Over 1 million tech questions and answers.

Browser Problems & Rootkit Virus

Q: Browser Problems & Rootkit Virus

I bought a laptop last week from the dell outlet and installed Avast and Comodo on Sunday.

Itís a Vostro 1500 Vista Business 1.4ghz Core Duo.

Monday Avast found these viruses in my laptop.

WIN32:FASEC TRJ - C/WINDOWS/SYSTEM

WIN32:FABOT - C/WINDOWS/TEMP

WIN32 ROOTKIT-GEN

WIN32: TROJAN GEN
I quarantined them and then deleted all of them except the Win32: Trojan as I have heard this is difficult to get rid of. I then immunized via avast.
I now know the rootkit is a nasty one aswell as it grants the hacker access to my admin rights on my laptop. After deleting I now know it is still present because I cannot search google properly as it does not direct me to the webpage I want. And it will not let me have access to my home hub to change my router password.
Ive scanned my pc with various different software now which includes, Unhackme, Spybot, Adaware, and I ran scans last night on avast in safe mode and via the boot sequence and it still did not find it.
Do you have any ideas on what to do next please?
Someone has mentioned to install AVG and then scan, see if it finds and then delete it and then switch system restore off and then reboot. If that fails to do a system restore to when I think it was not there, then scan with AVG and then if it is there delete it and then switch off system restore and then reboot again also.

Sorry for this being such a long read, really hope you can help or point me in the right direction.

RELEVANCY SCORE 200
Preferred Solution: Browser Problems & Rootkit Virus

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Browser Problems & Rootkit Virus

Anyone...

Think my problem could something similiar i just read which was resolved. As my google links are directing me elsewhere...

http://forums.techguy.org/malware-r...587195-solved-google-links-redirect-many.html

Read other 1 answers
RELEVANCY SCORE 54.4

Hello - I'm hoping someone can help me.

I seem to have a browser redirect virus. When I search with Google and click on a result, I get redirected to random websites. Just before the random website appears I see "www.co.uk" in my address bar.

I've run Malwarebytes, TDSSkiller, ESET etc. While Malwarebytes did detect and remove some Trojans, none detect anything now as far as I can see or solve my problem. If I use ATFcleaner and then AVAST aswMBR, the problem does go away. But it reappears when I reboot. I've booted up in safe mode and run ATFcleaner and aswMBR but when booting up afterwards in normal mode the problem recurs.

I've checked my hosts file which appears to be fine. I've rewritten my MBR but that hasn't helped. And I've reset my router which appears to be running properly without any problems.

Two things to note. (1) I have Virgin Media as my home page and when I search using the Google toolbar embedded in the homepage I don't ever get redirected when clicking on search results. (2) The log for aswMBR highlights this entry in yellow:

"\Driver\atapi[0x8aa5d158] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0xf76388b4]"

I don't know if this means there might be a problem with my atapi.sys file.

I'm running an old Dell Dimension 8300 with Windows XP SP3, IE8 as my browser and Virgin Media Security as my antivirus (Radialpoint I believe).

While I can work around this probl... Read more

A:Browser redirect virus rootkit?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 16 answers
RELEVANCY SCORE 54.4

On my wife's Windows XP Pro machine, she began to have problems with her browser a couple of days ago. When she clicked on a search result in google it would redirect her to a random website. Unfortunately, her Malwarebytes Antimalware protection was not enabled for some reason and when I activated it began to get warning popups stating that info was going to certain ip addresses and it was being blocked. Example IP addresses include 206.161.121.3, 208.73.210.29, 78.41.203.124 and others. Ran a quick scan with MBAM and got rid of a couple of things which I don't remember. Also ran a scan with Microsoft Security Essentials which was negative as well. I was instructed to run DDS and then Combofix on another forum but have not gotten any response yet. The behavior continues with the redirects although the IP problem seems to have gone away for now.

Thanks
Kelly

A:Browser redirect virus or rootkit?

If you have run Combo and DDS then we also will need those logs.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.Skip the GMER step and instead post the ComboFix log you have.Let me know if that went well.

Read other 3 answers
RELEVANCY SCORE 54.4

Hey everyone. I'm just trying to get down to the bottom of why my PC has been acting funny. Browsers are redirecting, and some other funny things are showing. I ran ComboFix and included my log below. If any kind person could give me a hand at getting my PC clean again I will greatly appreciate it. Thanks!
 ComboFix.txt   21.66KB
  0 downloads

A:Browser Hijack/Rootkit Virus

Just realized I didn't attach my ComboFix file. Can anyone tell me what's wrong in my file?

Read other 18 answers
RELEVANCY SCORE 54.4

On my wife's Windows XP Pro machine, she began to have problems with her browser a couple of days ago. When she clicked on a search result in google it would redirect her to a random website. Unfortunately, her Malwarebytes Antimalware protection was not enabled for some reason and when I activated it began to get warning popups stating that info was going to certain ip addresses and it was being blocked. Example IP addresses include 206.161.121.3, 208.73.210.29, 78.41.203.124 and others. Ran a quick scan with MBAM and got rid of a couple of things which I don't remember. Also ran a scan with Microsoft Security Essentials which was negative as well. I was instructed to run DDS and then Combofix on another forum but have not gotten any response yet. The behavior continues with the redirects although the IP problem seems to have gone away for now.

First DDS log and Combofix log follows; then another DDS log after Combofix. Was instructed to skip GMER.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Sarah at 14:24:30 on 2012-07-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1527 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WIN... Read more

A:Browser redirect virus or rootkit

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 1 answers
RELEVANCY SCORE 53.6

Happy Holidays!
Hoping someone can help me out. It looks like my HP Netbook got infected with a nasty virus or rootkit after loaning it to my cousin for a day.

Here's the details:

- HARDWARE: HP Netbook / WinXP & SP3 / 1.60GHz Intel Atom / 1GB RAM / Windows IE v7
- Symptoms: - Most of my Google Search Result links gets redirected to other affiliate sponsored landing pages
- Some of my Yahoo & Bing Search Result links also gets redirected
- Sometimes new browser windows are opened with random affiliate sponsored landing pages

I am somewhat computer saavy so I have already read through most of the other posts in regards to Google Search Link Hijacks and have already done the following:

- Scanned with Malwarebytes' Anti-Malware (latest version / definitions on 12/01/2010) / rebooted afterwards.
- Scanned with Spybot - Search & Destroy (latest version / definitions on 12/01/2010) / rebooted afterwards.
- Scanned with SUPERAntiSpyware (latest version / definitions on 12/01/2010) / rebooted afterwards.
- Scanned with Ad-Aware (latest version / definitions on 12/02/2010) / rebooted afterwards.

I also looked at the Hosts file.. it was clean with just the XP default setting (127.0.0.1 / localhost). I also looked at the previous backup versions but did not see any third-party additions either.

I also have scanned my netbook with the following Anti-Rootkit tools:

- First I used "Defogger" to t... Read more

A:Sneaky Browser Redirect Virus / Rootkit

While waiting your reply and assistance, I went ahead and did the following:

Ran the following utilities:

1) TDSSKiller.2.4.10.1 => No Infections Found (log attached)
2) Rootkit Unhooker LE v3.8.388.590 SR2 => No Infections Found (log attached)
3) MBRCheck v1.2.3 => Found an unknown MBR type.. tried to reset the MBR twice but does not change.
Here is the MBR Check comments:
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHS082HB
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: BBF289AC40BA09F2CC1797655D4799D2AB148CB5

I will now scan my system using the ESET Online tool (http://www.eset.com/online-scanner) and will
attach that report along with a new DSS report log.

Looking forward to your reply and assistance.

Phil

PS.. I will attach the Unhook Util log when I get back from dinner tonight.

Read other 35 answers
RELEVANCY SCORE 53.6

Hello and thank you for looking into my problem. Here's my computer issue: I run Windows XP Home edition 32 bit on my laptop made by a local computer store "Micro-vision". I have a browser redirect and pop-up problem that surfaced after I was alerted to a problem on one of the websites I oversee (details below). I am not sure whether this is the direct cause of the issues, but it seems likely. Google Chrome, Internet Explorer and Firefox (my main browser) are all affected when I try to access links on Google. The pop ups and redirects are sporadic, but many of the pages contain threats that AVG reports it blocks.I have tried:AVGMalware Bytes Anti MalwareHitmanPro 3.5.6TDSS KillerSUPERAnti SpywareAd AwareSpybot Search and DestroyCCleanerMicrosoft Security EssentialsCleanup!ComboFix.exe (I did this on the advice of a friend of mine, but it didn't do a thing)MGTools.exeRootRepealDisk CheckTrojanRemoverNone of these find anything wrong with my computer except Hitman Pro, which blithely mentions that "Possible variant of the TDL3 (alias Alureon) rootkit detected: The device stack of the hard disk is referencing a hidden driver. This could affect the detection of malicious files."but doesn't clean it or offer advice on how.I followed the instructions on your Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, but could not get GMER to run successfully - it crashed my computer even in Safe Mode and I was not able to g... Read more

A:Possible Alureon Rootkit Virus Redirecting My Browser

Okay, that's it. I don't know what's going on with this computer, but it's definitely trying to screw with my posting abilities. Apologies.

Read other 52 answers
RELEVANCY SCORE 53.6

Greetings.My laptop has become infected with a browser redirect rootkit/virus beginning around early July, 2010. Initially, google search results would redirect to "ads.doubleclick.google". Then the browser began redirecting to "supersearchweb.org".I have Panda antivirus running on the machine and have run the latest version of Windows Malicious Software Removal, Malwarebytes, UnHackMe, and HitManPro all to no avail. In attempting to generate a gmer log, the laptop goes to bluescreen and reboots (I was unable to see the error that occurred during the reboot). DDS Log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Paul at 11:54:18.06 on Fri 09/03/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.1014.362 [GMT -4:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalSer... Read more

A:Infected with browser redirect rootkit/virus

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Sa... Read more

Read other 16 answers
RELEVANCY SCORE 53.2

I am running Windows XP SP3, with IE7.

About 6 days ago, I noticed that, intermittently, when I clicked on a link within a search engine, I would be redirected to a totally irrelevant website (usually running some promotion). Overall, the system was running probably 30-40% slower by my estimation.

I immediately ran Windows Update, but there were no outstanding patches etc. I then updated my A/V (Symantec A/V 10.0 Corporate), did the same with Spybot 6.2 as well as Defender. I ran full scans with these, but nothing was reported.

I then proceeded to run Sophos Anti-Rootkit, but again, nothing was reported. Despite this, I kept going. I looked up "google redirect virus", and decided to investigate some relevant registry keys. However, when I tried to run Regedit from the Run menu, the desktop seemed to stall momentarily, before recovering, but there was no sign of Regedit.

At this point, I went to Kaspersky's website and ran their online scanner. Again, nothing reported. The same thing happened after running McAfee's online scanner.

Other programs I tried were Malwarebyte's scanner, as well as Gmer, Rootkit Hook Analyzer, RUBotted and McAfee's Rootkit Detective - nothing reported. Note that I had to rename Gmer, otherwise it would not run at all.

I then uninstalled Symantec's A/V and installed TrendMicro's PCCillin and ran a full scan. It managed to report some changes to the LMHosts file, and removed the offending entries. However, the same behaviour continued.
... Read more

A:Help! Unidentified rootkit or virus, browser redirects, slow PC

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply.] Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work. Tell me about problems or symptoms that occur during the fix. Do not run any other programs or open any other windows while doing a fix. Ask any questions that yo... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

My wife's computer is infected. When I type in a URL directly or run a search on IE or Safari browser, a pop-up advertisement or website appears (including Pornhub). AVG was always running. Tried Stopzilla & Malwarebytes to scan and remove without success. Also receive pop-up warnings about "Genetic Host Process for Win32 Systems". Sometimes desktop icons disappear as well. Finally tried System restore back to 11/15, before problem started occurring.

As requested, created DSS & GMER logs (see attached) and DSS is pasted below. Could really use your help. Thank you!!!

Michael

DDS (Ver_10-12-12.02) - NTFSx86
Run by Lisa at 20:54:50.29 on Sun 12/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1191 [GMT -7:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
... Read more

A:Browser redirect virus - TDL4 rootkit infection

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for post... Read more

Read other 2 answers
RELEVANCY SCORE 53.2

Malware problems started with 100%CPU usage. Removed McAfee AV, Installed Norton Security suite, got message Tidserv blocked. Currently blocked from Microsoft support sites and cannot do windows updates. Did a Combofix before reading how to use this forum. Sorry! Finally read how to post and here I am. Below is DDS.txt report. Attached is attach.txt and ark.txt. Would appreciated help with cleanup so I can move on to updating windows. Thx. DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 14:10:14.28 on Tue 09/21/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.451 [GMT -7:00]AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\RamSoft\PowerReader4\CacheServers\LocalCache20040713201\prcacheservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exeC:\W... Read more

A:Infected w Rootkit virus/Browser redirect/Tidserv

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 16 answers
RELEVANCY SCORE 52.4

I noticed my Google searches were getting hijacked/redirected. The issue occurs with Firefox 3.6x as well as Internet Explorer 8.x. I am running WinXP.

I have MSE as my antivirus. It is scanning without catching or noting any problems.

I ran MBAM and it caught and resolved several items: Rogue.SecuritySuite, Trojan.FakeAlert.Gen, Spyware.Passwords.XGen, Rootkit.TDSS.Gen, Spyware.Passwords.XGen.

However, even after MBAM did its clean up and ran again clean, the hijack/redirect issues continue.

I tried running TDSSKiller but it only gets to 80% then errors out.

IMPORTANT: I ran GMER overnite. It was taking a very long while. When I returned to my computer this morning, a window with "WARNING!!!" and an OK button was on screen, but as soon as I moved the mouse, the computer Blue Screened and restarted. And so, I'm unable to provide a GMER scan File here. Please advise if I should do something else to get it.

I appreciate any help you can provide.

Here are my DDS logs.

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by USER at 15:17:53.90 on 04/22/11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.604 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ======... Read more

A:Browser search hijacks/redirects virus, possible TDL3 rootkit

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 17 answers
RELEVANCY SCORE 52.4

Hi,

I had the Antivirus Scan rogue in my Dell laptop with Windows Vista and I removed it with Malwarebytes, Superantispyware, and Microsoft Security Essentials, in that order. My internet was still not connecting so I changed the internet settings to No Proxy and it connected but the website redirecting was still present. I then removed hosts other than the only one that belong (which ddn't solve the problem), deleted Mozilla Firefox (but kept the bookmarks and preferences for reinstallation), and used TDSSkiller to remove a suspected rootkit. I followed with the Combofix installation on my USB but I didn't know of the instructions to only use it when supervised and to save it to the desktop at that time. Now, I'm concerned with Combofix and its effects on my laptop since it was executed from the USB and I am still not sure if the original problem was solved.

Below is the Combofix log. Thanks for the help!

ComboFix 10-12-28.03 - Li Lin 12/29/2010 9:13.1.2 - x86
Microsoft? Windows Vista? Home Basic 6.0.6001.1.1252.1.1033.18.2037.951 [GMT -5:00]
Running from: F:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\Google
c:\windows\system32\logs
c:\windows\system32\logs\{F9919BFD-243D-47D7-8423-58562B2A0057}.log
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll

.
(((((((((((((... Read more

A:Rogue, Rootkit, Web browser hijacking, Google redirect, and Combofix PROBLEMS

Hello, jess89Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.If you do not make a reply in 4-5 days, we will have to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested ... Read more

Read other 2 answers
RELEVANCY SCORE 52

Hello
 
Thank you for assisting me with this issue.  Yesterday, My IBM Thinkcentre M51 desktop became infected.  I was on trusted, legitimae websites, google, yahoo, and youtube.  While watching a Frank Sinatra video I noticed background voices and advertisements. 
 
Shortly after Windows has booted, there several browser.exe processes running.  At one time more than 10 browser.exe processes are running.  Also serachprotection.exe is running.  The minute browser.exe runs, advertisments are heard.
 
There are background voices and advertisements occuring while every program is closed.  What is causing this?  How do eradicate and remove the infection?  Is this a rootkit, malware or a virus? 
 
Again, thank you for assistance with this malware problem
 
I have attached a DDS log

A:Infected with Browser.exe and teller pale tellerpale virus / rootkit /malware

Hello,please run a FRST scan and post the logs.(If possible paste the contents of the logs into the thread and don't attach them. Thank you.)Please download Farbar Recovery Scan Tool and save it to your Desktop.Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 17 answers
RELEVANCY SCORE 50

im using AVG 8.5
here is the log doc from trend micro hijackthis ,Im not really sure what all this is and while anyone would bother to help but i would greatly appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:32:00 PM, on 3/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files\802.11 Wireless LAN\802.11n Wireless CardBus & PCI Adapter HW.16\WlanCU.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
C:\Program Files (x86)\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files (x86)\AIM6\aolsoftware.exe
C:\Program Files (x86)\AVG\AVG8\avgui.exe
C:\hp\kbd\kbd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/sv... Read more

Read other answers
RELEVANCY SCORE 50

Hi, I am new here and so far my pc has been getting worse and worse over time and i don't know the problem avg told me i had a rootkit while other programs told me i had over 200 viruses but no rootkit. This confused me so i am here now.

I could not get a panda active scan to work for me for some reason even when i turned off all of my pop up blockers. All it showed for me when the page popped up was a blank page.

The problem with my pc has been noticed at first during Team Fortress 2 where i noticed lag spikes with no connection to ping or my system. This later became a worst situation when steam told me that my account has been accessed from more than 4 pc's. So i downloaded AVG and it told me that i had a rootkit as a hidden driver named a8ptfs9n.SYS which recently changed its name from something that was along the lines of aei5spt8g.SYS. Also my mcaffee antivirus has been unable to delete cookies/trojans even in safe mode they would always show up again after a restart.


My DSS:
Deckard's System Scanner v20071014.68
Run by **** on 2008-03-19 15:48:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 1 Restore Point(s) --
1: 2008-03-19 20:20:52 UTC - RP390 - Installed Panda ActiveScan


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.54 GiB (less than 15%) free.


-- HijackThis (run as Isa.exe) -------------------------------------------------

Logfil... Read more

Read other answers
RELEVANCY SCORE 49.6

Hi. After reading the TR/Rootkit.Gen2 thread (http://forums.techguy.org/virus-other-malware-removal/virus-othe...tkit-gen2.html) I believe that I may have a similar problem.

I cannot run most exe Programs and Desktop shrotcuts. The system boots to Windows though. Sometimes show a ini something similar not found and many program links show C:\WINDOWS\system32\rundll32.exe- Application not found. I get the menu about Choose the program you want to use to open this file:. If I choose the Firefox shortcut I get that menu then choose Firefox to open it and then it runs fine. IE starts without any menu or error problem. Many of the programs that are supposed to start up on boot do not seem to start.

If I go to My Computer and the folder where a exe file that I want to run is, is still will not run. An example isthat I ried to run HJT but the only place it will run is in the Command Line Safe Boot mode. I have a copy of it as well as one I made back in April if you need it.

Word, Notepad and other programs will not run from their desktop icon but if you click on a doc, txt, jpg or other file the correct program will start and then you can use it as if nothing was wrong.

Well, here are my computer details:
Microsoft Windows XP Pro
Version 5.1 (Build 2600.xpsp_sp3_gdr.101209-1647:Service Pack 3)
3.2 P4, 2gb Ram
Windows Firewall
AVG free 10. 2011 updated
I am using a Fiber LAN at 1m and no router. I am directly plugged in.

I also ran Kaspersky and E... online or free trial and non... Read more

A:Possible Virus or Rootkit Causing Problems

Read other 13 answers
RELEVANCY SCORE 49.6

Hi all
I have a dell 1440 laptop 5 months old and when updating firefox this week could not reopen it after update. It showed icon so reinstalled in and has been showing various viruses through my anivirus software some mentioned rootkits hidden etc. "userinit.exe tried to remove through normal search and destroy etc but now on shut down and start up it takes approx 5-10 mins before booting up? Could not do a back up or restore point it says my back up drive full? Hope you can help. Forgot to say when doing scan the only boxes available for me to check/uncheck were "Services,Registry, files and ADS"
Yes I do have the boot reinstalation discs.


DDS (Ver_09-12-01.01) - NTFSX64
Run by Julie at 15:54:46.69 on Wed 17/03/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.61.1033.18.4093.2142 [GMT 10:00]

AV: AVG Internet Security 3-pack *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Internet Security 3-pack *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.e... Read more

A:Help Computer Virus/Rootkit problems

Hi and welcome

Did Gmer run? If not please try this:

Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
In any case, after the initial scan is complete, click on the Save button, and save the log file somewhere you can easily find it, such as your desktop, and attach it in your reply.

Read other 1 answers
RELEVANCY SCORE 49.2

hello all!

i've got an issue with a friends toshiba satellite pro a300 laptop. It got a nasty virus on it and they ran through malwarebytes anti malware, superantispyware, combofix and sdfix. this has seemed to get rid of the visible parts of whatever the virus was (i never got a chance to see it before these progs were run and my friend isnt very useful at describing the original issue apart from "there were nasty pop-ups!") but the damage caused by the virus has left the pc with an empty network connections, you cant even add new connections, going into device manager comes up blank, event viewer gets an error and wont show anything, i checked services.msc and nearly all the services have been disabled! trying to start any results in anerror saying that plug and play needs to be started but that wont start either!

the anti malware progs that ran all found and removed virus' and problems and i have tried running through dial-a-fix to no avail!

any help would be greatly appreciated, cheers
 

A:nasty rootkit / virus has left more problems

just an addendum to say im trying an xp repair install
 

Read other 1 answers
RELEVANCY SCORE 48.4

Hi!mOle from virus forum was helping me with virus related problems, and he asked me to post here today. On May 4th a MBAM scan found and removed from my ThinkPad XP Pro SP2 Firefox3.5 and IE8:HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.Problem #1On May 12th encountered strange errors e.g.- When shutting down, I'll click Start and then click Turn Off computer. The hour glass comes and stay there for about 6 minutes, then the dialog box with turn off restart etc appears. I'll click Turn Off and the system takes another 6minutes to turn off.Problem #2May 20th, my machine would not boot up properly this morning. It Actually took 3-Hard Reboots and 4-Restarts for me to be able to access the internet i.e. = 72-minutes to get to this point.- 'Taskbar and Startup Menu toolbar' should have 10 icons in it. Each time it would startup/restart it would have only 2 or 3Here is what I noted - the program that needed to "end now" before restart was:- ACWLIcon.exe - User 'SYSTEM'- ACTray. exe - I think the User was 'SYSTEM'- explorer.exe - User I think was 'SYSTEM'- TpShocks.exe - was missing earlier - is now presentSince I've finally been able to log on I have been taking a look at the 'Windows Task Manager Processes' and now all the above have User ... Read more

A:XP Pro SP2 hit by virus /rootkit Booting up problems and shutting down issues

From reading your thread where Mole assisted you, he indicated that hardware is the problem.

System manufacturer and model?

How much RAM installed?

Can you post a screenshot from Disk Management, reflecting all existing partitions?

Have you tried doing a clean install of XP?

Louis

Read other 12 answers
RELEVANCY SCORE 48.4

Merged topics so you retain your place in line. ~ OBHi thereCan't wait to use the forum for a virus problem but Gmer is still running after 24 hours. I have the dds logs but can't stop my usb to get them off the infected computer because Gmer is running and it won't let me remove the usb.Task manager says Gmer is running and the computer is not frozen.Do i stop gmer at this point? Is there another way to get you the logs you need?Running xp sp3 pro.Thanks!

A:tcp/ip driver problems after virus? lingering rootkit? can't get on the internet

I posted eariler that i have problems with running gmer but i guess it was done and I just didn't know?

Anyway...
I ran mbam, super antivirus but still had problems so i went to run kaspersky tool and thought it froze so i did a force restart and now my computer can't get on the internet.
Tried previous restore point, didn't work.
Tried to reset tcp/ip things and registrys but didn't work.
Tried to reinstall tcp/ip protocal but says "Driver not signed" so i tried to replace the tcpip.sys but it just reappears if you delete it which makes me think I still have a virus.
Firewall won't start because it can't start shared services.
An old version of Viper rescue found a couple more infections but no change.

My CD drive also diappeared after the restart but i was able to uninstall and reinstall to get it back without reinstlling a new drivers but i did anyway for good measure.
I really think a virus is jacking with my tcp/ip driver or may be there is a system setting need adjusted? I may try uninstalling more programs.
Can you help?
Thanks in advance!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tiffany at 9:46:51 on 2011-08-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1624 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLa... Read more

Read other 3 answers
RELEVANCY SCORE 48.4

Hi All. I'm hoping someone has some ideas for me........below is a recap of my issue:

Got infected with some malware including, but not limited to a google hijacker.
I was going to use System Restore to get back to a pre-infection state, but the utility would never advance with the 'NEXT' button after selecting a restore point.
After a couple of system reboots, all of my restore points were removed.
Read through the forums and tutorials and ran Malwarebytes and SUPERAnti, which cleaned up the offending malware issues.
System Restore still is not creating restore points and I cannot create one manually.
I get a dialogue box that states "System restore is not able to create a restore point. Please restart the computer, and then run System Restore again." That obviously doesn't work....
I have attempted to reinstall the utility by using the sr.inf install procedures outlined in bertk.mvps.com instructions, but this has not fixed the Restore problem.
Not sure if this is even the right forum, but I don't think it is a malware issue any longer, so I'm trying here first. Any assistance would be greatly appreciated!! thanks.

A:System Restore problems after rootkit virus issues

Have you tried to run Last Known Good Configuration?When the computer is starting repeatedly tap the F8 key, this should take you to the Windows Advanced Options Menu, once this opens click on Last Known Good Configuration (your most recent settings that worked).

Read other 14 answers
RELEVANCY SCORE 48

Ive been having trouble with a very nasty virus/spyware something. So far the only way ive been able to completely remove it is by formatting. I'm pretty sure it keeps reinstalling on me from an external usb drive that Ive tried to clean and get data back from. I'm not entirely sure what it does but the most annoying thing is it messes up my internet and ip addresses, so that Ive had to factory reset my modem and start entirely over with my network. It also seems to make multiple user accounts and changes permissions on some of its important files. And creates a lot of files that are well camouflaged and may have taken information from my pc when creating the file names.

I believe the virus originally was a "windows defender" fake anti-virus, In my trial an error attempts to remove this my self i think i might have crippled it, so that only parts and pieces of the virus install making it very hard to find were exactly the problem is at. Any way I'm eager to learn how to clean this system up and keep it protected so Ive (hopefully) fallowed the instruction and made logs of the nitty gritty any help would be greatly appreciated!

This is just my personal PC. I Have not made a home network per say there is no file sharing but whatever it does to this PC seems to affect any laptops trying to connect wireless to my router.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Co... Read more

Read other answers
RELEVANCY SCORE 48

When I log in, I get a windows security alerts bubble pop up in the corner of my screen. When I type in firefox it just inputs numbers 1-0 in stead of what I type, I have to paste this from a notepad. Also, when I open firefox a second tab opens up trying to sell me a "work from home" business deal to make hundreds. IE has the same problems as FF. Norton eraser finds a threat named "fixzeroacess" but it can not remove it. Malwarebytes anti malware finds 2 threats and asks to restart to remove them. When I scan again there are two different threats and that happens every time I re-scan it. I have a acer laptop with vista on it and I was wondering if anyone can help. I ran GMER but it gave me the blue screen. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Kev at 16:23:55 on 2012-02-23
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.1.1033.18.1789.506 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32... Read more

A:zero access RootKit, windows defender virus, firefox problems

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 39 answers
RELEVANCY SCORE 48

I had the Rootkit.Win32.BackBoot.Gen virus removed it with Rkill and Panda.  Now I am having trouble with windows, Flash Player, Active X Java Script issues apparently and net FrameWork errors.  I want a program that will help restore windows and the Reimage software graphic popped up on the bleepingcomputer site while I was downloading the rkill.  My IT guy uses something called Clarity to restore the Windows registry.  I can’t even find this one listed anywhere no matter the Goggling I do.  Plus he’s busy today re-building my Dell T7500.  Plus I can’t wait on him there are deadlines pursuant to school projects and getting kinds back into schools in the fall.  I use Revit and I am having trouble transacting with their website due apparently to some of these problems.  I also hope for a software fix that does not bring along adware as I have found out the hard way that some of the downloads from CNEt do this.  H   E  L  P.  What about the Reimage verses the others listed on your site  which would be the most helpful?
I am an architect and don’t play the blame game on those who try to help.  If I use something and it doesn’t work it is on me- just grateful for the help.--I thank you in advance.

A:Rootkit.Win32.BackBoot.Gen virus removed-now windows problems

Security Check
§  Download Security Check from here or here and save it to your Desktop.
§  Double-click on SecurityCheck.exe
§  Follow the on-screen instructions.
§  A Notepad document should open automatically called checkup.txt.
§  Please post the content of that document.
 
Farbar Service Scanner
§  Download Farbar Service Scanner.
§  Run it on the computer.
§  Make sure the following options are checked:
o    Internet Services
o    Windows Firewall
o    System Restore
o    Security Center/Action Center
o    Windows Update
o    Windows Defender
o    Other Services
§  Press "Scan".
§  It will create a log (FSS.txt) in the same directory where you run the tool.
§  Please copy and paste the log to your reply.
 
MiniToolBox
§  Download MiniToolBox
§  Run it on the computer.
§  Checkmark following boxes:
§  Report IE Proxy Settings
§  Report FF Proxy Settings
§  List content of Hosts
§  List IP configuration
§  List Winsock Entries
§  List last 10 Event Viewer log
&#... Read more

Read other 1 answers
RELEVANCY SCORE 47.6

Pasting in additional info. from another post. ~ OBRan ComboFix now my computer will begin to start up and then can't.End of added info. ~ OBComboFix 10-07-20.01 - Administrator 07/20/2010 19:42:05.1.4 - x86 NETWORKMicrosoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.3052 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Application Data\vlc-0.9.4-win32.exec:\documents and settings\All Users\Application Data\vlc-1.0.2-win32.exec:\windows\system32\AutoRun.infc:\windows\xpsp1hfm.logF:\Autorun.infInfected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected Restored copy from - Kitty had a snack .((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))).2010-10-20 19:14 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll2010-07-18 16:22 . 2010-07-18 16:22 -------- d-----w- c:\documents and settings\Jules\Application Data\Malwarebytes2010-07-18 15:50 . 2010-07-18 15:50 63488 ---... Read more

A:Combo Fix Log File; Problems with Rootkit Virus--Help, Google redirects automatically-

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Does your PC still not start?In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and fa... Read more

Read other 2 answers
RELEVANCY SCORE 46.8

Thanks so much for the help. Lately, I've been noticing a lot of problems with accessing my browser. I spent all day yesterday running programs that I have and also online scanners. Here is what they said I was fighting:

dware/elitebar Adware Latent

1. hkey_classes_root\cgband.uicgbandobj
2. hkey_local_machine\software\classes\cgband.uicgbandobj

downloaded fix for it

Spyware/Peoplepc Spyware

1. C:\System Volume Information\_restore{BFAA719...39-9D4BB578C2A4}\RP180\A0017458.DLL

HackTool/KillProcwin.a Hack Tool Not disinfectable
1. C:\Documents and Settings\Michele\Local Setti...ache\00\00\3A.dat[simple_killw.exe]

1. C:\Documents and Settings\Lilly\Cookies\[email protected][2].txt

adware/block-checker Adware

1. HKEY_CURRENT_USER\Software\Microsoft\Windows\...net Settings\P3P\History\cc-dt.com\

As far as I can tell, I was able to get rid of everything but the block-checker. Today my browser is slow to load and sometimes doesn't load all of the page.

Any help is greatly appreciated! Thanks so much. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:22 AM, on 2/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

A:Browser problems, virus, can't get rid of.

Read other 7 answers
RELEVANCY SCORE 46.8

Please help i have just installed win xp pro and had a lot of problems.
But all were fixed and was all runing ok i installed my modem a nd all was fine. I then spoke to a friend who has xp and he told me to download sp2 so i did nd it waz fine then i thought aw i need some virus cheekers so i installed all the ones i used before on my old computer (Adaware Spy Bot AVG and HJT) I ran all of these and adaware picked up quite alot i then ran spybot that picked up alot then avg it icked up 41. They where all removed sucesfully. I then booted up internet explorer and all was fine untill i typed in a new url and it just goes onto the web page can not be displayed. I thought nothing of it and tryed again i eventurly got it to work then i booted up msn and now that stoped IE from working so now its really hard to get Ie to work as i have to boot it up then push refresh 5 times.
Also i noticed the url i tytped at the bottom where it loads infront of it was www.ads234.com what is that also i copied a HJT. Please help thanks..
Logfile of HijackThis v1.97.7
Scan saved at 17:51:26, on 02/09/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Common F... Read more

A:Help browser problems and virus.

Read other 16 answers
RELEVANCY SCORE 46.8

I have a few problems and didn't know where to list them.

1) I have IE8 and windows XP. When I open IE there is no tool bar. where the tool bar should be you can see the desktop page behind it. I close it and reopen IE and after a few tries the toolbar returns until next time.

2) when I click on a link in google a totally different page comes up. Not a pop up. I reclick on the origional link a 2nd time and get the site I was trying to get to.

3) I downloaded regcure, ran it, and the window was too small to be able to see the right side of the window and it wouldn't close. I tried to uninstall it but it won't uninstall.
when I click on uninstall it doesn't do anything, no "are you sure you want to uninstall message". Nothing. I have to right click on the page and close it to get out.

I thought the 1st two issues were registry issues which is why I tried downloading regcure. all it did was add to the problems.
I have AVAST so I didn't think it was a malware or virus problem.

HELP

DC
 

A:web browser problems or virus?

Nevermind. Computer tech at work said to do system restore. so I retored it back to may 1st. All is good.

DC
 

Read other 1 answers
RELEVANCY SCORE 46.4

Hey all,

When I try to login to certain websites, especially my AOL webmail, I'm getting a message that says the security certificate is either expired or not yet valid. It does not do this on my desktop. I click yes to proceed anyway, but the webmail page just keeps reloading.

I never had these issues prior to the virus problem. I get the security certificate message on several sites, all reputable like ESPN, AOL, etc, but only AOL seems to be having the automatic reloading problem.

Here's the list of viruses I found: ibm00003.exe, Trojan.Goldun, Trojan.Anserin, Downloader.Trojan, [email protected]

I bought Norton's Internet Security and thought I had cleaned it up, but the computer just isn't acting right. I get the "Cannot find C:/....ibm00003.exe" error on startup and as I said earlier, my browser is acting strange. HJT log below....thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 1:53:04 PM, on 9/2/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common File... Read more

A:Virus and browser problems (log included)

Hi and welcome

I see you are not running any Service Packs. Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please.

http://go.microsoft.com/fwlink/?linkid=52012

Read other 10 answers
RELEVANCY SCORE 46

Hi,
I started getting some trojan alerts from McAfee several weeks ago. Here are the trojans that were picked up.zeroaccess.cs
zeroaccess.ds.g.en.b
zeroaccess.ds.g.en.d
zeroaccess.ds.g
zeroaccess.gd
zeroaccess.el
zeroaccess
There were some others as well but they are not in the logs. When this started I ran a full scan and it did not find anything else. On the next start up the McAfee firewall went down and would not stay on. The windows fire wall would not come up either. I could also not go to any of the main anti virus websites. Everything would go to the google home page and still does. I started runnning some other virus program to flush the problem out. On McAfee suggestion I ran Stinger which found nothing, then tdsskiller, nothing, then rootkitremover and rkill(maybe rkill first, there was a certain order to follow that i did) then malwarebytes which found nothing. At this point I gave up on McAfee and downloaded Eset's online scanner. It started finding some of these trojans and others, I can not find the log for the scans but after running eset McAfee started finding more trojans as well. I did a restart and a full scan with McAfee and Eset and all looked clean, except I still get redirected when going to antivirus and other sites like www.pinger.com. This redirect is happing on all the browsers. At first I was able to used safari to get to some sites but not anymore. Any help you can give is greatly apprecited. I would also like a reccomendation fo... Read more

A:Browser redirect problems from virus sites

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on cr... Read more

Read other 19 answers
RELEVANCY SCORE 46

My problems started about 10 days ago with new browsers opening for porn sites as soon as I would connect to the Net, could not log in to Hotmail or other sites, popups galore etc. The connection is generally ok for a short time then it becomes extremely slow with pages not loading and all the other aforementioned troubles. I have run CWShredder which found a couple problems, also Spybot several times which removed a ton of crap which only seems to return later in greater numbers. I also started using Firefox as my default browser which solves nothing--hijacked IE browser windows still launch on their own when I log on and the same for Firefox. I downloaded all the XP updates, Norton removed some things but said my computer is still infected. I have tried using Adaware but it freezes before I can complete a scan (there is probably an easy fix for this which I haven't figured out). Please tell me what my next steps should be.

Logfile of HijackThis v1.98.2
Scan saved at 21:14:27, on 27.08.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svxhost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Programme\Dell\AccessDirect\... Read more

A:ongoing virus/spyware/browser problems with hjt log

If you can get to the internet, try scaning with "Trendmicro Housecall" http://housecall.trendmicro.com/
Make sure your check "auto clean".

Someone will help with the HJT log.
 

Read other 1 answers
RELEVANCY SCORE 46

I have three problems that have appeared in this order:
1. Browsers are getting redirected plus occasional pop-ups
2. AVG won't install
3. Excel seems frozen

Details:

1. I use multiple browsers - IE 8, Chrome, Firefox and Flock. IE 8 and Chrome both suffer from two issues. Whenever a Google results page is shown, or a link is clicked, a google address with a redirection is used and the page says it cannot be found (google oops page) and a second page about google analytics is loaded then redirected to a random advertisement. If I hit the back arrow three times I end up on the page I expected. In Firefox and Flock redirects are blocked (a message appears at the top of the screen with an option to allow). And I do get pop-ups occasionally from the advertisements. I have tried multiple anti-spyware programs with no results (each came-up with registry entries to delete, but the problem has not gone away).

2. I use Earthlink as my ISP through Time-Warner. They offer 'free' anti-virus packages to their users. Last year it was Kaspersky which seemed to work ok. This year they changed to Commodo which hung and they did not know how to provide help. So I tried to install AVG, which I have used in the past. I was able to successfully install it on my wife's desktop with no problems, but when I try to install in on my identical desktop or on my laptop the program tells me I do not have a valid internet connection (even though I just downloaded the install o... Read more

A:Browser, Excel and Anti-Virus problems

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 19 answers
RELEVANCY SCORE 46

Had problems with my pc and it was evident that there was a virus. Installed AVG 8 and it found 6 or so viruses and cleaned them off. Since installing this program my browser will no longer load websites. Have uninstalled AVG 8 and cleaned it off my system but still the same problems. This is affecting both IE and Mozilla 3. I am still able to play games on the net its just the browsers that are stuffed. Attached is the HJT log. Any help would be much appreciated as this is bugging me to no end and would like to not have to format the pc.
Also not 100% sure but was pretty sure this
O2 - BHO: (no name) - {37C31BD1-FD00-4AF8-BA94-6283583400FF} - C:\WINDOWS\system32\cbXQhIYp.dll
is a virus. Have tried removing through HJT and restarting but its still showing up. Have ran AVG again and its not finding anything.

A:Browser not working problems, virus related

Just got home from Uni did an alt ctrl delete to get the task manager to find explorer using 155mb of sytem ram. Help anyone please. Have also run Stinger and it has found nothing. Used ATF-Cleaner to clear all cache for IE and Mozilla to no avail.

Read other 4 answers
RELEVANCY SCORE 45.2

Hi,

I'm having Problems with a virus\browser hijacker\malware\trojan as well. I've run Avg, Malwarebytes, Superantispyware,and Avira and they've all come up with nothing. Though, I am Positive I have SOMETHING. Yesterday I was on Google Chrome and suddenly every link I clicked would open in a new tab, and later when I tried to type in the address bar a small search box would open under the address box so I could not type anywhere else. CTRL+g is a command that opens the search box in Google Chrome and links opening in new tabs are also a CTRL/left click command so I am guessing this something that makes everything you do in a browser a CTRL command. It fooled me into thinking that my Left click button was broken. This problem persisted and I finally decided to do a system restore after all the scans. The system restore fixed the initial problem, I am now able to use my browsers. But the virus is still there. My laptop takes 3 times as long to start up and everything I do in my browser requires extra loading. Programs and browsers freeze. There are some things I can't uninstall. My system is very slow for having 6GBs of ram. And my laptop is only 1 month old. So it is for certain that I have SOMETHING but I have no clue what and neither do my anti-malware helpers. Any advice?

A:Problems with a virus\browser hijacker\malware\trojan

Hello, I moved you to your own topic as the other was moved.Are you on a router? Are other machines on it,if so are they redirecting?Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please download TDSSKiller.zip and and extract it.Run TDSSKiller.exe. Click Start scan.When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click ContinueLet reboot if needed and tell me if the tool needed a reboot.Click on Report and post the contents of the text file that will open.

Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.Please download aswMBR ( 511KB ) to your desktop.Double cl... Read more

Read other 1 answers
RELEVANCY SCORE 44.8

Can someone please take a look at my logfile and see if you see anything funky. I have run malwarebytes and spybot and cleared out things. but virus keeps coming back:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:04:31 PM, on 1/12/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\1252339344\ee\AOLSoftware.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fi... Read more

Read other answers
RELEVANCY SCORE 44.8

I recently had an infection on WinXP and I believe that the origin has been eliminated. I have Avira AntiVir, and received the notice that I had these infections:
TR/PSW.Magania.cwnx
EXP/Pidief.blnc
There was no extra information on their website about these viruses.

My current problem is when using firefox, I get a few random pop-ups and when attempting to follow a link with google I get redirected to random sites. I also receive notices of "HTML/Infected.WebPage.Gen [virus]" and hit Quarantine. I also get an svchost error at random times after each restart. I also just noticed that it has also disabled Windows Firewall and I can not get it running at this time. I'm not sure what I need to try next but any help would be appreciated.

Here is the exact svchost error:
Generic Host Process for Win32 Services

Error Signature
szAppName : svchost.exe szAppVer : 5.1.2600.3311 szModName : urlmon.dll
szModVer : 6.0.2900.3311 offset : 0003b5e6

A:Recent Virus Removed, Browser Redirection and Other Problems Persist

Just a quick update...I followed another post to run a "sharedaccess.reg" to get Windows Firewall back up and running. It worked fine and eliminated the svchost error I was getting. However, after resetting it is once again disabled. This leads me to believe that while I believe I have cleared out the viruses, there is still one present that I am missing.

Read other 8 answers
RELEVANCY SCORE 44.8

Hello, I was sent here from the Am I Infected Forum by garmanma. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260361/requesting-virus-help-malware-greenav-and-rootkit-etc/ ~ OBPrior to posting in that forum. I tried to run MBAM, Spybot, Spyunter. The programs would not run at all, I would get an error stating I didn't have appropriate permissions. I downloaded the DDS.scr file and tried to execute a scan. The scan screen popped open for about one second and closed....every program that I try to run will either not run at all, or if it does run, it will close a few seconds into the scan then shut down. If I try to run it again, I'll get an error saying I don't have permission to run that file.I have tried online scans from Bitdefender, Microsoft's OneCare, and one more (forgot the name)...but every online scan shuts down the entire browser. Also, on occasion I get a fake page saying that the webpage I requested has been blocked due to my infections, and links to me to a page regarding GreenAV. I could not run most of the tools in the preparation guide, even after renaming them. However, in the other forum I was able to run a couple of scans before the programs shut down. I was requested to start a new topic here and post the logs that I have. Thanks in advance:I was instructed to download "peek.bat" and run that program and also RootRepeal. The results from both are listed below:Peek.bat Log:Volume in drive C is SQ004214P01Volume Serial Number i... Read more

A:Rootkit and Spyware Problems: Antispyware/Antivirus/Rootkit Scanner programs all shut down when executed...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 44.4

I've tried almost everything to get rid of this trojan and I alway end up with one of two results. First either when the computer reboots it automatically reboot through a continous cycle once it hits the window screen. Second, I log onto windows and start to run a program, a physical memory dump occurs. I also think my external hard drive has the virus on it, although none of the hundreds of virus scans I've completed show a virus on the drive. Please give me some insite on what to do. Thanks



DDS (Ver_09-07-30.01) - NTFSx86
Run by paul at 19:41:12.95 on Sat 08/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.527 [GMT 4.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\WINDOWS\system32\ZuneBusEnum.exe ... Read more

A:generic rootkit.d rootkit NTOSKRNL-HOOK problems

Hi there,

Looks a lot better, but lets run a few more checks.

1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


Code:
FileLook::
c:\windows\S0A0D9E6F.tmp
c:\users\paul\cc_20090725_201550.reg

DirLook::
c:\program files\My-Proxy
c:\users\paul\APPLIC~1\lsptttiq
c:\users\NetworkService\Application Data\lsptttiq

RegNull::
[HKEY_USERS\S-1-5-21-436374069-1715567821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{52432C9E-AC35-115A-59A8-20D2B4352033}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d620a955-eb2d-4b83-8024-1840b1f2d536}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download RegQuery by Noviciate to your desktopCopy the following registry keypath by highlighting the text an pressing CTRL and C at the same time
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonDouble click RegQuery.exe to run the program
Paste the text you have copied using CRTL and V, into the textbox
Cli... Read more

Read other 5 answers
RELEVANCY SCORE 43.2

Rootkit.TDSS Hacktool.rootkit

just showed up, have not had a problem for a few months. Please Help with removal. and is someone hacking me or is this common virus floating around? THANKS!

A:another virus Rootkit.TDSS Hacktool.rootkit

bump

Read other 11 answers
RELEVANCY SCORE 42.8

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

A:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 41.2

Hi,

A couple days ago I was browsing mininova when my Kaspersky Internet Security popped up with some alerts. Here is what it said:

8/8/2009 5:46:09 PM N.EXN Placed in group Low Restricted High value of threat rating calculated heuristically
8/8/2009 5:46:39 PM : Rootkit.Win32.Bezopi.a Y.EXY Placed in group Untrusted Detected:Rootkit.Win32.Bezopi.a
8/8/2009 5:46:40 PM Denied: KLPrivileges/KLSelfStart Y.EXY Autorun KLPrivileges/KLSelfStart
I ran a scan and Kaspersky found and removed the Bezopi.a and a couple of Trojans, but now whenever I try to click a link from a google search, it takes me to some random site associated with clickover.cn. I use Firefox 3.0, but it happens whether I use Firefox or IE.

I have since run more scans with both Kaspersky and Windows Defender (both fully updated) but they come up clean.

Any help will be greatly appreciated, thanks.

A:Browser Hijacker and possible rootkit

Oops! Completely forgot to mention, I'm running Windows Vista, Home Premium.

Just wanted to add that in case it makes a difference.

Read other 8 answers
RELEVANCY SCORE 41.2

Hello,

This past week Firefox and IE redirect to other sites frequently. Computer runs much slower than usual and freezes often. Cannot open in safe mode or open the settings for CA Security Suite firewall and was not able to update CA without error before today, when it appeared to do so correctly. CA scans have showed nothing. Tried to run Malwarebytes and HT but no go; downloaded fresh copies at work (a Mac) and installed at home via USB drive. MB gives error (I think 700 something (0,0)) but HT ran and I have a log. Only use IE when I absolutely have to; have ABP on Firefox. I know I should update to SP3, is it OK to do it now? Do I have malware and a rootkit? Can you please help? Many thanks in advance.

Windows XP Pro, SP2, CA Security Suite

A:Browser redirect, possible rootkit?

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 41.2

I'd like to thank in advance for the help to this fairly typical problem I imagine, judging by the posts on this forum. Unfortunately before i found this forum I ran combofix on my own initiative without disabling my cd emulation. I then followed the 10 step guide in sequence with the exception of scanning all my files(which i unchecked) with GMER which is taking over a day(did not find anything new when i stopped it) due to all my data being on my c: drive, and I needed access to my comp. Symptoms include memory overflow blue screen, connection outages, and google redirects, and random pop-ups.My DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by anttok at 1:48:14.79 on Tue 08/03/2010Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1182 [GMT -7:00]============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\Wacom_Tablet.exeC:\WINDOWS\system32\WTablet\Wacom_TabletUser.exeC:\WIN... Read more

A:rootkit/browser hijack

its been a week, i'm still infected!! is noone around?

Read other 18 answers
RELEVANCY SCORE 41.2

Hello, in the past couple days my computer has started being redirected to sites I did not click on and is being bogged down. I have seen posts similar to mine and think I may have gotten something that is currently going aroundI also get a dll error if I try to go to add/remove programs.This is my hijackthis log if there is anything else i need to post or explain just let me knowThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:00:46 PM, on 11/23/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\AlienGUIse\wbload.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeC:\Program Files\Bonjour\... Read more

A:possible rootkit/browser hijack

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

Read other 2 answers
RELEVANCY SCORE 41.2

This problem started about a week ago when I was researching to repair another PC (unrelated). I am running Vista Business BTW. I was notified by my Symantec Endpoint Protection that something tried to infect my computer, i didn't feel that Symantc handled the problem and the computer was acting funny so I shutdown and booted into Safe Mode. Tried to run a scan with Symantec and noticed it was malfunctioning, so I updated and ran a scan with MBAM and it only found some Tracking Cookies, so it wanted to restart when the scan was complete, so I let it reboot. On reboot I got the windows screen with the progress bar at the bottom and then went to a black screen with a cursor taht i could move about the screen, I tried to do a Ctrl-Alt-Delete and nothing happened, I tried hitting Shift 5 times and I heard a chirp noise but thats it. the HDD light stopped flashing and no more progress. However Safe Mode still works, so I updated and ran MBAM, Spybot S&D, SuperAntiSpyware, and ComboFix. Sometimes the sans would complete, other times the scans would lockup the computer. I am getting a message from my Visual Studio Just In Time Debugger thet "An unhandled win32 exception occurred in explorer.exe [1984]" and when I use the debugger the line in the assembly code where the error occurs is "75B6CF8A mov dword ptr [edx], ecx" the values for edx=00001388 and ecx-00000000. DDS will run and create a log but RootRepeal will not complete a scan of the file system i... Read more

A:Browser Redirect and RootKit?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 28 answers