Over 1 million tech questions and answers.

Malware removal

Q: Malware removal

Hello.

Recently ive been very sloppy with my PC security and safety. Ive been target by online hackers and lost soe accounts information such as premium spotify etc and also very sure been targeted by a personal attack by people I know. Thats another story which I will get to the bottom of.

Meantime I reset my PC using the windows recovery - I choose delete everything.

Im now worried about rootkits etc. Please take a quick look at the logs - would these show any rootkit problems?

Many thanks

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 10 Pro, 64 bit
Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 8
RAM: 8139 Mb
Graphics Card: NVIDIA GeForce GTX 780, -1024 Mb
Hard Drives: C: 223 GB (138 GB Free);
Motherboard: ASUSTeK COMPUTER INC., H61M-K
Antivirus: Avast Antivirus, Enabled and Updated

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Malware removal

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 45.6

Staff Advisory: This post needs to remain here until one of the malware team advise that it can be moved. This member cannot access our malware forums due to their infection. ~ Animal----------------------------------------------------------------------------------------------------------------------Hello, I got some help from some nice people in the live chat. I have made a log with your hijackprogram and am posting it at the bottom. It created two .txt files so there are two reports. I am unable to open ANY link that has the words anti-spyware anywhere on the page or in the address bar so unfortunately I cannot post this in the malware removal forum because the internet window closes every time. I am in dire need of some help! I have a subscription to spy sweeper and it is keeping things out but I was infected with Antivirus xp 2008 and possibly some viruses because the computer was un-protected for about a month while I was in the hospital..I run with Windows XP and a wireless connection. If someone could take the time to look at this for me I would be so incredibly thankful! I offer my services as a photographer/graphic artist/professional gift shopper/myspace designer/beginner web designer. You can see what I do at www.perfectionpictures.com and contact me if you need anything at all!Current Symptoms (in the order of appearance)Random Total system crash then restart then blue screen then back to windows. msvcp71.exe is missing so a program is being prevented ... Read more

A:Antivirus Xp 2008 Removal Help/am I Infected? Can't Open Malware Removal Forum

Hi & welcome,I would like to try a couple things before we go much further so I have a bit better picture of what is happening and can take the needed cautions.1.) click start> run> type msconfig and hit enter.click "boot.ini" tabCheckmark /bootlogClick "apply" and "close"Reboot when askedLocate and delete this file:C:\windows\ntbtlog.txt (in case your extensions don't show it looks like a notepad)RebootLocate & post:C:\windows\ntbtlog.txt2.) Click start> run> type: cmd.exe and hit enter.type the following commands exactly as you see em & hit enter after each one:cd c:\windows\system32dir userinit.exeNote the file size please & report that back to me. Leave cmd open a sec.Back at the cmd window...Type:cd dllcachedir userinit.exedir spoolsv.exeNote file sizes & report that back to me.Type exit in the CMD window & hit enter. (this closes it)3.) Can you see also if you can get this program installed please:http://download.bleepingcomputer.com/hijac.../HJTInstall.exeSave file> run it> follow prompts to install excepting defaults.Allow it to "launch" hijackthis.Click the "Do a System Scan and Save a Log File" optionSave the log file and then it should open with NotepadGo to Edit, Select All and then Edit, Paste to paste the contents of the log hereLet me know if you had any problems with the above please.I advise keeping the system offline as much as possib... Read more

Read other 3 answers
RELEVANCY SCORE 45.6

Apologies, but i'm a bit of a novice. my computer did a scan when i started it and came up with some trojans. when i tried to delete them, a malware removal programme tried to install itself so i closed the download dialog box. unfortunately, i cannot remember the name of the software that was trying to install itself. please would you review my log below and help me clean my computer?

many thanks
---------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by 0 at 19:57:35.67 on 02/01/2010
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.3000.1826 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows&... Read more

A:attempted removal of trojans try to install "malware removal software

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 44.8

Hi,I have tried many ways to get rid of some Malware that has only recently infected my PV. I hope someone can help me as this is my work PC and I need to plug back into my office network in a few days, but think this would be a bad idea at the moment.The problem first showed itself by insisting I had many viruses etc, and I should install Internet Security 2010. I have installed Malware Bytes removal tool, and installed as instructed. It found the above, said it was removed, but still it appears to exist, although the name of the infection has changed a few times, and is currently redirecting my brower to a similar page to the above malware. A popup now shows that I should install Cyber Security to remove the infections. This is obviously another malicious antivirus/malware program.I have McAfee Enterprise installed (which I can't seem to disable)I have also run SuperAntiSpywarePlus, which did the trick removing a similar problem about a year ago on a different PC. However, although this program also finds problems, and supposedly removes t5hem, the problem is still there.Please help. I have shown Hijackthis log below.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:58:42 PM, on 29/12/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16945)Boot mode: NormalRunning processes:C:\windows\system32\csrss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\... Read more

A:Cyber Security removal; Malware removal not working

Hi,I have tried everything I know of to remove this pesky piece of malware. It seems to keep changing names, starting out as Internet Security 2010, and redirecting me on a google search to a webpage trying to convince I was riddled with viruii and malware, and then trying to sell me thier software, which is really just a scam. I ended up here after a few days of tearing my hair out, almost beaten. I went through the tutorials, but unfortunately that was before I fired off a post in desperation. Please delete my previous post, as I have now followed the suggested path, and run the utilities to help diagnose my problems. The resulting files are attached.Please help. I hope the files uploaded can provide an insight into whats happening.Apologies for jumping right in and posting a Hijackthis log before I had read the tutorials.ntents belowDDS.txt contents pasted belowDDS (Ver_09-12-01.01) - NTFSx86 Run by Greg.Middleton at 15:30:23.26 on Tue 29/12/2009Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3063.2330 [GMT 9.5:30]AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\windows\system32\svchost -k DcomLaunchC:\windows\system32\svchost -k rpcssC:\windows\Syst... Read more

Read other 3 answers
RELEVANCY SCORE 44

Hello!
In reading more of these threads I can see Im not the only one with the iexplore issue.
Glad to know it can be corrected!!!!

I have multiple pop-ups and my computer is as slow as dirt.
When I get home at 3:30 Calif time I will do the HJTInstall.exe thing and post the results.
Would the results of one that was done two days ago help? Yes I was having the issue then and another company did one and told me to email it to someone, which I did but I havent heard anything back and my computer is close to useless at this point.
Can MFDnNC or anyone else help?
Thanks!!!!
Ginny
 

A:malware removal/popup/iexplore removal

Read other 16 answers
RELEVANCY SCORE 44

Since the ComboFix will not run on Vista or Windows 7 64-bit, I have to look for new malware/virus removal apps... It was good while it lasted. So what tools do people use for Vista these days when the computer says: "WARNING! YOURS COMPUTER IS AN INFECTED BY HARMFUL VIRUS!!!!"

A:64-Bit Virus Removal & Malware Removal Tools?

64-bit Anti-Virus:List of 64-bit Anti-Virus For VistaAnti-virus protection in 64-bit environmentsFree Anti-virus:avast! Free Antivirus Avira AntiVir Personal - Free AntivirusAVG Anti-Virus Free Edition 8.5Microsoft Security EssentialsPanda Cloud AntivirusKingsoft Free Antivirus (Cloud Scan)Paid for Anti-virus:NOD32 Anti-Virus PersonalMcAfee AntiVirus PlusTrend Micro AntiVirus plus AntiSpywareNorman Antivirus & AntispywareCA Anti-Virus Plus Anti-Spyware64-bit Anti-Malware tools:Malwarebytes Anti-MalwareSUPERAntiSpywareKaspersky Virus Removal Tool - How to install and use documentationSpyware TerminatorWindows Defender (64-bit)PrevxSpybot S&DAd-AwareNorman Malware CleanerSunbelt Counterspy (free Trial)Comodo BOClean Anti-MalwareSophos Anti-rootkitSanityCheck Advanced Rootkit and Malware DetectorESET Online Antiivirus ScannerESET SysInspectorAnVir Task Manager FreeWinPatrolStart with these:How to use Malwarebytes' Anti-Malware to scan and remove malware from your computerHow to use SUPERAntiSpyware to scan and remove malware from your computer

Read other 3 answers
RELEVANCY SCORE 43.6

Hi,

I am the IT manager in my company.

I have a co-worker, his computer has search redirect issue. That means most likely it has malware.
Then i installed some major malware removal: Spybot Search & Destroy, SUPERAntiSpyware, Malwarebytes

After i installed them, i cannot launch them(That definitely means it has some kind of malwares)
I needed to rename their .exe files, after i can run them and scan my computer.

SUPERAntiSpyware, Malwarebytes found something, but didn't solve the problem, search redirect and
blocking malware removal software are still there. Now i am running Spybot Search & Destroy will see what happened.

By the way, i run them in safe mode because when i logon window to normal mode, it is slow (like it takes a long time to explore hard drive, etc). I suspect the malware slow down my pc. hopefully not registry corrupted or something, but works smoothly in safe mode.

So you guys have any suggestions? or you need a log file from combofix?

Please advise,
Tommy

A:malware: google yahoo redirect and can't launch malware removal software

Try this:http://www.bleepingcomputer.com/virus-remo...sing-tdsskiller

Read other 5 answers
RELEVANCY SCORE 43.6

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

A:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

I did a hijackthis scan and here's what I got:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:18:17 PM, on 4/20/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\System32\DVDRAMSV.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\WINDOWS\System32\00THotkey.exeC:\WINDOWS\system32\TFNF5.exeC:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynT... Read more

A:Malware Blocking Acess to Spybot, Microsoft Malicious Removal Tool and other anti-malware programs

Hey guys I solved my own problem. I completely reinstalled windows. (It was about that time anyway)

Read other 2 answers
RELEVANCY SCORE 43.2

Gud day to everyone,

My computer having some malware activity, i have used adware 2008, spyware removal tool, norton anti-virus and other removal tool, but still those malware cannot be deleted.. My Computer icon could not display its properties, instead it appears like a file when you see its properties. It also disabled TCP/IP that why until now i cannot connect to the internet.. I don't have WindowsXP SP2 cd for repair..

Please help me as soon as possible, because it is a server..

A:Urgent! My XP SP2 have malware activity!.. cannot remove using malware removal tool

Hello frozenfire03, Welcome to TSF!

I recommend that you read this article… "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 7 answers
RELEVANCY SCORE 43.2

Hi, I'm suddenly having a lot of trouble with malware. My computer seemed to be running okay but I ran Malwarebytes as I occasionally do, and it picked up a fair amount of malware on my system. I deleted it and rebooted, but that's when my problems really began. Upon restarting, my internet connection has become almost unusable. It's extremely slow and generally I can't even open a page that I want after trying to refresh several times. Oddly though, google is working perfectly and a few other sites seem to work too, including this one. I've tried running MBAM again and again, each time it picks up more malware and I remove it, then reboot and the cycle renews. I can't seem to get rid of all of it, every time I scan my system there's just more of it. I've tried ComboFix but it doesn't seem to have done anything. One persistent thing seems to be photo_id.exe, I've got a few messages from MBAM saying it can't be removed and I need to reboot. Also, I've noticed that if I'm trying to reach a webpage, although it won't load there seems to be some redirecting, for example I just tried to reach a wikipedia page and it says "The server at topsearchfeed.com is taking too long to respond" For some reason I can't bloody format this properly no matter how hard I try, so here's an attached HJT log:
 

A:Malware removal attempt led to unusable internet, still can't remove all malware

problem has become more serious, now my mother has told me that the internet on her laptop is also extremely slow and essentially unusable, I'm worried that something from my computer has got on to hers via the wireless network we're both connected to. Somebody please help me
 

Read other 2 answers
RELEVANCY SCORE 43.2

Please help me,
I cannot access any internet (wifi & ethernet) after malware removal using GridinSoft Anti Malware. I already updated network drivers, but it's still not working.
 

Read other answers
RELEVANCY SCORE 42.8

Four steps that will keep your PC happy, healthy, and crap-free

Malware sucks. In the best-case scenario, it craps up your system with unwanted files and occasionally makes itself known in the form of a persistent pop-up window or annoying browser-based toolbar. In the worst-case scenario, malware completely takes over your desktop or laptop and ruins your life.

Your system slows to a crawl. You can’t even boot into Windows in the time it takes you to walk to the kitchen and back. Your data gets sent off to a faraway Internet land or, worse, your actual keystrokes are recorded for some unsavory individual to see. Malware locks down your browser, making you unable to actually do any browsing without being carted off to some bogus domain. You can barely run a program in Windows without getting bombarded by fake advertisements, programs, and dancing people on your desktop.

We can’t make this stuff up.

So what’s a computer enthusiast to do? Step zero: Read this guide, because we’re going to walk you through all the key details you need to know to both rid your computer of this junk and keep it free of downloaded nasties forevermore.



Read more at:
Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

A:Malware Removal Guide 2011: How to Get Rid of All The Latest Malware

Most excellent reading, thanks for posting for all to see, I , myself, use most all of these myself, the only paid program i have is malwarebytes, the rest are free add ons or are free programs . Thanks.

Read other 5 answers
RELEVANCY SCORE 42.8

Hi, i got infected because i was triying to run malwarebytes and it skip the part of analising the files, it ended in arount 1 minute in a full scan, and i tried to download dr web cure it, and it dont allow me, the computer seems fine, but those things are very strange, and when i was running the scan i was in safe mode...
 
thanks for the help

A:Malware infected, malware removal tools useless

Greetings samidelcueva and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that.===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter pro... Read more

Read other 0 answers
RELEVANCY SCORE 42

Hi. Thanks for this. I need to first tell you that I don't even know how to generate the logs everyone posts here for troubleshooting. I'm sorry. Maybe someone could tell me how, then I will.

Because my laptop wouldn't even boot to the O/S last week, DELL's tech support helped me move files, reformat and reinstall the OS. I reinstalled McAfee. A security tool warning popped up. I knew it was rogue; I came here and got rid of using mbam and process explorer - very easy. Or I thought I did. On my daughter's desktop this morning, there were 3 porn shortcut links ON HER DESKTOP!!!! There was also a link to "Active Security" - trying to figure out wtf this was it turns out it was another rogue. Awesome. It at least had an uninstall on Add/Remove programs... but obviously it is not gone, if that is even the cause of all this... Thinking MBAM would be a logical quick fix, I figured I would try that. My Mbam won't load - I have reinstalled and it - it reinstalls and then when I try to quicksccan it says I don't have permissions and then I can't even open it again. I can reinstall, then it is hijacked when I try to scan. My McAfee won't scan either so both are being hijacked and I also am having the same browser redirects as others when clicking on sites from search results. McAfee can't even fix itself. In safemode, McAfee tells me the truth at least that it is not working (in regular mode it poses like everything is... Read more

A:Ugh - Malware Removal Tools Disbled by Malware

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Read other 1 answers
RELEVANCY SCORE 42

Hi all, 
 
Recently on Chrome browsing on a site a received a web site popup saying "Your browser contains MALWARE. You have to install Chrome Malware Removal Tool". Confirming with OK opens an extension page:
 
https://chrome.google.com/webstore/detail/chrome-malware-removal-to/mbdoonnjlifcmakklcaembokjhjikank
 
I have a strong suspect this is a malware!!!
 
What I'm trying to understand if what kind of malware infected the web site I visited. Some technical specs could be useful . The web site is of a my friend and I'd like to help them to identify the malware infected their web site...
 
 

Read other answers
RELEVANCY SCORE 42

Have got a strange one, where have attempted to remove XP antispyware 2009 using malware antimalwarebytes. Looks to have been partly successful - but have got something else interfering. Frequently have pages on IE as "not found".

Have posted HJThis log and Malware Antimalwarebytes log below. Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:58, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdjserv.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologi... Read more

A:Malware - blocking removal by malware antimalwarebytes

Read other 16 answers
RELEVANCY SCORE 40.8

When I try to run a scan from usind AVG anti-virus, Avira, Windows Defender, or SuperAntiSpyware; when the scan gets to a certain point, Windows shuts computer down with a blue window. It says Kernel_Stack_ Inpage_ Error plus some standard verbage about if you recently installed sortware/hardware,see administrator, etc. At bottom it says: STOP: 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xF79B1D24). I could sometimes run AVG scan in "select drives/folders" mode but recently it quit allowing that after I upgrade to AVG 9 (free). I uninstalled AVG and went to Avira but with same results. Scanning with Windows defender did the same. I recently installed and ran SuperAntiSpyware and was able to pinpoint problem to " System Volume Information" directory. I am unable to open to see contents as Windows shows no files in it. When I ask Ariva to scan it, Ariva says no files also but if I use AntiSpyware to scan, it shows many files during it's scan but will get to a certain point and computer will shut down. I can almost see file that shuts it down but it happens too fast to catch it. I was able to run "RootRepeal" and log is below. I was not able to run "DDS.scr".

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 13:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepe... Read more

A:Unknown malware/virus won't let any anti-virus/windows defender/malware removal progran to complete scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 23 answers
RELEVANCY SCORE 38.4

I have some type of malware that I cannot get rid of. I am using Symantec Endpoint, which finds the problem, reports it, asks for a restart for removal, but cannot remove the threat. I have also used Spybot and Malwarebytes with the same results. All programs tell me they fixed the problem, but they pop back up. The threats are identified as trojan horses.

I downloaded the dds.scr file, but my computer will not run the file. It asks for a program to use to run the file, but I can't run it. I also downloaded Hijackthis, and performed a scan and generated a log file.

Can anyone help me out?

A:Malware removal and dds.scr help

Go ahead and post the HJT log in that forum, just tell them about the problem with DDS

Read other 2 answers
RELEVANCY SCORE 38.4

Hello,In the past few few weeks Norton Internet Security 2010 has been reporting repeated attacks from remote IP addresses nearly every 10 seconds while my computer was connected to the internet. In the past couple of days my computer has slowed down enormously and norton no longer detects anything wrong with my computer during scans. CPU usage is between 90-100 at all times. Way too many svshst executables are running (between 5-10). When I try to end these processes a dialog box comes up and says acess is denied. Windows Unlocker can't do anything about it. Yesterday while trying to end the processes the famous dialog box with 60 seconds on the timer before the computer will be forced to shut down showed up, so I assume I have a rootkit. When I tried to attach my hijack this file i was unable to- the window refreshed and reported that the connection had been reset. This occurred 5 times in a row so I am assuming that is abnormal as well. I had to go to another computer to be able to attach the file. Thank you in advance for your help!!!!

A:malware removal/hjt log

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

Hi,

I am new to this forum and would appreciate help in getting rid of a malware on my computer. My Dell Dimension 8400 (Pentium4) running XP and loaded with Norton Internet Security 2007 seems to have been infected. Initially the internet connectivity and computer processing slowed down and there was a periodic popup message indicating that the computer is infected and copies are being made of my files. Clicking the popup took me to a site where AVS system care offered downloads to correct the problem. I did not use the downloads and ran the Norton full scan on my machine. It picked up a few files / trojans and removed them. But the problems persists (except the popup) and the NIS scan does not help further. Reading some of the threads on this website I realized I probably have a AVS System Care trojan. At this time the system and internet works off an on and I do not have access to task manager. I would appreciate any help I can get to remove this malware and be rid of the problems.

The Hijackthis log file is attached below for reference.

Thanks. Kb.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:01 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchos... Read more

A:Need help with Malware removal

Read other 16 answers
RELEVANCY SCORE 38.4

My friends computer won't connect to internet anymore. I ran Ewido and it found over 2500 infected files. It looked as if most were something called worm.vb.an I also ran adaware which found 88 more. I know bargain buddy was one of them. Here is a hijackthis log after the other scans. Thanks for your helpLogfile of HijackThis v1.99.1Scan saved at 9:33:58 PM, on 4/21/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\HP\KBD\KBD.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Multimedia Card Reader\shwicon2k.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.... Read more

A:Malware Removal Help Please

Hello and welcome.. Lets get started.==Please print these instructions out, or write them down, as you can't read them during the fix.1. Through Control Panel -> Add/Remove programs and uninstall these entries (if any of them are present):PuritySCAN By OINOINOuterInfoIF there are no entries listed on Add/Remove programs, please download and run this uninstaller:OiUninstaller.exe==2. Please download the trial version of Ewido Anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.==3. Please download Brute Force Uninstaller to your desktop.Right-click the BFU folder on your desktop, and choose Extract AllClick "Next"In the box to choose where to extract the files to,Click "Browse"Click on the + sign next to "My Computer"Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder"Type in BFUClick "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".4. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU).Do not do anything with these yet!==Next, please reboot your computer in Safe Mode by doing the following:1) Restart your computer2) After hearing your computer beep once during startup, but befor... Read more

Read other 4 answers
RELEVANCY SCORE 38.4

Malware has taken over my computer. I can no longer have access because it has taken over as administrator. It also plays audio of US Army promos. Pleas help! Here are the logs:Deckard's System Scanner v20071014.68Run by Owner on 2008-07-05 14:18:29Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --53: 2008-07-05 19:18:45 UTC - RP740 - Deckard's System Scanner Restore Point52: 2008-07-04 23:06:21 UTC - RP739 - Last known good configuration51: 2008-07-04 23:06:13 UTC - RP738 - System Checkpoint50: 2008-07-04 23:06:13 UTC - RP737 - Removed Creative System Information49: 2008-07-04 23:06:13 UTC - RP736 - Removed Creative Zen Touch-- First Restore Point -- 1: 2008-07-04 23:05:56 UTC - RP688 - System CheckpointBacked up registry hives.Performed disk cleanup.System Drive C: has 1.74 GiB (less than 15%) free.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-05 14:25:46Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32&... Read more

A:Help Me With Malware Removal

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Download SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, the Advanced Options Menu should appear;Select the first option, to run Windows in Safe Mode, then press Enter.Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new DSS log

Read other 2 answers
RELEVANCY SCORE 38.4

I followed the thread that told me to run rootkit tool and here are the results attached.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Dan at 14:08:42.23 on Thu 12/03/2009
Internet Explorer: 7.0.6000.16916 BrowserJavaVersion: 1.6.0_03
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\a... Read more

A:Malware Removal

Hi,

Please do the following:

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2



**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

Read other 2 answers
RELEVANCY SCORE 38.4

Hello. Please help i'm new at this so please bare with me. My McAfee Virus scan keeps telling me that the following files cant be found nor can they be removedc:windows\temp\thi149d.tmp\wupdt.exec:windows\tem\DrTemp\wupdt.exehere is the hijack logthanks for any help you can give me.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgrR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://top-find4u.com/sp.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhostR3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLLO2 - BHO: MyWebSearch Search A... Read more

A:Removal Of Malware

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Also please post your entire log with the running processes on top as well.

Read other 8 answers
RELEVANCY SCORE 38.4

Can someone please tell me the best software for malware removal. It has come to the point that malwarebites can't remove a flea from a dog and avira is almost as bad. Thanks for your help

A:Malware removal

See the List of Free Scan & Disinfection Tools which can be used to supplement your anti-virus and anti-spyware in these topics:Antivirus, Antimalware, And Antispyware ResourcesSupplementing your Anti-Virus Program with Anti-Malware ToolsList of Anti-virus vendors that offer free LiveCD/Rescue CD utilities

Read other 2 answers
RELEVANCY SCORE 38.4

In responding to the recent variation of Security Tool corruption, I have followed BC's removal guide (http://www.bleepingcomputer.com/virus-removal/remove-security-tool) to the letter, but upon attempting to run the random Malwarebytes executable file to open the application in step #13, I encounter the following prompt: "File corrupted. Obtain new file." Any ideas?

Thanks!

A:Malware removal

Hello and welcome. Let's try this way and see if we can get 2 logs.EDIT: I moved this to Am I Infected.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in... Read more

Read other 1 answers
RELEVANCY SCORE 38.4

The computer has been infected with a fake antivirus and I cannot even backup my files or open any programs,I am using a different computer for this posting. I am running windows XP home, My anti virus is AVAST and I ran a boot scan and found several infections and deleted them but the fake antivirus is still holding me hostage, I tried to use Malware Bites from a flash drive but the infection will not allow me to start it. What can I do??

A:Malware removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 38.4

I'm having trouble removing bip.exe
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:52 AM, on 4/28/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\A4Tech\Keyboard\Ikeymain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\vVX6000.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\DllHost.exe
C:\ProgramData\{3140EA8C-7399-4EC4-819C-16996F38FCFC}\WRInstall.exe
C:\Users\Jesse\AppData\Local\bip.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jpopasia.com/charts/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?L... Read more

Read other answers
RELEVANCY SCORE 38.4

hey i am having a problem with a error that pops up every time i open a program.i think its malware but im not shure."The application or DLL c:\progra~1\wi9130~1\datamngr\datamngr.dll is not a valid windows image.please check this against your installation disk." please help me i am useing a valid windows copy but i do not have the disk ?? ran DDS wil post DDS.txt along with other instructions from referral (gmer etc) thanks.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 20:31:46 on 2012-01-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1031 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToo... Read more

A:Help with Malware Removal

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 5 days I shall no longer check this thread for replies.

Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.


Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

A guide and tutorial on using ComboFix

Please read all the informatio... Read more

Read other 1 answers
RELEVANCY SCORE 38.4

Okay, so, every time I log in after restarting I have the black screen and all, and I can finally get the explorer.exe to work with task manager. I know I got some malware or viruses or whatever ( I think), but I cannot start up Hitman Pro (32, & 64 version. Everytime I try to start up the 64 version it pops up the program but quickly turns off.) I try using Malwarebytes Anti-Malware but it won't open up, and everytime I try Malware Chameleon it doesn't do anything (it has removed some but it doesn't do anything else but scan the same places). I want to start up these programs to make sure I don't have any more viruses. (I understand if none of this makes sense).
I've also tried using JRT and Rkill. It only deleted a little.
 

Read other answers
RELEVANCY SCORE 38.4

hello
having some troubles recently with my computer freezing......it's been running very slow the last week or so. I tried doing a hijack this log and that froze as well....any suggestions
 

Read other answers
RELEVANCY SCORE 38.4

i cannot access my control panel etc... it says this operation has been cancelled due to restrictions in this computer.kindly contact ur admistrator. moreover my internet explorer runs internet exploiter. recently i had khatra virus.i have XP os n kaspersky trial version now... what to now? pls help... i downloaded a file fixit.zip n got my regedit working. now what else to do...

i am posting hjt log here. kindly reply soon...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:45 AM, on 4/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\ba... Read more

Read other answers
RELEVANCY SCORE 38.4

I have been told that I have a localhost 7171 that may be on my PC. I have been trying to access my itunes for the past week and all of a sudden I can no longer connect. Any advise or help is greatly appreciated



DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 22:09:24.45 on Wed 06/24/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.110 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\DISC\DISCover.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Western Di... Read more

A:Malware removal

Please do the following:

Download ComboFix from one of these locations:
Link 1
Link 2
Link 3

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Double click on ComboFix.exe & follow the prompts.
Open notepad and copy/paste the text in the quotebox below into it:


Quote:




DDS::
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171




Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please no... Read more

Read other 17 answers
RELEVANCY SCORE 38.4

running malwarebyte. regularly picks up on malware.trace and broken.opencommand and removes but never permanently.

heres a copy of my most recetn log:

10/31/2010 7:44:25 PM
mbam-log-2010-10-31 (19-44-25).txt

Scan type: Quick scan
Objects scanned: 148712
Time elapsed: 4 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\kolenkom\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> Quarantined and deleted successfully.
any advice on how to remove either permanently?

thanks

A:malware removal

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 38.4

Hi,

I recently downloaded a bad file that brought with it Virtumonde.Crack, 'Spyware Detection Alert' (an icon in the system tray with two circles - red and green - with an exclamation mark in the red one) and something called 'OptionInfo' which also appears with an icon in the system tray.

I've run Spyware S&D, Ad-Aware, AVG Anti-Virus/AVG Anti-Spyware and SmitFraudFix - all to no avail. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:00:37 AM, on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EX... Read more

A:Malware Removal

Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 

Read other 3 answers
RELEVANCY SCORE 38.4

One of my malware programs detected some .exe files added to my System32 folder, such as: 1wintemp.exe; 0wintemp.exe; winskff11.dll; winskwow.dll; and winsckdo.dll - upon further investigation, I found a file called vsconfig.xml which contained script that appears to affect my malware protection programs. I renamed all but the .xml file (could not rename or delete it), but they all returned upon reboot. After setting my startup list to Normal startup, they did not reappear with their original file names, but the .exe files mentioned here appeared in my list of programs in zone alarm, as well as in my list of processes running. After renaming them and denying permission in Zone Alarm, they no longer appeared in my list of processes running.

I need some advice as to what to do next. I am including my first hijack this log below:

Logfile of HijackThis v1.99.1
Scan saved at 11:53:10 AM, on 1/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\EarthLink TotalAccess\Spyware Blocker\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Arthur Freed\Desktop\Computer matters\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.n... Read more

Read other answers
RELEVANCY SCORE 38.4

To get rid of most of your malware problems, I highly recommend using a free program called Malwarebytes (www.malwarebytes.org). You will probably have to download it to a flashdrive on another PC to install it if your problems are serious.

Additionally, some of these evil trojans won't even allow a malware removal program to load and/or start. I usually rename the "MBAM.exe" file to "Fred.exe" and it has always worked.. Update the program after installation and have it run a full scan. After it finds a few errors, you may need to stop the scan and fix those problems, then start a new scan until all errors are gone.

Note that this program in its "free" state only removes malware, it does not protect. If you want protection, you can buy it for $24.95.

Hope this helps.
 

Read other answers
RELEVANCY SCORE 38.4

Hello,

The problem I have is that when I use google or any other search engine and get results (on Firefox and IE) and then I click the link in search results I get routed to another website trying to sell me something. When typing the website directly in I t works normally. ALso, I am having problems loading Google Chrome..it won't load on my computer. Lastly I get error messages saying Google Loader encountered and errort adn must close (or something like that). ANy help is appreciated.

A:Malware Removal Help

Sorry see the copied and pasted txt file below.
DDS (Ver_09-03-16.01) - NTFSx86
Run by keith johnson at 14:34:45.23 on Sun 04/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1297 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12&#... Read more

Read other 4 answers
RELEVANCY SCORE 38.4

I am at my wits end! I have tried everything that I know and am now turning to the professionals. I will try to make this short and sweet. I cannot boot my system normally without getting the blue screen of death. My CD drives no longer are functional. Drivers are either corrupted or missing. Media Player will not work. I have gone through several processes but have not been able to rid my computer of the problem. I have save several logs that I will attach below. Please help! Thank you.

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, March 27, 2007 3:55:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R163 26.03.2007
???????????????????????????????????????????????????

References detected during the scan:
???????????????????????????????????????
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):6 total references
???????????????????????????????????????

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload... Read more

Read other answers
RELEVANCY SCORE 38.4

Hello - I have found a serious problem when doing my weekly SPYBOT cleaning recently (on Windows XP Pro- SP3)

1. Spybot Search and Destroy found a Trojan virus in 16 locations, but when I tried to clean them, Spybot crashed and gave an error message
2. I tried Hijack This ; it ran for a short time and then crashed
3. After crashing, these programs were restarted and both gave the error message "Windows cannot find the specified device,path or file. You may not have the appropriate permissions to access the item"
4. I am using MacAfee and Windows Firewall. Macafee indicates it cannot run because it cannot get the scan progress.
4. Google - Yahoo seemed hijacked and go to random sites on searches results.

Any suggestions appreciated.

thanks,
Jack

PS. Just found out (using A-Squared) that the virus name appears to be Gen.Trojan!IK
Logs are below:

Running from: C:\Documents and Settings\Jack\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Jack\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\... Read more

A:Malware removal help

Hello jedijfo, Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -rinto the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 40 answers
RELEVANCY SCORE 38.4

Okay...so, my wife's old dell dimension 2400...slow slow slow, didnt run spyware protection only because that makes it just as slow as well, having a virus. (what it is) the "windows vista antivirus" or system32 something and insits to be installed on my PC. (symptoms) everythings so slow...i can tolerate the dell-nish...but now its ridiculous. i can slowly surf the web thru the search menu out of start menu...with firefox and IE out of search mode it will load pages like weather.com or yahoo but once you try to use the site...it eternally loads. furthermore, it will randomly pop up its windows and fake scan my computer and the whole nine yards to con me. (countermeasures in place) i have Ad-aware, Spyware doctor (registered) , avg free, and spybot S&D running and ran and scanned and deleted and so forth. done the hijack this thing, removed malicious this and that...to no avail. SO im turning it on to you all that are smarter than me. fair enough i hope? thanks for the help if you so choose to bless me with it-sethLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:30:59 PM, on 6/29/2008Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\S... Read more

A:Malware Removal Help

Hello IbesethroPlease rename your C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to Ibesethro.exe.Then run HijackThis (Ibesethro.exe) and post the log back here

Read other 8 answers
RELEVANCY SCORE 38.4

While checking msg on facebood and had several pop up that my computer had been infected with an virus. i ran the scan u recommended and copied it as reads below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:23 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Documents and Settings\All Users\Application Data\ZwangiSearch\zwangi121.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZwangiSearch\zwangi.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Progr... Read more

Read other answers
RELEVANCY SCORE 38.4

have tryed steps 1-8 in "preperation guide", none of the steps seem to have worked as described. for example dd.scr is being called infected by the malware on my machine and its execution is being blocked. likewise with defogger and firewall settings. is there another way or perhaps stronger software? the infected machine has been isolated from network and internet connections (unplugged) OS: Windows XP Pro, version unknown and not accessable due to malware control of machinemalware points to "ANTIVIR Solution Pro" any help will be welcome thank youikan

A:malware ? removal ?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 3 answers
RELEVANCY SCORE 38.4

My computer is running very slow. Very often the programs become non responsive.  I use Trend Micro and that did pick up a few things but problems are still there.  I sesm to have a lot of files and folders with AI_RecyceBin as part of the name.  I also recently deleted Update4497 folder.  I will attach the logs.
 
Much appreciated.
 
Maz

A:Malware removal

Hello mazdarx5 and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
 IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
I am looking at your logs now and will reply with instructions shortly.
Satchfan

Read other 63 answers
RELEVANCY SCORE 38.4

My computer has Microsoft XP and while surfing the net, Malware keeps popping up and says to run and then I have to re-enter information to proceed to website. How can I delete this from my computer and what is it?
 

Read other answers