Over 1 million tech questions and answers.

Virus Alert And System Alert: Popups Warnings

Q: Virus Alert And System Alert: Popups Warnings

Recently on my computer I have had these warnings pop up. One is a flashing triangle with an exclamation point in it and it says "System Alert: Popups - Your computer is infected with spyware managing pop-up malware (OHPE ver 4.12_23). Click the icon to learn more on what you can do about pop-up windows and other unwanted software." and then there is another icon that is a flashing red warning circle that turns into a green arrow. It opens up the SpyFalcon website. My HJT log has been moved to the HJT Forum.

I hope someone can help me.
Thanks.

RELEVANCY SCORE 200
Preferred Solution: Virus Alert And System Alert: Popups Warnings

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Virus Alert And System Alert: Popups Warnings

Read Grinler's SpyFalcon removal instructions at:http://www.bleepingcomputer.com/forums/ind...yFalcon+RemovalAlso,post your HJT log in the HJT forum NOT anywhere else.

Read other 3 answers
RELEVANCY SCORE 92

One lapse of judgement and I'm out of action for the weekend...
Anyway, I've run Avast and removed a number of viruses it found, but I still have these annoying popups, etc.
Log:

reLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:49: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technol... Read more

A:Time changed to 24h and reads "VIRUS ALERT!" also various "Security Alert" popups

Apologies for the double-post. I could not see an edit function.
I've cleaned out a couple of nasties with Adaware, although i've not seen much change - still getting the same "VIRUS ALERT!" and popups. Still, I thought it best to update the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37: VIRUS ALERT!, on 12/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avast\Avast4\aswUpdSv.exe
C:\Program Files\Avast\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Avast\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE... Read more

Read other 9 answers
RELEVANCY SCORE 90

Logfile of HijackThis v1.99.1Scan saved at 5:23:51 PM, on 6/13/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dcomcfg.exeC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\atiptaxx.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Compaq\EAB\EabServr.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEC:\Program Files\Logitech\ImageStudio\LogiTray.exeC:\Program Files\Java\jre1.5.0_02\bin\jusched.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Winamp\winampa.exeC:\WINDOWS\system32\5baa5239.exeC:\Program Files\Messenger\msmsgs.exeC:\WINDO... Read more

A:'system Alert: Popups' Problem & Casino/porn Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 6 answers
RELEVANCY SCORE 89.6

Please help! I have been trying to fix this all morning and it's driving me to the point of tears. I have a little yellow triangle with an exclamation point by my clock that keeps popping up spyware notices, and pages in IE for spyware removal. How can I fix this?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:39, on 2007-11-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\DiskeeperServer\DKService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Roxio\Easy CD ... Read more

A:"Security alert" warnings and popups - HJT log

I did the combofix thing, here's the log for that if needed.

ComboFix 07-11-08.3 - Owner 2007-11-10 11:00:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.416 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\GoogleToolbarInstaller.exe
C:\Program Files\ie_ja.exe
C:\Program Files\ie3lpkja.exe
C:\Program Files\iTunesSetup.exe
C:\Program Files\mygraph.svgz
C:\Program Files\SAV80-Unmanaged.exe
C:\Program Files\spybotsd12.exe
C:\Program Files\wbsamp.exe
C:\WINDOWS\SYSTEM32\ajhxavjk.exe
C:\WINDOWS\SYSTEM32\asdhnjfl.exe
C:\WINDOWS\SYSTEM32\bgyavnoc.exe
C:\WINDOWS\SYSTEM32\btmidibd.dll
C:\WINDOWS\SYSTEM32\dcwajtci.exe
C:\WINDOWS\SYSTEM32\dyhxkwkn.exe
C:\WINDOWS\SYSTEM32\fyhuhuhq.dll
C:\WINDOWS\SYSTEM32\gluwmxpg.exe
C:\WINDOWS\SYSTEM32\gtucjkum.exe
C:\WINDOWS\SYSTEM32\ilehugmj.exe
C:\WINDOWS\SYSTEM32\irudkafx.exe
C:\WINDOWS\SYSTEM32\jciyrlkp.exe
C:\WINDOWS\SYSTEM32\keknakia.exe
C:\WINDOWS\SYSTEM32\muwoxruc.exe
C:\WINDOWS\SYSTEM32\nauqclgm.exe
C:\WINDOWS\SYSTEM32\pojcvwul.dll
C:\WINDOWS\SYSTEM32\qqjvxege.exe
C:\WINDOWS\SYSTEM32\sqylrhfr.exe
C:\WINDOWS\SYSTEM32\strpxwkq.dll
C:\WINDOWS\SYSTEM32\uevhuxwy.dll
C:\WINDOWS\SYSTEM32\uwwjjtdf.exe
C:\WINDOWS\SYSTEM32\wdopivrx.exe
C:\WINDOWS\SYSTEM32\xltouezy.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))... Read more

Read other 1 answers
RELEVANCY SCORE 88.4

I keep getting this flashing yellow harrard icon in my taskbar saying System Alert Popups. Your computer is infected with spyware......Here is my hijackthis log.THANKS!____________________________________________________________________________________Logfile of HijackThis v1.99.1Scan saved at 1:25:15 PM, on 6/12/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Stardock\SDMCP.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\dcomcfg.exeC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\mHotkey.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files ... Read more

A:System Alert: Popups

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/pa... Read more

Read other 8 answers
RELEVANCY SCORE 88.4

When I click on the internet browser my homepage is directed to an internet security page which tells me I have to download spyware. A warning box appear and says infected with virus [email protected] I would really appreciate any help to remove this annoying page.
 

A:system alert popups

Hi, Welcome to TSG!!
Click here to download HJTsetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 1 answers
RELEVANCY SCORE 88.4

I keep getting this flashing yellow harrard icon in my taskbar saying System Alert Popups. Your computer is infected with spyware......

Here is my hijackthis log.


THANKS!

____________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 1:25:15 PM, on 6/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\ac5a12a5.exe
C:\WINDOWS\system32\8f9732ee.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program... Read more

A:System Alert: Popups

Hi and welcome to TSF!

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Read other 3 answers
RELEVANCY SCORE 88.4

i just recently got rid of the spy falcon spyware thanks to this site but now im receiving alerts from my task bar sayin

"your computer is infected with spyware managing pop-up advertisements (OHPE ver4.12_23) click the icon to learn more on what you can do about popup windows and other unwanted software"

now i was able to get rid of spy falcon with out purchasing an anti spyware there was a step by step guide to get rid of it on a forum on this site i did however have to install some programs to help with the removal but they were free does any one know how to get rid of this in a similar way your help is already appreciated

A:System Alert: Popups

What you are experiencing is typical of smitfraud infections. Smitfraud is responsible for changing the Windows Desktop and using bogus security warnings in an attempt to trick users into purchasing one of several fake antispyware program. SpyFalcon is associated with smitfraud. Sounds like you did not remove all of it or you are reinfected again with SpyFalcon or another variant.I suggest you read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have not been replied as this makes it easier for them to identify those who have not been helped.

Read other 1 answers
RELEVANCY SCORE 88.4

Hi, i've just come home and i have started to get lots on pop-up balloons saying System Alert: Malwear threats and System alert: [email protected]
I've also had an anti-virus search bar added to my internet explorer toolbar.

Heres my HijackThis report, could somebody please help me remove these?

Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:01, on 20/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WebMediaViewer... Read more

Read other answers
RELEVANCY SCORE 87.2

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

A:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

Read other 4 answers
RELEVANCY SCORE 87.2

I've been getting the following balloon messages on my taskbar:

pic link 1

pic link 2

Along with these many balloon messages, I've been getting random pop-ups for spyware & virus programs, as well as the occasional other site. I ran Spybot, Spyware Terminator, Ad-Aware, and AVG Anti-Spyware 7.5.

After reading through the forums, I also ran them all in safe mode, and ran SDFix in safe mode as well.

I don't seem to be getting the pop-ups anymore, but the shield on my taskbar (in pic 1) is still there and the balloon message still comes up every few minutes.

This is my latest HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:43:19 PM, on 9/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsv... Read more

A:Solved: System Alert & Security Alert Spyware

Read other 9 answers
RELEVANCY SCORE 87.2

This is a hijackthis log I wanted advice on b4 I got ahead of myself with deletions.

A:Regfixit.com System Alert Popups

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. NOTE: Please do not attach the reports, instead post them back into your topic.Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download i... Read more

Read other 2 answers
RELEVANCY SCORE 87.2

I have a yellow caution sign that shows up in my system tray with the following text:

"System Alert: Popups
Your computer is infected with spyware managing pop-up advertisements (OHPE ver 4.12_23). Click the icon to learn more on waht you can do about pop-up windows and other unwanted software."

I have run Ad-Aware, Spybot, Spywareblaster, Ewido Security Suite, CleanUp!, and my Norton AV 2004 professional. All updated versions, nothing is working. Any help would be appreciated.


Logfile of HijackThis v1.99.1
Scan saved at 6:41:22 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
K:\WINDOWS\System32\smss.exe
K:\WINDOWS\system32\winlogon.exe
K:\WINDOWS\system32\services.exe
K:\WINDOWS\system32\lsass.exe
K:\WINDOWS\system32\Ati2evxx.exe
K:\WINDOWS\system32\svchost.exe
K:\WINDOWS\System32\svchost.exe
K:\WINDOWS\system32\spoolsv.exe
K:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
K:\hjt\security suite\ewidoctrl.exe
K:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
K:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
K:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
K:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
K:\WINDOWS\System32\tcpsvcs.exe
K:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
K:\WINDOWS\System32\svchost.exe
K:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
K:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
K... Read more

A:HijackThis log: System Alert popups

Hello ElGenio and welcome to TSF

I reccommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads
smitRem.exe - Run it and extract it to it's own folder on the Desktop.

You will need to update Ewido to the latest definition files.On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Ad-aware SE Personal-Install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Follow the directions on this page to customize the scan settings. Do not run it yet.

Next, please reboot your computer in SafeMode by doing the following:Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Tools
Open Ad-aware, run a scan and clean everything it finds

Run Ewido with it's updated definitions:(...it's important tha... Read more

Read other 4 answers
RELEVANCY SCORE 87.2

My co-workers laptop keeps getting popups that the system has detected a number of active spyware applications that may impact the performance of your computer. Click the icon to get rid of unwanted spyware by downloading an up to date anti spyware solution

Logfile of HijackThis v1.99.1
Scan saved at 11:19:42, on 7/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Dell\NICCONFIG... Read more

A:Solved: System Alert Popups

Read other 9 answers
RELEVANCY SCORE 87.2

here is my hijackthis report...this is an annoying trojanLogfile of HijackThis v1.99.1Scan saved at 4:02:42 PM, on 6/23/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\atmclk.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Creative\Shared Files\Module Loader\DLLML.exeC:\WINDOWS\CTHELPER.EXEC:\WINDOWS\system32\CTXFIHLP.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Logitech\G-series Software\LGDCore.exeC:\Program Files\Logitech\G-series Software&#... Read more

A:System Alert: Popups (trojan)

Hello and welcome to BC. Download SmitfraudFix (by S!Ri) to your Desktop. http://siri.urz.free.fr/Fix/SmitfraudFix.zip Extract all the files to your Destop. Click here to see how. A folder named SmitfraudFix will be created on your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post the rapport.txt and a fresh HijackThis log. IMPORTANT: Do NOT run any other options until you are asked to do so!

Read other 1 answers
RELEVANCY SCORE 87.2

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Fi... Read more

A:Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 29 answers
RELEVANCY SCORE 86.4

There is a system tray alert (yellow triangle with an ! in the middle) flashing, stating there are different malware threats, viruses, worms, etc. Also, it will constantly bring up various websites every 2 minutes while connected to the internet.

The HiJackThis log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:21 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm... Read more

Read other answers
RELEVANCY SCORE 86.4

Security Alert. Virus Alert! Application can't be started
I am screwed...my kids got this virus on my work laptop.
It just keeps popping up
Windows Security Alert
Attention Spyware alert.

Can anyone help please get rid of this virus..
Thanks,
Stephen

A:Security Alert. Virus Alert! Application can't be started

Hello.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install th... Read more

Read other 1 answers
RELEVANCY SCORE 86

Good afternoon.

I have an issue with my computer (obviously). My clock is now showing up with VIRUS ALERT! beside it. My homepage has also been hijacked to hxxp://pc-antispypro.com/?wmid=6010&mid=MjI6Mjo4OQ==&lndid=2

Please let me know if there is anything you can do to help me out, I have run a number of antispyware scans and have run my Norton a number of times and haven't been able to get rid of this so far, so I figured it was time to try to get some help before I spend many more hours and getting no where on my own.

This is the first time I've had to ask for assistance on this sort of issue, so please let me know if you require any further information.

A big thank you in advance for any assistance you can provide.

Here is the log file from RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by agordon at 2008-10-28 15:51:49
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (29%) free of 74 GB
Total RAM: 1014 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:51:55, on 10/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Pr... Read more

A:Virus Alert beside clock / popups

Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Place combofix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
Double click on combofix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted remov... Read more

Read other 11 answers
RELEVANCY SCORE 85.6

a coworkers laptop download error cleaner and now gets all these popups every 30 seconds that say system alert or critical system warning, she has a flashing red x

thanks
any help would be appreciated Hijack this attached


Logfile of HijackThis v1.99.1
Scan saved at 12:53:12 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe... Read more

A:Solved: system alert/critical system warning popups

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter". A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Warning: Do not run Option #2 until you are instructed to do so. Running option #2 on a non infected computer will remove your Desktop background.
 

Read other 3 answers
RELEVANCY SCORE 85.6

Hello,These are my 2 logs:Deckard's System Scanner v20071014.68Run by Admin on 2008-05-21 04:10:46Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --6: 2008-05-21 01:11:02 UTC - RP304 - Deckard's System Scanner Restore Point5: 2008-05-19 18:11:53 UTC - RP303 - Before uninstall Windows Internet Explorer 74: 2008-05-19 17:10:32 UTC - RP302 - Installed Kaspersky Anti-Virus 7.0.3: 2008-05-19 16:03:01 UTC - RP301 - Removed Bonjour2: 2008-05-19 16:02:21 UTC - RP300 - Before uninstall Bonjour-- First Restore Point -- 1: 2008-05-19 15:08:16 UTC - RP299 - Last known good configurationBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-05-21 04:33:12Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\W... Read more

A:3 Popups: "spyware Alert" + "system Error!" + I Forgot?!

welcome to Bleepingcomputer.com forumsMy name is Dan, and I will be helping you to remove any infection(s) that you may have.Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.Please observe these rules while we work:Perform all actions in the order given. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic.Stick with it till you're given the all clear. REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.If you can do these things, everything should go smoothly.Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I'm presently looking over your log and hope not to be too long. Will be back with you as soon as I can.Thanks dan

Read other 54 answers
RELEVANCY SCORE 85.6

I need some help. my homepage has permanently changed. and system alerts keep popping up. and i can't get rid of the viruses. I am also receiving many popups that are asking me to download their antivirus product and do a quick scan. i have already bought some and they still won't go away! PLEASE HELP! thanks... I also have ultimate defender and spy shredder issues. they won't go away either!
 

A:system alert message won't go away along with infinite spyware popups.

Read other 11 answers
RELEVANCY SCORE 85.6

I keep getting things like "scprot4.exe" is trying to access your internet. It's always a different program each time. I've been blocking them but I know they're not good. Also I'll keep getting popups in my task bar about running system scans etc. I had to go into safe mode to delete it but I'm still getting messages like that. Here is a copy of my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:26:24 PM, on 11/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEc:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate ... Read more

A:System Alert Popups And Programs Trying To Access My Internet

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.It is a good idea to print off these instructions. There is a possibility some of the instructions will need to be carried out where internet access is not available. It is important that you complete the instructions in the right order, and that you don't miss out any steps.Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktopR1 - HK... Read more

Read other 3 answers
RELEVANCY SCORE 85.2

I'm a new member and this is my first post. My problem is that I am being repeatedly hit by the Trojan.sink virus. Whenever I start the computer I get several popup Virus Alert! windows in succession telling me that NAV has detected the Trojan.sink virus and the Download.trojan virus and has deleted the files bbb.exe and winfavorites.exe. This goes on intermittently whenever I'm on the computer. I followed the instructions recommended by the Symantec Security Response website for clearing these viruses, but the NAV virus scan failed to find any infected files. I then removed all adware programs on my computer (these were associated with Kazaa), but to no avail. I read somewhere that the Trojan.sinkin virus was transmitted through AOL Instant Messenger, so I turned off AIM using the MSconfig start panel. No effect. I then found this web site and read another thread on Trojan.sinkin that recommended downloading and running spybot and Adware 6. These removed a bunch of files, including quite a few in a directory called CommonName that I had been suspicious about, but had been unable to remove the traditional way because it was in use by the system. I rebooted the system, and ... guess what? These files reappeared, and the virus popups kept on coming. Another recommendation made in the other Trojan.sinkin thread (Nunesfam 11-23-2003) was to use the add/remove programs control panel to remove the WIN32 BI Application. Well I couldn't find that application listed. So... Read more

A:Trojan.sinkin virus alert popups

Read other 12 answers
RELEVANCY SCORE 85.2

including [email protected]...

need help getting rid of these, this is my hijack this log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:57, on 24/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOW... Read more

A:security toolbar 7.1 and other virus alert popups

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
 

Read other 1 answers
RELEVANCY SCORE 83.6

Hi guys,

I stupidly fell into a trap of downloading what looked like a Flash update but was in fact a package of a whole heap of nasties! The first noticable symptom is "Virus Alert!" appearing in the Task Bar by the Date/Time. This phrase seems to pop up alongside ANY System DateTime being displayed. Also I think my desktop has been hijacked as it changes colour and turns white. A load of restrictions have been put on any account I log into, can't run Task Manager, open Explorer, many Start menu items have been removed. On top of this there are a load of Fake Windows Alerts popping up telling me I need to download Anti Virus software, which then link to some dodgy website. Ran AdAware but it didn't help and ran my McAfee On-Demand scan, which also hasn't found much (just a few trojan files which were deleted but reappear on reboot).

I have attached my HijackThis log, if someone could show me which items can be fixed and address any of the other issues I'd be eternally grateful!

Thanks,
Neil
 

A:"Virus Alert!" in Task Bar + fake warnings

Not sure if my attachment worked so pasting the log in plain view for easier access for you.

Cheers,
Neil

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13: VIRUS ALERT!, on 28/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fortinet\FortiClient\scheduler.exe
C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
C:\Program Files\Fortinet\FortiClient\fortifw.exe
C:\Program Files\Fortinet\FortiClient\FCMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BMC Software\AppSight\Bin\RI_svc.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Rational\ClearCase\bin\cccredmgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Rational\ClearCase\bin\lockmgr.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Pro... Read more

Read other 1 answers
RELEVANCY SCORE 82.4

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:33:23.80 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://newsletters.fool.com/04/index.aspx?source=imysltlnk750252
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5... Read more

A:IE hijacked with porn sites; antivirus system pro alert keeps popping up; windows security alert keeps popping up

Hello pdmuhalk,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 82.4

Hello I have two small icons in my bottom right bar called system and security alert. They have pop ups that come up every 10 minutes or so. When I go to delete them from add/remove it doesnt do anything. I'm hoping you can help fix this.

-Wolfha

A:System Alert And Security Alert

Use this link to get HijackThis.Save it to your desktop and then double-click to run it.It will install the program in c:\program files\HijackThis.Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.Now post your HijackThis log into this topic.

Read other 1 answers
RELEVANCY SCORE 82.4

OK, this can't be good. My desktop has changed. When I start up the computer, instead of my usual desktop, I get the following screenMost of my usual icons are gone and I'm sure there are some new ones there. The time is now in 24 hour time and it says virus alert next to the clock. When I click start, I have not got the option to run any program other than my most recently used ones and I can't access my computer to find the programs manually. So I can't run Spybot or Adaware. I could click on my antivirus in the toolbar and so as I type this I have it doing a full system scan (so far it has quarantined 2 files - Win32/Vmalum.EFYA and Win3/Clspring.HS)When I open Mozilla I am taken to other pages and not my home page (although that remains in options) I keep getting various virus and spyware pop ups and I am really confused as to which of these are real and what are just part of the problem.this is onePlus IE keeps opening itself up at various sites about spyware, telling me to click here to fix the problem, but if I open it up myself I get the following: (the pop up is another one that keeps comingAnother pop upI hope someone here might be able to point me in the right direction as to how to solve this problem.Norma

A:Spyware Alert And Other Warnings

The system scan is now complete and in addition to the two that were quarantined Win32/FakeAlert.Cb was also found and deleted.

Read other 31 answers
RELEVANCY SCORE 82

Hello all! Im a pc dummy, but I am smart enough to know when something is wrong with my pc. I have McAfee Internet Security 09 installed on my HP Laptop.

Prior to 09 I was running a generic Virus protection program that was outdated. Before I scanned with McAfee, all seemed well on my laptop, but after my first

viruscan was completed. It brought back about 30 detections, all but a few were quarantined or deleted. One file that just keeps reappearing along with several

other files with similar names is VUNDO. I mean this thing wont go away. I have scanned my system with McAfee at least 4 times, but certain files keep

reappearing and since my intitial scan my desktop is now black with a flashing warning sign, saying dangerous spyware found, my task manager is disabled

except for the admin account, when I try to go to sites about removing spyware, malware, etc.. My browser rederects me to stuff I wasnt even searching for.

And to make matters worse McAfee's real time scanning has been disabled along with systemguards, and spyware detection and removal. The only thing up is

my firewall. Everytime I try to fix the issue I get an error saying that I cant fix it. As of late a red circle with an "X"(white) in the middle has appeared in my

task

bar and constantly tells me I need to clean my system with spycleaner tool??? Im dumb, but that just doesnt sound right. Example of files that keep re

appearing are as follows: BB021908.exe (refpron.gen tro... Read more

A:Vundo / frmwrk32.exe Infection, system tray alert, persistent browser popups/ Moved

Hello WINDOWS_PC DUMMY and welcome to BC

As no logs are posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum. PLEASE DO NOT NOW POST LOGS unless someone asks to to, and then only post the ones they request.

Please tell us what your operating system is: Windows XP, Vista, etc.

Orange Blossom

Read other 7 answers
RELEVANCY SCORE 82

Hello and thank you for your time and patience!Some messages etcInternet Explorer warning popup. Infected by [email protected] alert Popups: computer infected with spyware managing popup ads OPHE ver 4.12_23'Critical System error'Popup blocker must be disabled showing 0 Homepage has been taken over by securitysite.com. Default homepage was yahoo.co.uk. Bad imitated page setup when type address. cannot change default page back. Use: Windows XP and Internet explorer 6.0. Has been infected from adult sites. A few popups appearing adult and gamblingNo system changes.Did not previously have a firewall apart from windows one.tried installing AVE. Says not infected but wont update to latest version.the following won't work: Windows defender, Spybot is pushed down to bottom of screen. Housecall and Panda won't download. Ad Aware works wellNot able to enable topic reply notification by default, but I can access other PCs to pick up emails in the normal way.Bit Defender resultsdetected problemsprogram files\Internet explorer\iexplorer.exeinfectedW.YL:trojansame as above - disinfection failedsame as above - deletedC:system volume Information\_restore{B943B23-EE1D-4020-8AAB infected with trojan
same as above - disinfection failed
same as above - deleted

C:\windows\system 32\mousebut.exe infected with trojan
same as above - disinfection failed
same as above- deleted

C:\windows\system32\win32US.ex... Read more

A:Have System Alert: 'popups Computer Infected With Spyware Managing Popup Ads Ophe Ver 4.12_23

Your AVG is out of dateAVG 7 - http://free.grisoft.com/freeweb.php/doc/2/===============You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows... Read more

Read other 1 answers
RELEVANCY SCORE 81.6

win32.netsky spyware alert warning. home page pirated by ucleaner.com. red walpaper has taken over desktop with " Your Privacy Is In Danger!" posted. constant pop ups from providers offering to scan and remove viruses. no malware/spyware/adware found in step one. no apparent performance issues. no other evidence of win32.netsky other than unsolicited programs telling me its a threat.

Deckard's System Scanner v20071014.68
Run by jeana baybo on 2007-12-18 15:22:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-18 15:22:34
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Goog... Read more

A:win32.netsky alert warnings

Hello sail123, and welcome to TSF.

My apologies for the delay; we're all volunteers, and we've been swamped.
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
-screen317

Read other 9 answers
RELEVANCY SCORE 80

HelloI keep getting this Virus Alert! popup saying my computer is infected and if I click on it, it takes me to this site //www.spywarequake.com/?aff=247 which says I need to download the program in order to get rid of it. and then another popup that takes me to //antivirusgolden.com/?aid=1338the programs I used were Spybot S&D, AdAware, CWShredder, Zone Alarm and a few others, as of yet nothing has helped.here is my Highjack this logfile.Any Help would be much appreciated. Thank YouLogfile of HijackThis v1.99.1Scan saved at 01:05:39, on 04.06.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exeC:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exeC:\Programme\Norton AntiVirus\navapsvc.exeC:\Programme\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\Programme\Gemeinsame Dateien ... Read more

A:Virus And System Alert

Cant find my Bifocals! Please leave the standard text size in tact when replying.Logfile of HijackThis v1.99.1Scan saved at 01:05:39, on 04.06.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exeC:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exeC:\Programme\Norton AntiVirus\navapsvc.exeC:\Programme\Norton AntiVirus\IWP\NPFMntor.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\slserv.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\System32\svchost.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exeC:\Programme\T-DSL SpeedManager\tsmsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\sstray.exeC:\Pro... Read more

Read other 17 answers
RELEVANCY SCORE 80

HelloI keep getting this Virus Alert! popup saying my computer is infected and if I click on it, it takes me to this site spywarequake which says I need to download the program in order to get rid of it. and then another popup that takes me to antivirusgoldenI've tried a few programs to get rid of them, as of yet nothing has helped. Any Help would be much appreciated. Thank You

A:Virus And System Alert

Hi rainydazePlease see this topic:http://www.bleepingcomputer.com/forums/topic41975.html

Read other 6 answers
RELEVANCY SCORE 80

The system alert virus on my computer is the blue question mark icon with a red slash mark blinking located at the bottom right of my monitor. Please need assistance of how to remove it. Logfile of HijackThis v1.99.1Scan saved at 12:59:24 PM, on 03/03/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Video Access ActiveX Object\isamntr.exeC:\Program Files\Video Access ActiveX Object\isamini.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\Program Files\Video Access ActiveX Object\pmsnrr.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\BCMSMMSG.exeC:\Program Files\Video Access ActiveX Object\pmmnt.exeC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\PROGRA~1\McAfee... Read more

A:System Alert Virus

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.How to make a permanent folder:Click Start | My Computer | Local Disk (C: ) | Program Files.In the menu bar at the top, go to File | New | Folder.That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\Program Files\HijackThis. Now get your HijackThis.exe file and place it in your folder.Please download SmitfraudFix (by S!Ri)Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.Now, please reboot your computer into Safe Mode. This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe M... Read more

Read other 4 answers
RELEVANCY SCORE 79.2

HELP! VIRUS ALERT! in system tray!? no longer administrator
Hi I am having a problem with my computer. It happened yesterday. Every now and then I get "Virus Alert!" in system tray as well as white X with a red circled background. Also there are 3 links or programs on my desktop (Error Cleaner, Privacy Protector and Spyware&Protection). However that is only half of it. I initially had my C and D drives missing in My Computer as well as when I go to "Start" the All Programs tab is sometimes missing and most of the icons on the right hand side are gone. As well as the ability to "Run". I have just got a pop-up with the heading Windows Security Alert, which states:

Windows has detected an Internet attack attempt...
Somebody's trying to infect your PC with spyware or harmful viruses. Run full scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Another pop-up saying:
Security Warning!

Worm.Win32.NetBooster detected on your machine. This virus is distributed via the Internet through e-mail and EXE and Active-X objects. The Worm has its own SMTP which means it gathers e-mails from your local computer and re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data.
This process process should be removed from your system.

Type: Virus
System Affected: Windows 2000, NT, ME, XP,... Read more

A:Virus Alert in system tray

To get Expert Help with malware removal:

I recommend that you read this article… ( Simply, click on the links to be re-directed.)

"Having problems with spyware and pop-ups? First steps;
IMPORTANT - Read This Before Posting For Malware Removal Help

Please follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the
HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

Please ensure that you create a new thread in the HiJackThis Log Help Forum;
not back here in this one.

When carrying out The 5 Steps,
IMPORTANT - Read This Before Posting For Malware Removal Help

if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to HiJackThis Log Help Forum.
http://www.techsupportforum.com/secu...this-log-help/

where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Read other 1 answers
RELEVANCY SCORE 79.2

OK... well I just did all that. I just came in after rebooting the computer and once again got the pop up about a virus being detected. I have also had my hompage redirected to ieseucrepage.com. There are also certain sites... such as parts of this page or something like downloads.com, that if I try to go I get redirected to hxxp://iednserror.com I am not getting any system warning messages right now, which I hope means that I just need to reset my homepage and everything is now good to go. Could you please help out if it still doesn't sound good to you. Below is my HiJackThis log:Logfile of HijackThis v1.99.1Scan saved at 4:08:10 PM, on 11/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iVideoCodec\isamonitor.exeC:\Program Files\iVideoCodec\pmsngr.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iVideoCodec\pmmon.exeC:\Program Files\iVideoCodec\isamini.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Nero\data\Xtras\mssysmgr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exeC:\PROGRA~1\Grisoft\AVG... Read more

A:System Alert: [email protected]

Hello there and welcome to Bleeping Computer's security forum.My name is David, I will be helping you with your log today.Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1, and press Enter. A text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.

Read other 12 answers
RELEVANCY SCORE 79.2

To anyone that can help.

I am infected with malware of the Antivirus System Pro Alert malware.

Here is my situation.

Internet seach function is disabled....

Mcafee Scan is disabled

Task Manager is disabled

I am logged in under my client account and am unable to access administrator account.

most of the executable files that are supposed to be present on my computer associated with this malware do not show up when I do a search.

all Commands used when I go to the Start...then Run come back with a message that says...."Application cannot be executed. The file XXXXXXX.exe is infected. Do you want to activate your antivirus software now".

Any suggestions?

Read other answers
RELEVANCY SCORE 79.2

My computer has detected a Trojan horse.Downloader.Zlob.HNX. It's actually listed twice in my virus vault. How do I get rid of it completely? I just wanted to ask before I clicked anything that might do more damage than good. I do have AVG Free Edition and that is what detected the virus. I think it was caused by something that my mother (ugh) accidentally downloaded called DriverCleaner. There is also something listed under my Add/Remove programs section that I have not seen before. It says SystemAlertPopup. Is that something I need or is it something that may harm my computer. It just looks suspicious so I thought I'd ask. Not sure if it is linked to the DriverCleaner/Trojans or what.And I also have Spybot Search and Destory if that helps in any way. I've run it a few times actually and stuff keeps popping up that I've never seen.

A:System Alert Popup/virus(es)

Try using the instructions found here first... Let us know the result or if you have further questionsBC tutorial ..remove Zlob

Read other 1 answers
RELEVANCY SCORE 79.2

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:25:03 PM, on 5/09/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeC:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\WF2K.EXEC:\Program Files\Winamp\winampa... Read more

A:System Alert Possibly A Virus

Hi,FIRST of all....Go to this page.Enter the url of this thread in the first field.Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:C:\WINDOWS\system32\muvdjo.dllSelect it and click ok.Then click the Send File button below.Then, * Open hijackthis, click 'config' (bottom right)Choose the tab 'misc Tools' on top.Choose 'delete a file on reboot'In the field, copy and paste next:C:\WINDOWS\system32\muvdjo.dllClick open.Hijackthis will tell you that this file will be deleted on next reboot and if you want to reboot now. Click Yes/okYour system should reboot now.Post a new HijaackThislog in your next reply.

Read other 8 answers
RELEVANCY SCORE 79.2

Hi I got the "VIRUS ALERT!" near the system time and the time shows in Military time. There were a lot of pop ups. The task manager was disabled. The programs menu in my start menu was missing. I could not even get into the registry editor. I ran the SDFix utility as per some of the other postings on this site. It looks like it cleaned up a lot of stuff. My SDFix log is:
SDFix: Version 1.214
Run by Shaik Shams on Thu 08/07/2008 at 20:05

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :
Restoring Default Security Values
Restoring Default Hosts File

Rebooting
Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\mlJdawWp.dll - Deleted
C:\WINDOWS\ELTB.EXE - Deleted
C:\WINDOWS\SYSTEM32\MONEYSPJ.EXE - Deleted
C:\-45814~1 - Deleted
C:\Error Cleaner.url - Deleted
C:\Privacy Protector.url - Deleted
C:\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\WINDOWS\lnvegaow.exe - Deleted
C:\WINDOWS\tfnslopk.dll - Deleted
C:\WINDOWS\xokvrpwg.dll - Deleted

Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 20:31:59
Win... Read more

Read other answers
RELEVANCY SCORE 79.2

I downloaded and ran the DDS file and the virus blocked the creation of the DDS.txt file but it did allow the Attach.txt to be created. I also downloaded the GMER file and it didn't create a log file either. I did however attach the Attach. zip file and a screen shot of my screen. I hope this helps you help me. This is the third time I have tried to post this trend tonight. The first to times the virus reset my we browser.

Thanks

A:Antivirus System Pro alert Virus

BUMP, please

Read other 2 answers
RELEVANCY SCORE 79.2

Hi, any help anyone can give me is greatly appreciated. I have this virus that changed my system clock to military time, won't let me bring up my computer and has put a VIRUS ALERT! next to the system clock. Again any help would be much appreciated. My hijack this logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 17:32: VIRUS ALERT!, on 9/29/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Comodo\CBOClean\BOCORE.exeC:\WINDOWS\system32\drivers\CDAC11BA.EXEC:\WINDOWS\system32\LxrJD31s.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC... Read more

A:Virus Alert Beside System Clock

Hi John05, Welcome to the forums!My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:Please make an Uninstall List using HiJackThis.To access the Uninstall Manager you would do the following:1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.Lastly, please keep these points in mind:If you have questions, please DON'T hesitate to ask!The instructions I give are specific to your current problem and should not be used on other systems.Please post your replies only to this topic, and please DO NOT start a new thread.Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"I am reviewing your log now, and will be back wi... Read more

Read other 4 answers
RELEVANCY SCORE 79.2

How can I fix this?



DDS (Ver_09-05-14.01) - NTFSx86
Run by Pyves at 15:11:17,89 on 10/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.247.48 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\f1cdd5f76ed427aefd3b2d232a37a44f\update\update.exe
C:\Documents and Settings\Pyves\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart ... Read more

A:VIRUS ALERT! next to System Time.

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 7 answers
RELEVANCY SCORE 79.2

I run combo fix buth the problem is still the same
What can I do?

Her are my combo fix log and my hijack this log

ComboFix 09-05-31.06 - Pyves 02/06/2009 15:44.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.247.56 [GMT 2:00]
Lancé depuis: c:\documents and settings\Pyves\Bureau\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AntiSpyCheck
c:\program files\AntiSpyCheck\uninst.exe
c:\windows\cookies.ini
c:\windows\system32\mcrh.tmp

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-02 au 2009-06-02 ))))))))))))))))))))))))))))))))))))
.

2009-06-02 13:03 . 2009-06-02 13:03 -------- d-----w- c:\documents and settings\Pyves\Application Data\Malwarebytes
2009-06-02 13:03 . 2009-05-26 11:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 13:03 . 2009-06-02 13:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-02 13:03 . 2009-05-26 11:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 13:02 . 2009-06-02 13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 12:55 . 2009-06-02 12:55 -------- d-----w- c:\program files\ESET
2009-06-02 12:15 . 2009-0... Read more

Read other answers
RELEVANCY SCORE 79.2

My browser seems to be hijacked and when on the internet I get unwanted pop ups and when surfing the web random pages open up without me doing anything. To the right of my clock on the bottom right it reads VIRUS ALERT!. Here is my main log from Deckerd Scanner System. Spybot keeps finding "virtumonde.dll virus".


Deckard's System Scanner v20071014.68
Run by HP_Owner on 2008-06-18 13:57:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
107: 2008-06-18 20:58:54 UTC - RP908 - Deckard's System Scanner Restore Point
106: 2008-06-17 15:55:54 UTC - RP907 - Windows Defender Checkpoint
105: 2008-06-17 00:10:45 UTC - RP906 - Last known good configuration
104: 2008-06-17 00:10:34 UTC - RP905 - Installed Adobe Reader 8.1.2
103: 2008-06-17 00:10:34 UTC - RP904 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-17 00:09:49 UTC - RP802 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-18 14:02:17
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: In... Read more

A:Virus Alert in System Tray!

Hi, welcome to tsf!

Please visit this webpage for download links, and instructions for running combofixl:

http://www.bleepingcomputer.com/comb...o-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
__________

You're using an older version of Hijackthis. Please uninstall the older version via control panel > add/remove programs

Please click Here to download HijackThis to your desktop.

Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install.

It will be installed by default here: C:\Program Files\Trend Micro\HijackThis

A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double-click the icon tha... Read more

Read other 9 answers