Over 1 million tech questions and answers.

Firewall privileges compromised / Restore compromised

Q: Firewall privileges compromised / Restore compromised

Hello.  I seem to be sharing my firewall privileges with a remote hacker and a system restore didn't help.  A similar posting at Tom's Hardware pointed to a corrupted/malware rundll32.exe file creating extraneous malware files (guard.tmp, filename.dll) in his Win/System32 folder.  I suspect I have something similar though couldn't find those same file names.  (His posting is here: http://www.tomshardware.com/forum/134388-45-mysterious-rundll32-administrator-privileges )
 
I have tried kaspersky, combofix, rskiller, hitman, symantec, emsisoft, avg, symantec, windows defender, etc.  I am not a tech guy by trade but serve as my own IT guy some months so any help I get is welcome.  I probably am supposed to be posting "hijack this" findings or something as a first step but haven't done anything like that in 12 years so I figured I would post my problem first.  Thank you.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Firewall privileges compromised / Restore compromised

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 95.6

Esteemed Forum Members,

This is my first posting here. I am a Java programmer/developer. And I look forward to participating. Although I generally find that I learn more from reading the posts of the knowledgeable folks here than with me talking.

My current question is to see if anyone knows any more about a computer affliction that has affected two friends in the past week. (They are in different groups, so these are separate "afflictions".)

The two are remarkably similar so I am hypothesizing that they are basically the same attack. I suspect that if I have bumped into two of these cases, you folks may have already been there and done that.

As I don't have access to either of their computers, and as they are rather naive MSWindows users, it might be difficult for me to run the various diagnosic tools on their systems.

Basically the symptom is that they received an email from a known source. (Yeah, I know...) And clicked on a link to one of the {canxhealth health24x medhealthx xmedx } dotcom websites. The result is that, at a minimum, their Yahoo email account was compromised and an email was sent out to all of their contacts. The sent email has no subject and contains only the link to the malware website.

Googling through the web, I see suggestions ranging from changing the email account password through reformatting the hard-drive and resetting external routers. I also see claims that none of the major anti-virus/firewall applications detect this... Read more

A:Yahoo Account Compromised, possible system compromised

Hello Chuck, First i will move you one forum down to Am I Hacked.Please read the first pinned topic there, Who To Contact If Your Yahoo Webmail Account Is Hacked Next follow tese instructions,also a pinned topic there How to receive help in the Am I Hacked? forum

Read other 5 answers
RELEVANCY SCORE 89.6

My IP address has been fixed to a single number and I can't get it to change. The configuration screen for my Netgear FVS318G won't let me change to a static IP address, switching back to 'Get from ISP' when I attempt to reset it. Short of doing a hard reset on the firewall, which will cost me my logs, is there anything I can do here to change this behavior?
 
I appreciate the help. Thanks.

A:Netgear Firewall Compromised

Do you have all the information to input? The Static IP, the IP Subnet Mask and the Default Gateway? You'll need all three from your ISP. If you don't have your Reference Manual. See page 2-4 in the .pdf ProSafe 8-port Gigabit VPN Firewall. That will be a detailed step by step guide.

Read other 5 answers
RELEVANCY SCORE 89.6

My IP address has been fixed to a single number and I can't get it to change. The configuration screen for my Netgear FVS318G won't let me change to a static IP address, switching back to 'Get from ISP' when I attempt to reset it. Short of doing a hard reset on the firewall, which will cost me my logs, is there anything I can do here to change this behavior?
 
I appreciate the help. Thanks.

A:Netgear Firewall Compromised

Do you have all the information to input? The Static IP, the IP Subnet Mask and the Default Gateway? You'll need all three from your ISP. If you don't have your Reference Manual. See page 2-4 in the .pdf ProSafe 8-port Gigabit VPN Firewall. That will be a detailed step by step guide.

Read other 5 answers
RELEVANCY SCORE 88.4

One day I turned on my computer to find a message that said my firewall was compromised. I saw 4 updates also that were downloaded to my computer. Does Windows have a right to bust down my firewall or was this a malicious attack from elsewhere?

Read other answers
RELEVANCY SCORE 88.4

I was having networking difficulty and called a tech to come in and figure out why it wasn't working. While on the main computer, he said that the firewall was compromised and that computer was being accessed from elsewhere-- like a shadow or backdoor of some sort was created. He basically told me I had to wipe the drive and start fresh. I've run malwarebytes on the computer and it comes up clean. I've had no trouble with the computer, either. I really would hate to wipe it if I don't need to do so

Thoughts?

Thanks!!

NT

A:Firewall compromised and possible duplicate log in created

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.----------------------------------------------Please download OTL
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.ThenPlease download aswMBR ( 511KB ) to your desktop.Double click the aswMBR.exe icon to run itClick the Scan button to start the scanOn completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Read other 3 answers
RELEVANCY SCORE 86.4

Hi there,
 
I inadvertently downloaded a virus or some malware when visiting an unknown website some time ago.  I can't remember the website as I went there unintentionally in the first place.
 
Since then, the following issues have occurred...
 
* According to Windows warnings, my AntiVirus (TrendMicro) and Firewalls are disabled.  I can still do a manual file scan with TrendMicro though.
 
* Windows Firewall cannot be activated (with or without TrendMicro "on").  When I double-click the Windows Firewall icon in Contol Panel I get the following message:  "Due to an unidentified problem, Windows cannot display Windows Firewall settings."
 
* My browser randomly redirects to a website other than the one I navigated to (less frequent over past month or so)
 
* So far, 4 of 5 websites I have details for in FileZilla have been compromised such that a nasty iFrame redirect has been injected into MANY HTML and PHP files on these sites.  I changed the passwords for my hosting login and cleaned the files the first time it happened, but then after a month or so, it happened again!  I realise that FileZilla does not securely store passwords, but someone would have to have gained access to this computer in the first place to get those details I would have thought.
 
Additional Notes...
* I turned off TrendMicro before running DDS as per the preparation instructions.
* I am using Windows XP SP3
* I ... Read more

A:TrendMicro + Win Firewall disabled, IE redirects, FTP details compromised

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===--RogueKiller--Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+===Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete tab follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).=== Please downloadJunkware Removal Tool to your Desktop.Please close your security software to avoid potential ... Read more

Read other 6 answers
RELEVANCY SCORE 86.4

As in introduction, I'm a casual computer user. I don't know much about technology, but I've noticed these forums bring a lot of help. And I really need it, I'm kind of panicked and have no informed perspective, no inkling of what to do next. a huge thank you to anybody who reviews this. 

 
Have an HP Pavilion quad core with*I believe*eight GB of memory. it is a desktop PC, It has windows 8. I will be happy to provide any more information as needed.
 
So it all started with downloading a version of Photoshop someone confirmed that worked. Bad idea. Normally I'm not that naive. I already had McAfee and avast antivirus installed. 
 
It was a really tempting offer. After I clicked the link , the problem began and inflated. 
It immediately confirmed it as malicious, and I x-ed out.
 
This is where I consider The issue from, I don't think there's anything else I've done to cause this.

 
Suddenly, I began getting certificate warnings in iTunes, Google Chrome, Internet explorer, you name it. This had never happened to me on the computer before. I can only remember one instance where the URL was suspicious, but it normally wasn't. I even got messages that somebody was connecting to my network/computer, or something similar, via MacFee.
 
There were also times where I would be browsing the Internet, and my click be directed to a random pop up that came out of nowhere. I noticed that my mouse lagged; I read th... Read more

A:Malware turning firewall off, certificate warnings, compromised PC?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554923 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

Is there anyway avast can be compromised showing its operating normally or any other scan engine such as malware bytes and Super Anti Spyware! How would one know if the system is compromised if it operates normally as if it had not been compromised by malware? Would this come up in a OTL log or some other type of utility! If it is compromised how could it be fixed and how can you find out?
 

A:Solved: Compromised Anti Virus & Firewall's 3rd Party etc

Try downloading the eicar test virus, that will verify if your antivirus is still working.

http://www.eicar.org/anti_virus_test_file.htm

Note: since you have several security programs, enable one at a time and do the download. See if each picks up the eicar.

To test your firewall, go to Sheilds Up at grc.com
 

Read other 1 answers
RELEVANCY SCORE 84

I appreciate any help you might offer. I guess you'd say I've been hijacked. Recently, something has started resetting my start page from Yahoo, which I normally use, to "res://mshp.dll/index.html#22776". It not only resets my start page, but has also made this my default page. About the same time this started happening, something else also began happening. Whenever I do a search (Yahoo, Google, whatever...), a second search window also pops up called "http://search-company.com". What's really upsetting is, I tried restoring my system twice, figuring that might bail me out, but both times the same thing happened. When the restore was complete, my Recycle Bin icon indicated something in it. When openned, nothing appeared to be in the folder, but the option to empty the bin was available (which it shouldn't be if the bin is empty). When I clicked to empty the bin, I was asked if I wanted to delete "WINDOWS". Yikes. It appears my ability to System Restore has also been compromised. I have Norton Anti-Virus 2002, scanned and up-to-date, but it reports no viruses. I also downloaded and ran Spybot, Ad-aware, and something called StartPageGuard, but they didn't help. Finally, I downloaded Hijackthis and ran a log. Your help in this matter would be appreciated enormously:

Logfile of HijackThis v1.97.7
Scan saved at 9:57:09 AM, on 1/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.110... Read more

A:Please Help - Start Page resets and System Restore compromised

Hi

Download and run this program first :-

http://www.merijn.org/files/cwshredder.zip

Then post a new log

steam
 

Read other 3 answers
RELEVANCY SCORE 83.2

Last evening at approximnately 5:25 Atlantic Standard Time three things happend in a space of a few minutes. 1) Windows Media Player failed with "An Internal Application Error has occurred" message. 2)VLC Player crashed. 3) Upon attemting to do a System Restore I received a blank page that did nothing. I saw that there was a closed thread on here regarding this with a solution to the WMP problem, but nothing about System Restore as far as I could see.

Any advice would be appreciated.

waynf
[email protected]
 

A:Windows Media Player compromised-Restore Point effected.

Have you tried deleting the Windows Media Player on your pc and downloading a new version from Windows?
About your system restore, what version of Windows do you have?
 

Read other 3 answers
RELEVANCY SCORE 82.4

DDS.txt is pasted after this explanation which became a bit lengthy. I wanted to give you the order of events that I think are relevant. For reasons I explained there's 2 DDS.txt and two attach.txt. I apologize if this was unnecessary. The first reports are renamed with a "1". The contents were not touched. The updated reports were not changed at all.
 
I am using Windows XP
I was using browsers Firefox or Palemoon, likely most recent versions.
I have NoScript installed on both browsers.
I am currently using chrome for this communication.
I have Avast Free loaded and running on start up (After all other processes; startup was taking too long without this).
I have Online Armor firewall running on start up.
 
I restarted my PC after possibly a week or more of only putting it to sleep.
I recently downloaded a bunch of programs in an attempt to create PDF files.
My version of word is old (97), and can't produce these.
I "checked each program/utility" online for safety issues in a number of places. All showed as Safe according to reports.
All downloads were from the original homepage of said program.
One program was called cutepdf.  Another was LibreOffice. LibreOffice installation connected to the web and installed something that Online Armor considered a keylogger. I allowed all things Libre tried to do, because it is a very well known program, which Online Armor did not recognize, for some reason.
Before that I had installed AbleWord V2. I used this program many ... Read more

A:W32.Virut.Gen.D-148 FOUND, Avast compromised, System Restore acting weird.

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554610 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 16 answers
RELEVANCY SCORE 68.4

I Did a Dumb Thing!!!

I got an email message that my ATT Worldnet account had to be updated or my account would be terminated.

Since Cingular recently purchased ATT services, I thought it was legit and part of the transition of services.

I clicked on to the website, which asked for my name, password, address, phone, and credit card number. I typed in the first 4, but hesitated at the credit card line, since I pay by mail.

The site window was set up with "continue" keys. Because I did not give my credit card info, it would not continue to the next sceen. I then closed out th screen using the Windows close icon box in the upper right corner.

I called ATT and found out the website was a fraud!!!

My Question:

Since I closed out everything before reaching the "send" screen, is my name, address, and password still secure, or did that info still reach the scam artists?

I know it was a dumb mistake, but will appeciate any advice about the damage done, and what, if anything, I can do to correct it ( I ran spyware and antivirus check immediately, with no problems reported).

Thanks

adf
 

A:Is my ID compromised?

As long as you did not transmit any data to the website then your information is still secure but just to ease you mind you should go to the official website and change your password.
 

Read other 2 answers
RELEVANCY SCORE 68.4

Hi there

My system has been compromised just recently and would like your help on the matter.

Here's what I've done so far: Installed and ran "CCleaner", removed whatever it found. Did the same with "Ad-Aware" and it actually found some trojan of some sort and removed it. Then I intalled "Spybot Search & Destroy" and did a search with that one. And finally I ran a virus check with "NOD32" and topped it off with "MalwareBytes' Anti-Malware". "NOD32" found some trojans in "Java" which I deleted manually and did a new search, where nothing showed up. I've got logs of the Java trojans. So I've updated "Java" now as well, so that hopefully will close any security holes.

So I'll post a log from MBAM and HJT and would really appreciate your opinion on this matter. Are my system okay now, or can you still see something?
Thank you.

Malwarebytes' Anti-Malware 1.44
Database version: 3874
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16-03-2010 23:58:52
mbam-log-2010-03-16 (23-58-52).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 187944
Time elapsed: 20 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No... Read more

A:Compromised

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 68.4

I received one of these scam "I need money" emails from a friend and immediately realised that her computer had been hacked. I replied telling her so.Now I have received another email from her with a new email address saying that since she was hacked she had been unable to receive anything at the original address, she thinks everything went to the hackers. I am just wondering whether my response to the original email has put me at risk and if so what should I do bout it or is it too late.
Nita
 

A:Am I compromised

Read other 6 answers
RELEVANCY SCORE 68.4

Hi,

For the past 3 days my computer has been acting up for no apparent reason. Something is horribly wrong with the system volume. Each time I hit the volume button the bar increases/decreases asynchronously. In other words, the volume continues to increase/decrease long after the f10/f9 buttons have been released. If this weren't enough windows seem to open and close by themselves without warning. In addition, while typing, parts of paragraphs magically highlight themselves and then erase at will in the midst of completing an entire sentence. Since the system can be recovered at anytime, I did not take the trouble of compiling a boot cd. It looks like I've been compromised! Any help is much appreciated. In compliance with the wishes of the moderator I have posted/attached the following logfiles.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by SHAHJEE at 15:19:14 on 2011-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.925 [GMT -8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\... Read more

A:Been Compromised!

Hello and welcome back to TSF Virus & Malware support. My name is Taylor and I'll be helping you with your fix.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 4 answers
RELEVANCY SCORE 68.4

Why am I getting buried here?
 

A:Compromised...but not sure how or how bad...help please

I know I got some bad spyware from somewhere and keep getting all kind of weird notifications from spyware doctor that something has been blocked. Also I get notification that programs could not start at start up. I then run a scan with Spywaredoctor or superantispyware or adaware and it seems to get rid of the problem, but the next time I start up there is a new problem. The most recent one is "TA_start failed to begin correctly at start up" or something such. I feel like I'm killing the weeds but not the root.

I downloaded hijackthis and made a log. Hopefully it has everything needed. Spywaredoctor tried to blaock something it was doing.

Any help you can provide would be super.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 5:22:55 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\asuskbservice.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Avid\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nort... Read more

Read other 3 answers
RELEVANCY SCORE 68.4

I attempted to follow the malware prep guide but stalled out on step 7 when DDS would not run. I followed the threads in the forums to download and run RSIT and have posted the logs below. I have also included the inital logs for recent events from Norton Internet Security which keeps flagging and removing local virus and blocking attacks from the internet. Any help is greatly appreciated.My basic problem is that Norton is locating and eliminating a virus every time I boot my pc. Norton also picks up and blocks some internet attacks everytime I attach to the internet. However each time I restart my pc the virus re-appears.thanks!NORTON RECENT SCAN DATA:Category: BackupDate & Time,Severity,Activity,Status,Recommended Action,Action,Location,Media Type5/15/2010 10:00 PM,Info,Backup performed to I:,"Canceled, Canceled",None,Backup,I:,CD/DVD DriveCategory: Firewall - Network and ConnectionsDate & Time,Severity,Activity,Status,Recommended Action,Subnet Identifier,Gateway Physical Address,Category,Gateway IP Address5/15/2010 9:45 PM,Info,Connected to a protected network. (127.0.0.0/255.0.0.0),Protected,No Action Required,127.0.0.0/255.0.0.0,,,5/15/2010 9:45 PM,Info,Connected to a shared network. (00 12 17 C5 E0 D9),Trusted,No Action Required,,00 12 17 C5 E0 D9,,5/15/2010 9:45 PM,Info,"Protecting your connection to a newly detected network on adapter \"Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport\" (IP ad... Read more

A:PC has been compromised

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Fo... Read more

Read other 2 answers
RELEVANCY SCORE 68.4

IE is doing weird things like not allowing me to login, not allowing me to get past the first page in the forums of a website I use regularly, going very slow. I tried FF and it seems to work a little better but I get messages that I am sending over unencrypted pages even on TSG. I added a bunch of extensions but I still feel insecure. The NYTimes page comes up but I cannot get any articles to come up when I click them. I can get videos and photos but no articles. I tried FF and now it goes to a login page when I click on an article. It has never been a login sort of page.

The only out of the norm thing I have done is watch some videos of Bettany Hughes Ancient World series. After I was done my machine was slow. So I restarted it and when the desktop was up I saw a window appear that was just the upper right corner of a browser page. There were some letters the _ the box and the X. It did not respond to me clicking on the maximize box or the close X. Then it just disappeared on its own a few seconds later.

I have scanned with Avira free, Defender, and Malwarebytes all of them find nothing but neither of my browsers work properly any longer and I think I am compromised.

Any help?
 

A:I think I am compromised

Read other 16 answers
RELEVANCY SCORE 68.4

TL;DR I went to the website in this picture (http://puu.sh/pQ2ll/784eb6bbe8.jpg) and downloaded a file disguised as a flash update and executed it repeatedly like a moron. It opened a command prompt with a title I don't remember and closed quickly, nothing has happened since. I don't know what it did or if it's even an active threat.
 
I'll put this at the top for those disinterested in the story, I've run Malwarebytes Anti-Malware to no avail, I ran rkill.com and it interacted with nothing, and after that I did a system restore to a point two days ago. I'm aware system restore is dubious at best for virus and malware removal, but I can't think of anything more appropriate to do for something I doubt would even flag as spyware than simply factory resetting my laptop, which I still might do. It feels as if it's running slower than usual, but it's so barely noticeable that it might just be that I rebooted it for the first time in a while combined with placebo. Might I still be infected?
 
I woke up this morning and popped my laptop open, and within minutes of logging onto Steam, a person on my friends list that sends messages to me sporadically with large gaps in between sent me a link saying he found me in a video on Twitch for a game that I play very often. Being early morning, from a friend that does this often, I clicked the link, but instead of the video playing, the box simply showed the "You must update Adobe Flash Player" notice that looks exactly like it woul... Read more

A:Am I still compromised?

Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next make sure to leave all items checked, for removal.
 

 
 
The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK ... Read more

Read other 1 answers
RELEVANCY SCORE 68.4

Hoping someone can provide some assistance here.... need system analyzed. Have compiled logs & data for troubleshooting...

Windows XP Home v 2002, SP 3
Intel Celeron 2.4 GHz
2.39 GHz , 256 MB RAM
Hard wired to : Arris Modem #TM502G---->Buffalo High Power AirStation A&G: (NAT enabled & PNP disabled, Intrusion detector enabled, etc... MAC filtered, not broadcasting SSID, etc...) ---->Motorola VT1005 (set statically)---->PC (Broadcom 440x 10/100 Integrated Controller w/TCP/IP set statically, and NetBios disabled)
Agnitum Outpost Firewall Pro ver. 4.0.971.7030 (584): (Stealthed as much as I could without sacrificing connectivity)
Avast! v. 4.8 Home Addition Build Dec. '08 (4.8.1296) : (Stealthed)
ProtoWall : (need to update lists, there are a few certain sites I have to disable ProtoWall to visit...)

Wondering if all my PC issues aren't due to my system being compromised. Have been running extensive scans. Are you familiar with analyzing any of the following logs: DrWeb, FPort, HijackThis, RootkitRevealer, StartDreck, SpyBot S&D?

Strange thing that occured though, right after I started noticing these issues, I received an email from my web host provider, stating that one of my websites had been compromised and my web page had changed, here is what they said:

"Recently, we noticed that your username and password for your ftp account hosting has been used by someone to alter your main index.html (or index.htm, index.php) file for ... Read more

A:Has My PC Been Compromised?

You have done most everything that we can recommend in this particular forum. HJT logs should not be posted hereWe have a revised procedure for HJT that you should read first:http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Then post the log in the proper forum here:http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Read other 3 answers
RELEVANCY SCORE 68.4

Hey guys, my computers been acting really slow and strange lately. It also has a new user called IUSER_Admin on it.

Here is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:33 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AFinding.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\Nobicyt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOW... Read more

A:HELP i think i have been compromised!

Hello and welcome to TSF

==========
Download RSIT by random/random and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

============
Logs Required
log.txt
info.txt

If there is no response to this post within 72hrs, this thread will be closed.

Read other 6 answers
RELEVANCY SCORE 68.4

I really hope someone can help me. I am using windows XP and lately it has been doing everything imaginable. It started with opening web pages completely unsolicited. Then it would redirect pages that I was on and try to install things.After that it would not open some web pages unless I allowed all cookies and lowered the privacy to LOW. It Automatically closes some programs for no reason, sometimes it just restarts whenever. The last time that happened it removed all my settings and if I reset them it does not keep them and I have to start all over again. I have even had to reinstall my internet connection and email. It does not even save my desktop display. Everytime I look directly under the C drive I have all kinds of applications there which I continulaay delete. Oh, and it is so slow, it has 512 MB and 1.8 GHz with 80 GB HD.

I have run AntiVir and it claims that there are no viruses, or trojan horses ot anything else, I ran HiJack this, I ran cwshredder and it says that there is nothing. I don' know what to do!!! Please someome help me?
 

A:Very compromised PC

Read other 16 answers
RELEVANCY SCORE 68.4

Hi there,

Ried in the virus/malware section was previously helping me out. No virus/malware was detected on my system. As a result he referred me to you guys since I am still having problems. My machine started acting up after I installed RealWorld Cursor Editor. The cursor repeatedly froze up for no reason. As a result, I went ahead and uninstalled real world but the issue still continues to persist. In the interest of time, a summary of all the steps he took is posted below:

1. Tried System Restore from both Normal Mode and Windows Recovery Environment and it fails to complete.

4. Mention that issue seems to have begun after installing RealWorld Cursor, and that it had been uninstalled.

3. Reviewed detailed logs for any remnant RealWorld entries and none found.

4. Issue does not occur in Safe Mode.

A:Been Compromised again!

Hi, press the win + r key together, in the run box type:- msconfig, open the services tab and put a check in "hide all microsoft services" look at the remaining services for anything to do with the program, uncheck it and apply, also look under the startup tab anything that looks like it's associated with the program uncheck. If unsure you can still uncheck items (just leave virus and malware programs checked) If you want more info about items google OR post back.

Since that program effects Icon and mouse cursor we should try resetting the default registry settings, this will do no harm. Run the attached .zip file then double click on the returned .reg file allow to be added to registry. Restart computer.

Ico,zip.ZIP

Read other 8 answers
RELEVANCY SCORE 68.4

i run trend paid internet security 2010 .. a colleague was hit by gumbar and another by hacktool rootkit ... my machine slowed to a crawl last night, minute between clicks .. but a reboot and i 'seem' to be running normally and have had a clean scan from that, prevx, and malwarebytes, but I'm still paranoid, so I really appreciate any insight into the logs I'm posting per the instructions here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ (i included hijackthis log too just in case)i'm on a vista 64bit .. and running GMER, i only had services/registry/files / ADS available for selection.. system devices.. etc .. all were grayed out.DDS (Ver_09-12-01.01) - NTFSX64 Run by websitewendy at 11:55:02.28 on Thu 02/18/2010Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4094.1108 [GMT -8:00]SP: Windows Defender *enabled* (Updated) coloro:red4============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC... Read more

A:have i been compromised ?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEnetsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%systemroot%�... Read more

Read other 15 answers
RELEVANCY SCORE 68.4

Recently my son went on my pc and clicked a link over discord from someone he didnt know. The file was 011.exe. This in turn gave someone full access of my pc and i want to know what to do and if a factory reset will get rid of this persons connection to my pc
 

Read other answers
RELEVANCY SCORE 68.4

I have a Sony PC running windows XP. My Zone Alarm firewall blocked iexplorer.exe trying to access the internet to some unknow IP address. I've scanned my system with AVG anti-virus and with spyware from Zone Alarm and Spysweeper but they didn't detect anything. Could I have been compromised?
 

A:Have I been compromised?

Bump
 

Read other 1 answers
RELEVANCY SCORE 68.4

I had a post in another forum, but after running MBAM(no results). I thought I should post in here. If not, my apologizes, please move me to the correct area. My daughter plugged into a USB port, some cheapo camera she had. I got an error message on my screen(don't recall). I rebooted and now my CPU fan seems like it is about to launch. Any and all advice is appreciated. My 9 year is upset, she thinks she broke it. THANKS!

A:I think my Pc might of been compromised.

Hello is this an XP PC or another? The error message would help if you see it again. Open the Tazk Manager (press CTRL+ALT+DEL). Click on Processes Tab and is something using a lot of your CPU ?Run ATF and SAS:From your regular user account.Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected button.If you would like to keep your saved password... Read more

Read other 6 answers
RELEVANCY SCORE 68.4

i went to amazon last night, tried to buy a gift card and got the attached warning.  amazon help couldn't tell me why he said everything is up to date. i also noticed my some of my browsers options had changed
 attach.txt   8.68KB
  0 downloads
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.51.2
Run by Bobz at 16:03:58 on 2014-07-16
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8182.5220 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\sy... Read more

A:compromised ??

Hello and Welcome on board Bobz1x,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by you... Read more

Read other 13 answers
RELEVANCY SCORE 68.4

Hi,My sister downloaded a program thinking it was a utorrent program but it didn't install anything (that she knows about). Its from this page hxxp://onhax.net/utorrent-plus-crack/ Halfway down theres a green direct download link says "Crack and setup. Direct download" The file is "Crack and setup.exe" Step I've taken. I've deleted the file. I've run Adwcleaner This is the result # AdwCleaner v4.102 - Report created 27/11/2014 at 14:11:26# Updated 23/11/2014 by Xplode# Database : 2014-11-26.1 [Live]# Operating System : Windows 8.1  (64 bits)# Username : Evan - ARMYPC# Running from : C:\Users\Evan\Downloads\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\systweakKey Found : [x64] HKCU\Software\systweak***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17416-\\ Mozilla Firefox v33.1 (x86 en-US)*************************AdwCleaner[R0].txt - [659 octets] - [27/11/2014 14:11:26]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [718 octets] ##########   And I've run JRT.exe and tdsskiller.exe They found nothing..  So I'm thinking maybe the file just affected some registry tweaks. Thanks for your help. I just want to be sure that theres nothing suspicious on my harddrive. I am using Windows 8.1, its fully updated. Evan.Mod Edit by quietman7: D... Read more

A:Not sure if I've been compromised

Hello there  
 
I'm LighthouseParty and I'll be assisting you with your concern today. Please keep in mind that I have a few guidelines I need you to follow:
Don't run any other tools other than what I provide you with.
Don't install/remove any programs other than what I provide you with.
Don't perform a system restore unless I ask you to.
 Download MiniToolBox
Click here to download MiniToolBox to your desktop.
Double click MiniToolBox.
Select the following and then press go.
Post the log in your next reply.
Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
 Install and run a scan with Malwarebytes Anti-Malware
Click here to download Malwarebytes to your desktop.
Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
On the dashboard, click update now.
After that, click scan now - the scan will now begin.
When the scan's completed, select apply actions - make sure the action is quarantine.
Restart your computer.
How to get the log.
On the dashboard, select the history tab and click application logs.
Select the log which has the time and date of when you did the scan.
Click copy to clipboard and paste it into your reply.
 Download Security Check
Click here to download Security Check to your desktop.
Double click SecurityCheck and follow the on-screen instructions.
A log should open, called checkup.txt.
Please post... Read more

Read other 4 answers
RELEVANCY SCORE 68.4

Need help getting rid of the bad guys

Here is my HJT log


Logfile of HijackThis v1.97.7
Scan saved at 5:12:55 AM, on 7/18/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\LAUNCHER\CTLAUNCHER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\AHQ\CTMIX32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE
C:\QUICKENW\QWDLLS.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\OLYMPUS\CAMEDIA MASTER 4.0\CM_CAMERA.EXE
C:\PROGRAM FILES\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\PLAYLIST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOTIVE\ASSTCOMMON\MOTIVEDIRECTORY.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\BIN\MAD.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\BIN\MPBTN.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL... Read more

Read other answers
RELEVANCY SCORE 68.4

i went to amazon last night, tried to buy a gift card and got the attached warning.  amazon help couldn't tell me why he said everything is up to date. i also noticed my some of my browsers options had changed .

A:compromised ??

Possibly, but we should get a deeper look as financials are involved. Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.Let me know if all went well.

Read other 9 answers
RELEVANCY SCORE 68.4

Hi,
Once again, I have been forced to ask for help. Allayed by the fact no infections were found on my machine earlier I soon relapsed into complacency. But almost immediately my solace was short-lived. For the past 1 week my computer has been acting up for no apparent reason. Something is horribly wrong with the cursor and application tabs. At times my cursor refuses to do what I want. I keep clicking away at 'x(s)' but application windows just sit there frozen. Instead of closing out, my cursor freezes up. Then yesterday my comp. simply blacked out. A message reading ' Not compatible with windows 64-bit....' mysteriously appeared but on restarting the computer it was gone. Pulling on scroll bars using the cursor is another goof-up. No matter how hard I try, scroll bars refuse to pull up or down. After several tries the picture gives way. I have a penchant for watching youtube videos ( engineering simulations). Is it possible that may be the culprit? Anyhow, I have posted/attached the following logfiles.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27
Run by SHAHJEE at 15:19:14 on 2011-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.925 [GMT -8:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-D... Read more

A:Been compromised again!

"BUMP, please"

Read other 19 answers
RELEVANCY SCORE 67.6

This PC is on same Workgroup as a hacked PC that was compromised by an undetected rootkit that resulted from an email Trojan that was accidently opened, Detected by McAffee System Security and removed, but obviously not before damage was done! That box has since be re-formated and OS re-installed. Shortly afterwards our bank account were hacked and we were hit hard! Bank has got it all back and forensics team is working with us to see how it happened. In the mean time I need to know if this PC is clean!

DDS attached!Looks like the GMER LOG did not save for reason. I will scan and attached again/ Please do not take that as a BUMP! Requires all Anti-virus protection to be off to run or else program fails. So I disable DSL adapter while it running.

A:Suspected Compromised Box!

GMER Log Added (Not a Bump)
--------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-15 23:26:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320JI rev.2SS00_01
Running: GMER-phc72dyg.exe; Driver: C:\Users\Medion\AppData\Local\Temp\pgliaaob.sys
---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x93540080]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x93540BDE]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x8CF59640]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x93540DD6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x935445AC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ... Read more

Read other 13 answers
RELEVANCY SCORE 67.6

A friend (yes - honestly!) has allowed a scammer to have access to his win7 PC for 20 minutes and money has subsequently been taken from his Paypal account.

I've advised him to disconnect his PC from the internet until it's "clean" but I'd appreciate some advice on what is needed.

Would a complete re-install of Win7 be necessary?

Thanks

A:Compromised PC - Advice please!

The first thing I would advise your friend is change all passwords of everything.
Use a known clean computer to do the password replacement.
Then your friend should notify all financial association of the passwords being stolen.
Then check all accounts for any strange things of any kind.

Then I would do a Clean Install. It would take forever to figure out what the intruder did to the computer and what little goodies they left behind.

Please read these tutorials by Brink and Gregrocker.

Disk - Clean and Clean All with Diskpart Command

Clean Install Windows 7

Clean Reinstall - Factory OEM Windows 7

Read other 9 answers
RELEVANCY SCORE 67.6

Gmail alerted me about unknown activity on my mail account. A few days earlier my internet banking service had been phished and an amount was transferred out of the account. Fortunately the culprit was arrested when he attempted to collect at the bank.

I have since changed my passwords. I have installed KeyScrambler and scanned my system with MBAM and SUPERAntispyware.

What else must I do to be safer? Thank you in advance.

A:E-mail compromised

Hi artkaye!!.. Please follow our Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, and post the logs requested - post just the DDS.txt and Attach.txt logs + GMER scan logfile...

Read other 2 answers
RELEVANCY SCORE 67.6

Hi there,

Im trying to help my mum out with her computer. After a visit to her local bank they informed her that someone had got her bank details online and has been ordering video games for themselves from this. I need to ensure that her PC is like fort Knox as im meant to be good with computers but need help this time. Heres what ive tried so far:-

Ran MSE anti-virus, updated and full scan: nothing found.
Ran Malwarebytes anti malware: updated and full scan: nothing found

IE is the latest version but it seems to have adverts all over the place. Ive disabled all add-ons but to no avail. Is the best thing to do next uninstall and reinstall IE?

Thanks for any advice given to me.

A:Computer compromised

The first thing you need to do is change all passwords, using a "known clean" computer. Do not use the infected one!

Next, flush the bad DNS cache and restore MS's Hosts file:
Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Now, download DDS from one of these links:
DDS.com
DDS.pifDisable any script blocking protection
Double click the dds icon to run the tool.
When done, DDS will open two (2) logs: DDS.txt
Attach.txt <--- will be minimized in the task tray

Save both reports to your desktop.

Include the contents of both logs in your next post.
The scan will instruct you to post Attach.txt as an attachment.

Read other 4 answers
RELEVANCY SCORE 67.6

Good morning,
I need help!
Yesterday, I found out that one of my online bank account (Bank A) has been compromised. I do most of my banking online, so I link my other banks (Bank B and Bank C) into this bank.

On July 10, Bank A instructed ACH transfers from Bank B($2000) and Bank C($2500) into Bank A. I dont know if i should say I am lucky because I dont have much money, but because i dont have much money those ACH transfers are denied (Non-sufficient fund).

So, yesterday, I went online into Bank A, and i did found 2 instructions. So, 1st impression that maybe banks screw up the transactions (should be other poeople account). Then, later when i look at the bank setup, I found a new bank that is waiting to be verified for linking with Bank A. Then, I know I have problem. So, I have called the bank and report this.

I googled, and found this site. I saw a posting about Keylogger and many replies of helps. So, i am hoping i can get your helps as well.

For the past 2 months, I have several things that happens differently.
1. I started to play World of Warcraft battlenet again...
2. I receive a new computer from work
3. My wife started to use computer at home more often, but mostly to go friendster.com (I think)

I uninstalled my zonealarm because I have been having problem restarting.
But prior to this, i have zonealarm, spydoctor, avg antivirus installed. Right now, I have hijackthis, panda (didnt get catch anything), trojanhunters (found 2 trojans, but t... Read more

Read other answers
RELEVANCY SCORE 67.6

I know what to do to resolve this issue. Admin please delete this thread.

A:My email has been compromised

What did you need to do? Was it an actual hack on your mail account, or the result of an infection? If an infection, was it on a mobile device as shown by the "34945-MOBILE" portion of the header or was it on a local machine. Please post a follow up so that other users may benefit. Thanks.

Read other 1 answers
RELEVANCY SCORE 67.6

I was hoping I'd be able to lock out all the bad guys, but I suspect some got past my Comodo Firewall Pro, Kaspersky AV 6.0, and Spy Sweeper.Help! Logfile of HijackThis v1.99.1Scan saved at 2:50:00 PM, on 5/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Program Files\Comodo\Firewall\cmdagent.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\AlienAutopsy\TEKS_Service.exeC:\WINDOWS\system32\ssoftsrv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Belkin Bulldog Plus\upsd.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\Explorer.EXEC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files\A... Read more

A:I Suspect I've Been Compromised

Hello Eviscerata and welcome to the BC HijackThis forum. I don't see any signs of viruses or malware in the log. It is clean.There are a couple of housekeeping items we can clean up so let's do that while you are here.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {348FE907-249E-4C65-A838-F34A193FE1D1} - (no file)O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.Other than that the log looks fine. Can you give me the specific details as to what has been compromised so I can point you to the correct forum for analysis?Cheers.OT

Read other 3 answers
RELEVANCY SCORE 67.6

My entire computer has been compromised. I no longer have access to my C: drive, anything I touch on as far my taskbar I'm getting error messages 0x80070005, 0x800c0008 and code 1203. My current Microsoft acct has been linked to an old Microsoft acct I closed so anything I try to download its been stopped by the closed Microsoft acct and there's absolutely nothing I can do. I've tried rebooting to factory settings using the HP disks I purchased and they are not working. When I go into the system and try to add my acct name to the properties I instantly see that code S12545645 show up instead of the Micrososoft acct  I set up for my computer. I don't know what to do at this point.  Everytime I try to restore when I go into settings I notice my computer is being remotely changed by way of VPN settings and there is nothing I do to change it to prevent it from happening. Any advice would be helpful. I'm literally at the point where I want to throw this computer away but I just purchased it less than a year ago.

A:Computer compromised

Hi: Try a clean install of W10 by making your own plain W10 installation media by using the Media Creation tool at the link below. https://www.microsoft.com/en-us/software-download/windows10

Read other 3 answers
RELEVANCY SCORE 67.6

I'm not sure if the two were related, but I was experiencing daily BSOD restarts. This is no longer happening. I now have a nasty virus or malware. The "Start" screen opens upon logging in to my account, programs, folders, or locations open on their own, and multiple windows (Firefox, Chrome, IE) open, sometimes as many as one hundred at a time. SuperAntiSpyware has removed a few Trojans and some spy and malware. I've run Malwarebytes a few times, but nothing's being found. I've tried to use the chameleon feature in MBAM, but it's running a quick scan that's finding nothing. Where I do I go from here? Many thanks, Chris

A:Seriously compromised system

Please download TDSSKiller from here and save it to your DesktopDoubleclick on TDSSKiller.exe to run the application, then click on Change parameters


Check Loaded Modules  and Detect TDLFS file system.  Do not check Verify file digital signatures (even though it is checked in the example)If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


Click Start Scan and allow the scan process to run

If threats are detected select Skip for all of them unless I instruct you otherwiseClick Continue


Click Reboot computerPlease post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply===================================================aswMBR--------------------Download aswMBR and save it to your desktop.
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.If you need help to disable your protection programs see here and here.Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

Please post the contents of the log in your next reply.NOTE:  aswMBR will create M... Read more

Read other 1 answers
RELEVANCY SCORE 67.6

kspersky did not catch on full scan......scam ip  scam took over browsers, security damaged, software not responding etc etc


kaspersky help said ip stolen and that when I try to use my accounts on any computer I may spread virus...what is it and how do i get rid if it

Read other answers
RELEVANCY SCORE 67.6

I have multiple online accounts with my credit cards, credit unions, stores, and various applications.  I use different passwords for all of them.
 
For the past couple of weeks I have gotten a few seperate fraud notifications on different accounts. I have also had MULTIPLE websites reset my password or ask me to login to reset my password. I never use links in emails to do this and it is confirmed directly when I get to the site that this is in fact true.
 
I am not sure how my accounts/identity have been compromised or what to do. Could someone please advise?

A:I think my accounts have been compromised

Based on the Law of Total Probability, (http://en.wikipedia.org/wiki/Law_of_total_probability) with "common application of the law is where the events coincide"
You have spyware/malware with keystroke capabilities. Start a topic here, http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ for assistance.

Read other 4 answers
RELEVANCY SCORE 67.6

ctfmon.exe fails to initialize in limited user accounts. I suspect a malware infection, thought I'm obviously not sure. If anyone can help me configure Comodo to prevent further problems, that would also be appreciated. I didn't install SpywareBlaster or IE-Spypad because I mostly use Opera; but said limited users may benefit from them. Also did not remove Viewpoint Manager since it seemed to be integral to several applications. Other instructions followed in full. Suggestions?

Deckard's System Scanner v20071014.68
Run by Matt on 2008-02-24 00:26:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
84: 2008-02-24 05:27:35 UTC - RP1212 - Deckard's System Scanner Restore Point
83: 2008-02-23 17:51:38 UTC - RP1211 - Software Distribution Service 3.0
82: 2008-02-23 17:41:05 UTC - RP1210 - Software Distribution Service 3.0
81: 2008-02-23 17:22:16 UTC - RP1209 - Software Distribution Service 3.0
80: 2008-02-23 17:15:08 UTC - RP1208 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-11-26 22:52:53 UTC - RP1129 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 10.09 GiB (less than 15%) free.


-- Hijack... Read more

A:ctfmon.exe compromised?

Aaand I've got a smiley in my log. Oops.

Read other 6 answers
RELEVANCY SCORE 67.6

ARGH! Auto updates will not close. Every time I try to end the process (wuauclt.exe), it just pops right back up again - usually in triplicate! I downloaded a security update released today (Bits update and the Intelligent Update Service) and now it won't go away. Is it compromising my security while it's annoying me? And since that update has been installed, NAV (2003) keeps telling me that it doesn't have access to c: but it does. Nothing is restricted that wasn't before.....
thanks
Kim (aka lost)
 

Read other answers