Over 1 million tech questions and answers.

possibly infected computer, unsure if windows error/malware

Q: possibly infected computer, unsure if windows error/malware

windows 7 won't reboot properly. I visited a site (p*&n) after antivirus expired. didn't see anything weird going on. days later when computer is started it goes to a black screen after account log in. Computer won't allow full instillation of antivirus in safe mode. error message recorded "installation successful, antivirus/ scan failed to download" < or something similar. i am unable to activate any windows security as i'm being denied (in safe mode). cmd prompt "sfc /scannow" entered, results "beginning verification phase of system scan. Verification 3% complete" results "windows resource protection could not perform the requested operation". Days before error and antivirus was active, the same command from cmd was completed successfully. What is causing this, i need to operate in normal mode, i am reporting from the possibly infected computer

RELEVANCY SCORE 200
Preferred Solution: possibly infected computer, unsure if windows error/malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: possibly infected computer, unsure if windows error/malware

Hi, you may need help from one of our Malware Experts.

Can you reach Safe Mode with Networking?
http://windows.microsoft.com/en-gb/...tup-options-including-safe-mode#1TC=windows-7

Run a Panda online virus scan.
http://www.pandasecurity.com/homeusers/solutions/activescan/

Do you have the Win 7 install DVD?

Read other 1 answers
RELEVANCY SCORE 76.8

Hi,I got an IM from a friend saying something to the effect of "Should I post these pictures of us on myspace or facebook?" with a link following. Like an idiot, I clicked on the link which downloaded what appeared to be some sort of DOS .exe, and my life has been miserable ever since. I've run True Sword, Ad Aware, Microsoft Anti-Spyware, McAfee Stinger, and Spybot. They all find multiple threats, but they don't stay permanently fixed. Spybot, for example, will find about 60 threats, fix 50 of them, and then ask to restart the computer and then scan again. Upon rescanning, however, it finds all of the original problems that it supposedly cleaned before the computer was restarted. The computer runs fairly normally, except for the 15-20 or so pop-ups per hour that launch even when the browser is closed and no other programs are running on the desktop. I've hunted around, looking for various fixes, but nothing has really worked at all. I'm running XP Home SP2 on a Dell notebook.I know you guys are busy; your help is greatly appreciated. Thanks!DougHIJACKTHIS log:Logfile of HijackThis v1.99.1Scan saved at 9:07:44 PM, on 1/25/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost... Read more

A:Computer Infected (pop-ups), Unsure What Trojan/virus/malware

Hello,We'll deal with the popups afterwards. We need to cleanup your system a bit more first.I see you were dealing with a previous version of Virtumundo as well.Let's use next tool first to clean up leftovers if still present:Download Symantec Trojan.Vundo Removal Tool.Save FixVundo.exe to a convenient location, such as your desktop.Close any programs that you may have open.If you are connected to a network and/or a full-time Internet connection, please disconnect your computer now. Failure to do so might prevent the fix from working.Double-click FixVundo.exe to start the Vundo removal tool.Click "Start" to begin the removal process. Remember not to have any programs open.It will scan your computer for signs of Vundo. Depending on the amount of files you have, it might take a long time.Restart your computer.Run the tool with the same instructions to make sure Vundo has been eliminated.It could be possible that it will say that Vundo was not found also.It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.It is also important you don't miss a step and perform everything in the right order!!* Please set your system to show all files; please see here if you're unsure how to do this.* Please download ATF Cleaner by Atribune to your desktop.Do not use it yet.Please download Ewido anti-malware ; it is a free version of the program.Install... Read more

Read other 37 answers
RELEVANCY SCORE 74.4

I am attempting to fix this PC after my niece used her college USB stick on it after using an infected machine at college.Not sure of the name, thought we had got rid of it, but had problems a few days later with the pc failing to boot in safe mode, with it hanging at start up (when the white dos style writing scrolls up the screen when booting).Googled the problem and deleted a 0byte file that ended in .sys that was in the Drivers folder. this allowed the machine to boot ok, but i want to be sure that i have rid of the infection.Here is my hijack this log:QUOTELogfile of Trend Micro HijackThis v2.0.4Scan saved at 13:56:14, on 03/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Java\jre1.5.0_11\bin\jusched.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Microsoft Security Essentials\msseces.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Bonjour\mDNSRe... Read more

A:Unsure of name Worm (possibly infected by USB stick)

Hi and welcome. My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.For your next reply I would like to see:-The DDS logs---DDS.txt and Attach logs-GMER log-Description of any remaining problems you may still have.With Regards,Extremeboy

Read other 2 answers
RELEVANCY SCORE 72

I performed a scan with Avira.
It located two things: EXP/Javi.B and TR/Trash.Gen
I also performed a Malwarebytes scan.It found Trojan.Hiloti
The malware disabled my entire computer sound system.
It takes literally 5 minutes to launch either of my browsers.I have IE8 & Firefox.
The only way I can launch a browser immediately is using Firefox & launching it in safe mode.
When I'm browsing the internet,I'm constantly redirected to pages advertising various products(mostly software).This causes my current browsing session to freeze up & I'm forced to close.
This all started as I was watching a movie from megavideo.com.The sound just cut out on the video and all of these other problems ensued.

I don't have a Windows Install disc or a Boot CD.
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by megan at 14:35:22.10 on Mon 04/25/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.332 [GMT -5:00]
.
AV: AntiVir Desktop *Disabled/Updated* end VigLink 0
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
... Read more

A:Computer infected with malware;possibly a virus.

Hello, and welcome to TSF.

I am currently reviewing your logs. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Thank you

turtledove

Read other 19 answers
RELEVANCY SCORE 72

Ive followed the steps in the preparation guidelines. The computer seems to be better but it is running slow and i think it is still infected. I get a device IO notification before i shutdown the computer. Before, there would be a pop-up of ping.exe. And in the clean up it said i was infected with a trojan. here is my hijackthis log.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:18:11 PM, on 1/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Sygate\SPF\smc .exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Kontiki\KService.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files ... Read more

A:Computer Infected With Malware And Possibly A Trojan

So i have figured out that i have vundo variant. and the file C:/windows/system32/ssqpq.exe is infected. I tried deleting it using vundofix but it has not been removed. Someone please help!

Read other 26 answers
RELEVANCY SCORE 72

Hello! I am posting because I have offered to clean up a computer for a coworker, and want to make sure I do a thorough job. So far, I have seen indications of at least 4 separate malware programs. The first was Antivirus 360, which I believe I deleted for the most part via manually removing the files and registry values. I have also seen VirusProtect 3.8 and 3.9, though I had no luck locating the files I was told to delete...so I am not sure if the infection is there or not. His computer already has "Verizon Internet Security" installed, and I used that for an initial scan to see what it found. I deleted what it found, though that was done in safe mode, before I deleted all the files manually for AV360. When I enable Verizon Internet Security, it pops up two warnings, which mention a file by the name of Trojan.Win32.Monderb.xgy, in the C:\WINDOWS\system32\ljJCvSiI.dll. I looked up that file, and saw it was connected with the "Vundo" virus...or something along those lines. His computer is not connected to the internet at the moment. I am using my laptop to access the net, and transferring files via a flash drive to his computer. I have scanned with DDS, and will provide the log. I also have HJT ready to run on his desktop, as well as ComboFix. Here is the DDS log: DDS (Ver_09-01-19.01) - NTFSx86 Run by HP_Administrator at 16:34:39.23 on Mon 01/26/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033... Read more

A:Computer Infected/Possibly Infected With Various Malware

Hi,Your system is severly infected. I can see more malware present than anything else... Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts. Actually, this doesn't suprise me at all...From the log I see:AV: Authentium Antivirus *On-access scanning enabled* (Outdated)AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Outdated)FW: Verizon Internet Security Suite Firewall *disabled*What's the point in having a security Suite / Antivirus present if it's outdated and disabled.Most probably the sub... Read more

Read other 7 answers
RELEVANCY SCORE 72

Hey, I hope that I am not being a nuisance to anyone. I recently discovered a fraudulent charge on my credit card. I found ample info online on how the company is a scam, but I don't know the charge occurred. I am wondering if there is anything on my laptop that is is some sort of attack/infection which allowed this company to find my credit card number.I have ESET NOD32, MBAM (not purchased,) MBAR, Hitma Pro (not purchased,) AdwCleaner and JRT. JRT, MBAR, MBAM and ESET NOD32 scans/runs have found nothing. I am going to run Hitman Pro shortly in an attempt to find anything. AdwCleaner found some things, but I don't think that they are harmful. I have attached the AdwCleaner, MBAM, and MBAR logs. Please let me know if I should post any of the other logs.Any help to check and determine if there are any infections/attacks/etc. on my laptop would be tremendously appreciated. Thank you very much in advance.DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16555Run by El Diego at 16:42:52 on 2014-07-05Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2657 [GMT -4:00].AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Win... Read more

A:Laptop possibly infected; credit card scam (unsure if it was done online)

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop For 32bit system or For 64bit system Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+=======Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the proc... Read more

Read other 9 answers
RELEVANCY SCORE 71.2

Help would be greatly appreciated in minimalizing this problem.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:36:32 PM, on 12/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\PROGRA~1\COMMON~1\aol\ACS\acsd.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\System32\svchost.exeF:\New Folder\Alcohol 120 -\Alcohol 120\StarWind\StarWindService.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\UAService7.exeC:\WINDOWS\System32\MsPMSPSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\System32\ezSP_Px.exeC:\WINDOWS\sy... Read more

A:Computer Possibly Infected With Adware, Malware, And Other Viruses.

Hello Vile I am SifuMike and I will be helping you. Any idea where you go whataboutadog from? Whether or not it's helpful, we're interested in knowing where it came from so that we can get it ourselves. We need to further analyze this infection. We've had reports of users becoming infected while looking for Vanessa Anne Hudgens pics. Download FindAWF: http://noahdfear.net/downloads/FindAWF.exe Save the file to the Desktop Double-click the FindAWF icon. If a Security Alert shows, allow the program to run. As instructed, press any key to continue. Use the following option: Press 1 then Enter to scan for bak folders The scan may take a while, please be patient. When done, a text file, Find AWF report is produced that we need to look at. Please post it in your reply.

Read other 28 answers
RELEVANCY SCORE 66

Greetings TheSentinel and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter p... Read more

A:Unsure if infected with Malware/virus

Hey,
 
You can call me Sent
 
My PC seems a bit sluggish when i start it up and over the past couple days has been sluggish using internet, I already contacted my ISP but they didn't find anything. I've already reviewed my msconfig and control panel>program files, but maybe i missed something.
 
Here is the info you asked for.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Ruben (administrator) on BEASTV2 on 20-01-2015 20:37:42
Running from C:\Users\Ruben\Desktop
Loaded Profiles: Ruben (Available profiles: Ruben & Guest)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Window... Read more

Read other 23 answers
RELEVANCY SCORE 66

I am new to this forum. Any help would be greatly appreciated. I have a DSS logs that I will post and attach. I also have Hijack This as well. Please let me know if you would like that instead. Thanks in advance.

DDS (Ver_09-03-16.01) - NTFSx86
Run by user at 15:56:39.71 on Fri 05/01/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1013.273 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Pro... Read more

A:infected with Malware of somekind. Unsure of name

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Before we can continue, please post a fresh DSS log back here

Read other 2 answers
RELEVANCY SCORE 66

Hi! i have a few persistant problems on my computer. This all happened while my husband was downloading music from UTorrent and immediatly after we had problems on our computer. I have Spybot S&D, McAfee Security Center, Ad Aware AE, Malwarebytes, and Glary Utilities. I have used all of these programs for removal and it seems that they go away but pop up eventually again or even new ones after i cleaned out old ones. I need help because i can't figure out what i'm doing wrong! here are my files.. Thankyou
DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Administrator at 9:21:21.34 on Tue 04/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.230 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
... Read more

A:Infected with Malware/Trojans... unsure of what they are!

i would like to add that the issues i remember seeing where Virtumondo, i removed it several times with Spybot and today its not picking it up but its picking up some Win32 thing and yesterday i would constantly McAfee warnings saying a series of numbers with the .exe attached to it... i blocked them because i dont know what they are..

also i should add yesterday i had a problem with my browser firefox.. (i dont use IE but my husband occasionally does so we dont know if this exists with IE too) We have what seems like a browser hijack.. i try to enter a webpage and it brings me to a totally different page... i dont know if this helps but i forgot to write down the list of problems i saw so that may set me back a little bit!

please help thanks!

Read other 3 answers
RELEVANCY SCORE 64.8

i have Vista Basic edition
a few weeks ago i opened an email on my laptop that i shouldnt have

i've got a virus or something now that redirects all my google and yahoo searches, it wont let windows defender update, and for a while had my computer completely at its knees by crippling my browser completely, and not allowing the vista systems disk to crash my computer and just start off a'new.

THAT has been resolved, but there are still some problems that are seeping through more and more

i have the free version of avast! i've run hijackthis and advanced systemcare

i've got my browsers up and working again, i havent tried to wipe the computer clean yet cause i really dont want to lose everything i have.

currently, as i've stated search engines redirect all my searches to bullbleep ads and other sites trying to get me to download crap
and windows defender cannot update

it says that it cant check for updates and says error code: code 0x80244019

when i run systemcare and it hits security analyzer it says that there is a problem and gives me "suggestions" but seeing as im not a computer expert i dont know what to do with it

please help i really would like to have my computer running like its healthy self self again
thank you in advance for any help i receive
and if there is anything i wasnt very clear on please let me know, im really bad at explaining things and will try again

A:windows defender error code 0x90244019 [computer infected with virus or malware]

Welcome to BCTHAT has been resolved, but there are still some problems that are seeping through more and moreYou are still infectedThe process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When ... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

Good afternoon,
One of my users received an infected email from his son that had a link to a fake Google Doc's page. My user clicked on the link in the email and provided his username and password information and then realized something wasn't right and closed all of his browser windows. He let me know he had some issues and I immediately had him change his email password. Then I scanned his computer in Safe Mode with Malwarebytes but it failed about half way through the scan. I ran RKill and tried to scan with Malwarebytes in Safe Mode but it failed again. I ran Malwarebytes AntiRootKit in Safe Mode and it didn't detect anything. I ran a scan with Kaspersky in Safe Mode and that failed as well. 
 
When the computer is running in standard Windows mode, there is NO indication that it's infected. The reason I think he's infected is that the Malwarebytes scan failed in Safe Mode (even with RKill running), his wireless network driver won't work in Safe Mode and the Kaspersky scan failed in Safe Mode. 
 
I've collected some of the standard log files but I will wait further instructions from BleepingComputer support. Thank you, 
 
Mike

A:Possibly infected Windows 8.1 computer

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Download SUPERAntiSpyware Free Edition:http://www.superantispyware.com/ Double-click SUPERAntiSpyware.exe an... Read more

Read other 11 answers
RELEVANCY SCORE 64.8

Hello!
 
I currently have a laptop that I use for school (Dell Inspiron M5040, Windows 7 home premium) and I think it might possibly be infected. I have Avast antivirus on here, but here lately I have been noticing that my computer freezes (forcing me to manually shut it down by holding the power button), runs slower, and every now and then something will pop-up but it goes away so fast that I'm not able to write down what it says. I will do my best to see if it pops up again. I use this computer for college (online student) so I wanted to get it ready for my classes that will be starting in a week.
 
Thank you in advance!

A:Possibly Infected, Not sure (Windows 7 Computer)

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

I will give a general explanation as to the problem and will include the dds text file and the attach.txt.
 
I have been throwing every bit of knowledge I could at this while scouring the internet to find a similar solution. I am now at a point where I can no longer continue without assistance. I was working on some computers remotely with logmein that were infected at some of my previous work sites. After three days of no luck, I noticed several odd activities within my work computer. There were services I did not recognize randomly appearing and disappearing. I opened up resource monitor and realized my computer was infected. I turned off wifi, booted into safe mode and dove into some general anti-everything scanning. Here are the programs that I used: Securitycheck, roguekiller, tdsskiller, adwcleaner, spybot, hitmanpro 64, windows security essentials and I believe there was one I can not remember the name. I downloaded all programs through this site. After the well known, "restart of shame," I proceeded to format the Hard drive and load windows again. I have a LEGIT version of Windows 7 Home Premium sp1 installation DVD. I inserted that into the drive and went into the advanced options to delete and format the drive. Once Windows finished it's installation, I still noticed some odd items within resource monitor. I had not loaded the wireless drivers so there was no internet. I watched the entire process start on my computer again. I had a ubuntu 12.04 desktop CD with... Read more

A:Still infected after multiple formats. Unsure of Virus/Malware name.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/512554 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 7 answers
RELEVANCY SCORE 64

first of all, I would like to apologize if i make any mistakes in my writing since english is not my native language. ok, now I would like to ask for help because since yesterday a strange popup window has started to appear as soon as i enter my desktop from the metro icon(I am running windows 8 pro) and it is just a blank message titled "explorer.exe"  . other than this, my antivirus(avast, the free version) warns me about 2 viruses, one called nt32 and another called load32         . these programs didn't do much, they simply removed the ownership of some programs from me while i was running them(thus shutting them down without saving) and also removed the language bar from the bottom of my desktop, but i managed to solve these problems by myself. while browsing through the internet i came to this forum twice, finding people with problem similar to mine, but in neither of them i found a solution, since the people that helped them requested logs and scans from various programs. another solution that i found was to delete a strin from the registry called "load" which would be situated in HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows . i tried to delete it multiple times, even after taking ownership of it but it always ended up displaying an error saying that it couldn't delete all the values of the string. last of all i tried deleting the folder in which the program was situated( c:/programdata/ntkernel ) after a dia... Read more

A:possibly infected and explorer.exe error on windows startup

Hello! Welcome to BleepingComputer Forums!
My name is Georgi and and I will be helping you with your computer problems.
Before we begin, please note the following:
I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
 
 
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
Press Scan button.
It will make a log (FRST.txt) in th... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Hello,

I have noticed some changes in my laptop for at least a month, but I am not sure what is causing these changes.

Starting up used to be fairly quick, but now it takes at least 30 sec between the time I see my desktop background and the time I can choose an Internet connection. Also, sometimes when I try to access websites like Wikipedia, my Internet browser will simply stop. However, closing the programs using the task manager seems to take care of the problem. I do remember seeing popups of Windows 7 Antivirus 2012 once in a while, so could it be the source of my problems (if they are problems)? I've never clicked on these popups, but maybe they installed themselves on my laptop?

I did see the removal instructions for Win 7 Antivirus 2012, but I'd like to make sure I am doing the right thing, especially since the MBAM log looks clean.

Thank you very much for your time, it is really appreciated!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.15.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Cathou :: CATHOU-THINK [administrator]

21/05/2012 11:17:22 PM
mbam-log-2012-05-21 (23-17-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 383065
Time elapsed: 43 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules ... Read more

A:Slow computer, possibly infected with Windows 7 Antivirus 2012?

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 11 answers
RELEVANCY SCORE 62.8

Hi all,
 
This is my first post on this site. Unfortunately I am in need of some assistance that the regular anti-malware and anti-virus tools don't seem to be helping with. 
 
I am not sure the exact procedure I should take in looking for assistance with this post. I assume that I should download some program that can create a complex (to me, anyway) log which could identify some issues.
 
The issue that has brought to light some issue with my laptop (which runs Windows 8-64 bit I believe-it is a Lenovo Lifeline model N580) is when Windows Update attempts to do its thing. I get an error indicating that I cannot update and am brought through a diagnostic process that seems to indicate it has helped (and has something to do with my drivers?), but even once this is finished and looks positive, the inability for Windows to update is still present. I know this could be quite a few things, however I am getting the feeling that I have an infection that is disabling my ability to update. 
 
 
Thank you in advance for any assistance once can provide. As soon as I heard (or discover upon more research) the procedure to get the information needed for diagnosis posted. 
 
Thanks again!
 
Chris

A:New User to the Site-Need help with Windows Update/Possibly Infected Computer

Download and run wipe  and system ninja,
 
https://privacyroot.com/software/www/en/wipe.php
https://singularlabs.com/software/system-ninja/
 
Then.....
 
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
https://www.piriform.com/ccleaner/download
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
 
Reboot your machine and then follow the  instructions below.
 
Step 1: eScanAV.
 
Disable your antivirus prior to this scan.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
 
Source
http://www.escanav.com/english/content/products/downloadlink/downloadp... Read more

Read other 1 answers
RELEVANCY SCORE 62

I have windows xp and for the last couple of weeks my start menu pops up by itself, the search function pops up by itself sometimes upto 47 times in a row and when i go to type in words whether its on the net or not i get random letters that type in for me. I have AVG 7.5 and have run numerous scans and nothing shows up. I have also run panda and nothing shows. I have done system restores and it will not fix the problem. I dont know what i have, ive even thought maybe my keyboard is acting up. Any help is much welcome. Thank you.

A:Unsure If My Computer Is Infected?

If you have a wireless keyboard, low batteries can result in weak, mixed or no signals that can affect its functionality so start by replacing them. If that does not help, confirm that the keyboard works on another machine. It is possible the keyboard could be defective. Another thing to try is to use a different keyboard on your machine or a PS2 adapter?

Read other 1 answers
RELEVANCY SCORE 62

I'm not so very computer savvy but am good at following instructions...I have Windows XP. The problem started two days ago when a teenager was on MSN and told me messages were being sent to his contacts while he was on there, but he wasn't typing anything. I told him to get off. Then, when I went to the internet to investigate what could have happened, my Internet Explorer kept showing me an error message, and asking me if I wanted to send a report, very frequently, then shutting down. It usually happens when I open a new window, but not always. I've also had this error message a few times:First, it says there's a problem with an add-on and Explorer must be closed. Below, it says:Add-on Name: Enigma.dllCompany Name: (Not verified)TODO: <Company name>Then more not verifed stuff.I have done everything suggested on the Preparation Guide for use before posting a HijackThis Log. I have Norton Internet Security, by the way.Thanks in advance, so much, for any help you can give me. Much appreciated.MarleenLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:06:24, on 2007-08-10Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.ex... Read more

A:Computer Infected - Unsure With What

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 2 answers
RELEVANCY SCORE 61.6

I am hoping someone can help me with my slow computer. It is running much slower than it usually does. I have a Dell PC running Windows XP. I have Norton antivirus installed. I have tried defragmenting, but the tool says my disk does not need to be defragmented. I tried the Microsoft cleaning tools. I removed programs that I no longer use to make more space, but I don't think space is the issue. I also tried using ccleaner and another malware removal program (sorry, I don't recall which one). It found some things and I removed them but it is still running slowly. Norton is up to date and does not pick up anything. It is still running slow. Please help.
 

Read other answers
RELEVANCY SCORE 61.2

hi i am running:
Samsung R530/R730
windows 7 ultimate, service pack 1
Pentium dual core cpu
T4300 @ 2.10GHz x2
RAM 8.00GB
64bit OS
 
and my avg pc tune up software brought this to my attention! it gives me no option to update, install or roll back the driver and cant seem to find much info on the web about it other than the few steps ive tried i.e; Microsoft fix-it (didn't work), uninstalling the driver (made it disappeared altogether without the choice to reinstall, also lost the ability to connect to the internet obviously), also tried a program called "RestoreTCPIPProtocolDriverWindows7" (not sure what it did as it opened a CMD window and quickly disappeared) and finally i tried the winsock method (also did nothing)  
 

 pc pic.jpg   108.26KB
  1 downloads
 
the reason i suspected malware is that i recently used "mall-ware bytes" and found a few things that avg had missed!
also everytime windows starts up a quick command pops up with the MCE icon and quickly disapears (might not be related but has only started doing it recently)
 
hope the infomation helps and will be happy to provide more! also sorry if this is in the wrong section of the forum but this is my first post here 
many thanks in advance

A:tcp/ip error 24 potential malware issue but unsure

Okay so you currently cannot connect to the internet and you possibly uninstalled your network driver and you may have malware.
 
I guess we need to get your internet working so you can head over to the " am I infected ? " section of the forum and have the malware pros help you.
 
Have you tried going to the samsung website and downloading/installing the current network drivers?  That would be my first thing to try.  Do you connect to the internet via wired or wireless connection?  There are two separate drivers that I saw.  One for wired and one for wireless.

Read other 1 answers
RELEVANCY SCORE 61.2

possibly infected by a Trojan virus.......................DDS (Ver_09-01-19.01) - NTFSx86 Run by DV6757CA at 17:02:17.46 on 31/01/2009Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1140 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Program Files\DigitalPersona\Bin\DpHostW.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour&... Read more

A:possibly infected by malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Hi
 
I believe my Windows 7 laptop has been infected with Malware in the last week or so. I have followed some of the standard procedures using tools like MBAR, MB Anti-Malware, ESET and HitMan Pro but I think the virus is low level, possibly in the MBR.
 
Whenever I try to execute a cleaning program that runs command line the virus triggers. It manifests itself as a crash of conhost.exe followed by a crash of icacls.exe. Windows event viewer says its is triggered by accessing GDI32.dll. At one point it was blocking Malwarebtyes Anti_Malware from accessing its update site. Although I seem to have fixed that part now I still can't get to a full clean
 
MB Anti-Malware has found Setting.DisableRegistryTools (A) which I have cleaned but still no joy
 
RogueKiller found some registry exploits like PUM.dns which again I cleaned and am not even sure are related.
 
Current status is I have a clean User profile which I have been able to use to run DDS, Rkill.exe and ComboFix.exe reports. I can post the logs on request. I don't want to go any further at this stage as the other tools seem to invoke the virus and block the completion of the reports / fixes
 
Wonder if one of you experts can help me ?
 
Many thanks
 
Sean
 
 

A:Infected with Malware, possibly in MBR

attaching FRST logs

Read other 1 answers
RELEVANCY SCORE 61.2

the general problem is the computer being slow freezing up and also not recognising external drives. Thanks in advance for any advise you can give.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/20 13:45
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8D45F000 Size: 778240 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9FB3A000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8e5cb895-b90d-11de-9eaa-001d09cae60a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5fdcba4-ba9f-11de-9387-001d09cae60a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5fdcbe2-ba9f-11de-9387-001d09cae60a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Inf... Read more

A:unsure but i think my computer is infected with pet32.exe whatever that is...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

Hi, three-four days ago my computer started behaving suspciously, my internet connection would lag heavily for a few seconds or disconnect completely. Recently my network stated that there was an IP conflict due to a computer on my network sharing my IP, this took place following a disconnect. I have scanned with ESET NOD32 (trial version), Super Anti Spyware and malwarebytes and all that was found were some tracking cookies.

This is a new topic for this issue as my other one had a title which did not describe the problem. (Older topic: http://www.bleepingcomputer.com/forums/topic443347.html)

Kind regards and thank you for reading,

Sean.

A:Possibly infected with hijacking malware.

If I am not available for a response I will be able to check this post 13-15 hours after the original post.

Read other 17 answers
RELEVANCY SCORE 60.4

Greetings,I'm hoping someone can assist me with my infected computer. My goal is to salvage specific picture, video and music files from my main harddrive. I would like to transfer these files to a brand new harddrive with I plan to install once I can varify the files are not infected. I will then like to reformat my currently infected harddrive and re-install Windows Xp pro and have this drive carry only my OS and other applications and have my second drive hold all my media files. I hope this is possible.My infection symptoms are:-PC runs quite slow even after clearing start up list.-Windows update page is not available to me.-Windows defender cannot update and often has issues running properly.-Google searches send me to a variety of advert sites or other obscure search engines. Browers tabs spontaneously open up and send me to these sites.-Firefox is has had some changes made to it and end point asks if I want to open up traffic to it. I declined and can no longer use Firefox as a result.Symantec End Point alerts of the following:(Scan only found tracking cookies which are now deleted.)-"[SID: 23615] HTTPS Tidserv Request 2 detected.Traffic has been blocked from this application: C:\WINDOWS\system32\svchost.exe" (Direction:Incoming)-"Traffic from IP address 91.212.226.67 is blocked from 7/25/2010 10:31:23 PM to 7/25/2010 10:41:23 PM." (Direction: Incoming)-"Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing ... Read more

A:Infected with Rootkit and possibly other malware.

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 23 answers
RELEVANCY SCORE 60.4

Any advice here would be appreciated.

Infestation of Antivirus Plus caused continuous popups, etc. This seemed to go away after running Malwarebytes.

However, still am unable to access mail.google.com, bleepingcomputer.com and other sites. Both IE and Firefox are redirected to commercial sites such as yellowpages.com.

Ran AVG, Spypbot and Malwarebytes in safe mode. Detected no further problems.

System is a Dell 6400 running Vista Business (Service Pack 1 installed)
Affected browsers IE 7 and Firefox 3.0.5
DDS (Ver_09-01-07.01) - NTFSx86
Run by Elizabeth at 16:31:19.63 on Sat 01/17/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Business 6.0.6001.1.1252.1.1033.18.2046.1190 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows ... Read more

A:Infected with Malware -- Possibly from "Antivius Plus"

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Also please explain your problem as fully as possible. Each little detail will help in getting your system cleaned up and functional again.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scans:Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 3 answers
RELEVANCY SCORE 60.4

Hello,

I do the normal adware, spyware, and antivirus scans. Recently my programs have been opening extremely slow and sometimes when I am using multiple programs, it seems that all system resources are being used because the computer lags when minimizing windows...etc. I have 1GB of RAM and am running Windows XP Media Center edition. Here is the dds.txt log created by the DDS tool requested by bleepingcomputer.com. Also attached is the attach.txt file.
DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 22:23:09.63 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.381 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:&... Read more

A:Suspect I'm Possibly Infected with Malware

As instructed from bleepingcomputer.com, I have waited 5 days for a response and have not received one. Therefore I am posting a reply.

My virus and spyware scans found Virtumonde as well as other trojans on my computer. My computer programs are lagging and my computer needs to be restarted more frequently. I have not attempted to do any fix as I was awaiting a response from this site. So the log posted above should still be accurate. Please respond as soon as possible.

Thank you

Read other 5 answers
RELEVANCY SCORE 60.4

Hello I was infected with this malware few days ago, nothing could remove , so i installed a new windows.Now i am hit with the same malware again, i guess it's some kinda of autorun method that infected me again, or it infected my program folder (i installed opera from an existing file on my computer).Symptoms: 1-The system takes some time to load -after the windows welcome screen-.2-My previous restore points are gone.3-Task manager disabled, when i enable it (using third party program) it gets disabled after a moment.4-Registry editor, the same as above.5-"Do not show hidden files or folders" option is always on, whenever i select the other option, and open the menu again, it says "Do not show hidden files or folders".6-I can't access antivirus/scanner sites (jotti/novirusthanks/virustotal/antivirus/drweb/technet microsoft) but the hosts file is normal "127.0.0.1 localhost".7-Whenever i run an exe file it infects it, sometimes it run and sometimes it give a memory error.CODEAppName: combofix.exe     AppVer: 0.0.0.0     ModName: combofix.exeModVer: 0.0.0.0     Offset: 000276218-After a while i get scvhost error (send|dont send) .9-Explorer.exe restarts randomly, and sometimes the skin changes from the xp blue theme to the old win98 theme.10-Task manager closes if i opened it for a while.No attachment with logs was found (I checked both, the zipfiles w... Read more

A:Infected with a malware (possibly sality)

Hello, as you can see I removed all links and attachments from your post, as explained.Please see ThreatExpert's awareness of Win32.Sality.Sality Family is a family of a polymorphic file infectors which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS. QUOTEAs with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.About Sality VirusIf the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a rout... Read more

Read other 6 answers
RELEVANCY SCORE 60.4

Hello. I have windows 7 and I noticed norton picked up on a few things. I didn't see the first one but a message just popped up now saying there was an attempt blocked called HTTP Nukesploit request. I did a little research online and found that it's malware. I know nothing about viruses and how to get rid of them besides downloading antispyware or programs such as that and running them and seeing what is found. Norton found that nukesploit and read about other people who have this problem have malware. While I was looking at that message, I decided to check my norton history and see what other things are detected as I leave my computer on sometimes while watching tv and don't notice the messages. There was one attempt blocked a few days ago saying HTTP Fake av redirect. I researched that a little bit and people have said that there's a fake av program installed on their computers but I only have norton on mine.

Also, my internet explorer has been crashing a bit more often. With the error message saying "internet explorer has stopped working" and you click ok and it restarts the browser with the tab you have it on. I haven't been doing anything weird I'll just be trying to watch a streaming video or something and it gives me that error message. It usually happens with streaming video sites or on sites I always frequent like a few video game websites and streaming sites and such but it's never off a new page i'm going to. It happens m... Read more

A:Infected with malware and something else possibly - help on removal

bump. any help?

Read other 1 answers
RELEVANCY SCORE 60.4

Hi,

I hope you can help me remove all the remains of this malware and PUP's form my PC.

Please let me know if you require any more logs from my PC.

Thanks,

Kevin
 

A:Window 10 PC possibly infected by Malware

Hello,
Please download Zemana AntiMalware and save it to your Desktop.

Install the program and once the installation is complete it will start automatically.
Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.​
Open Zemana AntiMalware again.
Click on icon and double click the latest report.
Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.

 

Read other 1 answers
RELEVANCY SCORE 60.4

I am not sure if this is the right place since I am unsure if I am infected, but yall are the people I turn to when I cant find the answers. I Installed a new GPU (upgraded from HD 6670 to r9 270x) and my computer has been acting strange ever since. I got the games to work after a few uninstalls and reinstalls of the AMD drivers. I found a system process would cancel any full screen thing I had going but only if the program used dx11 (if conhost.exe is running, the dx11 program wont open. Tested with Civ 5, 3dMark Demo, and Saints row the third), the process is conhost.exe. I would kill it, and would be able to go back into my game but I could not go back in if that was still running. I do not recall any risky clicks or anything like that, but I did use a driver sweeper program before installing this card (in safe mode as it suggested) Below are the dds logs. (quick edit, realized I had Daemon tools running, I have disabled the virtual drive already.. Sorry about that)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Sean at 18:23:33 on 2014-06-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.14300.12331 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
========... Read more

A:Unsure if infected, Computer is acting funky.

Hello froggyfixit, 

I will be helping with your computer problems.
Before starting please note the following:
If you have since resolved the original problem you were having, we would appreciate you letting us know
Do not make any changes on your own to the computer (installing/uninstall programs, deleting files, modifying the registry, running scanners or other tools, etc.) without instructions to do it
Please read every post completely and perform all steps in the specified order. If you can't understand something or you encounter problems please stop and let me know
Do not attach logs, use code or quote boxes. Just copy and paste the text unless directed otherwise
Even if things appear to be better, it does not mean we have finished. Follow my instructions and reply back until I tell you that your computer is clean.
Please reply using the Add Reply button in the lower right hand corner of your screen
I'm analyzing what you posted, but since some days have passed is better to have some updated logs.
If the problem is not solved, in your next reply please post a fresh DDS log and the updated Attach.txt file.
 

Regards 

Read other 3 answers
RELEVANCY SCORE 60

I am having trouble with my computer and it seems to be a spyware/malware infection, possibly the Virtumonde virus. When I first turn the computer one, the background of my desktop is blue, and in yellow writing it reads: "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats. Click here to scan your PC for spyware..." I have not clicked on that message due to fear of it actually making things worse. I have also noticed several other unusual things that I suspect may be related to a virus. One, there is now a shortcut link on the desktop for "Internet Security Suite", which I do not know what it is, nor did I intentionally download it. Secondly, there are two other programs that appear when I select "Start" and "All Programs" that I am not familiar with - "Internet Speed Monitor" and "Outerinfo". Finally, when using the internet typically with Mozilla Firefox, I frequently am bombarded with random pop-ups as well as dialog boxes in the lower right corner of the screen that typically say there is a spyware threat and to click on the box to fix the issue. I have never clicked on any of those boxes. I read the Preparation Guide For Use Before Posting about your ... Read more

A:Infected With Malware/spyware, Possibly Virtumonde

Hello there Mike and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download Combofix to your Desktop.Double click combofix.exeFollow the prompts that are displayed. Don't click on the window while the fix is running, because that will cause your system to hang.When finished, it should produce a log, combofix.txt. Post that in your next reply with a fresh HijackThis log.Thanks,Charles

Read other 18 answers
RELEVANCY SCORE 60

I just started looking at this Toshiba Satellite P25-S5093 because the owner said that they couldn't access the task manager. I was in administrator and it said it was disabled by the administrator so I eventually fixed the task manager issue by typing a long command in run but also read somewhere that a lot of malware programs like to disable the task manager so here I am. I downloaded HijackThis and got a log file. Just figured I would post on here to see if anyone could tell me just from the log file, if anything is suspicious. I haven't noticed any other problems yet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:35 PM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program File... Read more

A:Solved: Laptop Possibly Infected with Malware

Read other 11 answers
RELEVANCY SCORE 60

I followed a link that I received in a message on Facebook and it gave me a trojan. I used Spyware Doctor to detect it and it found Trojan.Popuper and a few other things. I am not registered for Spyware Doctor though and don't want to buy it, so I am unable to delete it from my computer.

I would really appreciate any help. Here are the logs:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Ryan Renz at 2008-10-28 13:04:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (63%) free of 72 GB
Total RAM: 1014 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:23 PM, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\C... Read more

A:Possibly infected by Trojan.Popuper and other malware

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

If you're not receiving help elsewhere and still require assistance for this issue, please follow the process outlined here for running GMER:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 60

I have a computer under my care that is acting strangely. The problem manifests itself in iexplorer.exe . The program is eating up TONS of memory sometime 80k, and shows up twice in the task manager when it is only running one instance of the program. It's IE8. I've run spybot search and destroy, AVG virus scan, and the Malicious Software removal tool, to no avail. i'm running Windows Xp professional Version 2002 SP 3. Confession: I did run combo-fix and it repaired an infection at C:\windows\system32\kernal32.dll .
____________________________________________________________________

Read other answers
RELEVANCY SCORE 60

Hi!
This is the first time I've actually posted anything on this site, I've used it before to help me remove a rogue security malware off of my laptop, and it worked very well, So I am hopeful this community may be able to help me with my problem on my new computer.
I've had it for a couple of months, and nothing major had happened to it in the way of malicious software, until a few days ago.
I was hit by a pretty bad google redirect agent, effectively removing my ability to use search engines- I looked at all of the usual places where redirect stuff came from- checked the hosts file in drivers of system 32, I scanned my system with Avast! and Malwarebytes- and nothing.
I also have a much bigger problem, but I will get to that after I tell you what avast keeps doing.
So, in response to being hit by whatever this could be, I tried to buy a renewal to Mcafee, only to find they didn't take debit cards, so I looked online for a new solution, I chose avast, and bought a year subscription to their most advanced suite. Ever few minutes, I'm hit with a threat detected alert, saying that the threat was moved to my virus chest, but a couple minutes later, same thing happens, exact same file name that was removed. The file is
C/Windows/Installer/{e4d3cf76... (It goes on for a while)

I figure this has to be some kind of virus or something that can't be easily removed, I mean, I don't even have an installer file in the windows file.

Avast sa... Read more

A:Possibly Infected with unknown virus/malware

This infection will require elevated help.Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 3 answers
RELEVANCY SCORE 60

My computer was infected with malware, leading to all kinds of different problems. For example, internet explorer pop-up ads will open (lots) even when I am not running Internet explorer. I have mostly avoided this problem by using a fresh download of Flock, but other various problems still crop up, and my computer runs oddly/slowly. I also keep getting an error message about a .dll file that can't be found (will write down exact message next time it occurs).

I have removed some files through these programs: Symantec Antivirus, Spybot Search and Destroy, and Malwarebytes' Anti Malware. However, problems persist, and I would like to find the root cause and remove it once and for all. I have also installed and run RegCure.

I appreciate any help you can offer! Thank you.

Here is my DDS log:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Lucifernomi at 19:31:44.04 on Mon 03/30/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.430 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spool... Read more

A:Infected with Trojan Vundo, possibly other malware

Hi slykitten,The following is referring to RegCure. Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:[*]Registry tools can cause irreparable damage to your Operating System[*]Registry tools can, as a result of the above, render your pc to be inoperable.I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint Please update and run Malwarebytes' Anti-MalwareOnce the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in M... Read more

Read other 2 answers
RELEVANCY SCORE 60

One of my email accounts spammed all my contacts. I'm thinking the account itself was compromised, vice my local computer, but I just want to make certain. Thanks!
DDS (Ver_09-05-14.01) - NTFSx86
Run by jodi at 5:48:48.50 on Fri 05/29/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3070.1609 [GMT -4:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files ... Read more

A:Possibly Infected by Unknown Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 60

Hi, I'm using Windows XP on a 2006 Dell Inspiron I6400 laptop. This morning when I turned off my laptop, it was lagging a bit, and then an End Program prompt came up for a program called "Foster Parent" which I had never seen before. I did a search online about this program, and I could not find much information about this program. I use avast 4.8 home edition free antivirus. My DDS.txt log is posted below. When I run rootrepeal however, A gray box comes up that says the program is initializing, and then my entire computer freezes. I have tried this twice already with the same result both times. Any help and advice would be appreciated. Thanks.DDS (Ver_09-12-01.01) - NTFSx86 Run by Zhang at 12:27:42.06 on Mon 01/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1257.372.1033.18.1014.345 [GMT -5:00]AV: avast! antivirus 4.8.1351 [VPS 100111-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUp... Read more

A:Infected with Foster Parent and possibly other Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 22 answers
RELEVANCY SCORE 60

Thanks in advance for your help... I think this 'puter is close to being "clean."
DDS (Version 1.1.0) - NTFSx86
Run by Brennan McCabe at 13:14:49.11 on Tue 01/06/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.90 [GMT -5:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
SVCHOST.EXE
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS�... Read more

A:Infected with Trojan JNV4_MIB.sys, possibly other malware

My name is BHowett and I will be helping you to get sorted. If for any reason you do not understand any of the instructions, or are just unsure then please do not guess , simply post back with your question, and we will go through it again. This seems like a tech issue and not a malware problem, but lets take a look and see what we find.Sorry for the delay, please do the following...ComboFix Please ownload ComboFix from Here or Here* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License A... Read more

Read other 7 answers
RELEVANCY SCORE 60

Hello,My machine appears to be infected with Anti Malware Doctor as well as other unknown (to me) malware. I have run several scans with programs like Malwarebytes and Spybot (both of which find problems each time I run them) but the infection on my machine always reappears, even after I clean the problems found by the scans. I have done everything I can based on my relatively limited knowledge of the inner workings of windows XP. Can anyone please help me remove the malware on my machine?Please find my DDS copied below and my Attach and Ark logs attached.Regards,MattDDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt and Kristan at 18:24:41.68 on 03/05/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.280 [GMT -6:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUScheduler... Read more

A:Infected with Anti Malware Doctor (and possibly more)

Hello, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Now please Empty Teatimer Cache. Your can do this by doing the following:Download ResetTeaTimer.exe to your desktop.Doubleclick ResetTeaTimer.exe and let it run.2.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted ... Read more

Read other 14 answers
RELEVANCY SCORE 59.6

I joined this forum a couple minutes ago because I have a serious problem with my computer. And please, if you want to explain how to fix this problem do it so that I can understand . I am not very experienced with computers. All I know is some basic stuff like how to run games, installing stuff, uninstalling stuff, and stuff like that.

Anyway, I have been getting this error for a couple days now. Here is what the error looks like: http://img62.imageshack.us/img62/8035/46618280.png

Sorry about how the image looks, my image taking device is pretty bad. Anyway, in the top corner, it says something about Maplestory.exe, but the error just comes up whenever I open or close ANY program.

I tried system restoring my computer to a day before, but that didn't do anything either. All I remember about how I got the virus is that I was on google images looking for pictures of Puyol (the Spanish football player) then suddenly a Java screen opens up and Avira detects a virus called JAVA/Clagent.H

The file was located in C:\Users\Navid Farhadi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\776587d7-4267876b

I also scanned my computer with Malwarebytes, Registry Booster, Security 360, and Systemcare Free so that didn't do anything either. Also, the system restore didn't change anything.

Could anyone walk me through how I can fix the problem in a nice and easy way? Thank you guys very much for your time

/Navid

A:Is my computer infected with Malware? Or is this just an error?

That's an application error, not a virus notification.

For issues running that executable, try the support website for it: MapleStory - A Free Massively Multiplayer Online Role-playing Game

Read other 9 answers
RELEVANCY SCORE 59.2

Hello,

A few weeks ago I posted about a possible infection from malware. Here is the link:

http://www.bleepingcomputer.com/forums/topic424170.html/page__p__2447293__fromsearch__1#entry2447293

I apologize that I did not reply, but after that time, I think (emphasis on think) I have removed the malware. However, my web searches misdirect me to other websites. So I think that I am still infected with something, possibly from the fake program I installed while trying to remove the malware.

As per the instructions I have included the DDS and GMER reports with this post. I do have recovery discs, unfortunately I believe these are just for the Windows Xp program, and not the school software that my school had installed for me. Since I have graduated, I would lose these programs if I were to do a simple Windows Xp reinstall.

Again I thank you for the assistance.

A:Infected possibly with malware, virus, trojan, and spyware

Hi,Please do the following:Download ComboFix from one of the following locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\C... Read more

Read other 66 answers
RELEVANCY SCORE 59.2

Hi, recently my Gmail account sent out the following email to everyone in my contacts list.***************Dear friend:i would like to introduce a good company who trades mainly in electornic products.Now the company is under sales promotion,all the products are sold nearly at its cost.Original Products + Best Quality + Brand New + Warranty + Quick Shipping + 100% Secure . the price is a surprising happiness to you! It is realy a good chance for shopping, please contact them as soon as possible!!!!The web address: <hxxp://www.electronics-brand.com>**************I am concerned that my computer might be infected or hijacked (I have changed all the passwords, etc. on that account but am not sure if the computer itself is infected. As you can probably tell, I am not very informed about these things and got here via several other links on this topic...apologies if it's not the appropriate place to post it!).Here's the DDS log.I'd really appreciate any information or advice you could offer. Thank you!DDS (Ver_09-05-14.01) - NTFSx86Run by Dr. Josh at 17:32:56.44 on Sat 05/16/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.3545.1744 [GMT -5:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *enabled* (Updated) {... Read more

A:possibly infected with malware, has hijacked my gmail account

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers