Over 1 million tech questions and answers.

Infected, partially fixed

Q: Infected, partially fixed

Hello,

Longtime user back for more help...I was at a website and it launched something bad on my machine. First I saw a bunch of fake windows alerts, telling me my hard drives needed to be formatted or that I needed to restart etc. I get something from Ad-Watch Live at the bottom of my screen telling me it's running a scan. My desktop background image is missing and all the items on my start menu are gone--my links and programs etc. When I go to all programs in the start menu, all the folders are empty. I can still access programs but not using the start menu.

All I have done is run SuperAntiSpyware and gotten rid of a bunch of stuff, still having these same problems though.

Any help would be greatly appreciated!

Thanks

I am running Windows 7 on a 9-month old Dell desktop.

RELEVANCY SCORE 200
Preferred Solution: Infected, partially fixed

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Infected, partially fixed

Download and run UnHide

Read other 3 answers
RELEVANCY SCORE 64.4

Hi, A neighbor learned that I have 26 years experience in computers. While this is true, I have been in the Redhat/Fedora camp for many years now although my wife's computer is still an MS machine. The neighbor's computer is XP home sp2. It had many AV progs all tripping over each other. Since they weren't really doing anything I removed them and attempted to install AVG to no avail.

In the taskbar was an icon which frequently informed me that numerous spyware programs were detected and if I click on the balloon, I could get rid of them. I'm sure that the computer's owner followed this mis-information.

I got permission to re-install all software, but I would prefer to get familiar again with the world of threats against win computers. I must say I am impressed with how thorough the writers of this virus have been, e.g. ensuring I can't get or install AVG or take other actions against it. The glove are off, please advise how to proceed.

I came across combo-fix and ran it iaw the instructions on this site. I had, prior to that run SmitfraudFix. Both found and corrected problems, but I am not getting that warm fuzzy feeling and figured that you folks are far more familiar with the latest infections and infestations.

There is still an icon in the system tray, now called windows security (vice safety) alerts. It informs me that my firewall is off and something else....(can't remember). No problem there as the computer is on my very tightly secured ... Read more

A:Partially Fixed/damaged

I came across combo-fix and ran it iaw the instructions on this site.Please note the message text in blue at the top of this forum. You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then cl... Read more

Read other 5 answers
RELEVANCY SCORE 62.8

Ive used the uninstall guide listed on this site but my internet explorer still wont access the net and I suspect Im still infected! Luckily my Firefox accesses the net fine. Ive tried installing Avira but it gives an error at the end of installation and doesnt install - Im going to persist to see if I can get around this. I did have Macafee but it was out of date due to license running out.edit: -Managed to install Avira.-I realised the proxy setting had been activated by the malware within IEs' options - I can now go online with IE. I also tried Winsockfix but it didnt seem to help. Simple disabling the manual proxy did the trick.-Unfortunately windows update doesnt seem to work and the page gives the same error I was getting before my proxy fix.-Avira found around 17 viruses, I removed them all. Malwarebytes is down to just 3 results at the last scan. Heres my HijackThis Log, I would appreciate any guidance!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:48:40, on 05/05/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost... Read more

A:Antimalware Doctor infection > partially fixed?!!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 15 answers
RELEVANCY SCORE 62.8

Managed to pick up a virus recently. Tried using Vundofix to get rid of it, but that only seemed to partially help. Here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:22:06 AM, on 6/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\WINDOWS... Read more

A:Solved: Partially fixed, but still present virus

Read other 7 answers
RELEVANCY SCORE 62.8

Hey guys I just fixed a CRAZY virus (I think its a virus) I had that changed my userinit.exe files and I fixed it by replacing these files using my friends userinit.exe files . Now I'm getting a blue screen with an error that reads:STOP: 0x0000007E (0x0000005, 0xF7547756, 0xF78A242c, 0xF78A2128)Also it says something about BIOS to either upgrade it or disable conflicting components.About the "Virus/Trojan or something":Just so you know: 1) I downloaded this file <http://isohunt.com/torrent_details/71813493/ip?tab=summary> (if anyone is brave enough to download it and see if their antivirus detects it because I don't have an antivirus so I still don't know the name for this... I guess its a virus or trojan) when I double clicked the file "iphider37se.exe 4.2 MB" it automatically installed a "Windowspcdefender" and started scanning. It looked like a really fake virus scanner so when I click X to close it I got a blue screen and was forced to restart my pc. 2) Then the problem was that windows would load to the Welcome screen and I clicked on my user account to log in (no password required) 3) Then my desktop would appear AS IF it was ready to load up but then it would automatically go back to the Welcome screen. 4) This happened even in Safe Mode so I had to put my drive as a slave drive on ANOTHER PC. 5) It took me HOURS to somehow figure out the userinit.exe files may have gotten corrupt or rewritten by this virus. So since my drive was a s... Read more

A:Virus partially fixed but left its damage...

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 2 answers
RELEVANCY SCORE 62.8

Hi Bleeping Computer,Last night I got the ugly PC Software & Optimization Malware (or whatever it is called). The one that hides all of your files and overruns your desktop, etc., while it runs that fake scan every time you log on. Well, I freaked out. After curling up into a ball and weeping for a little bit, I ultimately ran system restore twice, which at least got me back to my desktop. It was very difficult to even get to system restore in the first place because I couldn't run safe mode as I normally do. I had to click the ThinkVantage button (I have Lenovo) and then change boot order from "quick" to "diagnostics." After running system restore, I used your absolutely amazing unhideall.exe program. I seriously love you for it, and I want to express the service you are providing is amazing and life saving. thank you. In any event, I ran a full scan of malwarebytes:Scan type: Full scan (C:\|)Objects scanned: 359553Time elapsed: 2 hour(s), 3 minute(s), 11 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 7Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab FLV Player (Adware.Agent) -> No action taken.Registry Values Inf... Read more

Read other answers
RELEVANCY SCORE 62.8

My computer was "hijacked" but I managed to run the latest version of Superantivrus and I think that I am almost free of the problem. During the stage when it was "hijacked" a screen superimposed on my windows background and the computer would turn itself off during the reboot. Safe mode was not working either. So I disconnected the internet cord, rebooted, and was able to bypass the above problem... I then ran Superantivirus (twice) and it removed a number of bad stuff.

However, I have not yet reconnected to the network as I am not convinced I am free and clear. One of the reasons I suspect this is because when I reboot and log initially logged into my computer after it was "cleaned" I received an error message saying that I am missing a .dll (I cannot recall exactly what it was ..something like.. "runc???.dll" ). Also...now when I try to run any installed program I get an error message saying program not found and the "open with" window that allows you to pick the software from the installed software list or browse your hard drive to locate. Programs will only run when you browse through or pick from that list. I have attached the Hijackthis log which I ran after the superantivirus software came up clean.

Do you think I am good to connect to the internet yet? and how can I get programs to run without having to use the "open with" window?
 

A:Computer Hijacked - Partially or totally fixed yet?

Read other 8 answers
RELEVANCY SCORE 62.8

Hello,About a week ago, I got a nasty Vundo/Virtumonde virus. At first, it was popping up fake AV ads, generally slowing down my computer and browsing, and disabling auto updates in Windows Security, which I could not turn back on. Spybot detected it (Virtumonde.sci, prx, etc.) and said it was fixed, but the same stuff kept coming up on every new scan. So I got AVG, A-Squared, and VundoFix/VirtumondoBegone (note that I have all these installed at once, in addition to Spybot and McAfee; lord knows why I still have McAfee, but it's been catching some of the trojans). They turned up quite a few detections. Somewhere along the way, one of them must have caught something, because my system and internet are pretty much back to normal, I can turn WS updates back on, and all my virus scans are turning up clean. I was getting quite a few tracking cookes, and as it turns out, the little bugger must have set IE to accept all cookies - I set it back to default and problem solved.HOWEVER, I do keep getting alerts from AVG and McAfee on occasion about random trojans it catches (BHO, Vundo.gen.q, etc.). They do tend to come up while one or the other of them is running a full scan. So I'm posting my HJT log in hopes that I'll finally get clean. Please let me know if there's any other logs I can provide that would help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:30:37 AM, on 1/3/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)B... Read more

A:At least partially fixed Vundo; recurring Trojans

Hello King_e_dawg and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download ComboFix from one of the locations below, and save it to your Desktop.LinkLinkLinkDouble click the ComboFix icon to run it.If ComboFix askes you to install the Recovery Console, please do so..The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.Once the Recovery Console is installed, continue with the malware scan.Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.Please post the log from ComboFix (can also be found a... Read more

Read other 7 answers
RELEVANCY SCORE 61.6

Hi,  
 
I've uninstalled Windows live mesh, deleted the Softlayer link, ran avast & malware bytes;  I've Run the "Advanced PC Care, but not fixed anything
 
 not sure if there are any remaining issues other than missing files ?  
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:20:09 AM, on 7/30/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\bertie\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc089
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc089&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.ya... Read more

A:Windows live mesh remote hack, partially fixed

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 73 answers
RELEVANCY SCORE 60.8

My google search results were hijacked the other day so I looked around here for possible cures. Tried some of the basic ones and manged to get my browser working fine again but I still find 1 to 4 rootkits now and then. I just want to finish up with the removal of the few remaining ones. All help is very much appreciated. (The files are named: A0000176.exe and djjthyycqd[1].htm in my avast scan log.)

Here is my HJT Log

DDS (Ver_09-06-26.01) - NTFSx86
Run by Michael J. Audet at 17:34:04.04 on Mon 06/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.759.333 [GMT -4:00]

AV: avast! antivirus 4.8.1335 [VPS 090629-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:&... Read more

A:Google links hijacked (Partially fixed) need help with remaining stubborn rootkits.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 13 answers
RELEVANCY SCORE 56

Hey guys I just fixed a CRAZY virus (I think its a virus) I had that changed my userinit.exe files and I fixed it by replacing these files using my friends userinit.exe files . Now I'm getting a blue screen with an error that reads:

STOP: 0x0000007E (0x0000005, 0xF7547756, 0xF78A242c, 0xF78A2128)

Also it says something about BIOS to either upgrade it or disable conflicting components.

About the "Virus/Trojan or something":

Just so you know:

1) I downloaded this file <http://isohunt.com/torrent_details/71813493/ip?tab=summary> (if anyone is brave enough to download it and see if their antivirus detects it because I don't have an antivirus so I still don't know the name for this... I guess its a virus or trojan) when I double clicked the file "iphider37se.exe 4.2 MB" it automatically installed a "Windowspcdefender" and started scanning. It looked like a really fake virus scanner so when I click X to close it I got a blue screen and was forced to restart my pc.

2) Then the problem was that windows would load to the Welcome screen and I clicked on my user account to log in (no password required)

3) Then my desktop would appear AS IF it was ready to load up but then it would automatically go back to the Welcome screen.

4) This happened even in Safe Mode so I had to put my drive as a slave drive on ANOTHER PC.

5) It took me HOURS to somehow figure out the userinit.exe files may have gotten corrupt or rewritten by this... Read more

Read other answers
RELEVANCY SCORE 52.4

Two days ago, i open one keygen and my avg dont let me open and shows as trojan so i closed avg and open file.. so i got infected by some trojen... and it open command line and was doing somethingnow i am getting popups regarding Antivirus 2009, vista antivirus 2008, shredder and some others... i checked on net so they say kill process in task manager and then delete files from controlpanel and delete some dll, i try to find those files but to my surprise now of them exist, even no process is there in task manager, some dll was there but those dll i tried to delete but cant delete...then i installed lava soft adaware se.. scanned didnt find anything except tracking cookiesthen i installed spybot search and destroy.. it found some trojans... and removed then restart again run and again found some then removed... again i run and this time found nothing...then i scanned with avgfound nothingthen i scanned with defender.. found nothingi used malwarebytes rogue ware remover, but didnt find anything but still i am getting lots of popups not only antivirus but some from http://frmsg.com and some of you won 50$ today...i again checked my taskmanager and everything but dont find anything...FYI: my time format is changed and its in 24 hours.. no further changes noticed... i am new bie to pc and dont know how to find log file.. but i really feel strange there are no installation file in there and yet i am getting popupsplease help!!!!!!!!!!&#... Read more

A:I Am Partially Infected

Are you using XP or another system?Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on... Read more

Read other 1 answers
RELEVANCY SCORE 52

Hello, this is from a computer at the office. The user said she started seeing popups on her computer yesterday, but I didn't have time to address it right away. Today, I found a folder full of "decrypt" ransom notices, and they were created by her username, so I pulled that computer to the workbench to clean it up. I think that my GFI (Vipre) antivirus prevented a full-blown infection, but even after installing MBAM and removing everything found, the computer is very slow and the mouse is messed up; the cursor only wants to be down by the task bar, though I can still use the computer pretty good using the keyboard only.
 
Below is the DDS file, and Attach is attached.
 
Thanks in advance for your help!
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16490  BrowserJavaVersion: 10.5.1
Run by Administrator at 1:16:52 on 2014-09-19
Microsoft Windows 7 Professional   6.1.7600.0.1252.1.1033.18.2046.960 [GMT -4:00]
.
AV: Windows Intune Endpoint Protection *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Managed Antivirus Managed Antivirus *Enabled/Updated* {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
SP: Windows Intune Endpoint Protection *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Managed Antivirus Managed Antivirus *Enabled/Updated* {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}
.
============== Running Processes ================
.
C:\Wind... Read more

A:Partially Infected with CryptoLocker

Hello,
 
My name is Dave and I'll be helping you with your issues here.  Before we begin, I'll need to review the materials you've provided.  In the mean time, please refrain from making additional changes to the machine as this can make it difficult for me to help you.

Read other 8 answers
RELEVANCY SCORE 52

We were browsing the net.. computer shut down and then computer lost all icons on desktop, running very slow. When I click start/programs i can't see any programs listed?! Looks like something bad happened?!?
Please help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Hakim at 12:46:19 on 2011-09-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.911 [GMT -4:00]
.
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C... Read more

A:Infected, maybe partially wiped? Please help!

Hello and welcome to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 18 answers
RELEVANCY SCORE 52

My WinVista laptop was infected during a search download. I was able to get most of the control back and have a clean MBAM, Sypbot S&D and MS Defender. I am unable to connect to the Internet at all. So I'm posting from another machine after gathering the data logs.The infection changed some of the system settings, user account control and disabled some of the Windows Functions like Windows Firewall. Also many of my desktop icons have the Administrator shield now displayed over the icon.Below is DDS.scr, GMER (filename ARK), OTL TDSSKILLER & ASWMBR logs.DDS.scr.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6000.16575 BrowserJavaVersion: 1.6.0_26Run by hmorgan at 23:07:08 on 2012-02-07Microsoft? Windows Vista? Home Premium 6.0.6002.0.1252.1.1033.18.3061.1389 [GMT -5:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32 ... Read more

A:Infected Partially Recovered - Need More Help

Moderator - close this posting.

I recovered access to everything after running Subincl http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=23510

Read other 3 answers
RELEVANCY SCORE 51.2

Hello,

I think my computer is infected in some way where some websites are avaliable, but others redirect me to random sites. For example, I can open my homepage up to Google, but when I try to click on the Gmail link I get a site that says Gmail certificate is invalid, and wants me to click on other things. As well, if I try to go to an antivirus site via Google I will get redirected to random sites. I have tried a few things including AVG scans, Tren Micro Housce Call Scans, CoolWebSearch Shredder, Hijack this and removed a few things that were flagged as dangerous on an online analyzer, and the free Trend Micro Rootkit Buster. But things are still not working properly. So I have read the sticky at the top of the forum, and am posting the required reports from DDS and Root Repeal below. The infected computer is a desktop wired to a wireless router, and I am going to be primarily using a secondary laptop (wireless) for posting to this forum and any needed computer work, so the desktop remains in the same state. I greatly appreciate any help.

Please find the reports attached.

Thanks,

Raymond

A:I think Im infected....websites get partially redirected

Here are my latest reports...

DDS (Ver_09-12-01.01) - NTFSx86
Run by Raymond and Gelareh at 10:46:49.59 on Fri 12/18/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1456 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHe... Read more

Read other 3 answers
RELEVANCY SCORE 51.2

I received a warning from Symantic Anti-Virus real-time that it had found a file called ld10.exe and failed to clean it. (I was websurfing at that time, this was in the morning of June 24th). Then my firewall (Zone-Alarm) warmed me that a ld10.exe and a slew of tmp files with names like 8???.tmp were trying to access the web, which I denied. A ld10.exe and a bunch of svchost processes with my user name appeared in the task manager processes. I had problems running my security programs (anti-virus, Malwarebytes Anti-Malware, etc.) After repeated attempts, I managed to kill the ld10.exe and the rogue svchost processes, and managed to get MBAM to run. It found and deleted the ld10.exe file (it only found the file, no registry keys or anything else). Since then, I've updated and run Symantec Anti-Virus, and following Spyware/Malware programs: MBAM, Super AntiSpyware, Spybot S&D, and Ad-Aware. None of them found anything else, except Ad-Aware which found a file in BITACD.tmp in the Local Settings/Temp folder under my user name. It labelled this file as Win32.FraudTool.HomeAntivirus2009. I removed that with Ad-Aware. I've also run ATF-Cleaner and HiJackThis's ADSSpy (which identified a couple of of .tmp files in the All Users/Local Settings/Temp folder which I had it remove).Even though none of the spyware scanner I've tried are finding anything, there is still a svchost.exe process that appears under my user name, as opposed to SYSTEM, NETWORK SERVICE or LOCAL SERVICE. Its lis... Read more

A:infected with ld10.exe - partially cleaned

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 12 answers
RELEVANCY SCORE 50.8

Hello, first time posting here. Really frustrated and would really appreciate any help. A couple of weeks ago, computer was infected with the AV Security Suite virus/malware/worm (not sure what it is), despite having Norton AV installed, updating and running. I tried to remove using a combination of the following (which i saw recommended on this site): Malwarebytes, rkill and then Spyware Dr. Spyware Dr. even had me send them logs and other info. Their advanced techs thought they removed it all, but there are still some symptoms. I am no longer getting the AV pop-ups (those said computer was infected and to download their security product), still getting other weird pop-ups for search engines. Also, the other lingering symptom is that IE will run really slow and then Norton will have a pop-up saying "A recent attempt to attack your computer has been blocked". When I click for details, the application path is always: \DEVICE\HARDDISK\VOLUME2\WINDOWS\SYSTEM32\SVCHOST.EXE and the attack was by a few different places, but here are 2 I wrote down: 19js810300z.com and m01n83kjf7.com. Also, for a while the keyboard was not working on start-up, but that seems to have gone away. Here is the requested log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Jonathan at 19:21:20.15 on Fri 07/02/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.119 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-a... Read more

A:Infected with AV Security Suite - partially removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 10 answers
RELEVANCY SCORE 50.8

Hi there,

A number of things wrong with computer. We have lost our administrative access of the computer. Our space in the D drive has been eaten up by an invisible file. When running the Gmer program it stopped halfway through and a blue screen appeared then windows restarted itself. When running Hijackthis, the system was denied access to the hosts file, I did what hijack this asked me to do but still could not fix the problem.

Hope you can help

Hijack this log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:59:18, on 09/03/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG1... Read more

A:infected with something gmer and hijackthis worked partially

Read other 6 answers
RELEVANCY SCORE 50.8

Hi - I have been grateful to find your site and hope that you can help me remove the remnants of whatever it is that has infected our computer. I have used several of the programs recommended on your site to others with a similar problem (SuperAntispyware, ATF-Cleaner, MBAM), and they appear to have taken care of most of the visible problems, but am still having the following problems:Upon start-up I receive the following two messages:"rundll32.exe-Bad imageThe application or DLL C:\WINDOWS\system32\dsagplkq.dll is not a valid Windows image. Please check this against your installation diskette"Then after closing that window, I receive this message:"RunDLLError loading C:\WINDOWS\system32\dsagplkq.dll%1 is not a valid Wind32 application."Windows Defender is still finding the following three things, and while they appear to have been quarantined by Norton, I am not able to remove them, as it says they are read-only:SoftwareBundler:Win32/YourSiteBarTrojanDownloader:Win32/PacerdTrojanDownloader:Win32/Agent.BIn addition, I don't know if this is related or not, but whenever Internet Explorer closes, I get the following message:"IEXPLORE.EXE-Application ErrorThe instruction at "0x749860b0" referenced memory at "0x00000000". The memory could not be "read". Click on OK to terminate the program.I have run the two scans recommended and have attached the logs below. I appreciate any help that anyone i... Read more

A:Red Screen Biohazard Problem Partially Gone, But Still Infected

Hello harveyae,Welcome to Bleeping Computer Let's see what else might be hiding and we'll get rid of those error messages. This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 12 answers
RELEVANCY SCORE 50

My niece recently gave me her computer which had multiple issues.  She could not connect to the internet which I fixed. I ran fixmestick and it found and quarantined a few things.  I ran malwarebytes which found some things.  I also ran avast.  I tried removing old versions of Java but I did not recognize the uninstall program.  I see she has Sendori installed and I tried removing it but had issues after that.  I restored the computer.  Please help thanks.
 
It will not let me paste the dds file in here.  I hope it is ok if I attach it. 
 
 

A:Niece's Computer Infected and Partially Cleaned with FixMeStick

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+==============Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and... Read more

Read other 17 answers
RELEVANCY SCORE 50

I got a malware virus with the disk errors, security alerts and so forth. My Spybot Resident caught the virus attempting to change the registry and disable the task manager. I thwarted this part and immediately powered down and disable internet access.

I went to safe mode and ran Rkill and MBAM to clear the first level out. I am still getting indications that something is trying to load after startup and my Desktop and Programs list is incomplete and the Desktop background is black screen with minimal icons.

Would like someone's help to clear the rest of this virus out.

A:Laptop Windows Vista Infected - Partially Cleaned

Can you post the logs that Mbam and Rkill produced?

Read other 4 answers
RELEVANCY SCORE 50

My computer was recently infected by a virus that tried to get me to install a fake antivirus software called Defense Center. I used online help with Norton to try and clear up everything, but I'm still having issues:- My computer seems to run very slowly- When clicking on search results from Google, I occasionally am redirected to an advertisement instead of the website I selected- My sound card is not working.I downloaded Hijackthis and ran it - here is the log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:04:15 AM, on 7/18/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\L... Read more

A:Infected with Defense Center Virus - Partially Removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

Hello. I'm in need of your help once again. We cleaned my laptop about 2 weeks ago and now my desktop has become infected. It's from completely different sources. Laptop was from somewhere I probably shouldnt have been, desktop is from a nice blog that my wife used to read often.

The problem, We now have a blue screen with a black box that reads "Your System is Infected!" Ctrl+alt+del does not work. Computer will not start in Safe Mode - It freezes at the HP Screen. I dont have the system restore disc. The GMER file does not produce any results. GMER runs through the scan, however the produced file doesnt contain information. I have attached the file anyway.

I felt like I could remove the bug myself via Smitrem and smitfraudfix programs, however after I couldnt restart into safe mode i decided to give up and ask you all for help.

The DDS report shows Norton as enabled, I dont know how to disable it and dont see where the program is at... Help me with this (if needed).

Your assistance is greatly appreciated,
Clint


DDS (Ver_09-11-24.02) - NTFSx86
Run by Owner at 20:13:38.01 on Mon 11/30/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.632 [GMT -5:00]

FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program... Read more

A:[SOLVED] Your System is Infected! Blue Screen - Step 1 partially complete

Hello Clint,

This thread title has been marked as Solved. Is that indeed true, or do you still require assistance?

Read other 17 answers
RELEVANCY SCORE 48.8

Was infected with Vista Home Security 2012. Was able to remove the malware using the manual removal guide on bleeping computer and this seemed to work but the popups for Vista Home Security 2012 saying my computer was infected continued the next day. Tried to remove again with the same self removal guide but was still unsuccessful. Most of the malware seems to be gone but certain remnants of the virus seem to still be there. For example I am unable to start windows security(aka I cant add windows firewall back up to protect my computer). Also when trying to do a system restore the restore fails everytime. I am able to run Malwarebytes and each time I run it it picks up new infections which it cleans but when my computer restarts I still seem to be infected. I have no idea at this point where to go I've followed the manual removal guide on this website and that hasn't worked so I'm wondering if there are any other suggestions based on my logs that anyone might have. I figure worst case scenerio I can save all my documents and programs and wipe my hard-drive but I'm trying to avoid that if I can. Any advice will be greatly appreciated thanks in advance. Here is my report from DDS.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Mike at 21:37:11 on 2011-12-18
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3571.1989 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-... Read more

A:Infected With Vista Home Security 2012 (Manual Removal Only Partially Worked)

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433326 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 3 answers
RELEVANCY SCORE 48.8

infected server 2008. infection (encryptor) and trojan partially removed by kasp

A:infected server 2008. infection (encryptor) and trojan partially removed by kasp

infected server 2008. infection (encryptor) and trojan partially removed by kaspersky software. ntdll.dll, explorer.exe, ctfmon.exe crashes still occur

Read other 0 answers
RELEVANCY SCORE 48.8

infected server 2008. infection (encryptor) and trojan partially removed by kasp

Read other answers
RELEVANCY SCORE 48.8

infected server 2008. infection (encryptor) and trojan partially removed by kasp

A:infected server 2008. infection (encryptor) and trojan partially removed by kasp

infected server 2008. infection (encryptor) and trojan partially removed by kaspersky software. ntdll.dll, explorer.exe, ctfmon.exe crashes still occur

Read other 1 answers
RELEVANCY SCORE 48.8

infected server 2008. infection (encryptor) and trojan partially removed by kasp

Read other answers
RELEVANCY SCORE 46.8

i was hijacked and i think i have it resolved but the laptop is running slowhere is my hijacked logLogfile of HijackThis v1.99.1Scan saved at 12:54:13 PM, on 11/5/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\acs.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\WINDOWS\system32\DVDRAMSV.exec:\TOSHIBA\IVP\swupdate\swupdtmr.exeC:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Toshiba\Toshiba Applet\thotkey.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Program Files\Toshiba\Tvs\TvsTray.exeC:\Program Files\TOSHIBA\Touch and Launc... Read more

A:Infected Think It Is Fixed? Can Someone Look?

Hello bcinc777 and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.For non-malware related XP performance issues it is best to post in the XP forum here: http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/They can assist with analyzing the system for resource issues and recommend changes or upgrades to boost system performance. Let them know that you have been to this forum and no malware was found.Cheers.OT

Read other 1 answers
RELEVANCY SCORE 46.4

Hello, and first off I want to say thanks for your time in helping all of us who aren't as knowledgeable with computers. I would like to think I know more than average but you guys really know what you are doing. Ok, yesterday I was infected to be what I figured was a vundo(A .rar file, trying to download software). I lost C:/D: drive access, lost task manager, had a new background with threatening biohazard symbol and phrase, computer was slowed down to just about a stop with some process labeled: ppxcs.exe, had pop ups, and was unable to run any of the very few apps that I had access to. After some time I was able to grab SUPERantispyware from a friends comp with a flash drive and run it. That go rid of most of the problem, still however, I was unable to run HJT or any other apps. After hours of trying I was able to get my malwarebytes software to run and that helped a little, still had that unknown process which was using 99-100% CPU. But I was finally able to run HJT (Log posted below) Oh, also, when I log into windows XP there is a black box that appears in the top left hand corner for a split second, I know that isn't good. Any help would be appreciated, and I would love to know if it's safe to delete that process. Also, my SUPERantispyware log is available if you need it. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:58:52, on 2008-08-27Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning proces... Read more

A:Fixed Most Of The Problem, But Still Infected

Hello Catnap and welcome at BleepingComputer,Sorry to have kept you waiting for so long, but the forums are really busy.If you still need help :1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. After reboot,Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following, if still present :O4 - HKLM\..\Run: [Sccs] C:\Documents and Settings\Owner\sccs.exeO4 - HKLM\..\Run: [Css] C:\Documents and Settings\Owner\css.exeO4 - HKLM\..\Run: [ppxcs] C:\Documents and Settings\Owner\ppxcs.exeO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO20 - App... Read more

Read other 1 answers
RELEVANCY SCORE 46.4

Hi there,I was infected yesterday but found a fix and cleaned it up. But, unfortunately, my computer is running noticeably slower. Can anyone help me? Thanks! Here is my hijackthis log...Logfile of HijackThis v1.99.1Scan saved at 11:11:34 AM, on 7/30/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.imdb.com/R0 - HKLM\... Read more

A:Was Infected With Smitfraud But Fixed It

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.

Read other 10 answers
RELEVANCY SCORE 46

This is not super pressing, so if you have to help others with bigger troubles than I have, then tuck me away somewhere and hopefully you won't forget about me!
 
I think I got rid of JavaCore.  My troubles are:  I am typing in legitimate web adresses that I have used for years, and I am being redirected to a bogus site(s).  The two sites in particular are www.theringlord.com and www.bluebuddahboutique.com and sorry, sometimes canadianliving.com.  I have installed spyblaster in an effort to be able to surf the web, but it is so frustrating because sites where I want to see everything, I can't see everything even if I add them as a safe site in my brower options.  If I disable spyblaster settings temporarily I get rerouted again!
 
What I would like to know is how I can secure my browser(s) without out loosing the content I want to see.  I am not on any social sites, I merely browse the web for inspiration, check in with my sites where I buy supplies from and download assignments or upload to my college, and download personal reading information to transfer to my android tablet to read later.  I have been trying to find a guide to help me with my brower settings that don't take all the joy out of what I do regularily.
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17126
Run by Cindy at 1:18:49 on 2014-06-24
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7... Read more

A:WAS infected with JavaCore, I'm not sure if I fixed it, but I have other problem

Hello Momadice and welcome to the Bleeping Computer forum.My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:please follow all instructions in the order postedplease continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clearall logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checkedif you don't understand something, please don't hesitate to ask for clarification before proceedingthe fixes are specific to your problem and should only be used for this issue on this machine.please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!IMPORTANT:Please DO NOT install/uninstall any programs unless asked to.Please DO NOT run any scans other than those requested===================================================Note: Please run these in the order given in the instructions.===================================================Download and run AdwCleaner Download AdwCleaner from here and save it to your desktop.run AdwCleanerwhen it has finished, select Cleanif it asks to reboot, allow the rebooton reboot a log will be produced; please attach the content of the log to your next reply.=========================================... Read more

Read other 38 answers
RELEVANCY SCORE 46

Hello,

This is my first post on TSG. Yesterday 11/6/08 I was infected with the Trojan Pandex, It tried to send out hundreds of spam email with my email client, it also shut down my firewall and blocked me out, locked me out of regedit, grayed out my option to shut off system restore, and removed my folder options selection from tools drop down.

I was able to get into regedit with unhook exec from Symantec site covering Trojan Pandex removal.
I was able to get stuff back here and there, like the firewall or system restore, but after a few restarts they would go back to the way they were. And every time I connected to the internet, the Trojan would fire up like crazy sending emails and accessing sites!!!
These ones bad!!

Well
I read this post along with many others but this is the one that worked. http://forums.techguy.org/malware-removal-hijackthis-logs/674979-solved-how-can-i-remove.html

I ran ComboFix and it seems to have successfully destroyed the Virus, after that I scanned my PC with a-squared and found a few low priority cookies, deleted them and scanned again, and also with Symantec AntiVirus NOTHING. I think my system is clean.

I then ran HJT, I'm not sure if I am totally clean, could someone please look at my ComboFix log and HJT log and let me know if Iím good.
Again, I have no more symptoms of TROJAN PANDEX, all PC function has returned, No virus detected on scans.

cybertech If you are reading this please look over my logs, I know you know what you... Read more

Read other answers
RELEVANCY SCORE 46

Symptoms:
Desktop and explorer seem to have been hijacked. Blank screen with no start menu.

Using taskmgr manually to run apps.

Thanks in advance for any support.
Logfile of HijackThis v1.99.1
Scan saved at 9:59:35 AM, on 8/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\ToddJune\Desktop\SpyKiller\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O... Read more

A:Infected - But not fixed - HJT & AS Logs attached

Read other 6 answers
RELEVANCY SCORE 46

Toshiba Qosmio F20 1.7Ghz
1Gb ram
XPsp2

Also runing as an FTPserver and HTTP server for testing Ecommerce Software

-----------

It started off with Outlook2003, Windows Media Player and the Calculator opening up by themselves. Closing them 2-4 times then stopped the happenings. As advised in the forum, I ran SearcH & Destroy and Adaware - the happenings stopped. BUT I was advised to run follow the '5 Step Process'

I think there still may be an infection of some sort ...

Step - 1 OK - nothing to delete.

Step - 2 A PROBLEM with Panda Active scan - It wouldn?t do it. I checked the Panda site with another machine and all went well coming back to the infected machine, Panda refused to work - no popup ... I disabled Norton security checked the firewall - nothing I did would let Panda load Active Scan - I had to continue without that Activescan...Therefore no report.

Step3a - Installed SpywareBlaster, upgraded and activated.

Step3b - IESpyAd - New procedures - see their website. Followed them and installed' ZoneOut' loader to work in conjunction.

Step 4 ? running XPsp2 have all updates

Step 5 ? Run Deckards utility results:

Main.txt:
mDeckard's System Scanner v20070819.64
Run by Donald Gray on 2007-08-24 20:20:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's Sy... Read more

A:Programs restart fixed but still infected?

I have just done a Kaspersky online scanner process. It found 2 vruses and 4 infected files - As far as I can make out, they are in the Norton Quarantine area (safe?).

Although my Norton is out odf date, it is only a few days over & I intend to replace it with Kaspersky in a couple of weeks time?

The Kaspersky Scanner log:
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 25, 2007 2:10:00 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/08/2007
Kaspersky Anti-Virus database records: 389594
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 114275
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:38:17

Infected Object Name / Virus Name / Last Action
C:\Apache2.2\logs\access.log Object is locked skipped
C:\Apache2.2\logs\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All User... Read more

Read other 1 answers
RELEVANCY SCORE 46

Hey guys. Got hit with something and manually fixed, and looking for a trained eye to give my log a once over.I had several .exe/dlls in my Local/Temp folder come up as infected in NOD that couldn't be cleaned. I manually deleted a bunch of stuff, which got rid of the spam I was getting.. but things were still trying to run on startup. So I deleted their registries from MSCONFIG, and all seems well now. Just want to be sure.Note: Ever since I was attacked, I have new disabled plugin in firefox called XULrunner 1.9.1. I can't figure out how to remove it, but its disabled. Firefox notified me that it was new the next time I opened the browser.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:23:15 AM, on 4/21/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exeC:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exeC:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\Steve\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:/... Read more

A:Infected and fixed, double check my log please

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 12 answers
RELEVANCY SCORE 45.2

Running Windows7 I recently had an infection that resulted in my LAN settings being changed to a proxy server and redirects when clicking google results. I have run mbam and mse, both showed and removed malicious files and now show clean scans when I run them. There was an issue with my hosts file being invisible but I ran FileASSASSIN, manually typed in the location of the invisible hosts file and it was deleted. I used hostsXpert to restore the default windows hosts file. The new hosts file is visible.
Everything seems to be running fine now but I'm not sure if I'm still infected.

A:invisible hosts file fixed but still infected?

Hello and welcome.Lets do these then.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.If you did NOT run RKill do this part,Run RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkil... Read more

Read other 9 answers
RELEVANCY SCORE 45.2

hi all - my first time here and i've been searching through and reading what others have encountered with this problem. the problem seems to be the same as in http://forums.techguy.org/malware-removal-hijackthis-logs/693942-your-computer-infected-pop-up.html -- the dreaded red x tray pop-up.

i followed the steps in the post above and using combofix - it seems to have fixed my problem. the red x and pop-up are now gone, but i have never had a malware infection that was even close to this bad, so i wanted to post my steps here that i took along with my log files to make sure everything looks ok and ask if there is anything else that i need to do. but before i do that, let me say thanks for the info help and info already provided here in other posts. i was very worried about this problem, but at first glance the advice here seems to have fixed it!! this is a great forum!
here is what happened:

when this issue happened for me, i was surfing online, and all of a sudden my computer simply restarted. when it did, i noticed the red x and the pop up from the tray with the "your computer is infected" message. i knew immediately it was a fake and some sort of malware itself, so i never at any point in this process clicked the pop-up message.

avg free 8 was immediately caused to stop working. i tried it repeatedly but it would no longer function. i uninstalled it and tried reinstalling avg free, but it would not even allow me to reinstall it.

next, i tried running ... Read more

A:red x your computer is infected - fixed from previous posts!?

hi, welcome to TSG.

you can reinstall avg now.
Is your internet connection broken on this machine?

have hijack this fix these entries. close all browsers and programmes before
clicking FIX.
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] D:\WINDOWS\system32\drivers\svchost.exe
O20 - AppInit_DLLs: karna.dat

* Click here to download ATF Cleaner by Atribune and save it to your
desktop.

http://majorgeeks.com/ATF_Cleaner_d4949.html
* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords,
please click No at the prompt.
* Click Exit on the Main menu to close the program.


Download Superantispyware (SAS):

http://www.superantispyware.com/supe....html?rid=3132
Once downloaded and installed update the defintions
and then run a full system scan quarantine what it finds!
* Double-click SUPERAntiSypware.exe and use the default settings for
installation.
* An icon will be created on your desktop. Double-click that icon to launch
the program.
* If asked to update the program definitions, click "Yes". If not, update
the definit... Read more

Read other 2 answers
RELEVANCY SCORE 45.2

I am running Win XP Pro and have been fighting an infection for a few days.

Was running Symantec EndPoint Protection, but it got past that.

Uninstalled and installed AVG Free, ran full scan

Ran Malware Bytes, Super Anti Spyware, Spybot Search and Destroy, Advanced System Care, and Glary Registry Repair.

Found and removed a number of virus files:

tpsaxyd, wiwow64, pp10, and many many others.

At one point, networking wasn't working, USB ports not working, programs freezing up, system resources overloaded, low RAM, processor running forever, and one BSOD.

I've gotten everything back, but am not sure if it's completely gone or if it's still hiding somewhere and will come back. I do notice what appears to be the processor coming on and off very slightly based on the light on my laptop. That seems strange.

If someone were willing to assist me in checking if I'm truly clean via hijack this or combofix, I would sincerely appreciate it. Also, I'd love to know why my supposed "latest and greatest" Symantec Endpoint totally blew it.

Thanks again

Read other answers
RELEVANCY SCORE 45.2

Hello
 
2 days ago I noticed about every 10 minutes a blank browser window would pop open, so I did a scan. I ran everything under the sun, Malwarebytes, hitman pro, rkill, and JRT did the clean, etc and nothing is being detected now, and the blank window keeps popping up. I know you arent supposed to, but I even thought of doing system restore, but I have it turned off. I can usually clean this by myself, but I cant figure this one out. It has to be buried, and in the registry somewhere. I am about ready to do a clean install of windows 7 and say heck with it. Thanks in advance for the help.
 
I dont have the any logs after cleaning.. Here is what I was infected with ( A blank window popped up again, as I was writing this)
 
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 9/19/2014
Scan Time: 2:07:14 AM
Logfile: malwarebytes infection detection.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.19.02
Rootkit Database: v2014.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Deborah Lane
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314444
Time Elapsed: 10 min, 11 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Ke... Read more

A:Infected by several PUP Malware. Scanned and fixed but still have a problem

Hello, 
 
Please run the following programme.  AutorunsPlease download Autoruns and save the file to your Desktop.Right-Click Autoruns.exe and select  Run as administrator to run the programme.Click Agree to End User Licence Agreement (EULA).Allow the programme to scan. Once completed, click File, then Save, name the file Autoruns Log.arn and save to your Desktop. Close Autoruns.Upload the log (Autoruns Log.arn) to my channel, here.

Read other 36 answers
RELEVANCY SCORE 44.4

I have a computer which I know to be infected because it was connected to another computer and that other computer started showing very similar aspects of malbehaviour. This latter computer has now been fixed (Thanks BP!) but the original still requires attention.

A:Suspected rootkit malware; infected another laptop (now fixed) via connection

Greetings JohnSmithers1 and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter... Read more

Read other answers
RELEVANCY SCORE 44.4

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:38 PM, on 11/6/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\Acer\Acer VCM\AcerVCMProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Acer\Acer VCM\acp2HID.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Cesar\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...m=aspire_6930g
R1 - HKCU\Software\Microsoft\Internet Explorer\Mai... Read more

A:Got infected with fake antivirus exes. Fixed some of it, but still there 64bit Vista

Anyone?

Read other 1 answers
RELEVANCY SCORE 44.4

On August 17th I was attacked with a fake virus scanning program calling itself "Security Protection." It immediately disabled my ability to open or run any programs, including Malwarebytes. I booted into safe mode and ran mbam from there, removed it and another worm, the name of which I don't recall. Upon restarting, I started getting UAC popups telling me that EIGHT different .exe files needed permission to run. All of them start with "win" and then have a string of 10 numbers. So far, every time I start up, the numbers have been different. Google doesn't recognize any of them. I DO NOT allow any of these to run since I have no idea what they are. On Monday or so I suddenly started getting "ghost" boxes...popups that don't show up on my taskbar, and can only be glimpsed for a few seconds if you quickly switch to the desktop. The most recent one just said "thanks." Google has started redirecting as well, just today. At random intervals I also get boxes asking me if I am sure I want to leave the page, even when I am not doing anything at all of the sort.
I updated and ran mbam tonight and removed 15 more infected items (WHAT), and then ran CCleaner and fixed 60 or so problems. The first time I ran CCleaner (after destroying the security protection virus) there were 498 problems to be fixed.
Things seem to be unraveling rather quickly! Any help would be appreciated! I know it's been a while since the initial attac... Read more

A:Infected with "Security Protection" trojan--fixed but with lingering problems

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/416200 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 16 answers
RELEVANCY SCORE 40.4

Please review steps already taken here:

http://www.bleepingcomputer.com/forums/topic435318.html/page__gopid__2531767#entry2531767

DDS results:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by HP at 23:13:02 on 2011-12-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5429 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:... Read more

A:Infected MBR - Norton power eraser says rikvm_C6F09094.sys is a bad file but the file remains and never gets fixed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 21 answers
RELEVANCY SCORE 40.4

Logfile of HijackThis v1.99.1Scan saved at 3:55:55 PM, on 4/11/2007Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Compaq\Compaq Management Agents\cpqalert.exeC:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exeC:\WINNT\system32\DWRCS.EXEC:\WINNT\System32\svchost.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\WINNT\System32\mnmsrvc.exeC:\notes7\ntmulti.exeC:\ODI\Ostore\bin\oscmgr6.exeC:\ODI\Ostore\bin\osserver.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exeC:\WINNT\... Read more

A:Clean Vbs Solow Virus From Windows Registry And Fixed The Registry Like Before Infected

Hi Jarakal,

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience.

Read other 6 answers