Over 1 million tech questions and answers.

do i have a mallware?

Q: do i have a mallware?

here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\aswUpdSv.exe
D:\Program Files\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\ashMaiSv.exe
D:\Program Files\Alwil Software\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\ashDisp.exe
D:\Program Files\Ace Explorer\Ace Explorer\Aexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Alwil Software\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmsandwich.com.ph/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\ashDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\ashWebSv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe

--
End of file - 2037 bytes

thanks in advance

Read other answers
RELEVANCY SCORE 200
Preferred Solution: do i have a mallware?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 44.4

http://ad.yieldmanager.com/st%3Fad_type

How do I get rid of this off of my computer...Someone please help me

Read other answers
RELEVANCY SCORE 44.4

Hello,
a few days ago i got some virus, which took all of my memory slowly and after 15 min. it releases it slowly. Ot prevents me to instal any mallware software, and use of it when i+m logged on.
It does allow me to go to safe mode and clean stuff from there, which doesn't help when i log on normally again. System is Win XP professional SP3. Please see my comboFix log below if anyone can help me to solve my problem.
Thank you in advance,
Matjaz
ComboFix 11-10-08.01 - Matja? 08.10.2011 20:27:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.959.659 [GMT 2:00]
Running from: c:\documents and settings\Matja?\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matja?\My Documents\HijackThis.exe
c:\windows\$NtUninstallKB14177$\2256817183
c:\windows\$NtUninstallKB14177$\3265923636\@
c:\windows\$NtUninstallKB14177$\3265923636\click.tlb
c:\windows\$NtUninstallKB14177$\3265923636\L\hznbllxz
c:\windows\$NtUninstallKB14177$\3265923636\loader.tlb
c:\windows\$NtUninstallKB14177$\3265923636\U\@00000001
c:\windows\$NtUninstallKB14177$\3265923636\U\@000000c0
c:\windows\$NtUnins... Read more

A:some mallware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422516 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Having problems with program wanting me to buy an antispyware to fix my computer and I have a program already.

A:Mallware and Adware

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

Here is the log from HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:39 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\1E\SMSNomad\SMSNomadP2P.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WQ8FEE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\AccelerometerSt.... Read more

Read other answers
RELEVANCY SCORE 43.6

I get every five seconds a message on my computer with the text : Your computer is infected! Dangerous infection was detected on your pc. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats. -> But it don't help at all and when i remove SpywareStrike 2.5 it comes back when i restart my computer. He goes very slow to Logfile of HijackThis v1.99.1Scan saved at 14:28:17, on 3/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEC:\WINDOW... Read more

A:Spywarestrike 2.5 And Mallware

Hi,Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.Open Ad-aware and do a full scan. Remove all it finds.Run Ewido:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to c... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

I can?t remove a software called Tango trough windows control pannel. It redirects to a site/message as in Tango.doc attached.I followed the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' but had problems with the gmer.exe file - it opens, but windows generated error message as showed in gmer-error.doc attached. I attached also the .txt log files from DDS.Any help on this topic?Thanks,Gustavo

A:Tango Mallware (?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 43.2

Windows XP.

I have tried to scan my computer numerous times for both virus/mallware trying different software programs AVG, Ad-aware, etc.. However every time I try, the scan after freezes, or computer dies (blue screen). It doesn't matter what software I use. It could freeze anywhere between 10 minutes and an hour after starting the scan. I currently just have AVG virus only on my computer. I would be nice to be able to scan my computer. Any ideas? This has been going on for quite sometime now.

I don't know if this is related or not but I also cannot get a security update (Excel) installed on my computer. All other windows updates were completed.
 

A:cannot scan for virus/mallware

Read other 9 answers
RELEVANCY SCORE 43.2

Newbie Here

After Several Virus scans, and anti spy software runs I am still getting browser hijacks from party poker. what can i do next Help.

This is my Log from Symantec,
Date Filename Threat Threat Type
6/18/2007 16:31 retadpu77.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 func.exe Trojan.Adclicker File

here is my hijack this log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:59 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files... Read more

A:Help Virus, Mallware, Hijacks

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {B39780D1-0EB1-43DA-B4AE-664E9732D345} - C:\Program Files\Windows Media Player\hokep43855.dll
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"



---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 19 answers
RELEVANCY SCORE 43.2

I am new to this forum so I hope I am doing this rightWell where to start. I have run countless different malware adware and antivirus programs and they all catch some problems and Remove them but they keep coming back. When I restarted my computer the other night I got an error message saying error loading c\eindows\ststem 32\kodoebu.dll I have looked for the file but it does not exisit. When I try to delete it in my startup manager it keeps coming back. I have ran all the programs that I have In safe mode and for the most part come up clean, but as soon as I restart and run them It catches more problems I am going to post my Hijack this log in hopes of getting this fixed. Thank you In advance. malwarebytes find 3 things called trojan vondo or somethingit deletes the one with the HKLM\..\Run: [dipehifage] Rundll32.exe " but it comes back after restart the other 2 say they will be deleted upon restart but arent. i am going to also post my malwarebytes log file.thank you in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:06 AM, on 12/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\s... Read more

A:Mallware Keeps comeing back

Hello makemoney11 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Click the Scan All Users checkbox on the toolbar.Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the re... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Setting: Family members PC (Dell, WinXP, round 2 years old, specs ?)

Problem: Was running slow/partial lockups, had no AV, no AntiSpy, no software firewall for DSL (yeah perfect cluter-fudge waiting right there).

What I did: First ran Ad-Aware in safe mode (cause Normal was too slow/lockups). AW found bout 500 various unpleasantries & removed them (Note: it is a year old version thats on a disc i burnt, so it could'nt find all the newer "stuff" but should have helped enough to be able to d/l new version and scan in Normal mode). Then ran Registry Mechanic found some 500 "problems" and fixed them. Booted to Normal was still slow; with WMI errors every some 10 secs, and MS Money trying to "install" (ended up uninstaling that one). Attempted to install Norton AV '04 but opted not run pre-install scan. Norton then failed to install shortly after starting, so I rebooted, began install again but did the pre-install scan. Now the fun begins: after a 1 1/2 hour scan it found some 8000 files infected with W32.Pinfi virus . Norton repaired 3000 some files and deleted some 5000 files, installed rebooted, finished install, and then I updated Norton, rebooted and then after going into the main account, it kicked me out imedately to the select user account screen. I tried other accounts, same. Even tried safe mode, same. Its almost like i'm locked out of the comp. Was thinking of ERD commander and see if some of its tools could repair it ... Read more

A:Virus/Mallware Issue

Well my friend... Norton is not a good idea.

If norton hasn't totally corrupted windows yet by improperly removing files (or lack of), then you can try un-installing it and the old version of ad-aware and try running the latest version of kaspersky anti-virus personal pro + latest updates, in safe mode with no internet connection.
This will get rid of all the viruses / spyware / malware. Some files may still be corrupted from all the viruses but chances are most will be ok. After you've finished that put a proper firewall on it. I recomend Kaspersky Anti-Hacker, or ProtoWall + BlockList Manager.
 

Read other 1 answers
RELEVANCY SCORE 42.8

Hello this is my first post.
symptoms are, mouse out of control, random pop ups, programs wont start.

The following is my logs;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:02 PM, on 15/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

A:Windows 7 Mallware/virus issue

Hello crusher101048, and Welcome to the forum!
My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
Absence of symptoms does not mean that everything is clear.
I am currently reviewing your l... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

Hello,

I was having an issue with mallware called "Mallware Doctor." So I ran Malware Bytes and after the scan it found 2 Trojans. I removed them and it asked to restart my computer to complete the process. I clicked ok, then when it restarted the normal screen came up then just went black.

I have tried rebooting several times, I am able to hit F2 and get to setup. I can also hit F8, but when I make any selection after hitting F8 it either starts again with the black screen or if i select to start it in safe mode I get a bunch of white text saying That stops halfway through the screen.

Rob

Read other answers
RELEVANCY SCORE 42.8

Hello guys. I encountered this malware yesterday as I was browsing what I thought was a normal news site. I wonder if this is a "Christmas Present" others are receiving? It started giving me conflicting "virus detected" reports which I didn't know were real or AVG-related. I have AVG on my machine and ran it and it detected no problems. I have HijackThis software which I ran but am not knowledgeable enough to interpret the results. I've read several threads with this same topic but not sure if I should just follow those instructions or start a new thread. I'm running NT on a Compaq machine. Can someone help me please?

Edit: I should also mention that I had to run the System Restore option on my machine since when I attempted to boot it, and start windows, it immediately started some applications indicating that virus were present on my machine. I restored it to the previous day and this eliminated that problem but the google redirect problem is still on my machine.

Thanks!

A:Google redirect mallware on my machine

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 42.8

hello i downloaded ytd downloader and got a few hits in the registery by adwcleaner.Mcafee also picked up 2 trojans.
i scanned with tdss killer,malwarebyes antiroot kit,malwarebytes and zero infections.i have uninstalled new.net toolbar and ytd download from the system.

A:ytd download mallware and news.net toolbar

Were the hits related to YTD Video Downloader? YTD Video Downloader is a legitimate program hosted by popular download sites.In some cases AdwCleaner may detect items related to legitimate programs...a search should always be performed first so the detections can be reviewed.If the hits were related to News.Net Toolbar, ignore the above.Did Mcafee provide a log or a specific file(s) name associated with the malware threat(s) detected? If so, what was that name and where was it located (full file path) at on your system?

Read other 12 answers
RELEVANCY SCORE 42.8

Thanks in advance!

Problem seemed to manifest after I download a torrent of an .avi file.

- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java... Read more

A:Help Needed W/ Trojan/Mallware Infection.

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now an... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

i can't install sp2 or access my msn home page, only hotmail. mywebsearch, funweb search, isearch keep showing up on scans, also clean my pc and bestoffers won't let me uninstall. here is my hijack this log. i have run the suggested scans and anti virus- thaLogfile of HijackThis v1.99.1Scan saved at 2:51:53 PM, on 10/1/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\runservice.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS\System32\Rscmpt.exeC:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PE... Read more

A:Can;t Install Sp2 Or Access Msn- Suspect Mallware

Hello johnnyw and welcome to the BC HijackThis forum. I do not see any of the items mentioned above in the log. Let's do a little cleaning and then go from there.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {6FB72287-7980-4777-BF0C-1242A4CF3908} - C:\Program Files\ComPlus Applications\mebovik.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in. Also run whatever scanner is showing the items mentioned in your post and post that log back here as well so I can see what is being reported and where it is being found.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 42.8

Hi,I am in a bit of a bind here... Leave it to dumb luck to get hijacked my malware as i am writing my thesis... due in ten short days... it is manageable but really slowing my machine down.. i tried to first run a kapersky scan but IE gets hijacked when it is running...any help would be very very very appreciated...thanks you all for devoting your time to help people like me...- joshs Deckard's System Scanner v20071014.68Run by Josh on 2008-04-18 11:05:40Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Josh.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:56 AM, on 4/18/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee\MPS\mpsevh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\sttray.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\PowerISO\PWRISO... Read more

A:Hi... Please Help... Writing Thesis.. Mallware Hijack

Hi jotamon Sorry for the delay in answering your post. Things are very busy here at the moment.If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.Thanks

Read other 14 answers
RELEVANCY SCORE 42.8

Hi All,

I am hoping to get help with a problem a recently discovered. I am using Windows XP SP3 (Media Center Edition). I recently noticed my computer misbehaving, slowness, occasional pop-up from Super Anti-Spyware when browsing IE7. I started to look in the usual places like msconfig and current processes running and found a suspicious dll in the startup menu. The line in msconfig currently reads O4 - HKLM\..\Run: [Jrobibere] rundll32.exe "C:\WINDOWS\atadavakul.dll",e. I have tried several utilities to erradicate the dll without success. Here are the steps I have taken so far (both in standard and safe mode):

- Run CCLeaner
- Run AD-Aware
- Run Search & Destroy
- Run Avira AnitVir
- Run SUPERAntispyware
- Run HijackThis

Running the above utilities does not get rid of the dll. The only app that seems to locate it is HijackThis. I try removing it via Hijack, but it comes immediately back after a re-scan. I also ran ProcessExplorer to look up the dll relation, and it seems to be hooked into Explorer.exe. I even went as far as running through a suggested Vundo fix solution, I saw on here months back. Still no luck. I am able to rename the dll, reboot, and successfully remove the dll. However the dll gets randomly renamed. The only things that seems to stay the same is the "Jrobibere" name. Also I tried to remove the run key from the regisrty and it immediately comes back, even if Windows Restore is turned off. Below is my DDS resu... Read more

A:Possible virus/trojan/mallware in explorer.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 22 answers
RELEVANCY SCORE 42.8

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-10 21:19:16
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{886DD... Read more

A:Wallpaper Locked! Bugs! Mallware! Help!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 42.8

Referred from here: http://www.bleepingcomputer.com/forums/t/298223/ive-been-hacked-i-think/ ~ OB I'm sure I screwed up somewhere. Give me hell. I deserve it. Was I supposed to have uninstalled AVG?

A:Unknown Culprit Mallware or Virus etc.

hi,I looked at your other post. It looks like your blog may have been compromised, not your machine. Web sites can be hacked to dish out malware and/or redirects etc.

Read other 13 answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

Read other answers
RELEVANCY SCORE 42.4

Hello all,First, thank you all for this site and the work everyone puts into helping us out! Now to business, noticed last weekend google results were hijacked. Haven't been able to get rid of it. Also noticed Spybot wasn't working when I clicked on the shortcut - I changed the filename of the executable and it ran ok, but nothing has really picked up a problem, between Spybot and Avira. Here is my iniital info per the Prep guide instructions:Regards,Mike SchneiderDDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 21:53:31.75 on Mon 08/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1194 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files ... Read more

A:Infected by Google Hijack Mallware/Virus:

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 20 answers
RELEVANCY SCORE 42.4

Hello.

I just found this site after a quick search on google and read some of the other topics with the similar problems I have.

The messages I constantly have poping up out of the right hand corner and in the middle of the screen are:

1. [email protected]
2. [email protected]
3. black door antivirus
4. net [email protected]
5. spyware cyberlog-X
6. PSW.X-Vir

I am running a windiws XP system and have used superantispyware, ad-aware 07 and spybot and deleted whatever things they have come up with but the results are the same, these messages keep popping up.

I would have added a hijackthis log if I only know how and where to acquire one.
As you can see I am an amateur at this and any help you could give would be greatly appreciated.

Thanks in advance.
 

A:Solved: A bunch of trojans and mallware problems. Please Help!

Read other 16 answers
RELEVANCY SCORE 42.4

Hows it going? recently my computer started doing a whole bunch of things it has never done before and i think it all started with a program called outerinfo that appeared on my computer at the same time all this started happening. trend micro pc cillin internet security 14 came with my computer and is showing me about 10 infected files on my computer with various trojans. ive tried to manually delete and it says the file is in use or write protected. next 2 new icons appeared in my system tray that i do not trust. one is a red circle with an x in it. it says it is windows antivirus and i should download some spyware even though i already have it and i just downloaded AVG antispyware yesterday. the other icon is a yellow triangle with an exclamation point in it. when you hover the mouse over it, it says "your computer is infected"
i have a combofix and a hijackthis log. any help is very much appreciated. thank you.

Combo Fix Log
ComboFix 08-01-23.1C - Bob G 2008-01-25 21:23:24.1 - NTFSx86
Running from: C:\Documents and Settings\Bob G\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BOBG~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bob G\Application Data\macromedia\Flash Player\#SharedObjects\5W7GUH3M\www.broadcast... Read more

Read other answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

A:Installing spy mallware while laptop is sleeping or hybernating?

A file on a flash drive can not open itself.

Read other 2 answers
RELEVANCY SCORE 42.4

Dear all..
I have a problem with laptop for a couple of days and I believe that you can provide me some help. I tried to find some answers in similar topics but no luck.
Here is the story..

I had ESET NOD32 installed and it failed to start. Once, twice and all of the sudden it disapeard in sys tray where it was ussually. So I tried to install an AVG but it failed to start some service. Firewall (sygate personal) also wont start...
I checked my connection and there was no local area connection! In device manager there are all exclamation marks on all network adapters.
On laptop there are Win XP SP3...

Any ideas?
Best wishes,
Milan

A:trojan/mallware or what? unable to install any antivirus

there are all exclamation marks on all network adaptersSomehow they have become corruptYou need to replace them. What is the make and model number of the computer?

Read other 1 answers
RELEVANCY SCORE 42.4

My computer starts up really slowly and lately the wireless speed starts out strong, then drops to a weaker signal. While browsing internet, mallware windows pop-up. Here are the DDS logs:DDS (Version 1.1.0) - NTFSx86 Run by Todd Maniscalco at 10:34:56.89 on Sat 12/27/2008Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.45 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe... Read more

A:Computer slow, Mallware browser windows pop-up

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 11 answers
RELEVANCY SCORE 42

I had popups and searches redirected. Then the desktop disappeared and the screen turned white except for a screen saying to click to run a scan. I pulled the plug on the computer, booted in safe mode which allowed me to run combofix which gave control of the computer back to me. I ran DDS and root repeal. Logs are included.Thanks.
 Attach.zip   5.49KB
  13 downloadsDDS (Ver_09-12-01.01) - NTFSx86 Run by Dur at 14:34:11.48 on Sat 01/23/2010Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2596 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ::: FOOTER (Change skin, language, mark as read, etc) ::: 2============== Running Processes ===============C:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost -k DcomLaunchsvchost.exeC:\Windows\System32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Windows\system32\astsrv.exeC:\Program ... Read more

A:Mallware, popups, search redirect, desktop dissapeared

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 17 answers
RELEVANCY SCORE 37.6

Operating system: Windows XP pro (sp2 ?)
2 physical hard drives, each with 2 or 3 partitions.
C: 1st partition, mainly used for program files, although some important data is also located on that partition
Mallware/virus attack included the following:
- Multiple advert windows opening up.
- Various warnings (about 17 infections) from AVG Free: Quarantined most, remainder needed restart. Unfortunately I did not take note of the specific virus id's.
- Windows security warnings popped up, although these got very confusing, as malware/virus was impersonating the Windows alerts, and produced a duplicate security shield in the taskbar.
One warning indicating AVG as unauthorised virus software with option to remove! I did ignore that one!
- Mallware/virus installed some (rogue?) malware/virus software on the infected PC
- I tried to perform root scan with unhackme but machine froze (1st time)
- On restart warning window pops up: Google update not accessible? On both options (debug or close) machine froze.
When totally ignoring the Google warning box, Windows does appear to finish loading, however when going to my computer, the windows warning appears to the effect that on proceeding I will be accessing the system files. On proceeding all files and folders (including data & program files) appear to be system files, and the machine freezes.
- Machine freezes on all actions as far as I know
- Starting up in safe mode: machine freezes
- Starting up with last known safe configur... Read more

A:Mallware attack: XP freezes, safe mode freezes, file system poss corrupt, etc

bump
 

Read other 1 answers
RELEVANCY SCORE 37.6

I have ran continuous spyware terminator and Spybot Search and Destroys and these keep popping up

Worm.Koobface-20
SPR/Tool.HIde.A
Virus.Sality.Y
Trojan.Inject.qyz

System Security 2009 is now for some strange reason on my desktop. I never installed in. It keeps trying to run on my system and tell me to buy it and everything....

In case the file I attached is messed here is the hijick this report

Please help! This is a crazy issue I have never seen before.

A:Major TROJAN and MALLWARE ISSUE!! (Trojan.Inject.qyz, Worm.Koobface, Virus.Sality.Y)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers