programa\Agnitum\Outpost Firewall\outpost.exeC:\WINDOWS\system32\pctspk.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Archivos de programa\ewido anti-spyware 4.0\ewido.exeC:\Archivos de programa\IOLO\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\WINDOWS\System32\svchost.exeC:\ARCHIV~1\INCRED~1\bin\IMApp.exeC:\Archivos de programa\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lanacion.cl/R0 - HKCU\... Read more

A:Adaware Tells Me I Have 2 Infections In Windows System

Hi there and welcome to Bleeping Computer !As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help, please start by posting a new HijackThis log in this topic and i will then be able to take a look!Thanks very much David

Read other 9 answers