Over 1 million tech questions and answers.

Shadow Mode, Malware and Tinkering - WARNING!

Q: Shadow Mode, Malware and Tinkering - WARNING!

Hello,

Shadow Defender is great software.

It protects my system from permanent infection.

However, I have one warning.

Remember this - if you download malware and tinker with it - meaning allow it to run without any type of restriction, then it will perform all of its malicious activities during Shadow Mode. Plus if you are signed in as Administrator, then the malware will be able to run with same privileges. Shadow Mode is a fully virtualized environment that does not prevent malware from running nor stop it once it is executed!

So if the malware is designed to grab data and transmit it back to a C&C server, then it will do so. If its a cryptolocker variant it is going to encrypt files, if it's a virus it is going to replicate, etc, etc, etc.

There are things you can do while running in Shadow Mode to ensure solid security:

1. Use Guest Account
2. Use Microsoft's DropMyRights
3. Use Sandboxie
4. Once you download and run malware, then disable network/block connections
5. Use Blue Network's AppGuard (if use Sandboxie need special configuration; with Shadow Defender/Emsisoft no special configuration needed).
NOTE: Configuring AppGuard not so easy. If not done correctly will cause big headache.
6. Use Windows Parental Controls as an anti-executable (requires configuring some folders)
7. Always use your AV/Firewall in Shadow Mode

I allow malware to run in Shadow Mode with Administrator privileges (my system is completely exposed, but actions by malware are reversible - except, perhaps, for rootkits - jury is still out on that one), but once it is done downloading and installing, then I turn AV to Offline Mode - which blocks all network connections via firewall. This option to block network connections either globally or on a per application basis is available with most AV nowadays.

I do not recommend what I do. Proceed with caution and be prepared for the (unintended) consequences.

hjlbx

RELEVANCY SCORE 200
Preferred Solution: Shadow Mode, Malware and Tinkering - WARNING!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Shadow Mode, Malware and Tinkering - WARNING!

thanks for the info
i used timefreez for testing and even crypt-locker was revert, however if you have another partition or drive connected to the pc the data will be gone

Read other 50 answers
RELEVANCY SCORE 70.8

First of all I would like to thank the Microsoft for all of the great things they have done to improve windows update in this recent OS release.

So I have tried to install this update 2 times. Both attempts have left ubuntu un-bootable.
I will fix this problem, eventually. Not tonight, I'm too tired and busy. After that I am likely to do one of two things.
1) Disable the winupdate service or whatever in win10
2) Format the issue at its source.

It is silly... amateur. How can it be, that not one geek working at microsoft, who dual boots windows 10 and ubuntu, took notice of this hostile update?
The whole can disable/can't disable updates based on the version of your windows just feels very high school drama-ish. Why as the owner of my pc, should I not have the power to delegate software updates as I see fit. Does microsoft own my pc or do I own my pc?

To be honest I really don't even care, I just want easy to download (i'm on old school dsl) and safe to install updates.

Just a warning I guess, to other dual booters.

A:Warning: Update 1511 tinkering with partitions?

I appreciate your frustration, but your execution of Microsoft might be a bit premature.

I am dual booting Win 10 Home version 10586.17 with Linux Mint 17.2 xfce.
After reading your post, I went to check out my Linux.
I had no problem booting to Linux at all.

Read other 3 answers
RELEVANCY SCORE 52.8

Would like to try SD but would like to know how to configure it to allow Windows Updates. Thanks.
 

A:How to set up SD to allow Windows Updates in Shadow Mode

Are you planning to leave Shadow Mode on constantly? I only use it when I go to test new programs or samples of malware and then disable it. I'm not sure if you can delete the Windows Update folders so that you do not roll back the updates after SD is disabled.
 

Read other 3 answers
RELEVANCY SCORE 52

What is the difference between the old and new malware?

Well, the old malware wanted to spread and replicate rapidly until antivirus software vendors could not find a way to render them harmless. Today most cyber threats act in devious ways, sophisticated and organized. Have changed the "attackers", have increased the purposes of actions, and have become more elusive and planned the security solutions and hacking activities.

Advanced Persistent Threat (Apt).

Apt are attacks that rely on other techniques, some are old and others, such as social engineering, of the latest generation.

Apt attacks very often are not well known because they do not show their power in the period of a few days, with effects most often annoying, but easily fixed. Their main characteristics are not the rapidity and the flamboyance, but intelligence, strength and patience. Quality in proportion to the objective: not the demonstration effect, but the sabotage of economic activities, theft of intellectual property, theft of sensitive personal information and even digital certificates.

As in the context of criminal actions, also in cybercrime using, in most cases, weapons already known or "rebuilt". An example are malware capable of "polymorphism", in which a portion of the code is designed to periodically change so that it no longer matches the signature with which the security vendor update firewalls, Intrusion Prevention Systems (Ips) and other antimalware. How do the... Read more

Read other answers
RELEVANCY SCORE 50

2016 saw attackers holding data for ransom at an alarming rate; but in conjunction with the rise of ransomware and the continued ubiquity of mass malware, attackers are increasingly utilizing non-malware attacks in an attempt to remain undetected and persistent in organizations? networks.

According to Carbon Black data, these non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behavior.

In its end-of-year threat report, Carbon Black found that instances of severe non-malware attacks grew throughout 2016. And in any given 90-day period, about one-third of organizations are likely to encounter at least one severe, non-malware attack.

Instances of non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) grew throughout 2016. Such attacks spiked by more than 90% in the second quarter of this year (93.2%) and have stayed at escalated levels since. And, some leading attack campaigns in 2016, including PowerWare and the hack against the Democratic National Committee (DNC) leveraged non-malware attack vectors to carry out nefarious actions.

Meanwhile, the research also found that ransomware, which is on track to be an $850 million business in 2016 according to FBI data, has emerged as the fastest-growing malware across all industrie... Read more

Read other answers
RELEVANCY SCORE 50

Hi all,

Do you think whilst malware testing in a VM it's necessary to "double" sandbox the sandbox - so you run the VM in a Virtual Environment? If so would you recommend Shadow Defender or Comodo Sandbox?

Thanks When I first started I used Comodo Sandbox to sandbox VMWare but now I just haven't bothered recently.
 

A:Shadow Defender whilst malware testing?

MalwareBlockerYT said:


Hi all,

Do you think whilst malware testing in a VM it's necessary to "double" sandbox the sandbox - so you run the VM in a Virtual Environment? If so would you recommend Shadow Defender or Comodo Sandbox?

Thanks When I first started I used Comodo Sandbox to sandbox VMWare but now I just haven't bothered recently.Click to expand...

Not really. It serves only to over-complicate things for the user. Besides, researchers have shown that double-virtualization ("double-sandboxing") can be bypassed. However, it would be such a rarity that it isn't anything to fret about.
 

Read other 0 answers
RELEVANCY SCORE 50

Hiya

Shadow Copy Restore is a component of the intelligent file storage technologies in Microsoft Windows Server 2003. It enables you to prevent data loss by creating and storing shadow copies of files and folders on your network at predetermined time intervals.

Before a client computer can access shadow copies, you must install the Shadow Copy Client. The operating systems that require the Shadow Copy Client include:

Windows XP
Windows 2000 (SP3 and higher)
System Requirements
Supported Operating Systems: Windows 2000 Service Pack 3, Windows XP

Windows Installer : To install this msi package you need Windows Installer
2.0 or higher. You can download it from one of the following locations:
Windows Installer 2.0 Redistributable for Windows 98 SE

Windows Installer 2.0 Redistributable for Windows 2000

http://www.microsoft.com/downloads/...8f-33c3-4de7-acd8-a33ac92d295e&DisplayLang=en

Regards

eddie
 

Read other answers
RELEVANCY SCORE 50

I have a SharePoint page which consist the chevron image div.
Following class has been implemented to create chevron effect and shadow of this shape but it works in Google Chrome not in IE.
Please can someone help me
Use this link to understand chevron shape and shadow effect (open in chrome)
https://jsfiddle.net/xca5kqu0/


sudhanshu sharma Do good and cast it into river :)

Read other answers
RELEVANCY SCORE 49.6

Hey friends, I want to do some malware analysis for educational purposes,but as you know it involves running malware on the system.
I don't have the resources to use a vm (installing a vm results in unusable real and vm system) nor does i have the resources to buy anything like shadow defender.
So, i want a free software or maybe some giveaway of a software that could reliably protect from all sorts of malware,as i will also test ransomwares.
 

A:Need a free software like shadow defender for malware analysis

Toolwiz Timefreeze and Reboot Restore Rx are two alternatives to SD. The provisions of Reboot Restore look more appealing from a security point of view, with MBR protection and recovery from unbootable windows in case. No such specifics are mentioned in the description or FAQs of Timefreeze, though TF makes running multiple real/virtual OS simultaneously possible.
Reboot Restore Rx free:





I would recommend the latter to be tried out first.
 

Read other 6 answers
RELEVANCY SCORE 49.2

hello,

now I am thinking to make new security config on one machine. What better Emisoft AM + Shadow Defender or SSFW + Shadow Defender ?

what is better for the both above ?

Windows 10 Pro

Regards
 

A:Should I use Shadow Defender with SpyShelter Firewall or Emsisoft Anti-Malware?

With Shadow Defender for everyday use, you have little to zero chance of persistent infection in your Pc. But an infostealer can communicate in your current session, then your real need is a good outbound firewall and a good backup plan.
 

Read other 23 answers
RELEVANCY SCORE 48

My Dell laptop computer (Windows XP OS) was running very slow. I followed some advice in the forums and tried modifying the programs that are automatically started when the computer boots up. I used a utility called Startup Inspector. The program was easy enough and listed the programs that startup. I used consult and it rated the programs as essential, optional, undesirable, and unknown.

There were no undersitrable programs noted (I had already ran a malware removal program). There were a bunch of optional and unknown programs.

I unchecked all of the optional and unknown progams and clicked the "apply" button. The copmputer automatically went to reboot to initiate and apply the changes.

The problem showed up right away in that the computer went into a reboot loop of sorts never finishing the boot up process.

The reboot process pauses at a screen where several options are available:
start up in safe mode
start up in safe mode with networking
start up at c prompt etc..
start up at last successful configuration

I have tried each of the options and the computer goers on into the reboot process but always return to the screen with the above options

I now realize that I should have been much more careful about unchecking those programs that Startup Inspector identified as unknown. I interpreted the "unknown" designation to mean not important. I assumed that if it would have been an essential program that the Startup Inspector would have had this ... Read more

A:Startup Tinkering gone bad

Since this is a Dell, I'm assuming you only have the disks that came with the computer and not a XP disk, correct?
I think you are at the point where you might have to use the Recovery disk from Dell. Unfortunately, this means a loss of everything you have stored on the hard drive

Read other 5 answers
RELEVANCY SCORE 47.6

New malware detects browser, shows fake malware warning page.

Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before.

-- Tom
 

A:New malware detects browser, shows fake malware warning page

Thanks
 

Read other 1 answers
RELEVANCY SCORE 47.2

Hi,

The taskbar on my mom's computer is messed up.

It doesn't display programs which are running.

I think the problem is that the toolbar which is meant to display the apps is gone! I unlocked the taskbar and included a screenshot to give uy an idea!?!?!

Any1 got any ideas???!!!

P.S. I already restarted explorer...and I restarted the computer 3 times!
 

A:Solved: Taskbar Tinkering...

Read other 6 answers
RELEVANCY SCORE 46.8

Hi,

I have a quarterly and annual report that I create and I generally have it set to work neatly. However, I have one large grid for questions where the scores may be from one to five and next to that is the percent of all answers for that question that that response accounts for. I show all the fields in the grid - however, in some quarters I may only get responses for 1,3 and 4 (for example). Currently I have to go in and set the fields with no data to be unbound (or else get an Error message, because I am trying to divide by 0). I know that somehow you can set Access (just got 2003) to ignore fields with no data...unfortunately this is a very large database with confidential info - will have to do a lot of work if you need to see sample.

Thanks in advance and Happy Holidays!
 

A:Access report needs constant tinkering

Why don't you just put in an expression like:

=IIf([score]=0,0,100/[score])
 

Read other 3 answers
RELEVANCY SCORE 46.8

It's unlikely I'll ever evolve into an arrogant, fat-headed, know-it-all... Thanks to this baby (VGN-N130G) on my lap, I suffer regular ego ***-kickings each time I attempt to match wits with the developers and authors of all things PC.
I have a Sony laptop running XP SP2 that's connected wirelessly to my desktop PC, also running XP-2. Internet service is via cable.
My wireless network was initially set-up by a tech and I could access the music files on the desktop PC through the laptop. But it seems that every time I try to get to something on my other PC's hard drive, I'm blocked by one issue or another, that then, in turn, eats up the rest of my day while I try, unsuccessfully, to figure out what's wrong and how to fix it. Eventually my nephew stops by and sets things right. Then the cycle begins again.
Today, when I attempted to watch a movie downloaded in .avi (and on desktop PC) through Windows Media Player on my laptop, I could hear audio, but it was from a different movie (!) and the screen stayed black. Fussing with the video settings was useless. Next, I tried opening it in QuickTime and got a pop-up informing me that in order to play the video, QT would need a third party plug-in?? or file? or something? It said that I could probably get what was needed at QuickTime's site. I went there and looked around, clueless, for about an hour.
That's when I realised that I've been courting madness. Why drive myself insane fight... Read more

A:At your mercy. Home networking can't take any more of my tinkering.

Read other 6 answers
RELEVANCY SCORE 46.8

HI all,

really need your help. I offered to help a friend upgrade the memory in their Toshiba Satellite 1110/1115. I went on crucial.com and ordered the memory. It arrived and I popped it in. But now, whenever I turn on the laptop, it starts up...but the screen is totally blank! I can hear the hard drive working but I can't see anything. I tried attaching it to an external monitor...but that's not working either. I had a bit of trouble getting the momory in at first, and I'm worried I might have knocked a wire loose or something? I have no experience with Toshibas...IS there a magic button somewhere? please advise.

thanks.

UPDATE:

Thank you for your posts, and I apologise for the first post being a bit light on detail. The laptop had two ports for memory, I put the new memory in and got the blank screen. I was wrong about the HDD working, it was just the fan. When I took the new memory back out (i.e. returned it to its original configuration) the same problem occured. SO I played around with it a bit more after posting and found that if I put the new memory in the original (primary) port) and removed the old memory altogether, it works. Which leads me to suspect that somehow I managed to break/corrupt the original memory? it does not work with the old memory in either port.... Is this possible? I was grounded at the time and I think the fact that the new memory works is a pretty good indication that I wasn't messing up too much....has anybody ... Read more

A:A Troubling Tale of Toshiba Tinkering

Did you try installing the old memory again?
 

Read other 1 answers
RELEVANCY SCORE 46.4

I have my Windows 10 system set up the way I like it, but after a recent update some of my settings were changed. I assume, but can not be sure, that Windows is applying defaults when it shouldn't.

Is there any software that can take a checkpoint of settings and on a later run see if they are still intact and if not give a warning. Resetting them back would be nice but a warning would do.

Examples that were changed.
. My screen saver directory documents/my slides was changed to spotbright.
. My .jpg association was changed from Irfanview to some Photo program that I didn't install,
since removed.
. My trackpad, normally disabled as I have a mouse, was re-enabled.
There may be others I haven't found yet.

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Pentium(R) CPU N3710 @ 1.60GHz, Intel64 Family 6 Model 76 Stepping 4
Processor Count: 4
RAM: 8105 Mb
Graphics Card: Intel(R) HD Graphics, 1024 Mb
Hard Drives: C: 885 GB (811 GB Free); D: 24 GB (22 GB Free); F: 931 GB (603 GB Free); G: 1863 GB (1815 GB Free);
Motherboard: LENOVO, 00RD15IPG076
Antivirus: Windows Defender, Enabled and Updated
 

Read other answers
RELEVANCY SCORE 46.4

Hi

I think I may have a dead motherboard but I'm not sure. This is my first dead one so I have a lot of questions

Yesterday, when I tried to turn on my computer, the monitor would not recognise any video input (i.e. it knew the cable was in as it went cable unplugged once I unplugged it, but it saw no video input). My first guess was a dodgy video card, but I've tried my video card in a different PC where it worked, and another working video card in my PC where it didn't work, so it's either something wrong with my AGP slot or the motherboard AFAIK.

I've also tried another monitor and different VGA and DVI cables (normally, I connect with a VGA cable - I tried a new cable, as well as using DVI instead).

This has been working fine for years (so it's old). I had the case open the day before to test a failing HD, and I may have messed something up on my motherboard. I do remember playing with the AGP slot with my video card to try and get my hard drive in but nothing drastic, and it was still working after I finished tinkering

Before I go out and replace the motherboard, I wanted to be sure though.

Current state:

When I power it on, the CPU and PSU fans both start. My IDE DVD drives and my floppy drives also work (receive power). This only really means that the PSU works AFAIK
My hard drive (SATA if relevant) may or may not work - the fans are louder than the normal running sound of my HD. It doesn't appear to ever reach Wi... Read more

A:No display after tinkering with computer - I think motherboard is dead

You certainly have done a great deal of diagnostic work already. The first thing that jumps out at me is the harddrive.

Try this: When you slave it to another system access this harddrive through that system and do a full harddrive diagnostics on it.

Did you check the BIOS to see a) if this harddrive is recognized in the BIOS and b) if the onboard sound was enabled or disabled in the BIOS?

Check the motherboard's capacitors for any bulging caps.

* Keep in mind if you need a new motherboard, depending on how old it is, you'll at least need new RAM and possibly video card.
 

Read other 5 answers
RELEVANCY SCORE 45.6

Here's what happened....i haven't shut down my computer for about 4 days until last nite my computer randomly froze so after i restarted my Norton Internet Security and Anti Virus Program didn't boot up on startup and when i try to load it up it freezes for 5-10minutes and it says everything is disabled (real time protection, firewall, etc..) and when i try to activate them it says i don't have the privileges to change the settings because admin is not signed in but i'm the only user on this computer and this is the only administrator account.. also 'm finding some programs when i try to launch them it says (attempt to access invalid address) but hwen i check the files they're exactly the wway they were after installation AND now i can't log on to windows live messenger because it says i have improper firewall or proxy settings...i have yet to figure out what is messing with my com and what other damage it's caused ( i've searched computer with Spybot - Search and Destroy, Norton Anti Virus and Panda's Online Virus Search and all came with no results) so plz help...

Here is my Hijack this Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:35:20 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\s... Read more

A:Solved: Something is tinkering with my Anti Virus and Firewalll But i can't find what it is!!

Read other 16 answers
RELEVANCY SCORE 44.8

I have a Dell Desktop running XP, connected to my home wireless network with a Linksys Wireless G USB adaptor. My network has WEP security enabled. I've never had any problems as far as the network goes (except on occasion when the cable internet service goes out).

My system recently had a rootkit that was causing a variety of issues, not the least of which was Internet Explorer 6 not working properly and evidence of diversion of my browser to adware sites, etc. At the same time I noticed these problems and began tinkering, I found that my WiFi network connection speed was slower than normal, according to the connection status. It was and continues to show as 18 Mbps - 24 Mbps. It's not clear whether this was due to the "infection" or to a setting getting messed up during the initial attempts to figure out what was going wrong.

I just got through disinfecting the system (with a great deal of help from one of the members of this site). See here if interested in the details, with many logs, etc: http://www.techspot.com/vb/topic88712.html

What is very strange is that I have two other computers in the same room, on the same network, and they were showing and continue to show the normal WiFi speed I get: 54 Mbps. There is clearly nothing wrong with my WiFi.

After considerable effort, my system now appears to be clean. All normal functionality has been restored...except that the connection status still consistently shows the reduced speed, usual... Read more

A:WiFi connection speed mysteriously reduced ever since anti-hijack tinkering...

when you type: ipconfig /flushdns do you get an error?
 

Read other 8 answers
RELEVANCY SCORE 44.4

My wife's computer has the FBI warning virus and I am unable to boot to safe mode with networking or safemode. I am able to boot to safemode with comand prompt, but not sure how to proceed from there.

Appriciate any support.

Thanks
David

A:FBI warning with shutdown on safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 21 answers
RELEVANCY SCORE 44.4

My PC shuts down with no error message with no warning, I don't know what else to do, I've tried Spybot, AdAware, Spyware Terminator, AVG, VundoFix plus a few online scans... I'm on the verge of formatting the hard drive, but if anyone can see what the problem is B4 I do that, I shall be grateful...Thanx, Here's the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:16:29 PM, on 12/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\WISPTIS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Apple Software Update\SoftwareUpdate.exeC:\WINDOWS\explorer.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt... Read more

A:PC shuts down w/no warning if not in safe mode.

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I may ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download random's system information tool (RSIT) and save it to your desktop.Double click on RSIT.exe to run it.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 6 answers
RELEVANCY SCORE 44.4

I have a Tiny m720 PC and I just connected it to my new Lenovo ThinkCentre TIO 23.8" Gen3 Monitor. I have started getting this error with two loud short beeps on startup:   American Megatrends - Warning: In TIO mode, please use the adapter shipped with Tiny PC or TIO that has higher power rating. How can I disable and get rid of this? Tried restoring default BIOS settings and also re-flashing BIOS by no luck. Attachment: Screenshot.  Update: Contacted Lenovo tech support. He asked me to hit 'Esc' (which is not even an option on that screen) and was in a hurry to end call.

Read other answers
RELEVANCY SCORE 44

Just a general question:1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode? 2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode? 3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)Thanks!

A:Better To Scan In Safe Mode Or Regular Mode For Virus/malware?

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

Read other 4 answers
RELEVANCY SCORE 43.6

I changed monitors on an XP computer and had it working fine until I changed the resolution to something this computer OR monitor just couldn't resolve.

Now the monitor is in a state of balck screen except for in the middle saying Auto Detect is on (Analog) the also shows "Cannot display this video mode", Optimum resolution is 1920x1200 60hz

The screen cannot be taken off this no matter what I tried.

Appreciate any help, thanks.
 

A:Monitor stuck on Video Mode warning

Reboot the computer and press F8 until you enter Safe Mode... Select VGA and restart
 

Read other 1 answers
RELEVANCY SCORE 43.6

what does this mean. i would like to turn off whatever it is that does this because it is not letting me get to the site i want.

here is the full text

Warning: SAFE MODE Restriction in effect. The script whose uid is 99 is not allowed to access /home/sites/home/includes/mysql_vars.inc owned by uid 111 in /home/sites/home/web/header.php on line 13

Fatal error: Failed opening required '/home/sites/home/includes/mysql_vars.inc' (include_path='') in /home/sites/home/web/header.php on line 13
any help would be great
 

A:Warning: SAFE MODE Restriction in effect.

[tsg=welcome][/tsg]

Could you plz post about your system specs please. What OS? When does this error msg come up? When did this start?
 

Read other 3 answers
RELEVANCY SCORE 43.6

So over the last few days, my Samsung laptop has been putting itself into standby mode without any warning. And I for the life of me cannot figure out why.

All options to turn off the computer have been set to never while it's plugged in, so it's not that. I suspected it was the laptop overheating for awhile, but I've got SpeedFan running and with the latest shut down the core temperatures were only around 55 degrees Celsius. I've seen it run up to 70 degrees when I really pushed it to investigate how hot it got, and that didn't prompt any response at all, except for the fan speeding up, and the laptop cooled down pretty fast when I let up on what I was doing.

Is there any other reason the laptop would shut down like this? I'm not the most computer smart in the world when it comes to the internal workings, so any help would be appreciated.

Potentially relevant things:
Samsung laptop NP350V5C
Radeon graphics card
Intel core i7
Windows 8 OS
 

A:Samsung Laptop going into standby mode without warning

Do you have all standby options shut off, like when closing the lid?
 

Read other 1 answers
RELEVANCY SCORE 43.2

Hello Bleeping Computer.
 
I'm running Windows 7 Home, 32-Bit
 
This morning I was infected with a fake FBI warning message:
 
"This PC (Windows 7, 32-Bit) is blocked due to at least one of the reasons specified below..." 
 
I powered down, then attempted to reboot in Safe Mode.  It wouldn't restart in Safe Mode, instead it restarted in Normal Mode, the screen went blank white, then redirected to the same fake FBI Warning message.  I'm unable to proceed beyond this fake FBI warning screen.
 
I have access to a clean PC and external USB flash drive, and with your help I'm ready to follow your detailed instructions to remove this infection.
 
Many thanks in advance!
 
ND_Fan
 
 

A:Fake FBI warning, unable to boot in safe mode, please help

Select System restore
If you have a previous restore point ,restore it and let me know if you can boot now

Read other 17 answers
RELEVANCY SCORE 43.2

I have WinXP and my computer restarts or enters sleep mode (if sleep mode: computer can not be 'woken' from sleep) with out warning every 15 mins.

Also when it restarts it comes up with 'Windows Has Recovered from a serious error' with some files that are effected...

I have been told it could be the RAM...

Any Help?
 

A:XP - Windows restarts or enters sleep mode without warning

Hello Adam. It appears to be a Power Management issue in Windows XP. In that case, you might find the following article useful.

Configure Windows XP power management

Hope that helps.

-- Goku
 

Read other 2 answers
RELEVANCY SCORE 43.2

Hi ,
Firstly, please know we (my husband and I )are not very computer savvy..so if you could indulge us alittle ...I apologize.
We are having a problem with a pop-up that is located in my bottom tool bar and it states
"Your computer is infected! Dangerous malware infection was detected on your PC. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft.
Click here to protect you computer from the biggest malware threats."
when you click... nothing happens and this annoying warning returns again and again.......etc.
Also,there is a huge warning on my desktop(directly in the middle) stating "SPYWARE INFECTION...YOUR SYSTEM IS SEVERELY INFECTED........FILES ARE AT RISK.....AND SO ON.....

We did have a severe virus/spyware/malware and every other mess you can get on our system a few weeks ago and this last popup and desk icon is all that is remaining and we cannot seem to find it and remove it.A good friend of ours removed the other problems(because like I said... we don't know much about computers),but, he can't get this problem solved .

Please can someone help??
Thanks
Ellison10
 

A:Malware pop-up warning

Hi, Welcome to TSG- I'm sure you will enjoy your stay with us!

Your thread should be in our Security forum so you can get help easier, so I am moving it there for you.
No need to apologize this is routine.

{I am posting your Hijackthis log for you, it's easier to work this way. Byteman}

Logfile of HijackThis v1.99.1
Scan saved at 11:10:50 PM, on 01/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software U... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Another good reason to avoid sites like Twitter etc.

A:Malware warning

Another reason to avoid social networking sites if you don't need to use them. If you do choose to use them (and that is your choice), ensure that your AV software is running and is upto date and that your firewall is enabled. Twitter isn't as bad as some of the others, such as Facebook, but it is still a social networking site and as such is a prime target for malware perpetrators using social engineering techniques.

Read other 3 answers
RELEVANCY SCORE 43.2

hey
i had this malware before and just threw my computer away as i couldnt even turn it on in the end.

its taken over the wallpaper with a fake warning dangerous spyware many viruses pic. a warning bubble bottom left pops up every 30 secs. opens 10 fake firefox pages everytime i try to open something from the desktop. disabled taskkmanager, tho i got that back. and keeps running something called ntdll64.exe that i assume is malware from googling it!

i had malwarebytes before i got this virus, and i have run it a few times, and it hasnt sorted it? help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:29, on 24/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 43.2

I just recently reformatted my system thinking I could start with a clean slate because I have had problems with malware/viruses. Now I have a warning in my task bar: it is a red shield with an x that says "Security System has detected spyware infection!" At first, I thought this was a system warning but now I am thinking it is an infection. I tried to run Malwarebytes but it kept freezing. I ran a thourough Avast scan and these are the results as well as a HiJack This Log:

1/20/2009 4:30:15 PM XPPRESP3 952 Sign of "Win32:Seneka [Rtk]" has been found in "C:\Documents and Settings\bcm\Local Settings\Temp\WER0841.dir00\svchost.exe.hdmp" file.
1/20/2009 5:11:29 PM XPPRESP3 952 Sign of "Win32:Seneka [Rtk]" has been found in "C:\Documents and Settings\priya\Local Settings\Temp\WER04b9.dir00\svchost.exe.hdmp" file.
1/20/2009 5:11:43 PM XPPRESP3 952 Sign of "Win32:Seneka [Rtk]" has been found in "C:\Documents and Settings\priya\Local Settings\Temp\WER17eb.dir00\svchost.exe.hdmp" file.
1/20/2009 5:11:51 PM XPPRESP3 952 Sign of "Win32:Seneka [Rtk]" has been found in "C:\Documents and Settings\priya\Local Settings\Temp\WER25ba.dir00\svchost.exe.hdmp" file.
1/20/2009 5:12:00 PM XPPRESP3 952 Sign of "Win32:Seneka [Rtk]" has been found in "C:\Documents and Settings\priya\Local Settings\Temp\WER34c3.dir00\svchost.exe.hdmp" file.
1/20/2009 5:21:59 PM XPPRESP3 952 Sign of "... Read more

Read other answers
RELEVANCY SCORE 43.2

My virus software is the paid version of AVG. it caught a malware attack and asked me to quarantine it. When i agreed it said save anything i have open before i agreed. I didnt have anything open that needed saiving at the time. When I hit ok, i tried to open Firefox..my computer iopened the window that says what proigram do you want to open it with. I rebooted and I tried to open my Quickbooks, my virus program, WOW, several other progeams and they all directed me to the same thing - which program do I want to popen them with. If i right click some items and select run as it will open the program..most say files are gone. I am trying to get my virus program to reopen so I can copy uou on the malware it said it was...I remember it was Win32 and had the word Rean in it. Any ideas?

A:Malware warning

Redvoodoo - I had exactly this problem occur late last night. I found your post relating to it and bookmarked it, hoping you'd find a solution!

After a bit of playing around this morning I seem to have fixed it with the following:

I downloaded a file called exefix_xp which restored the .exe definiton.

I then downloaded the Malware Bytes software (which previously wouldn't install due to the lack of .exe definition).

I ran a Quick Scan and found 3 problems - quarantined them and did a reboot.

Everything 'seems' back to normal now but i'm running a deep scan on both my antivirus and the malware stuff.

I'm no expert but this route seems to have got me back up and running. Hope it helps you too!

Read other 1 answers
RELEVANCY SCORE 42.4

Good Morning,

It looks like one of the kids (obviously couldn't be my fault ) managed to infect one of our machines. I'm using another machine to post the problems since the infected one is not usable for the internet. The reports were run from the infected machine.
Below are the reports:
DDS (Ver_10-03-17.01) - NTFSx86
Run by aleone at 15:55:45.00 on Sat 03/26/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.1837 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SYSTEM32\acs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Pro... Read more

A:Malware warning pop ups and IE takeover

At the risk of breaking the rules, I'm going to bump this thread because I've not gotten a reply yet.I was able to run Malwarebytes from another user and it seemed to kill the malware popup. I still have a search engine redirect issue to deal with though.Reading through the other posts, I ran TDSkiller but it didn't find anything.I ran an OTL report and it's attached here:OTL logfile created on: 4/2/2011 3:32:42 PM - Run 3OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\aleone\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File freePaging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 293.88 Gb Total Space | 90.37 Gb Free Space | 30.75% Space Free | Partition Type: NTFSDrive G: | 931.28 Gb Total Space | 336.98 Gb Free Space | 36.18% Space Free | Partition Type: FAT32 Computer Name: JLA002 | User Name: aleone | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30... Read more

Read other 10 answers
RELEVANCY SCORE 42.4

Hi,

I have the same problem as Jwosf with the blue screen malware displaying the "Warning! Your're in danger! Your computer is infected with spyware." screen. I have tried the usual solutions (Smitfraudfix, Spybot etc) with no success.

I followed the instructions you gave to Jwsof regarding the HijackThis log that he sent you (i.e. trying to delete the files using Killbox) but the files you identified to him (e.g. c:\windows\sysockeu.exe) weren't listed in my HijackThis log.

I have, therefore, attached the log below and would be grateful if you could identify which, if any, of these files are causing the problem and whether Killbox should be able to deal with them.

Many thanks,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:55, on 29/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\E... Read more

Read other answers
RELEVANCY SCORE 42.4

Hi! Everyone,

Just received this (See attachment) in my email today.

It seemed suspicious right off the bat because as everyone should know that Microsoft/Windows would never send an alert out to personal email, although the poster in post #11 did receive it in his/her Windows Live Mail.
The user would/should receive notification though Windows Update.

If you do a search of the senders address there is something not quite right with it, a possible redirect.

Check post #11 here: Received e-mail from "Windows Live Messenger Team"... - Neowin Forums

Here is a response from the Windows Live Solution Center about the same sender that has to do with Hotmail:
Received message from communications_msn_cs_enuk microsoft.windowslive.com <[email protected]>

As far as I can tell this goes back as far as early 2009. I just marked it as spam and told my provider to mark anymore of them as such and delete it at their servers.

A:Warning on possible Spam/malware

It's spam with malware!

Read other 2 answers
RELEVANCY SCORE 42.4

hi, i am having trouble wth my computer. i don't know much about computer. actually if i want to restart it, it keep showing me "Warning! Now system is in safe mode. Please re-setting CPU frequency in CMOS setup." but if i plug off the power supply cable, and put it back, the warning was gone. but, then if i wanna restart it again, that warning will appear again..
so could anyone help me what should i do with this problem ?

thank you...
 

A:Warning! Now system is in safe mode. Please re-setting CPU frequency in CMOS setup.

The battery on the motherboard is probably dead. It's a coin-shaped and -sized silver metal lump on your computer's motherboard. Pry it out (make sure the computer is off and make sure you don't break anything) and take it to your local electronics/computer/watch store. They should be able to give you a replacement.
 

Read other 3 answers
RELEVANCY SCORE 42

Hi guys,

But windows defender and ad aware says theres no spyware on my pc.

How do i make the warning icon go away? Is it really a spyware warning?

:( And i just got this laptop. Would suck if it got infected so early after i just got it :(

Plz help. Total noob when it comes to spyware/malware

Thank you
PS: A warnin balloon keeps popping up telling me to "Click this balloon to download latest anti spyware" and there is also a new bar in my IE called "Protection Bar". The bar has links to anti spywares. How do i remove
it?

Edit: I just downloaded spybot and the TeaTimer function keeps saying theres some bad program in a certain folder called StrCodec is trying to do something. I know i did not download this StrCodec. But Windows wont let me delete this folder.

A:A warning icon says i have spyware/malware but...

Hi winter,

Welcome to Tech Support Forum!

Please do this next.

CLICK HERE to download HJTsetup.exe:Save HJTsetup.exe to your desktop.
Double-click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch HijackThis.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save log to save the log file and then the log will open in Notepad.
Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
Come back here to this thread and paste the log in your next reply.
Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Read other 14 answers
RELEVANCY SCORE 42

I've been infected with a nasty little spyware bug that keeps telling me my computer has been infected, and that I need to purchase their malware removal software. AVG, Spy Sweeper, AdAware, Spybot, and House Call can't remove it.

Here's my logfile from HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 6:17:01 PM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Prog... Read more

A:Nasty Malware Warning on my tray

Welcome to TSG

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
Double-click on SmitfraudFix.exe


Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt
In your next reply, please post the contents of rapport.txt.

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "Risk Tool". Its not a virus, but a program used to stop system precesses. Antivirus programs cannot distinguish between "good" and malicious" use of the such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
 

Read other 3 answers
RELEVANCY SCORE 42

Hi and thanks in advance for your help!

About a week now and I cant remove whatever I have. I have run some of the cleaners recommended by this site and computer will work fine but then something comes back. Firsts issue I had after visiting a site was fake "Windows XP security warning" (Sorry I don't have details as I thought I cleaned this and threw out my notes.) I did not think I clicked on scan but at some point I had not control over my files and all my programs were gone from start menu and every icon opened another "XP warning"

I ran Spybot and it killed off some items and yet I was still having issues. I did a system restore to a few days prior to infection date and that seemed to work, other than my JPG and any PDF or Microsoft file in ghost like in thumbnail view.

It did not last and I was getting weird sound files p[laying yet no player was open, redirects in Iexplorer and Firefox.

I used Rkill after a re boot and it ran even though the warning kept popping up. I followed that with Malwarbytes and it found some issues as well. It is not gone and now I have left re directs in both browsers.

I ran defogger, then DDS and then GMER.

I'll paste my log file and close at the end:

DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 8:10:43 on 2011-06-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.221 [GMT -6:00]
.
AV: Microsoft Security Essentials *E... Read more

A:Malware Removal XP False Warning

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: ... Read more

Read other 24 answers
RELEVANCY SCORE 42

My computer was recently infected with MS AntiSpyware2009 malware. Using old posts from this forum, I downloaded MalwareBytes anti-malware software. It found and deleted some infected files, so I rebooted the comp (as it instructed me to). However, upon restart, I still had a pop up that says "Warning! You have a security problem!" (If clicked, it takes you to a site that claims to be "scanning" your computer for malware). I tried running MalwareBytes again but it did not find anything this time.

I was previously running McAfee Antivirus software and McAfee anti-spyware software as well (I forget the exact name. Something Enterprise?) I read somewhere else that McAfee can interfere with Malwarebytes' anti-malware software so I have temporarily uninstalled McAfee and tried to run Malwarebytes again. However, it still didn't find any problems.

I am running windows XP. I think I also have Windows Defender installed.

Does anyone know how I can get rid of this thing?

A:Warning! You have a security problem! Malware

Hi I am moving this from the XP forum to Am I Infected for scans...Rerun MBAMOpen MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan.After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Read other 22 answers
RELEVANCY SCORE 42

Hello guys,
 
Maybe you can help us more then others. Since 16-08 (more then a week), Google has indexed our website with Malware . regardind that, we have ask to our hoster (wpwebhost.com) to check on their side and all was clean, we also check our side in local after a full download and Antivirus said OK .
 
We wen to :
Sucuri.net (https://sitecheck.sucuri.net/results/www.planet-sansfil.com) OK
SparkTrust: (http://www.sparktrust.com/wp-content/themes/sparktrust-theme/scanresults.php?host_name=http://www.planet-sansfil.com) OK.
 
But for unknown reason still not OK for Google.
 
Message was still infected malware without more informations about it from Google pages analysis.
 
We went to webmaster google forums, and due to answers we delete all advertising ( Amazon compare and Google Ads) but still NOK..
 
Wordpress site UPDATED, PLUGIN UPDATED...
 
The 21-08 we receive an email from Google that say :
 
http://www.planet-sansfil.com/: No malware detected
21 août 2015

Congratulations! Google has received and processed your malware review request. We did not detect any malware on your site.
As a result, we're removing the malware warning from your site. This may take some time to happen. (You can check the status of your malware review at any time using Webmaster Tools.)
To keep your site safe, we recommend the following:
Ensure you've enabled message forwarding in Webmaster Tools. This will ensure that you get notified str... Read more

Read other answers
RELEVANCY SCORE 42

I recently was altered by facebook I needed to check for a virus or malware. I'm not sure if the facebook notice is legitimate or not. I have no actual issues with the computer at present, but I thought it would be good to check. Plus, I can't get into facebook. I was using firefox, fyi. I'm running windows 7, 32bit.
 
Thanks for the help.
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16736
Run by Joseph McBride at 17:40:35 on 2013-12-11
#Option MBR scan  is disabled.
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3069.927 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\De... Read more

A:Facebook Virus/Malware warning

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number). Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifica... Read more

Read other 10 answers
RELEVANCY SCORE 42

https://krebsonsecurity.com/2018/05/fbi-kindly-reboot-your-router-now-please/
The Federal Bureau of Investigation (FBI) is warning that a new malware threat has rapidly infected more than a half-million consumer devices. To help arrest the spread of the malware, the FBI and security firms are urging home Internet users to reboot routers and network-attached storage devices made by a range of technology manufacturers.
The growing menace ? dubbed VPNFilter ? targets Linksys, MikroTik, NETGEAR and TP-Link networking equipment in the small and home office space, as well as QNAP network-attached storage (NAS) devices, according to researchers at Cisco.
 

Read other answers
RELEVANCY SCORE 42

I have a crappy little laptop that I use out in the living room, I don't do much with it other than browsing and Netflix. Recently, I've seen the following seemingly malicious message appearing above my systray.

Speccy

A:Sudden Malware Warning. No system changes.

I would suggest removing that belarc link, your office key is open to the world.

Read other 6 answers