Over 1 million tech questions and answers.

Belgian Dip Worm Help

Q: Belgian Dip Worm Help

Hello again everybody,
Almost everytime I close my Internet Explorer I get a popup that is from www.belgiandip.com and the title of the page is "ad". After doing some reasearch I found out that it is a worm and that I needed to get it off of my computer. I would have posted my computers processes but I cannot find the program. I have looked at other sites and just can't figure out how to get this thing off of my computer. The only success I saw was with another guy who posted his running processes. Can someone please tell me the program to show those processes and help me with this damn worm!?!

RELEVANCY SCORE 200
Preferred Solution: Belgian Dip Worm Help

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Belgian Dip Worm Help

Read other 11 answers
RELEVANCY SCORE 49.6

ok i finally got my own pc and my rents comp (without me to run adaware etc frequently) has gotten so many pop ups. I just deleted coolsearch but i can't get a tool for belgian dip. here is my hijack this log
o yea i'm new to this whle thign so please bear with my newbie self.
Logfile of HijackThis v1.97.7
Scan saved at 4:28:41 PM, on 6/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\r_server.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\sxoipnon.exe
C:\Program Files\VVSN\VVSN.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\WINDOWS\System32\nbjmonc.exe
C:\Program Files\PrintKey Screen Capture\Printkey.exe
C:\WINDOWS\System32\tdoles.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Im... Read more

A:belgian dip?

Hi Catman, and welcome to TSG..

Don't worry about being a newbie.. everyone was sometime..

Please go here and download, unzip and then open CoolWebShredder. Then click on the Updates button and follow the prompts. Next, run the program by clicking on the Fix-> button.

CWS installs via the byte verifier exploit in M$ JavaVM so just surfing a page with an infected applet can install it with no user participation. So once you’ve run the above, it is vital that you go here, click Scan for updates in the main frame, and download and install all CRITICAL updates recommended.

Then uninstall Spyhunter, if you have the free version.. not worth wasting the HD space.

Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close all browser windows and click the Fix checked button…

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.coolsearch.biz/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F1 - win.ini: run=C:\WINDOWS\System32\services\wmplayer.exe

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O2 - BHO: (no name) - {9C... Read more

Read other 3 answers
RELEVANCY SCORE 49.6

Hey..

Today i had a popup appearing every so often, and the title was belgiandip.com i've ran numerous spy and adware checks and cannot get rid of it does anyone know how?

Thanks
 

A:Belgian Dip

Go to http://majorgeeks.com/download3155.html and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here
in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.
 

Read other 2 answers
RELEVANCY SCORE 49.2

Need a little help getting rid of Belgian dip worm. I've used Ad aware 5.0 (release 5.83), Spybot S&D 1.1, CWShredder 1.57.0. but those were not successful. However, I might not have had all the settings correct on those programs or run everything in the correct order. I want to be sure there are no remaining components. Here is the Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 10:13:03 AM, on 5/8/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\SHORTCUTS\SHORTCUT.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\INTERCOM.EXE
C:\PROGRAM FILES\KEYEXP\KEYEXP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\EYBOARDK.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.ebay.com/halcyon-days...ortorderZ1QQsosortpropertyZ3QQsotimedisplayZ1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
... Read more

A:[Solved] Belgian Dip Help

Read other 10 answers
RELEVANCY SCORE 49.2

Getting belgian dip pop up when I close IE.
Any help would be appreciated.

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\3CODECXL.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ihug.com.au/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 ... Read more

A:Hijack this log. Belgian Dip.

Check and fix this entry in the Scanlog unless you can vouch for it:

O4 - HKLM\..\Run: [3CODECXL] C:\WINDOWS\SYSTEM\3CODECXL.exe

Reboot and send the exe to the recycle bin.
 

Read other 1 answers
RELEVANCY SCORE 47.6

Anyone know why I can source a replacement keyboard and what the part number (FRU) is please? AZERT Belgian backlight W530 keyboard Thanks.

A:W530 Belgian AZERT replacement keyboard

Hi mtissington,Warm Greetings & welcome to Lenovo Community, happy to have you here.
 
By looking at the System Service parts list for W530 - FRU# 04W3069 CS12 B/L KBD BEL CHY also 04W3143 CS12 B/L KBD BEL SRX.
 
I hope the above information helped you.
Please feel free to post in Lenovo Community Forums if you have any further queries!
 
Regards,Prabhansh_______________________________________________Tap that Kudos button if I helped.If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"!

Read other 1 answers
RELEVANCY SCORE 47.6

Hello, When looking for a replacement to switch from a US to an Azerty BE backlit keyboard, 2 different references appear:- NBL KBD,BE,DFN - 01HW247- NBL KBD,BE,CHY - 01ER957 What's the right one or what's the difference? Thank you for helping. 













Solved!

Go to Solution.

A:Several references found for a P51 Azerty Belgian keyboard: which one is the right one?

Two different suppliers of the keyboard.  Darfon (I think) and Chicony.  There may be some differences in exact "feel" or other aspects, but the base functions should be the same.
 
Z.

Read other 1 answers
RELEVANCY SCORE 46.4

Hi,

Hopefuly you guys can understand what i'm writing here in my best englisch, i'm 48 years old and only learn dutch language in my country Belgium (Europe).

The following occurt:

I was searching on a porno site www.uporn.com friday the 6 of july 2012 01:30 u (Brussels time)
suddenly my computer get blockted by the Belgium Cyber Crime unit of the Belgium Police and ask me to pay 100 ? to unblock my computer with the Ukash method
Everything was blockted, even my taskbar, start button and desktop wallpaper and desktop icons dissapear.
I try to make a screenshot but that also didn't work

So i went to my second computer and find out that it was a hacker who takes over my computer.

I went back to my first computer who is infected and restart the computer to get in to save mode with network
i did system recovery and bring the computer back to an urly date (3 days) and restart in normal mode
that gives me the opportunity to get back my computer and download Malwarebytes and run it but nothing was found accept of some crack keys on other drives
so i'm pretty sure the hacker has stil some files or other things in my computer and i like to have them removed of it

I have reed in previous topics here to do nothing with programs that go deep in to my computer without any asking to do so.

My question now is what sould i do next?

My computer is a Medion Windows7 PC, Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Installed memory (RAM): 4,00 GB
System typ... Read more

A:Cyber-Crime-Unit Belgian Police Ukash payment

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 29 answers
RELEVANCY SCORE 36

I have just removed the blackmal worm from my Vaio laptop using Symantec's worm removal tool but can't reinstall / repair Norton AntiVirus as it came with my Vaio system software and I would have to do a complete wipe-and-reinstall of my hard drive to get it back on again. So I downloaded Anti-Vir which verifies that my system is now virus free but it is still running so SLOWLY that I can't do anything. Menus, taskbar, explorer, loading programs, everything takes 5-10 minutes just to pop up or start. Can I undo this damage ostensibly done by the worm without doing a complete system reinstall ?
Only one other dumb thing I did was try to run the Norton Rescue disks using floppies made on another PC running Win 98 - when I booted with floppy 1 it warned that the disks were made for another PC and could do damage to my files but I ignored the message and continued as I was so desperate (rescue disks didn't work anyway as they didn't have currentvirus definitions).
Any suggestions?
 

A:blackmal worm cleanup (kama sumtra worm, killAV.GR)

Hi, Most systems that use the Recovery type of CD also have a way to reinstall individual programs....are you absolutely sure yours does not have a way to reinstall one selected program?

Post the exact model of the PC please and I will check on some things.

Using two active antivirus programs can cause slowness and other performance problems, can you turn off one of the programs from starting when the computer does?

With Norton programs, a reinstall may not take place if it sees another installed antivirus program> when and if a reinstall can take place, you will need to disable Antivir or, uninstall it, to allow the Norton install.

Personally, I think I would just remove Norton using their removal tool> I have seen some systems completely crash though in just about your same situation, and a full recovery was needed. (The kind where you lose all files, and are back to factory settings).
Are there any files you must keep....I'm not talking music, I mean documents or personal files that you cannot replace? If so, I would consider backing them up somehow before you proceed any further. Since you have a laptop, it would be difficult to take your hard drive to another computer and simply copy files....
If there is nothing important on the system, and you do have a way to do a full recovery, you could try the Norton removal tool that assists when the program is damaged, it removes everything from the Norton Internet Security suite or a standalone version....but we... Read more

Read other 3 answers
RELEVANCY SCORE 36

I just found this result from my virus scan (Inoculate PE):
c:\unzipped\shareing\kazaa lite\my shared folder\muppetpt.zip>funny muppet.exe - Win32.Choke.45056 worm.

I have no idea what to do with it

I'd love some please
 

A:[Resolved] Help with worm virus (win32.choke.45056.worm)

Read other 7 answers
RELEVANCY SCORE 36

This is a worm written in VB with the following characteristics:1. The worm attempts to lure victims to follow a URL link, in so doing downloading a copy of it, and infecting themselves. It monitors Internet Explorer windows in order to detect when a new message is being created within MSN Hotmail. 2. The worm monitors browser window to detect when MSN hotmail is being used for sending new mail, and inserts text to such messages, which contains a URL from where the worm is downloaded if the recipient clicks on the link. 3. It deletes files on the root of C: and A:, and copies itself there in place of those files, appending a .EXE file extensionHotmatom Worm - New MSN Hotmail based worm deletes files http://secunia.com/virus_information/27456/hotmatom/http://vil.nai.com/vil/content/v_138829.htmhttp://www.sarc.com/avcenter/venc/data/w32.hotmatom.html

Read other answers
RELEVANCY SCORE 36

My operating system is now Windows XP SP3 - updated recently.

Infection problem. Background: yesterday I did a Secunia scan and found 2 programs that were listed as insecure. Adobe was one - I removed the old program and updated to Adobe 9. It also said that an older version of Java was insecure - I already had the newest version, so I removed the older one. I then did another Secunia scan and everything came out as OK.

When I turned my computer on this a.m. and tried to access internet via IE 7, nothing would happen. I was able to go on line via AT&T Yahoo. I went to the "add or remove programs" to see about uninstalling IE 7 and reinstalling from microsoft's website. IE 7 shows in the populated list, but there is no tab that allows removal. So, I went to mircrosoft's site and downloaded IE 7 again. When I try to open IE 7, I'll get the "welcome" screen but when I try to proceed, I get the message from AVG saying I'm infected and when I say "OK" to quarantine, IE 7 closes and it asks me to restart my computer. When I do, the same thing happens all over again. I have saved pics of the screens. I have done a HJT scan and done a AVG scan. I am posting the pics of the report section of AVG, the HJT scan, and the pics I got when trying to open IE 7.
 

A:Worm.Lover.a; Worm.Brontok.cu; Tracking Cookies.Webtrends

Read other 16 answers
RELEVANCY SCORE 36

Hi. I've been getting frequent notifications from ESET NOD32 Antivirus 4, about some IP addresses being blocked by it. Because of this I scanned my PC with it. It detected some viruses but I still get the same notifications. To be more specific, I'll attach the scan logs.

***********************************
ESET NOD32 Antivirus 4 scan logs
***********************************

12/8/2011 2:43:15 PM HTTP filter file http://112.205.70.205:4852/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:40:50 PM HTTP filter file http://112.207.137.162:14676/x Win32/AutoRun.Delf.AG worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:30:44 PM HTTP filter file http://112.207.9.179:11992/x Win32/AutoRun.Delf.AI worm connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:26:48 PM HTTP filter file http://112.207.9.179:11248/x Win32/Virut.NBP virus connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
12/8/2011 2:19:23 PM Real-time file system protection file C:\... Read more

A:Virut.NBP Virus, AutoRun.Delf.AI worm, AutoRun.Delf.AG worm, AutoRun.Agent.DO worm, Injector.LTG trojan

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/431705 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 5 answers
RELEVANCY SCORE 35.6

Hi Sd Picked Up The Above Worms Can Anyone Assist Thanks

A:Black Worm/vicking Worm [moved from security]

Please follow the instructions here and then post the requested logs in a new thread here for the security analysts to look at.

Read other 19 answers
RELEVANCY SCORE 35.6

I have included my HijackThis Log, Panda Activescan Log, DSS main.txt log, DSS extra.txt attached and had installed IE-SPYAds and Spyware Blaster and ran them.

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:54, on 2007-10-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\sv... Read more

A:W32/Gaobot.MWK.worm & W32/AHKHeap.A.worm and lots other spyware

Is this pc networked to the other ?
Please do not share usb stick's o rremovable drives between your pc's

Disable Ad-Watch2007

Start Hijackthis Scan and place a check next to these items If there.


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {96CC3995-2390-4436-B697-8E1C7548167E} - (no file)
O4 - HKLM\..\RunServices: [Windows Update 32] svhcp.exe
O4 - HKLM\..\RunOnce: [megauploadtoolbar] C:\DOCUME~1\user\LOCALS~1\Temp\tbuninstall.exe -df "C:\Program Files\MegauploadToolbar\"
O4 - HKLM\..\Policies\Explorer\Run: [status] present
O4 - HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe C:\heap41a\std.txt
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Update 32] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows mplayercodex Services] MSPF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows mplayercodex Services] MSPF.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Update 32] (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows mplayercodex Services] MSPF.EXE (User 'Default user')
O20 - Winlogon Notify: gebyw - gebyw.dll (file missing)
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\guard.tmp (file missing)

==================... Read more

Read other 19 answers
RELEVANCY SCORE 35.6

my computer has that worm and doesnt allow access to anti virus programs or websites, system restore has dissapeared in the properties window of my computer-- strange? i cant download the removal too on a website.
heres the log
i have also saw somethingon the web involving these suspicious processes
-O4 - HKLM\..\Run: [serpe] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\Run: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\Run: [ltwob] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [avnort] C:\WINDOWS\system32\serbw.exe
O4 - HKLM\..\RunServices: [serpe] C:\WINDOWS\system32\formatsys.exe
O4 - HKLM\..\RunServices: [ltwob] C:\WINDOWS\system32\formatsys.exe
thanks for reading and considering my problem, i am a little educated on this worm but i am having diff probs then what i have seen fixed when other people had the same thing fixed

Logfile of HijackThis v1.99.1
Scan saved at 3:46:30 PM, on 4/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\... Read more

A:FATSO worm aka W32.serflog.A worm--> need to disinfect comp

Hello, and welcome to TSF!

Please download Ad-aware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go here to get the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware for better scan results. Run the scan and fix everything that it finds.

Download CWShredder and run it. Click on 'I Agree' button if you agree with it. Click on 'Fix' (it will automatically fix anything it finds for you) and OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.


Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. Windows XP's search feature is... Read more

Read other 1 answers
RELEVANCY SCORE 35.6

This new worm attempts to spread in a number of different ways. It can spread by email, open email shares, or unpatched Microsoft security vulnerabilities (MS03-026 and MS04-011).MS04-011: Plexus.A worm (email and Internet worm)http://secunia.com/virus_information/9831/plexus/http://www.symantec.com/avcenter/venc/[email protected]://vil.nai.com/vil/content/v_126116.htmhttp://www.trendmicro.com/vinfo/virusencyc...e=WORM_PLEXUS.AArticle: Worm Exploits Multiple Windows Vulnerabilitieshttp://www.techweb.com/wire/story/TWB20040603S0007Plexus.A worm - Characteristics Subject of email: RE: order For you Hi, Mike Good offer. RE: Name of attachment: SecUNCE.exe AtlantI.exe AGen1.03.exe demo.exe release.exe Size of attachment: 16,208 Time stamp of attachment: n/a Ports: TCP 1250, a random TCP port Shared drives: Copies itself to network shares Target of infection: Copies itself to KaZaA shared folder Methods of Infection - Retrieves email address from files with .htm, .html, .php, .tbb, and .txt extensions, on all fixed drives from C through Y. * Uses its own SMTP engine to send itself to the email addresses it finds. * Spreads through network shares and the Kazaa file-sharing network. * Attempts to propagate by exploiting the Microsoft Windows LSASS Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS04-011)* DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) through TCP ports 135 and 445. * Listens on TCP port 1250 and a random TC... Read more

Read other answers
RELEVANCY SCORE 35.6

USB based worm attacks are growing extensively in popularity They work in a similar to the floppy worms years ago in automatically spreading. As a best practice, users should lock down CD, DVD, and USB devices so that they don't automatically run content where applicable. Keeping AV protection up-to-date is also needed based on the increased levels of malware attacks which are surfacing. Harry Potter worm - New USB based Worm spreading http://www.theregister.co.uk/2007/07/02/harry_potter_worm/ QUOTE: Hackers are attempting to exploit Potter-mania with the release of a worm that attempts to infect USB memory drives. The Hairy-A worm poses as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series, due out on 21 July. The infected file normally comes on infected USB drives. If users plug these drives into their Windows PCs they are liable to infect their machines, especially if they have allowed USB drives to "auto-run".Hairy.A Worm - Sophos Press Release and Virus Info http://www.sophos.com/pressoffice/news/art...7/06/hairy.html http://www.sophos.com/virusinfo/analyses/w32hairya.html QUOTE: With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter-mania around the world. The W32/Hairy-A worm can automatically infect a PC when users plug-in US... Read more

Read other answers
RELEVANCY SCORE 35.6

Processor:  AMD A4-6210 APU with Radeon R3 Graphics 1.80 GHz
Installed RAM  4.00 GB (3.46 GB usable)
System type 64-bit operating system, x64-based processor
Pen and touch No pen or touch input is available for this display
Edition:  Windows 8.1
Manufacturer   Acer    Aspire E5-721
Canon MX452 all in one printer
Emsisoft is my main anti malware program.
 
Infected with W32/Mytob-EW worm and W32/Sdbot-BN backdoor worm
 
Bleeping brought this to my attention  while I was researching strange behaviour on my pc.  Several drive wipes with a factory install performed over the last four weeks.  Four wipes.  One done by my college computer technician.  Frustration over what was going on triggered the slow one by one process analysis using Task Manager.  When I selected the end task on these (so called worm in disguise) processes, they immediately started up again.  Using the right-click feature on the entries, to search online what they were, brought me directly to the Bleeping Computer description.  Upon further investigation it was unanimous that Bleepings information was correct.
 
My emsisoft was consistently detecting and quarantining two registry keys, over and over even after I deleted them.  I am no different than anyone else and have saved logs of other scans from JRT, adware, rogue killer, rkill, etc etc.  They usually don't help that much, but if you are curious I have ... Read more

A:Infected: W32/Mytob-EW worm & W32/Sdbot-BN backdoor worm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Cindy (administrator) on PERFECTPC on 26-04-2015 18:46:01
Running from C:\Users\Cindy\Desktop
Loaded Profiles: Cindy (Available profiles: Cindy & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Micro... Read more

Read other 84 answers
RELEVANCY SCORE 35.6

Yesterday I noticed that one of my three computers on my home lan was scanning ICMP'sand posted here. Thanks everyone for helping get me on the right track. I found the sorce using www.sysinternals.com tcpview.exe which enabled me to see every process and terminate them one at a time untill the scanning stopped. Then searching for DLLHOST.EXE the search turned up a post that referanced WinXP ......so it applies to 2000 pro also
It was due to the worm w32.welchia.worm
To cure it I had to delete DLLHOST.EXE from the system32/wins folder. The dllhost.exe nessessary windows functions normaly resides in the system32 folder NOT in the wins folder, so it is safe to delete the one in wins.
You will have to go into safe mode, dos mode and rename it. Then reboot windows and open the wins folder and delete the renamed file. It will not let you delete it in dos or windows until it is renamed and a reboot is performed.

Virus programs cant delete it eather.
Problem solved
 

Read other answers
RELEVANCY SCORE 35.6

I was tricked into clicking on a supposed Greeting Card weblink in an email which downloaded, I think, Greeting Card.exe which had already activated itself. The virus was hijacking the internet connection to do something - a fast broadband connection became slow. AVG Anti-Virus identified Downloader.Tibs, adirss.exe and various game.exe files, but deleting them from the vault only provided temporary respite because they would be re-created.I have followed your instructions to the letter : cleanmgr, CWShredder, AdAware and Spybot in safe mode, Panda Antivirus, McAfee AVERT. In between the last two I also did a full scan with my now-upgraded AVG Internet Security.AdAware found 16 objects which I deleted. Some 10 of these were cookies, but a couple were hacker tools of some sort. Spybot got nothing. The Panda scan produced a report but wanted more money from my to disinfect which I wasn't prepared to spend. The following is the report and in brackets I have described what i did with each item :Potentially unwanted tool:application/altnet Not disinfected C:\Documents and Settings\Administrator\Start Menu\Programs\Altnet(There was no content (hidden or otherwise) in the Altnet folder. I deleted it.) Adware:adware/aureate-radiate Not disinfected c:\program files�... Read more

A:I-worm/stration, I-worm/nuwar, Downloader Infection

Hi Dick Wolff, I am SifuMike and I will be helping you. How is your computer acting now that you have done some scans? Disable your antivirus program and go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan". This scan may take a few hours. It all depends on the number of files on your computer. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post the BitDefender log.**************** Download ATF (Atribune Temp File) Cleaner? by Atribune DO NOT run it yet. Download and install AVG Anti-Spyware 7.5 (formerly Ewido) This is a 30 day trial of the program1. After download, double click on the file to launch the install process. 2. Choose a language, click "OK" and then click "Next". 3. Read the "License Agreement" and click "I Agree". 4. Accept the default installation path: C:\Program Files\AVG Anti-Spyware 7.5 and click "Next", then click "Install". 5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desk... Read more

Read other 4 answers
RELEVANCY SCORE 35.6

CAN I LOAD UP MY COMBO SCAN SO SOMEONE COULD VIEW IT,IN THE LAST 12 HOURS IV SCANNED WITH SPYWARE DOCTOR WHO PICKED IT UP AND DELETED IT , ESCAN, AVAST, PANDA ONLINE, BIT DEFENDER, ASQUARED, AVG ANTYSPYWARE, MCAFEE REMOVAL TOOL, AVIRA REMOVAL TOOL, SPYBOT, ADAWARE SE, PC TREND MICRO STINGER 260.EXEALL COME UP CLEAN.

A:Black Worm/ Viking Worm/ Cws Search Asistant

Hi samual, Our apologies for the delay. If you still require help, please post a HijackThis log and a recent comboscan log if you like. Preparation Guide For Use Before Posting A Hijackthis LogAlso, unless you have severe visual problems, please lay off the Caps Lock.

Read other 1 answers
RELEVANCY SCORE 35.6

I have restored and restored can someone please help! I cant update my Avira!Avira AntiVir Personal - Free Antivirus Updater Complete product updateCreation time: Fri Jul 02 16:39:53 2010Operating system:Windows Vista () [6.0.6000] 32 bitProduct information:Product version: 10.0.0.567Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\Installation Directory: C:\Program Files\Avira\AntiVir Desktop\Updater folder: C:\Program Files\Avira\AntiVir Desktop\AppData folder: C:\ProgramData\Avira\AntiVir Desktop\Proxy settings:System settings used16:39:57 [UPD] [INFO] Checking whether newer files are available.16:39:57 [UPD] [INFO] Select update server 'http://62.146.66.188/update'.16:39:57 [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop�... Read more

A:worm/im.sohanat.b (worm)and tr/crypt.xpack.gen (trojan)

DDS (Ver_10-03-17.01) - NTFSx86 Run by Grow Up at 16:50:09.74 on Fri 07/02/2010Internet Explorer: 7.0.6000.16982Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.1918.942 [GMT -7:00]AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: avast! Internet Security *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: AntiVir Desktop *disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: avast! Internet Security *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: avast! Internet Security *enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exesvchost.exesvchost.exesvchost.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\mobsync.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exeC:\Users\Grow Up\... Read more

Read other 2 answers
RELEVANCY SCORE 35.6

ok well i was JUST infected with this worm? i guess, and it gives me the same pop-up over and over "spyware alert" and some other ones
it tells me 2 download some software
but i haven't nor will i
so some one please help me !
 

A:HELP ASAP Worm.Win32.netsky i have that worm please help me remove it

Read other 16 answers
RELEVANCY SCORE 35.6

Hello, I'm currently working with my girlfriend to resolve a computer issue. She recently had her e-mail account and photobucket account compromised, and as a result - I wanted to help her clean out her computer and make sure everything is clean. In doing so, I've run across a worm that I'm unable to guide her through removing myself. I'm not computer illiterate, but no genius either, which brings me here asking for your help.

I've had her run Spybot S&D, which turned no results other than cookies and such. I had her run Ad-Aware, which turned up Win32.P2P-Worm.Alcan.a. This is where I've began having issues. I've googled it, tried a few of the fixes that people have posted to no avail. I had her run hijack this and retrieve the logfile for me. I'll post it below.

If anyone could provide some help cleaning this worm out of her system, it would be much appreciated, as I'm clueless to what to do next.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:52 PM, on 11/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.ex... Read more

A:Virus/Worm Issue - Win32.P2P-Worm.Alcan.a

Read other 7 answers
RELEVANCY SCORE 35.2

Hello,
 
I need some help with this message, made me kind of worried.
Today this message popped up from the action center, then it got archived automatically, so i have no idea if the virus is still around.
I got Eset nod32 antivirus 5 running and usually it detects stuff but this time no message at all.
 
Ran an in-depth scan with eset and it didnt show any threats.
Also tried microsoft malicious software removal tool and it shows 4 infected files but then when it finished it said no malicious files found?
 
Appreciate any help i can get.
 
Thanks!

A:"W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm"

Hello forma and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.
Before we move on, please read the following points carefully.
Please complete all steps in the specified order.
Even if tools don't find malware, I want you to post the logfiles anyway.
Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
Don't install or uninstall software during the cleanup unless you are told to do so.
If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
Please reply to this thread. Do not start a new topic
As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
Please open as administrator  the computer. How is open as administrator  the computer?
Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the rem... Read more

Read other 25 answers
RELEVANCY SCORE 35.2

...ok, i don't remember having this, but...under windows "problem reports and solutions", under "information about other problems", there is 1 called "virus alerts".It says:"Remove the W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm from your computerThis problem [i don't know what problem they're referring to] was caused by W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm, a known computer virus"this probably happened in the past. so...1) how do i 100% make sure it's off my computer?2) so far, i don't THINK (think, still unsure) that it's still in my computer. but if it isn't then why do i have that "virus alert" thing under "information about other problems" under "problem reports and solutions"?

A:W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm

What program is alerting you to the infection? Can you create a screenshot,, upload it to an image site such as Photobucket, Media Fire, TinyPic or ImageShack and provide a link to the url address back here?To capture a screenshot, refer to:Windows XP: Take a screen shotHow to Take a Screenshot in Windows XP or VistaHow to take and share a screen shot in Windows <- also includes instructions for uploading

Read other 1 answers
RELEVANCY SCORE 35.2

I was downloading a firewall and at the end of the installation it asked me to restart my computer. From that point forward, the computer started to automatically restart continuously before my desktop and settings load, so I'm unable to get on to the desktop normally. I'm suspecting its a worm (given in the title) and the most I've done so far is been able to start the computer in safe mode, but nothing past that. Can anyone help me from this point on?

A:Disinfecting A Worm (supposedly A W32.blaster.worm)

Windows malicious software removal tool will remove the malware. I suspect though you don't have that. http://www.microsoft.com/security/malwareremove/default.mspxDid you just reinstall Windows?Symantec has a removal tool. Whether it is up to date or if it still works I don't know.http://www.download.com/W32-Blaster-Worm-R...4-10219754.html

Read other 3 answers
RELEVANCY SCORE 35.2

Symantec has also classified this first MS04-011 variant as W32.Gaobot.AFJ. The "good news" is that it is not an active threat as the dependant IRC server has been shutdown, however the "bad news" is that it provides a model for more crafting work on MS04-011 exploitable worms.First MS04-011 Worm emerges: W32/Gaobot.worm.alihttp://vil.nai.com/vil/content/v_125006.htmhttp://www.incidents.org/diary.php?date=2004-04-28http://www.incidents.org/diary.php?date=2004-04-27At the time of this writing, there are more than 900 variants of the Gaobot virus in existence. The source code for Gaobot was posted to various websites resulting in many new variants being created each week. W32/Gaobot.worm.ali stands out from some others as it seems to be the first variant that incorporates code to exploit a MS04-011 vulnerability (LSASS Vulnerability (CAN-2003-0533)). This particular variant is not currently a threat as it is dependant on an IRC server, which is no longer available. However, it is presumed that other variants will likely follow soon, which are functional. Details of those variants will likely vary from this one.For maximum protection against the Gaobot family, users are recommended to: * use the latest engine/DATs combination * ensure the scanning of compressed files is enabled * keep Windows systems patched by using Windows Update * ensure weak username/passwords are not used * run a personal desktop firewall application The virus contains lots of re... Read more

A:First MS04-011 Worm emerges: W32/Gaobot.worm.ali

Symantec information - plus two new MS04-011 based Agobot threats emerged overnight. W32.Gaobot.AFJhttp://www.sarc.com/avcenter/venc/data/w32.gaobot.afj.htmlW32.Gaobot.AFJ is a worm that spreads through open network shares, backdoors installed by the Beagle and Mydoom worms, and several Windows vulnerabilities including: * DCOM RPC Vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. * Workstation Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049. * Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).W32.Gaobot.AFChttp://www.sarc.com/avcenter/venc/data/w32.gaobot.afc.htmlW32.Gaobot.AFC is a worm that spreads through open network shares and several Windows vulnerabilities including: * The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135. * The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80. * The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03... Read more

Read other 1 answers
RELEVANCY SCORE 35.2

I don't know how I was infected, but I clearly remember my laptop was making some noises, as if it was transmitting something/communicating something with an outside source.

NOD32 caught the virus from causing further damage, but my system had been compromised. After restart, I was delivered with a glassy blue desktop, and my Documents folder was on top of it.

I started Task Manager (Ctrl+Alt+Del), and manually opened Windows Explorer. Task Manager would open with only a few processes, and I noticed one of them was "crss.exe." I googled looking for a solution, and Malwarebytes' Antimalware was highly recommended. After a series of scans, with Malwarebytes', NOD32, Spybot S&D, etc., most of the Trojan virus was quarantined and contained.

What remains is an ugly blue desktop after every restart, with my Documents folder on top of it. The only thing that changed after scanning and isolating the Trojan, the glassy blue turned more opaque. I have to do the same operation every time I restart, opening Task Manager, etc.

Another thing that I noticed was that I couldn't, and still can't, go into Safe Mode using the usual F8 route when restarting. To go into Safe Mode, I have to open MsConfig, click on Safe Boot, restart, and then click on Last Known Good Configuration. To get out of Safe Mode, I have to do it via MsConfig too.

One last abnormal thing: every time I open a new tab on Internet Explorer (7, and most recently, 8 beta), it opens to "... Read more

Read other answers
RELEVANCY SCORE 35.2

Today my laptop became infected with a worm. I followed advice on this fourm and used smitfraudfix, atf cleaner, and superantispyware to remove the problem. I also have run a malwarebytes scan but my laptop remains VERY VERY VERY slow. It takes about 4 minutes just to log onto the internet and it freezes alot. Also, my ctrl alt delete (which until today worked fine) refuse to function. I cannot very well give you a hijackthis diagnostic report because I cannot get online to post the results due to the slowness of my computer.

Please help! I can get on long enough to probably be able to download something but that would be it.

A:Worm.win32.netbooster Got Rid Of Worm But Need Help With Followup

See if you can update MBAM and SAS, after that disconnect from the internet, you might need to pull the power to your router/modem if you use wirelessRun MBAM from normal mode, let it cure anything, then boot into safe mode and run atf cleaner and then SAShttp://www.bleepingcomputer.com/forums/ind...mp;#entry839950Follow these directions pleaseIf you are using Vista please advise as ATF Cleaner does not work quite right

Read other 3 answers
RELEVANCY SCORE 35.2

Hi,
AVG found the above worms (today's scan) PLUS possible Trojan Fake.Alert.UH (prior scan - didn't show on today's scan) on my destop running V7 home.
Also, Spybot found the Mantera Toolbar (removed).
Thanks for any help with removal.
 

A:AVG found I-Worm/MyTob.AN and I-Worm/MyDoom.N

Hello kip

The worm spreads by sending its infected attachment to e-mail addresses found on an infected computer.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Download TDSSKiller and save it to your desktop.
Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save t... Read more

Read other 11 answers
RELEVANCY SCORE 35.2

my computer problem and solution center detects that i have a virus W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm. I tried downloading spyhunter to remove it but it keeps crashing. I have spy doctor but when i run it says i have no viruses. my computer has began to freeze up and my firefox en windows live does not respond at all. below is my dds report
DDS (Ver_09-09-29.01) - NTFSx86
Run by Chris at 14:28:45.70 on Mon 09/28/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1013.164 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.... Read more

A:W32/Gaobot.worm.gen.u - Win32/RBot.3eu!Worm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 35.2

Hello friends,

Please help and adv suggestions.

Firstly the pesty number 1
- I-WORM/FB.FZ refuses to leave my HD.

It is multiplying in all folders and files with .exe. My AVG detects it and heals it but it comes back again and again. The problem has somewhat slowed down since I used Vundo but it is still there.

I have also used Super Ant Spy ware but no effect. I use Firefox 2 0 0 11 mostly.

Secondly pesty number 2 which automatically starts my IE 7 with the nasties from
www.hopelessromantic.com

This happens ever so often and it chokes my CPU.Seems my browser is hijacked ?? and I have blocked this site umpteen times under OPTIONS>TOLLS>PRIVACY
but god knows how it bypasses the filtering.

Please see attachment for AVG results.

Kindly suggest some remedies. Tanks a lot folks. Cheers
 

A:Solved: Internet worm I-WORM/VB.FZ and other pesties

Read other 16 answers
RELEVANCY SCORE 35.2

When my dad ran Ad-aware it found the win32.worm.kido file on this Windows Vista computer. Upon reboot the computer deleted the file. I than ran malware bytes and I believe it removed some files, I will post the log because i'm not sure how to read it. I ran Superanitspyware and it found some tracking cookies and I deleted them, no other abnormal files found. I than ran McAfee and it did not find any viruses. I wanted to make sure the system was clean so I ran a Panda online scan and it found the conficker C worm on the computer. I believe he has windows auto update turned on so Vista should be up to date. I will post the ad-aware log, malware bytes, and panda scan logs. I have followed all the preperation guidelines except the rootrepeal acted as such when scanning the files section: first attempt crashed rootrepeal program, second attempt made computer restart, third attemp windows explorer crashed and restarted and rootrepeal was frozen. I ran rootrepeal with everything except the files section checked and I will post that log. With this conficker infection should we change the windows logon password, and various service passwords (facebook, myspace, online banking)? Also, two camera memory cards were plugged into the laptop and two usb drives how do I go about scanning those, I told them to not put them in any other computers for now.Here are the logs:AdawareLogfile created: 12/2/2009 05:19:48Lavasoft Ad-Aware version: 8.1.2User performing scan: Michael**********... Read more

A:Win32.Worm.Kido and W32/Conficker.C.worm

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 33.6

I cannot get rid of these here If i could get some help i would greatly appreciate it I have already run spybot and adaware here is my HiJack this LOg

Logfile of HijackThis v1.97.7
Scan saved at 8:36:41 AM, on 4/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\progra~1\vision~1\paperp~1\pptd40nt.exe
C:\WINDOWS\twain_32\paprport\6100b\flatbed.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Candace\My Documents\SatcomTechCD\merijn\HijackThi... Read more

A:Nachi.b worm and welchia worm

Read other 6 answers
RELEVANCY SCORE 33.6

We get a message from a program entitled Rapid Anti-Virus 2.7 saying that it has found software that may harm our computer or compromise our security. It also highly recommends to remove the unkown software. There are buttons in the window for things such as system scan, security, privacy, update, firewall, settings, and enter activation. None of the buttons will highlight when you move the mouse over them (you can't click any of the buttons). There is a smaller window that opens up that states the same thing and has buttons for remove all viruses or continue unprotected which do highlight when you move the mouse over them. My wife clicked the remove all viruses button and the computer seemed to restart, but then it went right back to the same screen she had before.Logfile of random's system information tool 1.04 (written by random/random)Run by MarieCarmel at 2008-11-26 21:07:48Microsoft Windows XP Home Edition Service Pack 3System drive C: has 27 GB (51%) free of 52 GBTotal RAM: 1014 MB (44% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:08:10 PM, on 11/26/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:�... Read more

A:JS.Qspace worm, [email protected] worm

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any scr... Read more

Read other 2 answers
RELEVANCY SCORE 33.6

------------------------
my grisoft avg antivirus tells me i have a worm called 'I-Worm/Bofra', installed in file
'C:\Documents and Settings\User New\Local Settings\Temporary Internet Files\Content.IE5\41URKLAJ\cnt1[1].htm'

well, i need urgent help, and you are the specialists in virus, so please be kind enough to help me remove this garbage

thank you very much

below you find the log from hijackthis 1.99 beta version:

Logfile of HijackThis v1.99.0
Scan saved at 18:13:06, on 21/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Mouse\A... Read more

A:i have the 'I-Worm/Bofra' virus/worm

hi guys, it was solved, i killed the virus and spyware
thanks everybody anyway
no more need to do nothing else
merry xmas!
 

Read other 1 answers
RELEVANCY SCORE 33.6

referred from here: http://www.bleepingcomputer.com/forums/t/309084/cant-open-all-applications-in-my-netbook/ ~ OBDDS (Ver_10-03-17.01) - NTFSx86 Run by kiko at 9:24:15.40 on Fri 04/16/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1012.422 [GMT 8:00]============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\svchost.exe -k AkamaiC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost... Read more

A:The [email protected] worm virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 12 answers
RELEVANCY SCORE 32.8

Hi ,I seem to have a virus, worm and/or Trojan horse. I think I got it off of Limewire. I accidentally downloaded a .exe program (which I never do ? except this time ? idiot!) and I believe that?s when I got it/them.Per the prep guide, I have cleaned out my temporary internet files, temp files and recycling bin.I have updated versions of Ad-Aware SE and Spybot and have run them both, restarted my computer and then run them again.I have run Housecall Anti Virus and Bit Defender (twice each), but couldn?t get Panda Anti Virus to work. I have also run McAfee VirusScan (build 9.1.08 engine 4.4.00 DAT version 4.0.4585) and Bazooka Scanner v1.13.03 (?nothing detected?).I have loaded and run McAfee AVERT Stinger.I have McAfee Personal Firewall Plus (6.1.6144) running and is up-to-date. It is blocking specifically winlog.exe and svchost.exe. My firewall detected winlog.exe trying to connect to the internet immediately when I accidentally (and stupidly) downloaded that .exe file. I blocked all access to the internet for it. I believe the svchost.exe was blocked previously, but I don?t remember. Setup.exe (outlook.exe) is also blocked for some reason (I tend to block any connection that I?m not sure about). Run a DLL as an app (rundll32.exe) is also blocked. Most other stuff I recognize. Except for ping.exe (ping.exe). That?s, for some reason, at ?allow full access?. Is this okay?I am running Windows XP SP2 that is up-to-date. My browsers are IE (v 6.0.2900.2180.xpsp_... Read more

A:New Malware!bot, Win32.worm.vb.ymeak.a, Win32.worm.vb.dw And Backdoor.rbot.cmn

Hi KevinF2020 and Welcome to the Bleeping Computer!1. Please download Ewido Anti-MalwareInstall ewido anti-malwareLaunch ewido, there should be an icon on your desktop, double-click it.The program will now open to the main screen.When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.On the left hand side of the main screen click update.Then click on Start Update.The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")Exit Ewido, do not run the scan yet!If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates2. Please download Brute Force Uninstaller to your desktop.Right click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive isClick "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.Save it in the same folder you made earlier (... Read more

Read other 19 answers
RELEVANCY SCORE 32

this is like the nth time i've tried posting this. ie keeps crashing just before i hit the post button.anyway, i'll keep this short lest i die of frustration once my ie crashes again.pleasepleaseplease help me get rid of the trojans/worms infecting my pc. right after i noticed my exe files going wonky (double clicking only yielded a black windows script/run box instead of opening the program), i scanned my pc using trendmicro, which zapped a couple of problems. when i commenced scanning using panda, my pc crashed and kept restarting. so i ran it in safe mode, scanned using bitdefender which deleted most of my exe files (since i didn't realize my preferences were set at disinfect/delete.)according to the scan results, my pc was infected with a couple of strains of the PWS Trojan : PWS.OnlineGames., Generic.PWStealer., Generic.Onlinegames., Trojan.Dropper.OnLineGames.A, DeepScan:Generic.Malware., Trojan.PWS.Nilageand Win32.Worm.Delf.NDQandWin32.Worm.Vikingamong others.after the online scans, here are the things i've done so far:1. installed ad-aware and scanned in safe mode 2. installed spybot and scanned in safe mode3. spybot ran diagnostic scan after restart. was able to run windows in normal mode4. scanned using avg, disinfected5. scanned using ad-aware. 6. scanned using spybot. went on with my life for a couple of days.7. scanned using spybot. found a couple of threats... disinfected and clicked immunize. no more threats found after8. scanned using ad-aware. no results oth... Read more

A:Win32.worm.delf, Win32.worm.viking, Pws.onlinegames, Among Others

Welcome to the BleepingComputer HijackThis Logs and Analysis forum pill My name is Richie and i'll be helping you to fix your problems.Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.You should copy/print the following because you need to be in Safe Mode from here on.Reboot your computer into SAFE MODE" using the F8 method. To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".Scan with DrWeb-CureIt as follows:* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.* Once the short scan has finished, Click Options > Change settings* Choose the "Scan tab" and UNcheck "Heuristic analysis"* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.* When done, a message will be displayed at the bottom advising if ... Read more

Read other 6 answers
RELEVANCY SCORE 31.2

i have the worm W32/Sdbot.EFG.worm
i downloaded stinger and this virus wasn't listed in the ones that it was looking for. is there anything else that i can download?

A:worm W32/Sdbot.EFG.worm

Run these online virus scanners:http://www.pandasoftware.com/activescan/http://housecall.trendmicro.com/Are you using these basic security programs?(They're all free.)a? free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. a? fills this gap.ewido security suite - offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers.Ad-Aware - A good program similar to SpyBot S & D.Spybot S&D - Detects and removes spyware, of different types, from your computer.Spywareblaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...Download them, update them, and then run them.When installing ewido security suite, under Additional Options uncheck:Install background guardInstall scan via context menuImportant:Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS dama... Read more

Read other 2 answers
RELEVANCY SCORE 28.4

Referred from here: http://www.bleepingcomputer.com/forums/topic403674.html ~ OBHave reinstalled windows and both entities are still present and the slow crunching sound of the hard drive is occasionally heard.Have not had any luck reformatting the disk. Have changed boot order in bios but still find operating system will boot from hard drive over the cd rom. Was going to attach hard drive to another computer and format it there as the operating system would not be in use on the infected drive but then saw your reply and here are the logs. Remember I have reinstalled windows and removed all extra programs prior to. Question can the bios get affected with a virus issue like I have?I did trial 10 bit products security 360 and Advanced system care 4 and have a feeling that this is where the infections have come from. Thankyou for your help.
 Attach.txt   4.2KB
  2 downloads.DDS (Ver_2011-06-12.02) - NTFSAMD64 Internet Explorer: 7.0.6001.18000Run by gino at 23:35:04 on 2011-06-17Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.6142.4972 [GMT 10:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalSys... Read more

A:Trojan and worm removal W32/Cubot-J worm and IRC backdoor and Backdoor.Fuwudoor backdoor Trojan

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 1 answers
RELEVANCY SCORE 28.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:47:59 PM, on 7/31/2008Platform: Windows 2003 SP2 (WinNT 5.02.3790)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\certsrv.exeC:\Program Files\WatchGuard\wsm9.0\wfs\controld.exeC:\WINDOWS\system32\Dfssvc.exeC:\WINDOWS\System32\dns.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\WINDOWS\System32\ismserv.exeC:\WINDOWS\system32\tcpsvcs.exeC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\WINDOWS\system32\ntfrs.exeC:\Program Files\Retrospect\Retrospect Client\RemotSvc.exeC:\Program Files\Retrospect\Retrospect Client\retroclient.exeC:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\lserver.exeC:\Program Files\WatchGuard\wsm9.0\wbserver\bin\wbserver.e... Read more

A:Nod32 Vbs/autorun.g Worm And .vbs Vbs/autorun.b Worm

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please download Deckard's System Scanner (DSS) and save to your Desktop.alternate download siteDSS will do the following:Create a new System Restore point in Windows XP and Vista.Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.Check some important areas of your system and produce a report for an analyst to review.Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.You must be logged onto an account with administrator priv... Read more

Read other 15 answers
RELEVANCY SCORE 27.2

KIS detects this on my external hdd but it cannot delete it. in this link http://forum.kaspersky.com/lofiversion/ind...hp/t105271.html, a guy says combofix fixed Net-Worm.Win32.kido.ix. should i use combofix too? can it also fix Net-Worm.Win32.kido.ih?what should i do?sincerely need your help, thanks..

A:Net-Worm.Win32.kido.ix/Net-Worm.Win32.kido.ih [Moved]

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.As for your question of whether to run Combofix; the answer is no unless you are actively guided by someone who is trained in its use. That is because ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.Running ComboFix by yourself is like performing open heart surgery on yourself--the scalpel and other surgical tools that is ComboFix is meant to be wielded by a highly trained surgeon only in emergencies or dire circumstances. When the surgeon is thru s/he leaves the room. So combofix should be removed from a system once it has accomplished its job, unlike an AV that is there to protect you from future infections.. . . CF does make some alterations to your system if you run it. Even if you had no malware removed and run the uninstall command, some things may be different now on your system. I can tell you that one thing is that all your restore points will be flushed out and a new one created... Read more

Read other 9 answers
RELEVANCY SCORE 26

ComboFix 08-04-20.2 - Administrator 2008-04-20 23:50:15.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.923 [GMT -6:00]Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Autorun.infC:\Documents and Settings\Administrator\Favorites\Online Security Test.urlC:\Program Files\HelperC:\WINDOWS\system32\amvo1.dllC:\WINDOWS\system32\msssc.dllD:\Autorun.infE:\Autorun.infF:\Autorun.inf.((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))).2008-04-20 23:24 . 2008-04-20 23:24 <DIR> d-------- C:\WINDOWS\LastGood2008-04-20 23:24 . 2008-04-20 23:24 <DIR> d-------- C:\Program Files\Panda Security2008-04-20 02:17 . 2008-04-20 02:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CanonIJPLM2008-04-20 02:14 . 2006-11-05 23:00 198,656 --a------ C:\WINDOWS\system32\CNMLM8O.DLL2008-04-20 02:13 . 2008-04-20 02:17 <DIR> d-------- C:\Program Files\Canon2008-04-13 15:48 . 2008-04-13 15:48 <DIR> d-------- C:\WINDOWS\system32\DRM2008-0... Read more

A:Problmes With W32\lineage.hxi.worm; W32\lineage.h2b.worm; And Trj\lineage.h2j

Hello hondurodWelcome to BleepingComputer ========================If you are still in need of assistance please post a new Hijackthis log.

Read other 1 answers