Over 1 million tech questions and answers.

ESET found something but unsure how to proceed.

Q: ESET found something but unsure how to proceed.

Hello ALL
I have ESET security on my sons laptop since last April. It has been scanning at start up and doing what it is supposed to. Recently he started having some breaking up of sound.
The MS jingle at start up and sometimes songs he plays. I thought it prudent to do some scans just to make sure no malware has snuck in.

Updated and did a quick scan with MBAM. Nothing found

Did an ESET smart scan and it listed threats as ?4 infiltrations?.
It stated it could not clean automatically and to pick a manual action.It does not list "clean" as an option

Only actions listed are:

Delete
Or
No action taken

I am reluctant to simply delete theses without getting some outside advise.

Input form BC friends would be appreciated

This is what is listed as found by ESET:

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\20\4ef244d4-49cf35e6 multiple threats No action

C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\7\124509c7-563d8dc7 a variant of Java/TrojanDownloader.Agent.NDJ trojan No action
Best Regards
Nawtheasta

RELEVANCY SCORE 200
Preferred Solution: ESET found something but unsure how to proceed.

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: ESET found something but unsure how to proceed.

Please download and run Temp File Cleaner and then do the following:Please download and run Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Read other 9 answers
RELEVANCY SCORE 89.2

Hi again I just found the cause of my Blue Screen of Death but i'm not sure what this file is for or if it is safe to get rid of it, the file that causes my daily blue screen of death is call cymon.sys some sort of driver from the company CypherTec Inc.. Any help on this matter would be awesome i'm tired of getting a blue screen in the middle of playing games and what not. Just let me know what info you need to help me figure this out. Thank you

A:Found the cause of my blue screen but unsure on how to proceed

Download BlueScreenView:
http://www.nirsoft.net/utils/blue_screen_view.html
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Read other 7 answers
RELEVANCY SCORE 69.6

I am helping an elderly family friend diagnose his computer problems.  He has fallen victim to a fake technical support scam by a company called "Adroit Rescue", and has paid their "fee" for what they claim is a year's worth of technical support.  I have his computer, and it is disconnected from the internet.
 
In looking through the machine, I see that the scam happened on August 7, 2016.  A text document was placed on the desktop, with the title "COMPUTER TECHNICIANS".  Inside, it lists the technician's supposed name and employee ID, the company name and phone number, and a customer ID number.
 
On the day the scam happened, he said received a popup on the screen which froze his computer, then received a phone call from Adroit.  He had no idea how they acquired his phone number.  He also cannot remember how the popup occurred - either by clicking an email link, Facebook link, Microsoft Edge browser ad, etc.  He said they spent an hour on the phone with him.  They did their fake security presentation on the computer screen, and "unlocked" his machine after taking his credit card information over the phone.
 
How do I go about determining exactly what they have done to his machine?
 
By searching the hard drive, I see the following happened on August 7th:
 
-  A folder for ADWCleaner was created.  Its logfile shows removal of the following:
   -  ask.com
   -  dotomi.com
&... Read more

A:Possible ransomware infection - unsure how to proceed

A little more info:  This is a Dell Windows 10 machine - my apologies for not mentioning that in the previous post.  I had previously helped him with the Dell update software a few days earlier, and I remember installing Malwarebytes to scan for any malware as a precaution while looking at his setup.
 
Other things I've discovered:
 
-  It appears that in the process of the scam, the scammer uninstalled Malwarebytes, and downloaded a program called "Support-LogMeInRescue" on August 7th at 2:20 PM.  There is a file named "rescue.info" in the root C: directory.  I opened it with Notepad, but it only showed machine / computer code - no legible text.  The date and time of the rescue.info file is August 7th at 2:21 PM.
 
-  The scammers created a manual restore point labeled "tech123" on August 7th at 2:50 PM (the day of the scam).  There is a previous Windows update restore point from earlier that day - 12:38 PM - labelled as "Critical Update".  They deleted all other restore points.
 
-  They then used ADWcleaner as mentioned previously.  The date is August 7th at 4:40 PM.
 
-  The C:\ Program Files\ Common Files\ directory has a last-modified date of August 7th at 4:21 PM, but I cannot see any files inside which also contain that date.
 
-  I also searched for the date 8/7/2016 in both File Explorer and Event Viewer, and found some interesting things:
 
   -  Prefe... Read more

Read other answers
RELEVANCY SCORE 69.6

I am helping an elderly family friend diagnose his computer problems.  He has fallen victim to a fake technical support scam by a company called "Adroit Rescue", and has paid their "fee" for what they claim is a year's worth of technical support.  I have his computer, and it is disconnected from the internet.
 
In looking through the machine, I see that the scam happened on August 7, 2016.  A text document was placed on the desktop, with the title "COMPUTER TECHNICIANS".  Inside, it lists the technician's supposed name and employee ID, the company name and phone number, and a customer ID number.
 
On the day the scam happened, he said received a popup on the screen which froze his computer, then received a phone call from Adroit.  He had no idea how they acquired his phone number.  He also cannot remember how the popup occurred - either by clicking an email link, Facebook link, Microsoft Edge browser ad, etc.  He said they spent an hour on the phone with him.  They did their fake security presentation on the computer screen, and "unlocked" his machine after taking his credit card information over the phone.
 
How do I go about determining exactly what they have done to his machine?
 
By searching the hard drive, I see the following happened on August 7th:
 
-  A folder for ADWCleaner was created.  Its logfile shows removal of the following:
   -  ask.com
   -  dotomi.com
&... Read more

Read other answers
RELEVANCY SCORE 68.8

We use Desktop Central to manage our windows updates. I've come across a new error that I have not seen all year. They are telling me it's a Microsoft error and they have no information on it. 
I have a couple of Windows 7 machines that have the following error on multiple updates.
An attempt was made to create more links on a file than the file system supports.

Of the machines having this issue, they're not all the same KB. Using one of the machines as example, it's having this issue with 3 updates.
2019-10 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4519976)

2019-09 Security Only Quality Update for Windows 7 for x64-based Systems (KB4516033)

2019-08 Security Only Quality Update for Windows 7 for x64-based Systems (KB4512486)


Seems like the standard Windows Updates fix's aren't working. Software distribution folder rename, fixit tools, etc. I'm not see this on any of our Windows 10 machines. 
Any idea how to go about resolving this? Reimaging is way at the bottom of the list due to these machines being at remote sites. 

Read other answers
RELEVANCY SCORE 68.8

Hi everyone! First, here are my laptop and system specs: OS Version: Microsoft Windows 7 Home Basic, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 4039 Mb Graphics Card: Mobile Intel(R) HD Graphics, 1795 Mb Hard Drives: C: Total - 431937 MB, Free - 358762 MB; D: Total - 29690 MB, Free - 26465 MB; Motherboard: LENOVO, Base Board Product Name Antivirus: Microsoft Security Essentials, Updated and Enabled

So after my (now uninstalled and expired McAfee) antivirus program detected some threats, I deleted them but got worried about my laptop being infected. After doing some research, I ran SFC, which showed I had some corrupt files that couldn’t be repaired (attached if it will help!)

I didn't know what to do with them, so I backed up my files to an external hard drive, uninstalled McAfee and installed Microsoft Security Essentials (ran it on Full Scan, too), ran both CCleaner and MalwareBytes, and finally, ran CHKDSK in Safe Mode for both the C: drive and the D: drive, hoping these might repair the problems. Now, all this went just fine, reporting no threats, etc., but when I ran SFC again it still shows the same corrupt files, and now I don't know what to do to protect my computer and resume using it more normally

I read that you can fix these corrupted files with a repair installation/inplace upgrade (running setup.exe from the Windows 7 DVD and selecting ‘upgrade’) or run... Read more

A:Solved: Unsure how to proceed with SFC's corrupted files

Read other 13 answers
RELEVANCY SCORE 68.8

Hello Everyone. Been awhile since I've been here. Been able to solve most of the problems I've encountered on my own since my first post in the hallowed halls of the techsupportguy forums.

Alas, I am in some dire need of help for a problem I've been having. I've checked other posts on here as well as other websites, but none of them seems to address my problem specifically, so forgive me if you have to repeat yourselves.

I've been having randoms BSoDs and hard hangs, most notably during gaming and while using browsers, but also less frequently whenever I'm just eating and chatting to a friend. I'll just be sitting there starting at my desktop and a Page Fault error will pop up and the system will lock. These problems have ranged from blue screens describing to page faults to what seems to be the monitor shutting off and going completely black. Can't even shut down the computer by going through alt-f4 or the start menu via macros, so it's not a monitor problem. NOTE: It also crashes in safe mode.

This doesn't happen at all on some days, but on others it seems as if it occurs 5-6 times in a row.

I started by doing a system restore and updating all of my drivers, but it hasn't helped. I thought that I might have some memory problems, so I went ahead and I ran windows memory diagnostic and it reported that there was a hardware problem with my memory. I have not run memtest86 yet, though.

Another notable thing is that whe... Read more

A:Definite Memory Problems; Unsure how to proceed

Read other 9 answers
RELEVANCY SCORE 64

This computer had problems with infections and virus issues in the past. It was given to me. Just installed ESET Smart Security 8.0 today. Problems with Group Policy controlling windows firewall so I disabled it and use Eset personal firewall. I cannot access my Eset scan logs or Eset at all now. When I try to I get a pop-up message "Error communicating with kernel"  I don't know how to fix this, other than to ask you guys for some help. I wanted to post the scan results for you. I tried to repair/reinstall Eset and it tells me that it is already installed but I cannot open it up. I know that it found 3 Trojans, I also ran R-kill before downloading Eset and I saved the results of the scan. I seem to have another problen with Hosts, here is a copy of the scan.
 
 
 
 
 
Rkill 2.7.0 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/16/2015 10:18:34 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous c... Read more

A:Trojan, infected 3, ESET found these.Now cannot open ESET to re- scan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576663 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 14 answers
RELEVANCY SCORE 62.8

A few months ago my parents were using the computer and when I returned home I noticed that Nod32 had terminated a connection on the internet. It said that in the HTTP filter, access to the site (a rogue website was listed) was terminated as three Agent.NCU trojans attempted to connect to the computer. It also said that threat was detected on access to the web on application iexplore.exe

What exactly does this mean? Does it mean that my parents visited a website and the fake antivirus site may have been contained on the website and it tried to send some trojans to cause havoc, but they were terminated? I am unsure of what this means as my parents didn't see anything and I certainly did not experience it. I ran multiple scans with Nod32 and Malwarebytes and nothing was found. Do I need to do anything else to ensure that the computer is clean, as it seems that a previous autorun infection is no longer an issue.

Thanks everyone

A:Unsure what this means on Eset Nod32?

It means that a website which was being loaded was blocked from loading in whole or in part because Nod32 recognized it as a threat. It was blocked before anything dangerous could be downloaded.

Read other 2 answers
RELEVANCY SCORE 57.6

I have 6 computers at my office that have all been hit in various ways in the last two weeks, two i have found the vundo trojan and removed it. Did a scan with aswmbr and found nothing else on mine. the computer that i am working on right now i did a scan with malwarebytes and it came up empty, not one thing, which to me seems more than a little suspicious, this computer had lost files and shortcuts were corrupted when this problem started. anyway i did a scan with aswmbr and came up with the following two suspicious files.
Module: c:/windows/System32/drivers/dxgthk.sys
Module: c:/windoes/system32/ntdll.dll

Not being that knowledgeable I am trying to find out how to either make sure these are actually a problem and if so how to fix them. I have 3 other computers that I have had the same results with malwarebytes after they were hit with various signs of a virus or such. So I will be scanning all of those with aswmbr and if need be other programs so I will probably be asking for more help, lol. Thanks in advance for any and all suggestions.

A:aswmbr found suspicious files, how do i proceed?

Hello and welcome! Please post your aswMBR log with a DDS log in a new topic..See below.Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.Let me know if that went well.

Read other 1 answers
RELEVANCY SCORE 52.4

If one of you knowledgeable persons could please comment!! it would be greatly appreciated!!
i've only put a few down...the reg key ones have like a whole bunch in the class root and in the current user..they are all just a bunch numbers?! They’re much longer than what I have here….

trojan spywarebanker ABG c:\system volumeinformation\_restore(202550A8

recipe rewards toolbar c:\system volume information\_restore(202550A-7A33-4

recipe rewards toolbar HKCR\CLSID\BA4633437-C3DE-47DA-8280
o and I had tried deleting a file in the system volume before and it wouldn’t let me?!I think it said something about needing administrative permission? I’m the only one using this pc!
Thanks in advance! Joanne
 

A:unsure of certain files spyware dr found

Read other 10 answers
RELEVANCY SCORE 52

ESET found TLD4 on this computer. I would like help to remove it.

Logs are shown below. GMER did not find it, so no log was produced by GMER.
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_22
Run by Television at 18:19:25 on 2012-03-15
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.6142.3434 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsv... Read more

A:ESET found TLD4

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Pl... Read more

Read other 22 answers
RELEVANCY SCORE 52

ESET found some application called Win32/Somoto.F? Does anyone know anything about it? Malwarebytes and Symantec didn't view it as a threat. 
 
 
ESET Scan
 
C:\Program Files\HyperCam 2\hctoolbar.exe Win32/Somoto.F application cleaned by deleting - quarantined
C:\Users\1777777\Desktop\dsktp\New folder (2)\dsktp\4kstogram_1.4.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\1777777\Downloads\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
 

A:ESET found something I don't recognize.

Win32/Somoto.F  is adware/pup programs that got bundled with other programs or program installer that bundled adware/pup in it, in this case it bundled with Hypercam 2. Its behavior is like Win32/OpenCandy.
 
After ESET removal, it should be fine, but if you want more checking, you can run following.
 
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Click on the Scan button.
AdwCleaner will begin to scan your computer.
This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatic... Read more

Read other 13 answers
RELEVANCY SCORE 52

I am still playing with it as i found it last night but why is it not used more? what does a DDS log have/show that makes it preferable over something like this? 
 
while the GUI is nice, i am actually just happy with the information as well as the filtering options..
 
I have been digging through my laptops information and i see some stuff that needs cleaning out for example:
"Command Line" = "c:\program files\pastaleads\scheduledtask.exe" ( 5: Unknown ) ; 
"c:\Windows\System32\Tasks\PastaQuotes
 
I am just asking for your opinions on SysInspector!! thanks 

A:just found SysInspector by Eset....

ESET SysInspector is an analytical and diagnostic tool for Windows NT based systems from ESET, the developer of NOD32 Antivirus. The tool can be used to examine and investigate suspicious system behavior often caused by a malware infection as well as for troubleshooting a variety of issues. It looks at the OS and captures details such as running processes, services, registry entries, drivers, system information and network connections. SysInspector inspects the computer and generates a detailed report (usually quite large) assigning each entry a color-coded risk level. The report can be uploaded for an expert to diagnose. The "Compare Logs" functionality allows you to keep track of system modifications simplifying the process of identifying potential problems.SysInspector has been around for several years. While anyone can use it, the tool was really intended for ESET users to generate a log (which can be very large) and submit it to ESET Customer Care of post in the ESET Forums for analysis.How do I create a SysInspector log and submit it to ESET Customer Care for analysis?ESET SysInspector System Requirements and download (32-bit, 64-bit)ESET SysInspector FAQs

Read other 1 answers
RELEVANCY SCORE 52

I've already gone ahead and deleted it so I can't refer for the exact name, but reading the filename I wasn't satisfied with just that.

It was a set of two trojans both targeting what was apparently the Malwarebytes setup utility. I believe one read as mbam-setup.exe and the other was mbam-setup[1].exe so it looks legit yet it was flagged as a trojan. Is this the antivirus software being flagged by the virus or is it really the virus under the guise of the software? I'm sure a log will be necessary but I'll wait for someone to advise the appropriate log(s).

EDIT: Well those were the pathnames anyway. The trojan description or whatever that last column was, read something along the lines of PSW.Banker and PSW.Banker5 which I'm GUESSING means it's stealing passwords.

I've rebooted the computer and ran another scan and haven't found anything. I'll edit this topic as necessary until I get a response.

A:I found a trojan but unsure if it is fully removed.

:step1Update mbam and run a FULL scanPlease post the resultsATFPlease download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".------------------------------------SAS, may take a long time to scanPlease download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASD... Read more

Read other 7 answers
RELEVANCY SCORE 52

about the old xp machine again...
i was browsing through the system folders on my machine and found the following folder
 
C:\Documents and Settings\Administrator\Local Settings\Temp\HCBackup
 
it contained iCRCReserve.tmp   hcpackage.exe    hcversion.xml  AUStrg(empty folder)  AUCache(folder)
 
i looked up some of these names online and found
 
http://www.threatexpert.com/report.aspx?md5=2399c6f17aaa39ba58bb09aee33bd913
 
 
my system contains the files listed under "file system modifications"-->"files created"
the files 
marked 3, 4 ,5 ,6 ,7 on that list are all present and have same size. they match the file sizes shown there, i did not know how to check the MD5 or SHA-1.
 
does this mean i am infected or are those files quite benign? they may have something to do with trend micro housecall or they might be named to fool me into thinking that. hcpackage.exe says it was produced by a "company" Igor Pavlov.
what is going on here?
thanks
 

A:a few files i found, unsure if this indicates infection. no other signs

excuse me but it's been several days now, can i have some advice on this matter please.
thanks.

Read other 24 answers
RELEVANCY SCORE 52

Hi there, I just ran a RogueKiller scan and it found some potentional malware. I don't feel safe deleting anything so I thought I'd ask here to see what you make of the report:
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Johannes 2 [Admin rights]
Mode : Scan -- Date : 07/21/2014  20:01:19
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 7 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : ... Read more

A:RogueKiller found potentional malware, unsure what to do

Hello Wowest
I'm Seedy21 and I will be helping you with your issues.
Please note the following information about the malware forum:
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
If you are using Cracked or Illegal software your thread will be closed
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
Double-click the downloaded icon to run the tool.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

Read other 12 answers
RELEVANCY SCORE 51.6

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jeff at 20:38:23 on 2012-04-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12286.9418 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Rohos\agent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Agent\agen... Read more

A:Eset found Mefos.A Trojan

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 34 answers
RELEVANCY SCORE 51.6

A threat Win32/Sirefef.FC detected in file “C:\Windows\System32\Services.exe” by ESET NOD32 security shield....I Tried Searching For solutions by none of them worked ...then i came upon the thread posted by @mrwigley ...here is the link http://www.bleepingcomputer.com/forums/topic460839.htmlBut solved the problem for windows xp only n m using win7 ... anyone could help me out please .....!!!!!!!!!!!!!*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

A:Trojan Found By ESET NOD32

Hello, in the future it is really not good to follow another persons malware fix. There may be specific differences in the systems and that can be trouble. So having run ComboFix we need to see that and a DDS log.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you posted earlier.Let me know if that went well.

Read other 6 answers
RELEVANCY SCORE 51.6

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
Run by Jeff at 20:38:23 on 2012-04-10
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12286.9418 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Rohos\agent.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Agent\agen... Read more

A:Eset found Mefos.A Trojan

Duplicate of this thread here: http://www.bleepingcomputer.com/forums/topic449620.htmlTo avoid confusion, I'm going to close this thread.Thread Closed.Warmest Regards,ST.

Read other 1 answers
RELEVANCY SCORE 51.6

Good Afternoon,
Thank you for allowing me to post this as this is my first time. I noticed that my laptop has been freezing more often so I checked your site, as I ahve browsed it in the past. I followed some of the simple scans and have attached 2 of 4 scans for your review.

Please help

A:Win32/BHO.OEI trogan found with ESET

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 13 answers
RELEVANCY SCORE 51.6

I went to use my music program yesterday and was forced to update it. I downloaded the update from cnet like i normally would . I got a unwanted program called mobogenie that came with it and without my knowledge. I have removed mobogenie and all of its traces of it but it has left behind kryptik.bvve which corrupted my mp3rocket and i cannot get rid of the virus without removing the program apparently. 
 
update: i uninstalled the first program and scanned  the file after re-downloading. possible false positive because eset didn't find the virus after a clean install of the file.

A:kryptik.bvve found by ESET

ello,I will be helping you with your problems. Please be patient while I assist you.Some points for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do NOT run, install or uninstall any programs, unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and cli... Read more

Read other 10 answers
RELEVANCY SCORE 51.6

eset is still running but it has found php/ircbot.nali have found this as a description and it is obviously freaking me out.Win32.IRCBot.NAL is a malicious spyware virus which uses malignant tricks to download malicious malware from the Internet. Win32.IRCBot.NAL opens up firewalls and collects confidential information such as personal financial information. Win32.IRCBot.NAL also downloads additional components before the hackers get the remote access to the infected PC. Win32.IRCBot.NAL definitely has an identified security risk and you need to remove Win32.IRCBot.NAL immediately while you detect it.I intend to reformat, but am concerned about what it may have sent out already..any insight appreciated .. as to things like should i have my credit card numbers and bank accounts changedimportant* i also use firefox password manager, with a master password .. what is the likelihood it has all of the passwords stored in there ?if that isn't likely, if i change the master password using a different computer.. will that help ?thank youI forgot to note..windows 7 .. 64 bitmbam / prevxx / eset

A:eset found php/ircbot.nal - what could it have accessed

sorry for the multiple posts..
i am still the newest post in this forum, so i hope it isn't technically bumping.

.. the scan just ended and this was the location of the trojan

C:\$RECYCLE.BIN\S-1-5-21-572324174-62406800-1449895420-1000\$RC4UIQV.txt
PHP/IRCBot.NAL trojan cleaned by deleting - quarantined
that just means that it deleted it and now I can permanently delete it, right ?

why wouldn't it show me the original location the file was found ?
I tried finding it in the recycle bin to see if i could see what date it was placed there, and it is not there.

Read other 5 answers
RELEVANCY SCORE 51.6

Here is the log:http://www.mediafire.com/view/?89kc38w869jrs58

A:Trojans Found with Eset - Anything to Worry About?

Hi -It is hard to tell from just one scan from one on-line scanner if you found and removed all infections.Do you have Malwarebytes Anti-Malware Free and SuperantiSpyware Free both installed ?? Please Install and Update both programs, then run a Full Scan with both programs, and post the logs back here -Next -Download Adware Cleaner run it as admin Click the SEARCH button only allow it to run and post the log it creates.AdWare CleanerNext -Download Security Check by Screen317 from HERE or HERE, and save it to your Desktop.* Double-click SecurityCheck.exe* Follow the onscreen instructions inside of the black box.* A Notepad document should open automatically called checkup.txt; please copy / paste the contents of that document.Note: If a security program requests permission to access the Internet, allow it to do so.Next -Post your current Antivirus and Firewall programs, are they fully updated, and did these find any infections ??Thank You -

Read other 1 answers
RELEVANCY SCORE 51.6

Ok, this is my parents computer...I'm only in town for 24 hours...they say the computer is running VERY slow, which I see that it is. They have run all of the virus scans I've told them to run and they said that there were 68 virus' but they could only remove 63. that the other 5 need to be removed manually. Unfortunately this is all of the info I have and I just don't have the time to rerun everything before I leave again. Can someone please take a quick look at the logs to see if you notice anything?!

Thank you in advance
DDS (Ver_09-12-01.01) - NTFSx86
Run by Kerry Richards at 15:51:36.00 on Fri 01/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.319 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Bo... Read more

A:Virus found, unsure of type, says to remove manually

someone? anyone? running out of time.........===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been... Read more

Read other 3 answers
RELEVANCY SCORE 51.2

Today, Windows Defender uploaded the latest definition file, and now it tells me that I've got a Medium risk called:
SettingsModifier: Win32/PossibleHostsFileHijack. Alert level: Medium
file: C:\Windows\system32\drivers\etc\hosts

I don't know whether this is a false positive and whether I should quarantine, ignore or clean it.
I clicked on the link Windows Defender supplied:
http://www.microsoft.com/security/p...eHostsFileHijack&threatid=1758608427027806866

I've also included a HijackThis scan below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:26, on 09.03.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\ehome\ehmsas.ex... Read more

A:Windows Defender has found a "SettingsModifier", don't know how to proceed

I got into contact with a Symantec expert (Michael York): he told me to test my computer for malware with Norton's online scanner. It didn't find anything. Nada. Nothing. I am really at a loss about what is going on here. I am still wondering whether Windows Defender has detected a false positive or not. I can only say that I am confused. And tired.
 

Read other 3 answers
RELEVANCY SCORE 50.8

I ran a quick scan on memory and Windows folder today and ESET found this threat in memory; stated it cannot clean. A Google search led me to your forum post by another user w/the same problem.

I appreciate any help you can give me. System has been very slow, and Explorer crashes a lot when I right click on a file. Also some of my system icons are gone.

Odd thing, I did a full scan on memory/boot sector and my OS drive 3 days ago and ESET found nothing. I have realtime AV and Spyware protection enabled for all files, web, and email. So, I'm surprised that this trojan 'broke thru' ESET's realtime scanning and appeared with today's scan. Do you guys know if that is common? If this type of virus is not currently running in memory, does that mean it can go undetected with a full scan? Does this type of virus run in memory sporadically, like there is some program that triggers it, and it is not always running?

Thanks.

A:rootkit ODG trojan found - ESET cannot clean

Hello ckbeme,

There is no AV out there, that can block all malware. Take a look around at how many people post for assistance and you'll find that they also have AV's they scan with daily, and keep updated. It's a cat and mouse game. New malware comes out all the time--daily, and the AV companies work tirelessly to keep up.


Kindly follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

Read other 1 answers
RELEVANCY SCORE 50.8

Thanks ahead of time for help.Internet ads started popping up yesterday afternoon based on time the browser was active, a new one about every two minutes.Have AOL McAfee and firewall. In the SystemGuard log, McAfee allowed "Eset Hooks DLL" to load at "C:\windows\system32\~.exe". This showed "wavoyesizur rundll32.exe" being placed in the HKLM . . . Run registry. Five minutes later a "rikebege.dll" was placed in the registry HKLM SSODL. Six more entries were made within the next 5 minutes. Found all of this after the fact.Ran several malware removal programs and none of them got rid of the problem.Then tried HJT and found the following files in the log and in the registry as well: seretisa.dll, zohijiho.dll, tedikojo.dll, runun.dllLooking at the log and the registry listings, shows these files to be at "C:\WINDOWS\system32\". However, I can not find any of these files at that location, or anywhere else on my HD.Another thing that was confusing to me is that when I restarted in Safe Mode all of these programs loaded. Thought SM was a minimal load to help fix these problems.HJT shows these files in 9 registry locations to include the dreaded O21 and O22.Thanks again -- as I have never had a problem before.

A:ESET -- Infected w/ registry keys to dll's not found on HD

Malware RemovedBefore posting this I had run numerous "malware removal" programs -- to no effect. My IE browser was all but useless. I could see the havoc being caused by scanning with tools such as Windows Defender and then with Hijack This. What I did would not have been possible without the visibility provided by HT. Great free tool.I had noticed that if an offending registry entry was deleted, it would immediately get rewritten. None of the MW tools would kill the program running in memory.Also learned that could not find the offending files in C:\Windows\System32 because though the "Show Hidden Files" was checked, had not unchecked "Hide Protected Operating System Files" Duh!Being desparate and ready to replace the hard drive to solve the problem so could get back to work, decided to try on my own to resolve the issue. I am sure all of the volunteers on this site would agree with me that what I did was not the smartest thing to do and the probability of success was low. Anyway, here is what I learned.Was wailing to myself about why IE wasn't run in a sandbox to preclude such problems. At that time was checking out Kim Komando's site for MW tools and came across Sandboxie. This is a great freeware program that will greatly reduce IE MW problems as it runs sandboxed and redirects changes targeted to the "real" registry to the sandbox registry. Same is true for new files being downloaded or modified automatica... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

I was doing a normal monthly online scan and found malware.

Windows defender won't turn on now also.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.608
Run by 93 at 11:52:24 on 2017-10-21
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.7105.4007 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k ... Read more

Read other answers
RELEVANCY SCORE 50.8

Recieved this computer few days ago. Just installed ESET Smart Security 8.0 Scan lasted almost two hours. Found problems with Java. Also Something about scanned folders- Operating memory; C:\Boot Sector; C:\  Found 3 infected files C:\Program Files\Logitech\Resource Center\installers\wildtangent\blastrb2.exe>>nsis - unsupported option    C:\MAV\mavinst.exe >> WISE >> agentins.ui>>ZIP>>agent_lang_helper_vbs - error   I don't have a copy of the results. Not sure how to do that and post it here for people to see and understand what I am having problems with. Also, when I tried tp scan again after infected files were found I get a message that said Error communicating with kernel then when I try to click on the ESET icon in the bottom right hand side it just disappears before I can click on it. Also, cannot change Windows firewall settings, said it is controleed by Group Policy??? Thats when I disabled it and decided to install ESET Smart Security that comes with its own personal firewall. What a mess. I'm not sure if it would be easier to reinstall or to try and fix whatever is causing weird problems. You guys have been great over the years and various computer problems I have had with quite a few different computers. I know this is an older model but it was a gift and my other desktop was destroyed and np longer functions. This is all I have for now to get online with until I can afford to buy a better system. Any advi... Read more

A:Please Help, is re-install necessary? ESET found 3 types of Trojans.

You posted about this same issue in Malware Removal Log. That topic is here http://www.bleepingcomputer.com/forums/t/576663/trojan-infected-3-eset-found-thesenow-cannot-open-eset-to-re-scan/Malware Removal Logs topics take precedence over any other current topic you started. This topic is closed.Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and th... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

First off the is a windows xp pro laptop. I have just received this laptop from my father who has been ignoring the virus for about 1 week or so. desktop background is hijacked and locked from changes and I've attached an image. The computer initially had about two dozen errors before windows logon screen appeared about fail to write instruction at "xxx" memory location. The admin account had been used to disable the ability to install new programs especially antivirus. also a new password was created for admin account blobking access The web browsers have added links in multiple location " download various antivirus/malware products". upon startup multiple processes try to run. it appears to have infected spybot search and destroy's tea timer which can sporadically cause 100% utilization. What've done so far...1.) i used hiren's boot disk to reset admin password. I discoved the admin account had many processes designed not to run so nothing could be accessed. i used ctrl-alt-del to start a new task ( explorer.exe) and install eset smart security. Eset found just under 2000 infected files mostly all were virut.nbk (which i have handled before on less infected machines). i finally decided to delete infected files. rescanned (after complete system shutdown i have heard the virus can be stored in ram.) and found some 27 more. reboot rescanned now 35 more. I'd really like to save this computer if possible because there are programs that no longer have product ... Read more

A:Eset Found virut.nbk also may have anitvirus xp-pro /2009

Hello.Eset found just under 2000 infected files mostly all were virut.nbkYou have a nasty infection and the only way to go is Format. Virut and file infectors is uncureable.Virut File Infector WarningYour system is infected with a polymorphic file infector called Virut and also has IRC bot functionality. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr) and also web pages (.html and .htm). However, the problem is that the virus has a number of bugs in its code, and as a result, it may misinfect a proportion of executable files and therefore, the files are corrupted beyond repair. In addition, when it infects, sometimes it will destroy the file it tries to latch onto. For these reasons, you really can't truly fix Virut. You will need to reinstall and format the operating system on this machine. As of now, security experts suggest that a clean Reinstall then Reformat is the only way to clean the infection and it is the only way to return the machine to its normal working state. A Format right off the bat, without doing a reinstall is fine as wellBackup all your documents and important items (personal data, work documents, pictures etc..) only. DO NOT backup any executable files (softwares) and screensavers (*.scr) or any web pages (*.html or *.htm). It attempts to infect any accessed .exe or .scr or .html/.htm files by appending itself to the executable.Also, try to avoid backing up compressed files... Read more

Read other 5 answers
RELEVANCY SCORE 50.8

Hi,I'm running Win XP and ESET gave me an alert "MBR Sector of the 2. Physical Disk" WIN32/mebroot.k trojan. I ran ESET and EMebRemover.exe, but it could not fix the problem.I've attached the logsDDS (Ver_10-03-17.01) - NTFSx86 Run by Administrator at 21:22:35.64 on Sun 09/26/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.454 [GMT -7:00]AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\ESET\ESET Smart Security\ekrn.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Setti... Read more

A:ESET found Win32/mebroot.k trojan and can't get rid of it

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 48 answers
RELEVANCY SCORE 50.8

Hello, I am running Windows 7 with NOD32 antivirus 5. The other day I received a notice that the windows services.exe file was infected with gen.b.trojan and could not delete the infected file.
I downloaded Malwarebytes, which detected and cleaned a trojan from my computer and since then I have come up clean on system scans, however, firefox and windows now frequently freeze up, forcing
me to restart the system. Windows seems to freeze whenever I try to access windows updates, the task manager, or the action center. Also the GMER tool I downloaded also comes up clean, but most
of the scan options are not available. The only boxes I can check are Services, Registry, Files, C:\, and ADS. Thank you in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by James at 11:21:24 on 2012-07-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6295 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\... Read more

A:ESET NOD32 found gen.b.trojan in services.exe

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 19 answers
RELEVANCY SCORE 50.8

Hi,
I've problems with my computer for around a week, this is when a McAfee scan I ran detected 2 trojans and removed them.

Then the problems started:

Unable to start.
Display flashing red & green lines.
Nvidia display driver stops working before and after scan.
Asks to do Startup repair, which can't find the solution.
Recommends contacting manufacturer.
Received BSOD with nvidia display driver file as cause.

Antivirus isn't installed. Believe firewall is on. Bittorrent is installed.

Another person recomended doing an ESET scan, and log is below.

ESET scan is below.

C:\Downloads\ytconverter_cmytube.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GFRO20XT\jqcwjtfzjrxlet[1].pdf JS/Exploit.Pdfka.PGF.Gen trojan cleaned by deleting - quarantined
C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\tom\Desktop\0.2774421175425068.exe a variant of Win32/Injector.NGY trojan cleaned by deleting - quarantined
C:\Users\tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\tom\Desktop\0.579696599774577f.exe a variant of Win32/Injector.NGY trojan cleaned by deleting - quarantined
C:\Users\tom\Ap... Read more

A:Zugo & 6 Trojans found on ESET scan

Hello, there is a high probability that what you downloade thru bittorrent has put all the infections on here.Well lets see what is may be going on.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disa... Read more

Read other 13 answers
RELEVANCY SCORE 50.4

Hello,
Recently my computer was cleaned by one of the member of the Virus Team of this forum and then I have been religiously scanning the pc with the recommended tools viz., MBAM, ESET Online scan, etc. and taking precautions as necessary.

The recent ESET Online Scan unveiled following -

C:\Documents and Settings\Master User\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab Win32/OpenCandy application
C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\1FQ9S3VG\Mipony-Installer[1].exe a variant of Win32/InstallCore.BR application
C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\2VH1THER\DownloadManagerSetup[1].exe a variant of Win32/InstallCore.BQ application


I did not tick the checkbox that could have removed the infected files for fear that the scan might wrongly delete a required file. However the scan ran for almost 8 hours and gave me above output, and now I don't want to run the scan again and wait for 8 hours.

I tried looking up the above files, but could not find them (even after enabling show hidden files and folders).

Is there a way to remove these or may be a script that deletes these files ?

Many thanks,
Parin

A:[SOLVED] How to delete items found by ESET scan

Hello. None of those are serious threats and you can simply ignore them if you like. OpenCandy and InstallCore are targeted due to monetizing features included in the setup files.

The two in Temporary Internet Files can be cleared out using Windows Disk Cleanup (cleanmgr)
Description of the Disk Cleanup Tool in Windows XP

Although, the path shown to your Temporary Internet Files seems non-standard. Default should be
C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\


The file in Real Player's appdata folder, you should be able to manually navigate to and delete, if it still exists.

This batch file should also remove them all

Open NOTEPAD.exe and copy/paste the text in the codebox below into it:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Documents and Settings\Master User\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\stub_data\stubinst_pkg_en-ap.cab"
"C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\1FQ9S3VG\Mipony-Installer[1].exe"
"C:\Documents and Settings\Master User\Temporary Internet Files\Content.IE5\2VH1THER\DownloadManagerSetup[1].exe"

) do (
del /a/f %%g >nul 2>&1
if exist %%g echo.%%g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0... Read more

Read other 3 answers
RELEVANCY SCORE 50.4

ESET CAN'T delete it, sorry about that. I guess I can't edit the description line.
Hi, This my first post to your site and I want to say thanks for being here. I'll get right to the point. I'm running win Xp Pro version 2002 svc pack 3. Eset nod32 antivirus version 3.0.667.0 virus signature database 4346 (20090818).

I get an ESET threat found alert Object: c:\WINDOWS\system32\winlogon.exe threat:Win32/Spy.Ursnif.A virus. Comment:Event occurred during an attempt to run the file by the application: C:\Program File Adobe\Photoshop Elements 4.0\apdproxy.exe

When I try to delete it I get an ESET message stating "error while deleting" retry or cancel.

There are more ESET "threat found" messages similar in content referencing Ursnif.A but with different applications.

Thanks,

watz

ps. Please help! I don't have the windows cd that came with the computer. This is my Daughters computer she graduated from college in May and the school she went to used ESET antivirus so I can't get any support from ESET. They said I would have to go through the school to get support because they own the license to the antivirus software on her computer. She can no longer get support from the school. I'm guessing combofix is the way to go with this but I"ll wait for expert instructions. I haven't run anything to try to get rid of it aside from ESET.

A:Win32/Spy.Ursnif.A virus found by ESET NOD32

You might need to disable ESET while running these scansInstructions here: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at... Read more

Read other 14 answers
RELEVANCY SCORE 50.4

Hello again, and you thank Nasdaq.
 
Here is my laptop's Farbar.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2016
Ran by Matt (administrator) on VALKYRIE (19-07-2016 08:33:52)
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available Profiles: Matt & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) ... Read more

A:Laptop Infected, ESET found a VBS Agent Trojan

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Nothing suspicious found. Just a cleanup.Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start
CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\errorlog.txt [2016-07-17] ()
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-03]
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create a log (Fixlog.txt) please post it to your reply.===p.s.Please post the Addition.txt file created by the Farbar tool.

Read other 1 answers
RELEVANCY SCORE 50.4

I just Ran ESET Online Scan On my Windows 7 machine and it has detected a Win32/Olmarik.AIZ trojan. How do I clean this up? here is a log of the results
 
C:\TDSSKiller_Quarantine\23.10.2014_01.30.07\tdlfs0000\tsk0005.dta    a variant of Win32/Olmarik.AIZ trojan    cleaned by deleting - quarantined
C:\Users\Admin\Downloads\Setup.exe    a variant of Win32/SoftPulse.O potentially unwanted application    deleted - quarantined

A:Threats found after using ESET Online Scan. Trojan

G'day CashmereCattt, and Welcome to BC.
 
Go to THIS page, click on    [Download Olmarik / Olmasco Cleaner ]
 
Save to your desktop, and then Run the cleaner.
 
(Your computer should be clean anyway because the Online scanner has deleted and quarantined the threat....this will make sure )
 
The second item in your list is only a pup (potentially unwanted program) and has been deleted and quarintined.
 
 
 

Read other 10 answers
RELEVANCY SCORE 50.4

OK, I'm infected...Isn't this the first step to recovery...just admitting it? lol

My PC starting running slow and I also noticed that I no longer could type URL address into the URL address bar without it being hijacked to some stupid site that redirected me...so i experience a takeover of some sort. I also noticed that my Hard drives malfunctioned and required a check-disk type of repair...so there was some kind of physical damage going on....very nasty. This PC is a i7 haswell but is running super slow so I know something is wrong...

I'm running Windows 8 PC and need to set it up properly to avoid viruses in the future.

I was hoping you guys could review my logs and suggest what programs to install to ensure a virus-free experience...

Thanks,
bob

--------------------------------

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:25 AM, on 11/3/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.ex... Read more

Read other answers
RELEVANCY SCORE 50.4

As the title says, I did a ESet online scan, found 7 trojans and near the end of the scan the window just closed. This is my Win7 32 & 64 bit laptop machine.

I did a MBAM scan here is the log as well as the others.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6776

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

6/5/2011 5:20:40 PM
mbam-log-2011-06-05 (17-20-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 452445
Time elapsed: 2 hour(s), 12 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program installers\videocodecplugin.exe (Spyware.GamePlayLabs) -> No action taken.
c:\program installers\yontooclientsetup.exe (Adware.Agent) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:24:35 PM, on 6/5/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Pr... Read more

A:ESet online scaner found 7 trojan but closed before done

Formatted fixed and better now, thread can be closed.
 

Read other 1 answers
RELEVANCY SCORE 50

See previous thread and scans run:
http://www.bleepingcomputer.com/forums/topic458725.html/page__pid__2748161#entry2748161

DDS scan below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Daniel Wetherall at 21:22:37 on 2012-07-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.213 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k im... Read more

A:ESET found U\[email protected] a variant of Win32/Sirefef.FA trojan

GMER crashed. Will try a reboot and then rerun it. By the way, defogger was not run during the scans in the last thread.

Read other 20 answers
RELEVANCY SCORE 50

Hi!
Every time I start up my desktop, I keep getting messages from ESET:
 
Potential threat found
Object: Operating memory - rundll32.exe (1892)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
After I clean it or delete it, it comes back again when I startup my desktop next time. Also number in brackets after rundll32.exe is changing such as:
 
Potential threat found
Object: Operating memory - rundll32.exe (1920)
Threat: a variant of Win32/SProtector.D potentially unwanted application
 
It has been more than a month I keep getting these message from ESET.
 
Could anyone help me, please?
I have downloaded these 4 softwares on my desktop: 
1) DDS , 2) Malwarebytes' Anti-Malware , 3) AdwCleaner  and 4) Farbar Recovery Scan Tool (32 bit)
And get their respective log files and attachments as follows:
 
1)Here's a DDS log:
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.51.2
Run by Administrator at 10:11:37 on 2015-05-04
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.767.215 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ESET Smart Security 7.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* 
.
============== Running Processes ================
.
C:\Program Files\Common Files\Baidu\BaiduProtect\1.1.0.34\BaiduProtect.exe... Read more

A:ESET potential threat found - a variant of Win32/SProtector.D PUA

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575198 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 5 answers
RELEVANCY SCORE 50

Just wondering if this is a false positive? the two items are in quarantine in eset online scanner
 
Google chrome did have an error popup; will keep updated if it shows up again

Read other answers
RELEVANCY SCORE 50

Hello!
 
I noticed after a couple of USB transfers that my computer was suddenly incredible slow. Sometimes it would take a full minute to register a simple click (whether it be offline or online). Immediately, I jumped to the conclusion that I had been infected by my friends' UBS sticks.
 
I ran ESET scanner on it, and it found a whopping 10 threats (worms of various sorts, and things in the win32 files, sorry, I don't know much about computers and don't remember the specifics.)
 
I also ran Malwarebytes, SUPERAntispyware, and AdwCleaner, and quarantined/deleted a bunch of malware.
 
My computer is still a lot slower than it was before the USB transfers though, and I can't figure out if I'm still infected.
Could anyone help me figure this out?
 
Thank you!
 
Amy

A:ESET scanner found and deleted threats - computer still infected?

Hello, 
 
Can you post the various logs from the programmes you've run please? 
ESET Online Scan logs can be found at the following locations (depending on your system's bit-type):
32-bit machines: C:\Program Files\ESET\EsetOnlineScanner 
64-bit machines: C:\Program Files (x86)\ESET\EsetOnlineScanner
 
MBAM (2.x) logs can be obtained by: 
Open Malwarebytes Anti-Malware and click the History tab.
Click Application Logs and double-click the Scan Log.
Click Copy to Clipboard and paste the log in your next reply. 

Read other 13 answers
RELEVANCY SCORE 50

Hello!
Lately I keep getting messages from ESET:
Potential threat found
Object: Operating memory - rundll32.exe (1932)
Threat: a variant of Win32/SProtector.L potentially unwanted application
 
After I clean it or delete it, it comes back again. Also number in brackets after rundll32.exe is changing, next time Eset message pops up. And for last week I am also getting similar message from ESET:
 
Potential threat found
Object: Operating memory - c:\Windows\System32\config\systemprofile\AppData\Local\Clip Converter\clipcnv.dll
Threat: a variant of Win32/SProtector.K potentially unwanted application
 
And I can't clean it or delete it. And I never installed Clip Converter application.
 
Also my computer slow down. I believe it's a malware issue. I did scan with Eset and with AdwCleaner, but nothing's changed.
 
Could anyone help me, please?
 
Here's a DDS log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Vedranko at 15:02:00 on 2014-11-12
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.385.1033.18.1023.241 [GMT 1:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Proces... Read more

A:ESET found potential threat - a variant of Win32/SProtector.L PUA

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555827 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 12 answers
RELEVANCY SCORE 50

I ran the ESET Scanner on my laptop a couple times, but both times it crashed & I couldn't get rid of the virus. I know it found 2 files infected with "a variant of Win32/Injector.Autoit.SP trojan". Is there another scan I can run instead? Thanks! 

A:ESET Scanner found trojan on laptop, but scan crashes

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 
 
Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* Do Not Accept the Free Trial Option at this time ....... please
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the progra... Read more

Read other 8 answers