Over 1 million tech questions and answers.

XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Q: XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

I have a nasty if not multiple nasty virus's and have not been successful removing them. It started with the XP Anti-Virus 2011 Removal fake anti-virus popping up with all real anti-virus programs disabled and anytime I try to go to an antivirus website I'm redirected to a random site. This happens in all browsers not just Internet Explorer. I also had many of my files changed to hidden file folders and also the start/all programs button does not show any of my programs. I mananged to get both Malwarebytes and Superantispyware on my computer and was able to get rid of much of the problems by running these programs. Now it seems the XP Anti-Virus 2011 has been removed but I still have the issue with my webpages being redirected depending on which page I try to access. I also have many processes that should not be running in the task manager and when i close them out they just start back up again. This worm seems to be accessing my iexplorer because there are multiple iexplorer.exe open at all times and sometimes the CPU Usage gets very high which is not normal for my computer. The final symptom is that at random times I get a webpage pop up or if not a webpage an error that reads like the following example:

An error has occured in the script on this page.

line: 13
Char: 1
Error: Object doesnt support this property or method
Code: 0
URL: http:/www2a.glam.com/mobile/detect.act?affiliatedld=288743725

Do you want to continue scripts on this page?

I will get at times multiple of this same error pop up on my screen with various URL's. Any help would be greatly appreciated. DDS.txt info will immediately follow.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by John Borling at 19:45:05.57 on Tue 04/12/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1995 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\John Borling\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: 1-Click Answers: {7754c418-f62e-44aa-b169-e719e718bcfd} - c:\progra~1\1-clic~1\ietoolbar\AnswersToolbarU.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfi2.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\johnbo~1\startm~1\programs\startup\memturbo.lnk - c:\program files\silicon prairie software\memturbo\memturbo.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\1-clic~1.lnk - c:\program files\1-click answers\answers.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Search - ?p=ZUxdm080YYUS
IE: Answers... - file://c:\program files\1-click answers\html\atiemenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partypoker.net\partypokernet.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: beatport.com
Trusted Zone: microsoft.com\office
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281990352000
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 296400]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]
S3 cel90xbe;cel90xbe;\??\c:\docume~1\johnbo~1\locals~1\temp\cel90xbe.sys --> c:\docume~1\johnbo~1\locals~1\temp\cel90xbe.sys [?]
.
=============== Created Last 30 ================
.
2011-04-12 18:44:21 -------- d--h--w- C:\$AVG
2011-04-12 18:18:05 -------- d-----w- c:\docume~1\johnbo~1\applic~1\AVG10
2011-04-12 18:17:05 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-04-12 18:15:41 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-12 18:15:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-04-12 18:10:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-04-12 12:56:32 -------- d-----w- C:\MGtools
2011-04-12 04:43:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-12 03:27:49 2418162 ----a-w- C:\MGtools.exe
2011-04-12 03:13:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-04-12 03:13:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-11 18:23:58 -------- d-----w- c:\docume~1\johnbo~1\applic~1\Malwarebytes
2011-04-11 18:23:50 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-11 18:23:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-06 00:43:07 -------- d--h--w- c:\docume~1\johnbo~1\applic~1\GARMIN
2011-04-06 00:43:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2011-04-06 00:42:46 -------- d-----w- c:\program files\Garmin
2011-04-06 00:36:45 -------- d--h--w- c:\docume~1\johnbo~1\locals~1\applic~1\Help
2011-04-06 00:27:36 -------- d-----w- C:\Garmin
2011-04-06 00:27:04 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2011-04-06 00:27:04 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2011-04-06 00:27:04 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2011-04-06 00:27:04 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2011-04-06 00:27:03 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2011-04-06 00:27:03 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2011-04-06 00:27:03 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2011-03-30 22:17:22 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
==================== Find3M ====================
.
2011-04-07 00:12:51 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-04-07 00:12:51 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-05 17:09:40 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-30 19:00:52 90112 ----a-w- c:\windows\DUMP319f.tmp
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8ABD61ED]<<
_asm { PUSH EBP; MOV EBP, ESP; MOV EAX, [EBP+0x8]; CMP DWORD [EAX+0x2c], 0x7; PUSH EBX; MOV EBX, [EBP+0xc]; PUSH ESI; PUSH EDI; MOV EDI, [EBX+0x60]; JNZ 0xf7; MOV ESI, [EDI+0x4]; MOV EAX, [ESI+0xc]; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8B0E8AB8]
3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IAAStorageDevice-0[0x8B103030]
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
detected hooks:
\Driver\iaStor -> 0x8abd61ed
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:48:11.95 ===============

RELEVANCY SCORE 200
Preferred Solution: XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: XP Anti-Virus 2011 Fake Anti-VIrus and webpages being Redirected Virus

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.____________________________________________________ One or more of the identified infections is a backdoor trojan and password stealer.This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.It would also be wise to contact those same financial institutions to appraise them of your situation.I highly suggest you take a look at the two links provided below:1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?2. When should I re-format? How should I reinstall?We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.NEXT:Running TDSSKillerPlease read carefully and follow these steps. Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


If an infected file is detected, the default action will be Cure, click on Continue.


If a suspicious file is detected, the default action will be Skip, click on Continue.


It may ask you to reboot the computer to complete the process. Click on Reboot Now.


If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.NEXT:Running OTLWe need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedNEXT:Please provide an update on how things are running in your next reply.

Read other 17 answers
RELEVANCY SCORE 151.2

How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)





Quote:
If your PC is infected with the Win 7 Anti-Spyware 2011 malware or something similar, you?ve come to the right place, because we?re going to show you how to get rid of it, and free your PC from the awful clutches of this insidious malware (and many others)
Win 7 Anti-Spyware 2011 is just one of many fake antivirus applications like Antivirus Live, Advanced Virus Remover, Internet Security 2010, Security Tool, and others that hold your computer hostage until you pay their ransom money. They tell you that your PC is infected with fake viruses, and prevent you from doing anything to remove them.
This particular virus goes by a lot of names, including XP Antispyware, Win 7 Antispyware, Win 7 Internet Security 2011, Win 7 Guard, Win 7 Security, Vista Internet Security 2011, and many, many others. It?s all the same virus, but renames itself depending on your system and which strain you get infected with.


Source ...

A:How to Remove Win 7 Anti-Spyware 2011 (Fake Anti-Virus Infections)

Thanks for the information. I hope I never have to use it.

Read other 2 answers
RELEVANCY SCORE 137.6

I have XP Media Center Edition Version 2002 Service Pack 3. THE virus scan window pops up
with the name XP Anti Spyware 2011-Unregistered Version. I used the Windows Task Manager to close it.
Zone alarm also asked for ten.exe (I think was the name) to access the internet. I clicked on deny.
I shut down the computer and I am using a different one to post this message.
I have Avira Anti Virus, Malwarebytes, Super AntiSpyware, CCleaner and Spyware Blaster already installed.
It has been a while since I have posted about a virus problem, but I am familiar with the process.
Thanks for your help.

A:Fake XP Anti Spyware 2011 Virus scan

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

Read other 11 answers
RELEVANCY SCORE 136.8

Hi,

I just downloaded a "keygen" from bittorrent, and when I opened the exe file, nothing happened, then the exe file disappeared/deleted itself. I am pretty convinced that this was a virus, because my computer has slowed down significantly.

Now this part is unbelievable - I went online to download an antivirus program or the online Trend Micro scan, AND MY BROWSER (Firefox and IE) WON'T LET ME ACCESS ANY ANTI-VIRUS WEBPAGES!!! I managed to download Hijackthis and Spybot by downloading them through download.com, but it wouldn't let me go directly to the official sites! How strange is that?

Attached are links to the original file that I downloaded, if someone can scan it for me and deduce how to fix the problem, and also my Hijackthis log. (I hosted them on senduit.com for one week so you can access them.)

Thanks so, so much.

Hijackthis log is at - http://senduit.com/3b7234

Original d/l file is at - http://senduit.com/8624cc

A:A virus is not allowing me to access anti Anti-Virus webpages, and more...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:43:31 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\Alt+Q Hotkey.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\RK Launcher\RKLauncher.exe
C:\Program Files\Mac Volume Bar\3r-1c.exe
C:\Program Files\Windows-Related\stickies\stickies.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Gr... Read more

Read other 2 answers
RELEVANCY SCORE 136.8

Antivirus vanished! Can't install ANY new one!Can't access microsoft and any anti virus sites (thus i cannot download or scan my computer from there)I tried to install a copy of avast pro but the set- up immediately close after opening, i also noticed a lot of programs behaving like this just like the bandmaster game from e games and Grand Theft Auto Vice City( once i opened it, it immediately closes)Tried to install that in safe mode, but the computer does not start and reboots back into normal mode.This is the content of DDS logDDS (Ver_10-11-26.01) - NTFSx86 Run by neopc10 at 19:47:12.65 on Fri 11/26/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.353 [GMT -8:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\Explorer.EXEC:\Program Files\KGB\Mpk.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exeC:\WINDOWS\PixArt\PAC7302\Monitor.exeC:\Program Files\... Read more

A:anti virus banished.can't install any anti virus programs, can't acces microsoft and anti virus sites!!!...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the ... Read more

Read other 2 answers
RELEVANCY SCORE 136

Hello,Like another user here, I have just been hit with a brand new version of the X security 2011 fake antivirus program. This new version:1) Kills all versions of Rkill. It will run Rkill.scr but stops it giving a fake completion message. Rkill creates an error in the CMD screen but will not save a log file. The log.txt screen that appears when RKILL 'finishes' shows no processes stopped.2) It kills Fire fox 3.6x and internet explorer dead. No access whatsoever. If you click on the virus program, it will try to launch internet explorer internally but it cannot be launched any other way. (I tried this is safe mode, so it could not connect.)3) Blocks Roguehunter and Spyhunter from launching (along with malware and Rkill) even in safe mode.4) Blocks OTL.exe. Won't launch at all. (Sorry, I can't give you a log.)It does:1) Launch a process called WXT.exe whenever it is trying to validate a program. This process jumps all over the Task manager screen so as to be hard to stop.2) Takes over the SAFE MODE as well as a normal boot. RKILL nor any of the mentioned programs cannot be launched from here either.I am using a p4 32 bit window XP machine. I have an original copy of windows. I will try to provide any other information I can but this one is a bad one and it has greatly limited me in what i can do.I believe it's check the file structure of Rkill in some way so renaming the file will no longer work. Is there yet another version?I know this informati... Read more

A:New version of 'xp security 2011' fake anti virus program

April 14thI found this on Microsoft's site.This is another example of the increasing sophistication of this type of malware. FakeRean has also introduced another way of ensuring it is automatically started. It modifies the registry to associate .exe files with its own executable, so the rogue is run whenever any program is launched. Unlike other rogues, such as Win32/FakeScanti, it doesn't just use this technique to block other programs from running, but if the rogue is removed without restoring the registry then .exe files can no longer be run. The EXE file extension needs to be re-associated in order to restore normal functionality. Please see our encyclopedia entry for further detail.This explains why when I removed the Fakerean, none of my programs would work. It killed the registry. Looks like my only solution to restore my programs was the system restore point.This might also explain its safe mode trick. It may have done a redirect to itself. "Seeing" the computer was being launched in safe mode, the program substituted its own.That listing was from March of 2010. It's not a stretch to imagine someone has moded the Fakerean to include the safe mode gag in the ensuing year.I hope this helps some people out there. This was a nasty one because of its registry hacks. It made all of the software you combat this sort of thing with useless.Maybe everyone already knew about this. I don't know. But hopefully this will help some others out there.S... Read more

Read other 3 answers
RELEVANCY SCORE 132

I have gotten the Fake Anti Virus 2011,
Have followed the directions from (Bleeping Computers) web site using, RKILL, Malware Bytes and Security essentials. When i am finished my icons on the descktop were gone, (Fixed them with "properties, advanced aand unclicking hidden files" but I still have no Icons in the all programs menu in the start menu except those that i have loaded since the fix. (PSI)
any ideas?

A:Missing Program Icons in Start menu. All Programs after fake anti virus 2011

What else is currently wrong with the system?

Any indication that your malware problems still exist?

Louis

Read other 7 answers
RELEVANCY SCORE 131.6

Hello, I'm not sure when this all started, but recently I've been having troubles in a very generalized area which has led me to believe I have contracted some kind of virus/rootkit.

When I ran a scan with ESET Antivirus 4, I tried to update the virus definitions and found I couldn't. I then tried to access www.eset.com. Firefox gives me a notification that the connection was terminated. I tried getting malwarebytes anti-malware from the official website, but that has the connection terminated as well. windowsupdate.microsoft.com redirects to google.com, but otherwise I haven't noticed much abnormal behavior. I've ran scans with ESET, Malwarebytes, A-squared, Sophos, and the Super antivirus site was terminated but I intended to try a scan with that one. Here's my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:25 PM, on 5/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\P... Read more

A:Windows update redirected to google, anti-virus can't update, various anti-virus site connection terminated

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 130.8

Hello,I seem to have contracted a virus or malware of some description that generates fake, "Your Computer may be infected" - type alerts in my Windows taskbar and attempts to install a fake antivirus onto my pc called XPShieldSetup.exe. It also causes advertising popup, though this is fairly rare (once or twice an hour, max).I am running Windows XP, Service Pack 3, and I have Trend Micro PC-cillin Internet Security 14 for antivirus software. I have also turned on Windows firewall, as per the instructions on this site.My antivirus program detects an infected file called C:\WINDOWS\SysNotifier.exe, and classifies it as something called "Mal_FakeAV-9". It Quarantines this file repeatedly, but it always comes back, even if I manually drag it to the Recycle Bin.I have run HijackThis and attached a copy of the log file it created.Thanks in advance for your help. Here is my hijackthis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:27:32 PM, on 4/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:&#... Read more

A:Malware of some sort causing ad popups, fake virus alerts, trying to install fake anti-virus, etc -- HijackThis log attached.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 4 answers
RELEVANCY SCORE 130

Infected with Anti-Virus 2011 and XP Anti-Virus. Can't get to Windows update. Running CA Anti-Virus it finds it but I keep getting reinfected.

Jim

A:Infected with Anti-Virus 2011 and XP Anti-Virus

Hello Jrwilson, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.1.I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:1) False Alarms: When the anti virus ... Read more

Read other 25 answers
RELEVANCY SCORE 126.4

I'm using an Eisystems laptop thats about 3 years old, and never really experienced any issues apart from the occasional virus.
Earlier today the vista anti-virus virus popped up on my desktop while browsing. When i attemped to close the process my computer crashed (it is not prone to crashing normally). On turning it back on, i encountered the issue of explorer not booting properly leading to a black screen with a movable cursor. I read up on how to fix this issue and was instructed to close end explorer.exe in task manager (which works) and start it as a new task. The problem is that when i attempt to do that the only thing that appears on my screen is the vista-antispyware window and the rest of explorer doesnt function correctly, even when the random.exe process for the anti-spyware virus is ended. I have tried performing a system restore from safe mode with command prompt, but the system restore process crashes whenever i click the restore button. I don't have the setup disks for the laptop to perform a system restore that way, but I'm pretty convinced that the virus is the causing at least some of my issues. Any advice would be greatly appreciated.
 

Read other answers
RELEVANCY SCORE 126

Hello everyone.

I have tried my best to remove this virus on my laptop, but no success yet.

Here are all of the things the virus does:

-Prevents access to websites like spybot, instead of letting me see the site, it simply says "Internet Explorer cannot display the webpage", and there is a button to click that says "Diagnose Connection Problem" (no connection problem of course)

-When I click links from a google search, they most of the time take me to the wrong webpage and I am forced to copy/paste the original link into the web bar.

-Programs like Combofix, Spybot, and HJT do not work and a box comes up after starting them saying "Combofix has stopped working".

-I tried running the programs in Safe Mode, but no luck there.

If anyone knows a fix please reply.

Thanks,

Sean

A:Virus prevents access to Anti-Virus sites/anti-virus programs (combofix, etc.)

I renamed my Combofix to something else and I followed the instructions from a different post and here is the log I ended up with:

ComboFix 09-07-29.04 - Sean 07/31/2009 0:30.1.2 - NTFSx86
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.2059 [GMT -7:00]
Running from: c:\users\Sean\Desktop\Music.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
C:\resycled
c:\resycled\boot.com
c:\windows\10057vir9sza2.cpl
c:\windows\1059zpamb5t5bd.exe
c:\windows\1069thi5fz912.bin
c:\windows\1075859zj467.exe
c:\windows\11297vzr5s51c.cpl
c:\windows\1132z5ru977d.cpl
c:\windows\11388troz4559.cpl
c:\windows\1179zs5y695.dll
c:\windows\11991szambo95d9.cpl
c:\windows\120355zoj6819.bin
c:\windows\12324tr9j7b5z.bin
c:\windows\1279zroj295.ocx
c:\windows\12a7d5wnloader999z.bin
c:\windows\132985pz2a0.cpl
c:\windows\133505i9us7z8.exe
c:\windows\13552hackt9ol37z.ocx
c:\windows\1355zw59m5d8.exe
c:\windows\13562vizus1059.cpl
c:\windows\135759orm5c5z.ocx
c:\windows\13599virus6cz5.dll
c:\windows\13614spamzo5990.cpl
c:\windows\13956trojz59.cpl
c:\windows\1502zspy169.ocx
c:\windows\15107zpa9bot54.cpl
c:\windo... Read more

Read other 1 answers
RELEVANCY SCORE 126

After clicking on what now can be deemed a 'dodgey' link, I have seemed to have picked up this annoying virus. Common annoyances include the incapability to open programs, and the fake window that opens up, attempting to explain that I have many problems with my computer, whilst trying to encourage me to register with them as well. Upon logging on, Windows also tries to tell me that my computer is not protected, and is at risk.

You guys have helped me out a lot in the past, and I would sincerely appreciate further help with this issue. Thank you. It may also be worth stating that I have two main accounts on the computer. The account on which I was logged in on when obtaining the virus is the only one that seems to be affected.

System info from TSG SysInfo

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Intel Pentium III Xeon processor, x86 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 2047 Mb
Graphics Card: ATI Radeon HD 2350, 256 Mb
Hard Drives: C: Total - 238464 MB, Free - 199233 MB;
Motherboard: ASUSTeK Computer INC., P5KPL-AM, x.xx, MS1C92B00A00924
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated: Yes, On-Demand Scanner: Enabled

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:41:15, on 03/05/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syst... Read more

A:XP Anti-Virus 2011 virus problem, hijack log attached

Read other 7 answers
RELEVANCY SCORE 124.8

Hi,

I've come to you guys with issues before and have always had success with you! I clicked on a banner on a website and got infected with some spyware or virus. I keep getting pop-ups as well as fake scans from a rouge "Vista Anti-Virus 2011" security center. It also requests that i purchase their product.

I have run the DDS and GMER but do not want to post it to the site since it is a laptop with sensitive information. If possible, can i send a personal message to show my scan results.

Thanks,

A:Vista Anti-Virus 2011 Virus or Spyware

Hello,


Quote:




I have run the DDS and GMER but do not want to post it to the site since it is a laptop with sensitive information. If possible, can i send a personal message to show my scan results.




Unfortunately Assistance via PM is against the Forum Rules.

You didn't seem to have an issues with it when you asked for help several times in the past. If you're uncomfortable with the display of the logs, you would be advised to seek professional help.

If you still wish to receive help, please create a new thread and post your logs, as this one shall be closed.

Read other 1 answers
RELEVANCY SCORE 124.8

Hi,

Thanks for the quick response. Please find the logs attached. If possible, once this is closed out, can i request these files be removed? Just wondering.

Thanks again for the help! It is much appreciated.

Thanks,

_________________________
Hi,

I've come to you guys with issues before and have always had success with you! I clicked on a banner on a website and got infected with some spyware or virus. I keep getting pop-ups as well as fake scans from a rouge "Vista Anti-Virus 2011" security center. It also requests that i purchase their product.

I have run the DDS and GMER but do not want to post it to the site since it is a laptop with sensitive information. If possible, can i send a personal message to show my scan results.

Thanks,

Read other answers
RELEVANCY SCORE 124.8

I normally manage to remove most viruses on my PC however this one is proving to be a real nightmare to remove.

The virus reared its ugly head by displaying fake messages referring to Vista Anti Virus 2011 so I have been attempting to search for solutions based on this.

Just to give a little bit of background info:

My PC is a desktop dell dimension 9200 running Vista Ultimate. I have McAffee installed and up to date.

My first step to fix the virus was to run Malwarebytes Anti-Malware (the free version) - this did find some infected items and I chose to remove these. Unfortunately after rebooting the problem was still there.

I then read about RKill.com and attempted to run this. This virus seems very clever as even when I rename RKill.com using different extensions too (pif, bat) the virus deletes the file. I did manage to run Rkill.exe once last night by renaming it to an executable that already existed on my PC. RKill opened a MSD0S window and did its stuff. I then ran Malwarebytes Anti Malware and it detected 3 infected items. When I chose to remove them I got a blue screen of death that mentioned (mbamswissarmy.sys)

I have run out of ideas now. I would prefer not to reformat due to the PC containing a large amount of data (350 GB and the lack of desire to have to back this up - though I do have most of it backed up via Carbonite and 2 external USB 500 GB drives)

My next plan is to burn the RKill.com onto a CDROM as there is no way the virus can delete it from a CDRO... Read more

A:Help removing Vista Anti Virus 2011 Virus

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 1 answers
RELEVANCY SCORE 124.4

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:57:03 PM, on 9/9/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16876)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Brmfrmps.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\BRMFRSMG.EXEC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Dell\Media Experience\DMXLauncher.... Read more

A:Please diagnose Hijackthis log: Personal Guard 2009 virus (fake anti-virus)

DDS (Ver_09-07-30.01) - NTFSx86
Run by Admin at 14:22:35.14 on Wed 09/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.580 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Progra... Read more

Read other 3 answers
RELEVANCY SCORE 124.4

I have a computer with Windows XP Pro SP3 running IE8 when I do google searches and click on the results I am redirected to a different page than what is shown in the result. I've run Malwarebytes and it did not find any viruses or malware, I restored the computer back to a date prior to when the redirects where happening, that did not work. Webroot says it is finding viruses but I can't quarentine or delete the viruses. Webroot listed the location of several viruses and when i checked that location nothing was there, several registry entries and temporary internet files. Unfortunately after I did the system restore webroot is not working properly so I can't post its logs below is the output of DDS. I also attached the attach.txt from DDS, I can't attach a GMER log because it is too large. If it needs to be emailed to someone please let me know.Thanks,Pete.DDS (Ver_11-03-05.01) - NTFSx86 Run by Pete at 8:19:12.42 on Tue 04/05/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2325 [GMT -7:00].AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}.============== Running Processes ===============.C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k nets... Read more

A:Infected with Google redirect virus and fake anti-virus software pop ups

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 124

Hello I've been battling with this fake AV for a while now and I just discovered that Windows Firewall is putting out this error code when I try to restore it, 0x80070424. I am using AVG 2012 as a anti-virus program and running Windows 7 Home Premium SP1 64-bit. If anyone can help me with this I would be forever grateful.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Cole at 12:53:54 on 2011-12-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6062.2980 [GMT -5:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k Loc... Read more

A:Windows Firewall fails to start and this fake anti-virus virus keeps coming back!

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/434544 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 9 answers
RELEVANCY SCORE 124

Hi there.

Two days ago I was sent a fake youtube link through YIM. I clicked on the link not knowing it was a fake. It started with a letter G before the words youtube on the URL. Once I clicked on it, it took me to a page that appeared to be a youtube page. Once there, it said that I had to update my Adobe in order to see the video. Well, like an idiot I clicked on it and all he-- broke loose. I now don't have access to use any of the following on my computer: Safe Mode, System Restore, Spybot Search and Destroy, AVG, Super Antispyware, or Ccleaner. If I hit F8 after rebooting the computer, it takes me to the black screen where I can choose Safe Mode. Once there, I pick safe mode and it brings me back to the same black screen over and over again. When I try to do system restore, it says it's disabled by group policy. I've searched high and low to try to fix the System Restore problem and it just won't let me. Can someone please help me? I'm going crazy over here. Thanks so much.
 

A:Fake youtube link gave me a virus, disabled spyware/malware/anti-virus

Hello again.

I have realized that I have this lingering around somewhere in my computer. $McRebootA5E6DEAA56$

Would anyone be able to tell me how I go about trying to find out in which folder this is at? I found this running when I entered msconfig on the Run field.
 

Read other 1 answers
RELEVANCY SCORE 123.6

This morning, my mom told me to look at her computer because there was something wrong with it. After an hour or so of looking at it, this is what learned:
There's an "Anti-virus" program installed on her laptop that makes claims of fake infections and attempts to lure the user into purchasing the full version of this so-called anti-virus program.

She uses AVG Free edition as her actual anti-virus. This new program (further to be called the "infection") wont allow me to open AVG.

The infection also redirects Internet Explorer to a page that says the following:
Internet Explorer alert. Visiting this site may pose a security threat to your system!
...
Things you can do:
Get a copy of 'Win 7 Security 2011' to safguard your PC while surfing the web (RECOMMENDED)
Run a spyware, virus and malware scan
Continue surfing without any security measures (DANGEROUS)Click to expand...

Upon looking into the running processes, I found something I've never seen before. An entry called "ugg.exe" and the description of which is "Gpg4win: The GNU Privacy Guard and Tools for Windows"
When this process is ended, the taskbar popups cease and any "Win 7 Security 2011" windows close. However, an attempt to run IE or AVG restarts this process and puts us back at square one.

Trying to open the file location of the "ugg.exe" file, it brings me to the AppData\Local\ folder, however, there is no such file in that locati... Read more

A:"Win 7 Security 2011" Fake anti-virus program

Read other 7 answers
RELEVANCY SCORE 123.6

Hi, I've been having problems on my computer with ads and anti-virus pop ups and now some kuykwyey.sys and it's opening my browsers and slowing my computer down. I can't get rid of it and I'm having a hard time cleaning this up. Any help would be fantastic.

Here's my HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:38 PM, on 11/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOW... Read more

A:Anti-Virus Doctor and fake Microsoft virus scanner

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 12 answers
RELEVANCY SCORE 123.6

The program says it is removing the problem however the virus keeps coming back. It was run in safe mode.
AVG 8.0 Anti-Virus command line scanner
Copyright © 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.10.9/1900 2009-01-18

C:\WINDOWS\system32\ezodsp.dll Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\efcBsPGa.dll Trojan horse Vundo.DM Object was moved to Virus Vault.
C:\WINDOWS\system32\winlogon.exe (588) Trojan horse Vundo.DO Object was moved to Virus Vault.
C:\WINDOWS\system32\ssqPgEtu.dll Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\WINDOWS\system32\lsass.exe (672) Trojan horse Generic12.AWPU Object was moved to Virus Vault.
C:\26c2d1535b56d242cf2bfb61228a81\msxml4-KB927978-enu.log Locked file. Not tested.
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Christine\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Christine&... Read more

A:Antivirus 2009 Fake Anti-Virus Trojan Virus

Let's try a different scanner--------------------The process of cleaning your computer may require temporarily disabliling some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click ... Read more

Read other 1 answers
RELEVANCY SCORE 122.4

Hello, my name is Jake, and just last night I somehow acquired a fake anti-virus called XP Anti-Spyware. I cannot seem to get rid of it, it closes down Internet Explorer, and refuses to allow me to run McAfee or Malwarebytes Anti-Malware. I just ran HiJackThis and clicked "SCAN", the following are the logs from the scan results. I will post the first half of the log in this post, then the second half immediately following, please help:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:24:59 PM, on 3/24/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17095)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acronis\BackupServer\backupserver.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService�... Read more

A:Can't Get Rid of XP Anti-Spyware Fake Anti-Virus

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

Read other 3 answers
RELEVANCY SCORE 122.4

** DDS.txt **
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19048
Run by Ram Balakumar at 10:30:37 on 2011-05-21
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.2045.760 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\s... Read more

A:Virus/Pop ups - Vista Anti-Virus 2011

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Due to the restrictions on Vista, all tools should be started by right-click > Run as Administrator

------------------------------------------------------

It appears that you have two antivirus programs installed and running, McAfee and MS Security Essentials. While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs. Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is import... Read more

Read other 13 answers
RELEVANCY SCORE 120.4

Hi Guys,

My mother had a virus on her laptop where a fake anti-virus software called Security Tool kept opening pop ups telling her she had all sorts of trojan horses & viruses on her computer. I managed to stop the pop-ups but the computer is still infected.

I have tried using MalwareBytes to remove the virus as a few articles recommend this software. However I cannot even run a scan using MalwareBytes, it installs and opens (this was after I changed the .exe filename) then when I click scan it closes after about 2 seconds. So I looked up various fixes for this aswell and none have worked....I am literally running out of things to do!! Unfortunately I do not have a boot disc but any help would be greatly appreciated.



=========================================================




DDS (Ver_10-03-17.01) - NTFSx86
Run by Vonny at 23:49:35.09 on 27/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.499 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
... Read more

A:Fake Anti-Virus Software Virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

If you have trouble running ComboFix in Normal Mode, run it in Safe Mode with Networking: Restart your computer.
After hearing your computer beep once durin... Read more

Read other 5 answers
RELEVANCY SCORE 120.4

Hi there,I'm having a lot of trouble which I recently obtained on my computer. Whilst visiting a cinema's website in Google Chrome (www.hoyts.com.au) and doing nothing else on my computer, I received a popup from my taskbar saying:"Windows Security Alert: Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."Immediately after, an icon came in my taskbar of a red and yellow sheld with a green stripe running through it, and a fake antivirus program popped up, labelled "Antivirus Action". It started performing a "scan" of my computer. I immediately tried closing everything that came up, turned off my internet and went straight to AVG and Malwarebytes to see if there was anything I could do. Upon trying to open AVG, I received the following error message:Title: Security WarningMessage: "Application cannot be executed. The file avgui.exe is infected. Do you want to activate your antivirus software now?"Options: Yes or NoClicking Yes attempts to open the following URL in Internet Explorer: http://antispyroad.net/shop?abc=cGdpZD03JnI90C4xClicking No closes the pop-up, but then continues another fake scan in the toolbar.The exact same thing happened when trying to open Malwarebytes, as well as Google Chrome, Mozilla Firefox and Internet Explorer.I am now on another computer and have ... Read more

A:Infected with fake anti-virus virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 119.6

Camera Wizard not poping up after removing Total Security/Antivirus Pro_2010 I have a PC with Windows XP SP3 with Avast, SuperAnti-Spyware and MBAM while browsing I got a yellow virus warning (something win32 I believe) from Avast pop up near the bottom tray and within seconds the Total Security pop-ups started. My PC slowed to a stop so I rebooted and saw that Antivirus Pro_2010 had installed itself on my PC. All my Anti Virus programs would not start (ie MBAM) so I ended up following forums to end some processes, delete some .dll files that were known to be malicious and rename the .exe's to get Anti Virus programs to run. I installed and used AVG which found a couple things. Then I used ComboFix, and finally I got MBAM to run which found a good 40+ trojans etc. I believe I got the virus off but I tried to restore to before I got the virus but was unable to. I have since run scans with MBAM and SuperAnti-Spyware which have found nothing. Avast also finds nothing but it has a list of 44 files (mostly in WINDOWS\ folder with the last path part of file doubled) that it is unable to scan: because "The system cannot find the specified path". When I look on my C: drive and follow the file path, the second to last part is always missing (ie. WINDOWS\addins\addins) addins is not there. When I plug in my camera, the camera wizard does not pop up anymore as it use to before I had and removed the virus. I also saw on the unscanable list that there was a WINDOWS\Connecti... Read more

A:Help to remove Total Security and Anti-Virus Pro_2010 rogue anti-virus programs

Can someone please help me?
 

Read other 1 answers
RELEVANCY SCORE 119.2

My anti-virus said it removed a trojan. When I restarted my computer my anti-virus was turned off and it won't turn back on. I ran MalwareBytes and I didn't find anything, so I need some help.

A:Anti-virus removed virus now anti-virus won't turn back on.

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 11 answers
RELEVANCY SCORE 118

Hi all,
I recently cleaned my computer, or so i thought, from the XP Anti-Virus 2011 virus, and I think i may have deleted something i should'nt have. Now i am unable to open any .exe and i was wondering if anyone knew how or if i can get this fixed. I was recently told I am still infected but I am not sure. I get an error when I try to open most things on my computer, including Internet Explorer, that says, "File does not have a program associated with it for performing this action". Any help would be greatly appreciated.
Thanks in advance,
Cassius

A:XP Anti-Virus 2011 virus

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------


Quote:




I get an error when I try to open most things on my computer




What applications can you open? Can you open regedit? Give as much info as possible on what you can run.

Where you able to run rstrui.com as per CCT's instructions? Do you have available restore points?

What OS are you running? Service Packs?

------------------------------------------------------

Are you able to run any of the tools here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 116.4

I only noticed this when I tried to update my Windows Live Messenger, and the Microsoft website wouldn't open on Safari or IE. I tried downloading new anti-virus software like Norton, but none of their sites would open either. I Googled a bit, and lo and behold, I'm not the only one to have this kind of problem. I saw a post on this website (although the thread had closed) that was strikingly similar, so I thought I'd ask for help too. So pleeeeeease, please help me! X3
I understand I need to post a HijackThis log, so here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:22:59, on 07/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDO... Read more

A:Anti-virus software won't scan, well-known anti-virus sites won't open.

It looks like the virus has got wise to THIS website too, because it no longer opens unless I use a proxy server. PLEASE help me, someone... I need to be able to use my internet banking without worrying that this stupid virus has got me keylogged or something! Please, please PLEASE help me.

~ Seras
 

Read other 2 answers
RELEVANCY SCORE 116.4

I did a bonehead move of installing PC tools anti-virus before uninstalling vipre on my wife who's out of town. The kids infected it playing flash games. long story short, Her Gateway (win7 home premium) is on a a start-up loop. All I can get to work with a recovery disk is get into the DOS prompt by the shift+F10 at the recovery screen. Is there any way I can fix this with regedit or in a DOS prompt?

If it helps, here's the startup Repair Log:

Problem signature:
Praoblem Event Name: StartupRepairOffline
Problem signature01: 6.1.7600.16385
Problem signature02: 6.1.7600.16385
Problem signature03: unkown
Problem signature04: 21200785
Problem signature05: AutoFailover
Problem signature06: 5
Problem signature07: 0x19
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

A:BSOD 00x50 vipre anti-virus conflicting with new anti-virus

So to summarize, You messed up the wife's PC and your trying to fix it before she gets back, but if you don't the kids are getting it?

Just messing

Can you boot into safe mode? press f8 while the PC is booting up, select safe mode and see if you can uninstall that software.

Read other 9 answers
RELEVANCY SCORE 116.4

i just bought new pc and installed XP SP2.when i try to install avast anti-virus,its window closes automatically.Then i try to install kaspersky anti-virus,but again the same problem. Then i figured out that i cant even acces my registry,task manager and hidden files.So i installed remove restrictions tool. It solved the registry,task manager and hidden files problem.But i still cant install any anti-virus.i performed the registry check by using Uniblue registry booster.It shows many errors.I removed them all.But still cant install anti-virus. I cant even boot into the safe mode,it restarts whenever i try to boot it into safe mode.I cant install the windows again bcoz i dont have any CD/DVD ROM drive or floppy drive.......Please help me with this.......heres my HIJACKTHIS log...............................

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:50 PM, on 3/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\sys... Read more

A:cant install any anti-virus....anti-virus window closes automatically

Hello and Welcome to TSF.

We no longer use HijackThis as our initial analysis tool.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 116.4

hi there

i installed a program called system security (a hoax anti-virus program) and it made my computer act "funky".
a friend of mine deleted the program for me, but now my browser can't enter anti-virus programs, so my computer is almost defenseless.

i tried with several browsers: IE7, Firefox, Opera and Chrome and none of them works.
i even uninstalled opera to see if that could help, but it didn't.

the webpages i can't enter are:
WWW.bitdefender.com
free.avg.com
WWW.symantec.com
WWW.pandasecurity.com
i managed to get hold of bit defender and i installed it. but it won't scan my computer don't know why, just tells me scan couldn't be launched, and it wont update because it can't get hold on the bit defender server

please help me

ps. my computer runs on Windows XP

A:can't enter anti-virus webpages

Hello and welcome. I am moving this to the Am I Infected forum as I do not feel you have removed it..Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives se... Read more

Read other 1 answers
RELEVANCY SCORE 116

hi,

was in the middle of browsing last night and got hit with this virus. a screen popped up and said my computer was infected and to scan my drives. at the same time, it shut down chrome and my ad-aware watch popped up and said started a live scan. I let ad-aware finish, restarted my computer, and I got the same fake antivirus pop ups as before. ad-aware started again in the background. I let it finish again and restarted again, and the same process happened. this is the popup I get after I restart:


it also turns my desktop white after I click OK.

I stopped the scan and tried to open chrome, firefox, IE, nothing works. sometimes they won't even open (and a popup will say that the file is infected) and sometimes it will open but will not display any websites; the browser just remains white or gives me a "this webpage cannot be displayed" general error.

I tried to open add/remove programs and nothing shows up (the window opens but I do not get a list of programs, the area is just white).

I was able to save GMER and DDS to a flash drive and ran them from the desktop.

during my GMER scan I had periodic popups saying my files were infected and that a scan would begin (which of course it didn't). eventually the pop ups stopped but all 3 browsers still don't work.

also, regarding the GMER scan, I have two hard drives, C: and F: (not partitioned, 2 actual drives). I unchecked F and left C checked. while the main drive is C, most of my actual file... Read more

A:virus prompting me to install fake anti-virus software.. "Worm.Win32.Netsky"

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 15 answers
RELEVANCY SCORE 116

I have a nasty little virus on my pc thats causing my browsers to be hijacked, popups,error messages and its causing my computer to run sluggishly, any help would be greatly appreciated!
Logfile of HijackThis v1.99.1
Scan saved at 2:47:04 AM, on 5/25/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Micro Innovations\Optical Scroll\mouse32a.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre... Read more

A:XP anti-virus 2011..need help

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 3 answers
RELEVANCY SCORE 116

My computer was infected with xp anti-virus 2011, I began to follow a removal procedure online only to realize that it was specific to one person's machine. here is what i did ran WiNlOgOn.exeran combofix internet was disabled, combofix didn't install recovery console allowed combofix to run all the way throughran combofix again. my computer is now usable again but it sounds like the removal is most likely not complete your help is greatly appreciatedPlease follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Then post your DDS and GMER logs as a reply to this topic. Once you have done that I will remove my reply and consolidate the posts so that you retain your correct place in the queue.If you can produce at least some of the logs, then please explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Thank you!DDS (Ver_11-03-05.01) - NTFSx86 Run by ADMIN at 20:54:53.15 on Mon 04/18/2011Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.518 [GMT -4:00]..============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvcho... Read more

A:xp anti-virus 2011

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 116

but windows security alert won't go away because automatic updates won't go on and i can't access windows update website.Here our some logs that orange blossom requested i make...DDS log.DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Run by Beto at 15:44:06 on 2011-05-27Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1183 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* .============== Running Processes ===============.C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k AkamaiC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\arservice.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\P... Read more

A:XP Anti-Virus 2011

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 16 answers
RELEVANCY SCORE 116

It seems that I have this virus. I ran the Microsoft Malicious Software Removal Tool and it removed 7 malware items. My computer now opens up a list of programs when I try to execute any .exe program

What do I do now:

A:XP Anti Virus 2011

I suggest that you read this sticky: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
Follow the directions and post a new topic here:
Virus/Trojan/Spyware Help - Tech Support Forum

Read other 3 answers
RELEVANCY SCORE 116

Successfully defeated this bugger on a "Public" work computer......

Somewhat of a rascal......
 

A:XP anti-virus 2011

Read other 9 answers
RELEVANCY SCORE 116

...But the my computer hasn't been the same and now the windows security alert won't go away, can someone give me some help?

Thanks in advance

A:XP Anti-Virus 2011

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 116

I have spent the last 5 hours trying to rid myself of this XP Anti-Virus 2011 on my Windows XP SP 2. I've done it before, only thing is, this one won't let me get on the internet at all; it prevents me from starting any .exe . No warning window comes up or anything, the hourglass by my mouse appears, disappears, and another instance of "mft.exe" starts running.

I've tried as many of the cures I've been able to find on this site and others: I've run rkill and Malwarebytes from Safe Mode as Administrator when it worked--now I can't even run .exe's in that without the fake anti-virus windows popping up and stopping my programs. I've got logs from both rkill and Malwarebytes, they both found registry errors and said they fixed them, but when I restart, it's inevitably back. I've tried FixExe and RogueKiller as well.

Every now and then, when I would try to End Process mft.exe in the Task Manager, a window would come up which said, "Unable to terminate Process. The operation could not be completed. The operation is not valid for this process."

As I've said, this virus is really annoying; any help would be greatly appreciated, thanks!

Edit: almost forgot, I have a working laptop that I've been downloading files (rkill, etc) onto a USB drive from and transferring them to my desktop, the infected one

Edit 2: Wouldn't you know, the last thing I decided to try before I went to bed worked: Downloaded ExeHel... Read more

A:XP Anti-Virus 2011

Hello.

Glad to hear you resolved your issue. Is everything still working normally?

~Blade

Read other 1 answers
RELEVANCY SCORE 116

I have successfully removed the virus before but now it has come back. I forgot on how I did it so I am coming here for help. It is currently happening on my other computer which has Windows Xp. I need help :S

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Owner at 20:45:19.18 on 09/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.191 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WIND... Read more

A:xp Anti Virus 2011

Let's use another set of tools.

Step 1.
OTL-scan:
Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Standard Output.
Underneath the option Extra Registry change it to Use SafeList.
Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, Use No-Company Name WhiteList, LOP Check, Purity Check.
Under the Custom Scan box paste this in
netsvcs
msconfig
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%USERSPROFILE%\Application Data\*.
%USERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.



Step 2.
aswMBR-scan:


Download aswMBR.exe ( 511KB ) to your desktop. ... Read more

Read other 7 answers
RELEVANCY SCORE 116

http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011after doing this in safe modewscntfy.exe is in my tray it tells me automatic updates are turned off, I go to ctrl panel to automatic updates, turn it on to download and install updates automatically, click apply, then ok.the wscntfy.exe is still in my tray, is my wscntfy.exe infected?here is my thread on annoyances.org:http://www.annoyances.org/exec/forum/winxp/1303542753EDIT: Member advised to post here at BC ~ Hamluis.should i go through this?http://support.microsoft.com/kb/315353http://pcbutts1.com/downloads/tools/tools.htmMicrosoftFixit50202.exe - tried installing this, had error saying Windows Installer is broken?????-r

A:xp anti-virus 2011

Let's try to kill this file wscntfy.exeAs you have run MBAM..let's use MBAM's FileAssassin feature.Open MBAM again.Click the More Tools tab and then the Run Tool buttonNow browse to the file(s) we want to remove using the drop down box next to Look in: at the top.Locate the file(s), click Open.You will be prompted with a message warning: This file will be permanently deleted. Are you sure you want to continue?. Click Yes.If removal did not require a reboot, you will receive a message indicating the file was deleted successfully, however, I recommend you reboot anyway.Caution: Be careful what you delete. FileAssassin is a powerful program, designed to move highly persistent files. Using it incorrectly could lead to disastrous problems with your operating system.

Read other 3 answers
RELEVANCY SCORE 116

I've tried running Malwarebytes and it removed some stuff, but the security shield is still on my bottom taskbar and keeps opening to try to get me to buy xp security center.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Fred at 6:56:31.45 on Sun 05/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.957 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdqcoms.exe
C:\Program Files\Common Files\Mcaf... Read more

A:XP Anti-Virus 2011

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 3 answers
RELEVANCY SCORE 116

I ran the combofix. here is the log of the activity. will someone be responding? Thanks.

ComboFix 11-04-07.08 - Alison 04/08/2011 13:11:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.777 [GMT -4:00]
Running from: c:\documents and settings\Alison\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Alison\Local Settings\Application Data\dth.exe
c:\documents and settings\Alison\Recent\Thumbs.db
c:\documents and settings\Alison\WINDOWS
c:\documents and settings\Emi.NOTEBOOK.058\GoToAssistDownloadHelper.exe
c:\documents and settings\Emi\WINDOWS
c:\documents and settings\Leif Street\Local Settings\Temporary Internet Files\temp.cab
c:\documents and settings\Leif Street\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((( Files Created from 2011-03-08 to 2011-04-08 )))))))))))))))))))))))))))))))
.
.
2011-04-08 17:29 . 2011-04-08 17:29 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Iden... Read more

A:xp anti-virus 2011

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 2 answers