Over 1 million tech questions and answers.

McAfee blocked running of Broswer Manager/Adware-Bprotect

Q: McAfee blocked running of Broswer Manager/Adware-Bprotect

McAfee is blocking the running of Adware-Bprotect in Browser Manager. I found Browser Manager in control panel & uninstalled, but it hasn't uninstalled & McAfee continually displays the message if I click on Remove. I don't see any other symptoms (maybe because McAfee is blocking the program), but wary of rebooting. 
 
I have taken screen shots of the McAfee message & the Browser Manager directory but don't see any way of attaching them.
 
I don't see any sign of Babylon Toolbar as is frequently mentioned with Browser Manager & IE is behaving normally as far as I can tell.
 
All advice & help warmly welcomed!
 
Martin
 
PS - Edit - Malwarebytes full scan found no malicious items

RELEVANCY SCORE 200
Preferred Solution: McAfee blocked running of Broswer Manager/Adware-Bprotect

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: McAfee blocked running of Broswer Manager/Adware-Bprotect

 

I am receiving the same error when I downloaded the new version of ITunes and QuickTime this morning.  I see that McAfee now has it listed on their site, although no resolution is listed:
 

 

 

 

Threat Profile: Adware-Bprotect
Threat Search


Print Share

  

Virus Profile information details

Risk Assessment:

Home N/A | Corporate N/A

Date Discovered:

6/25/2013

Date Added:

6/25/2013

Origin:

Unknown

Length:

0

Type:

Program

Subtype:

Adware

DAT Required:

N/A
  

 



  
Virus Information
Virus Removal Tools
Threat Activity
Top Tracked Viruses
Virus Hoaxes
Regional Virus Information
Global Virus Map
Virus Calendar
Glossary
Anti-Virus Tips

  
Display Threat Alerts

Read other 21 answers
RELEVANCY SCORE 71.6

I need help with removing this annoying GS Supporter folder and its contents.
Its driving me crazy. I don't know what it is and what it does to my computer,
but McAfee keeps blocking it and sees it as a potentiel unwanted program.
 
I first encountered this two months ago and I let McAfee do its job, but further investigating it,
I found out that it wasn't removed properly or at all.
And now, McAfee keeps blocking every 1 minute, even though I hit delete/remove when a pop-up notification from McAfee pops up and
through McAfee's quarantine.
 
I seriously need help removing this, and if anyone has had a problem with it and successfully removed it, I need to know.
 
GS Supporter folder's location is:
               
            C:\Program Files (86x)\GS Supporter\
 
and consists of two files:
 
            Assistant.dll & Assistant_64x.dll
 
I tried removing these two files directly but failed, because they're running on Rundll32.exe
 
Please help.
 
-Incisura
 

A:HELP! What is GS Supporter (Adware-Bprotect) and how can I remove it

Use Revo Uninstaller Free to remove GS Supporter. Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
 
You should scan with these programs as you likely have other adware, too.
 
download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Last run ESET.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Sma... Read more

Read other 1 answers
RELEVANCY SCORE 62.8

I'm trying to fix a computer for a friend and I do know that they have internet security tools malware on there....among other malware. I have been able to install Malware bytes but can't get it to run.(even in safe mode) Spybot installation almost finishes but takes me to the blue memory dump screen at the last second. Taskmanager has been disabled and I can't even get to it from a dos prompt. I have tried to get the rkill file off the internet to kill the processes but keep getting redirected away from the site. I'm pretty much on my last hope and need some help. Here is the Hijack log. Any help would be GREATLY appreciated!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:18:12 PM, on 1/24/2010Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16982)Boot mode: Safe mode with network supportRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\smss32.exeC:\Program Files\IObit\IObit Security 360\is360.exeC:\Program Files\IObit\IObit Security 360\is360tray.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\InternetSecurity2010\IS2010.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch... Read more

A:Internet Security malware w/ .exe files & task manager blocked from running....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 2 answers
RELEVANCY SCORE 61.6

Hi - would be very grateful of some help! Running XP Media Center Edition, Version 2002, SP3. Using IE7 primarily, but also Firefox 3. :In IE, although it doesnt happen all the time, Google often re-directs to various ad-sites, although the correct site can be reached by clicking Back. It will not let me access the McAfee website - giving a "HTTP 501 Not Implemented or HTTP 505 Version Not Supported" error. Firefox randomly crashes and re-starts every now and then and gives a blank page with "The specified method is not supported" for McAfee.McAfee Security Centre does not start up automatically any more on startup even though I havent changed any settings. When the program is opened from the desktop it states the detection signiture is out of date, however when I try to update, it appears to try before giving an update error and telling me to reinstall McAfee Internet Security (which I can't do because I cant access the website!).Having looked at several topics on here and other boards, I have tried doing the following scans with the respective results - all without any success:SUPERAntiSpyware, first scan:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 04/21/2009 at 01:23 AMApplication Version : 4.26.1000Core Rules Database Version : 3854Trace Rules Database Version: 1806Scan type : Complete ScanTotal Scan Time : 01:29:29Memory items scanned : 674Memory threats detected : 0Registry items scanned : 7459Registr... Read more

A:Google redirections, McAfee update error and McAfee website blocked

Install RootRepealClick here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop. Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.Click RootRepeal.exe to open the scanner. Click the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check the following items: DriversFilesProcessesSSDTStealth ObjectsHidden ServicesClick OKScan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report. Name the log RootRepeal.txt and save it to your Documents folder - (Default folder). Paste the log into your next reply.

Read other 6 answers
RELEVANCY SCORE 59.6

Sorry to say, but it appears my internet surfing habits has infected my Laptop(Windows7x64). Ive done everything i can or can think of to rid the infection myself, but there still seems to be noticeable symptoms while surfing the web(Firefox). Computer NOW boots and browses the web pretty good but i can still detect traces of an infection.
 
I no longer haver the seriousness of the symptoms i had initially such as Homepage being changed(Bing) extra toolbars, such as (Conduit) and being re-directed to advertisement when clicking on a link,  page cannot be displayed etc..Even had a rogue "Real Coverter" "update" appear in system tray(no longer)..but im still getting intermittent freezes and hang-ups. And Rogue installments of programs(yontoo etc).
 
1)MBAM, Windows Defender. House call, MS essentials and Super Anti Spyware found nothing(even in safemode).
 
2) It seems only "second opinion" scanners can detect anything.
 
a)Have log for ADw cleaner(found several infections in registry keys, files and folders). Same goes foe Hitman pro. And ESET found one infection as well.
 
HJT logs looks very suspicious.
 
Looking for some professional to guide me to the next step of this very stubborn infection. Thankyou!!!!!

A:Cloudbased/Broswer/Redirect/Hijacked/Adware infection

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 15 answers
RELEVANCY SCORE 56.8

It appears I have a computer that has joined the bandwagon of getting infected regardless to the protection software running on board. To start off with the computer had an issue where it stated it was having SATA HDD drive issues and to run a Windows repair, and all the programs and files on the computer were hide. Luckly I was able to get around this by using unhide.exe and moving some data off to an empty jump drive so it became possible to do a system restore to a much earlier date (reason for moving data off is that the infection filled 95% of the HDD or faked it)... This was successful so the system is bootable and able to be remote managed...

Currently I have Symantec Endpoint 11 unmanaged installed and blocking explorer.exe attempts to go ontact spam IP addresses and Malewarebytes Pro (this program's auto protection service shuts off on reboot due to the infection).

Infection started 4/12/2011 - 4/13/2011

**Detail of infection as it is now: On Google and Yahoo any link you go to from a search goes off to spam sites... Also without having a broswer open explorer.exe tries to contact spam IP addresses constantly... Also audio ad/streams randomly play in the background constantly.**

**Things done: Ran RKILL.exe and unhide.exe so I could migrate enough data to free up space for a System Restore (to a far point so the infection will not be freed by system restore alone). Also ran several scans from Symantec Endpoint, malewarebytes, hijackthis, and RootkitBuster... Read more

A:Redirector (without broswer running) and audio ads

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Read other 2 answers
RELEVANCY SCORE 52.4

After the recent upgrade to windows 10 , I can no longer access HP PowerManager, or HP setup mamager.  The message is 'This app has been blocked for your protection' An administrator has blocked you from using this app...Publisher not trusted.   I am the only user, I am the administrator  I am six secnds away from unistalling Windows 10. Any insight would be appreciated.

A:HP Power Manager & Set Up Manager Blocked Windows 10

I am experiencing the same problem and I cannot get operate the web cam on my HP Touchsmart 310-1110UK PC.  Can HP user support provide a solution?

Read other 3 answers
RELEVANCY SCORE 52.4

pretty sure my computer has been hijacked in some way,I had mcafee security center running, but it was unable to update virus scanner, and said that I have to reinstall it, however now I can not reinstall it, nor can I access ANY mcafee related web sites.Also can not access the command prompt.I wondering could my wife have picked up a virus off of face book? She knows not to run anything but sometimes she gets redirected when looking at things. Just wondering.Thank you so much in advancesamir.Here is the Hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:14:58 AM, on 5/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.EXEC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Common Files\Ner... Read more

A:blocked from mcafee sites

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

Read other 2 answers
RELEVANCY SCORE 52.4

Hello folks... I am at your mercy once again.. A friend(?) has given me a dell inspiron laptop that once had McAfee Family Protection program on it and someone has tried and failed to uninstall it.. When you try to go on internet you get a login screen for the McAfee program, WHICH NO ONE KNOWS. I spent an hour yesterday chatting with their support and it was a waste. I think they were googleing for answers to my problem!

Does anyone know how I can get rid of this block. McAfee has been removed from computer and there is no mention of it until you try to get on internet,,

By the way, it is a Dell Inspiron laptop with Windows 7 on it..

Thanks to any and all for assistance,,

Jerry

A:MCAFEE HAS MY INTERNET BLOCKED

Try to restore your computer.

Read other 19 answers
RELEVANCY SCORE 52.4

Hi,I seem to be running on to similar issues than the one described in the following URL:http://www.bleepingcomputer.com/forums/ind...ee+site+blockedMy computer is an Emachine that runs Windows XP. The McAfee AV suite started to display messages that the protection was not activated and i was not able afterwards to access McAfee website.I did a few things that a non computer savvy person would do, e.g. restoring to a previous date, uninstall McAfee, run a few free antivirus (kept no log of course), installed Norton but to no avail. Norton seems to be working fine but the McAfee web site still cannot be accessed.Help please. By the way, it is my girlfriend computer so it is all her fault :-)

Read other answers
RELEVANCY SCORE 52.4

Firstly the automatic Mcafee update wouldn't finish. I tried manually to reinstall and found download.mcafee.com blocked. Seemed strange and did a search which suggested I may have a virus. Also checked and downloads.microsoft.com etc are blocked.

Trying to run a virus scan on the out of date DAT files but didn't find much and is very slow in completing the scan.

Have made a hijackthis log and attach the files as requested.

DDS log below.
See attachments also...
There's no request for a hijackthis log?

Let me know what more you need.

Thanks in advance for any input

>>>>

DDS (Version 1.0) - NTFSx86
Run by acer at 15:27:03.59 on 03-12-2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.959.297 [GMT 8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGR... Read more

A:downloads.mcafee.com blocked

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Read other 3 answers
RELEVANCY SCORE 52.4

Guys, please, help to remove a virus. it blocked McAfee and doesn't let me open any programms on computer, delete cookies and etc.
I have a window offering to buy a full version "Antivirus Scan".

A:help pls,virus blocked McAfee

Please use the removal guide at the following link:Remove Antivirus Scan (Uninstall Guide)The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please post the log and let us know how the system is running now.

Read other 21 answers
RELEVANCY SCORE 52

Thank you for being available to help me. I have two issues:

1) Vimax ads that appear all over on websites. I am using IE v.6 and Firefox v.3. I do not know where the Vimax ad files are stored. The redirect url on one of the ads contains: b8.adv.net. I am using a wireless router. I see on another thread that that Reid is working with darkmana right now (ongoing for the last week or so) on the Vimax ads.

2) downloads.mcafee.com blocked - this is in another recent thread - posted by Yesmaybe yesterday as "downloads.mcafee.com blocked" . Tetonbob is having him run combofix right now.

I plan to follow those threads but I won't run anything until advised.
I have also noticed overall slowless with loading web pages.
I updated my profile with PC info but ask me anything.
I am trying hard to respectfully follow your requests and I am 100% licensed and legal

Here is the DDS:

DDS (Version 1.0) - NTFSx86
Run by Ian Queen at 22:14:51.25 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1460 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\P... Read more

A:Vimax ads and downloads.mcafee.com blocked

Hi,


Quote:




I plan to follow those threads but I won't run anything until advised.




Very wise choice :)
I don't see any malware here.

Do you know how to reset your wireless router? There's usually a small reset button at the back which you can press using a paperclip.

If not, please let me know the exact brand and model of your router.
*I see you have Viewpoint installed...
Viewpoint related software are considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
Viewpoint
Viewpoint Manager
Viewpoint Media Player
*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
Click the "Download" button to the right.
For Platform, select "Windows"
For language, select your language
Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
Click Continue
Click o... Read more

Read other 4 answers
RELEVANCY SCORE 52

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-07-2014
Ran by Dawn & Ron (administrator) on OFFICE-PC on 30-07-2014 11:41:57
Running from C:\Users\Dawn & Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0M9BEUCX
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD D... Read more

A:Mcafee blocked by group policy. Please help!

Hello and Welcome to BleepingComputer r0xann3r,

my Name is Machiavelli and I will assist you with your problem.    The fixes are specific to your problem and should only be used for the issue on your machine! 
 
I'm in the 'Malware Staff Team' and will provide you with advice:
To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.
 
You must reply to posts within 4 days. If you haven't replied within 4 days your topic will be closed. If you go away for some time please let me know. Communication is a important part here! If you are unsure about something - STOP - and ask me. No need to be afraid of asking - better ask than doing a mistake. Mistakes can lead to an unbootable PC! I would recommend to follow the topic by clicking on the Follow this topic button - you will get notified when I have replied to your topic.
 

 Below are a few tips Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix yo... Read more

Read other 2 answers
RELEVANCY SCORE 52

my computer randomly restarts and upon the restart i get this message in a McAfee Window:

Buffer overflow blocked

about this buffer overflow
file: c:\\WINDOWS\System32\services.exe

buffer overflows can cause legitimate programs to fail. Other programs that experience buffer overflows, however, can be used to harm your computer, compromise its security and damage valuable files.
trust this activity in the future or close this alert (my two options)

since I have been getting this message I am also getting a proxy connection refused from firefox. I know how to select no proxy or automatically detect proxy, but it doesn't stay.

A:McAfee Buffer overflow blocked

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. ~ Courtesy of boopmePlease download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that... Read more

Read other 9 answers
RELEVANCY SCORE 52

I recently installled Mcafee 2005 on my friends computer. I use Radmin (remote administrator) to access his PC. I ran the first virus scan and there were no viruses present but Radmin's programs popped up as being potentially problematic. I ususally use Norton AV and it has a nice button that lets you will exclude programs, like Radmin from future scans virus scans. Well, like a jackass i pressed the clean button in Mcafee and made Radmin unusable. I tried to uninstall Mcafee and reinstall Radmin but even with thout Mcafee installed when ever i tried to run Radmin I would see a message that said cant load admdll.dll. I screwed up. I need help trying to figure how to let radmin running again on my buddies computer. Any help will be apprecieated. It's the rainy season right now and I'm tired of walking accreoss the street in the rain to fix simple things on his PC.

Thanks in advance,

VC
 

Read other answers
RELEVANCY SCORE 52

I am unable to update my antivirus, Windows, etc

I tried the following:
Running AVG to see if anything would be found
Running McAfee
Running Windows Defender

All methods above found Nothing or would not run.

Attempted system restore
Rerunning the searches for windows update
Manually attempting to update Virus definitions, but can download file and thats as far as I get cannot install.

Please help as I need my computer for my return to school and access on campus is in dire need, cannot access if I have a virus

Read other answers
RELEVANCY SCORE 52

Hi,
I'm posting this for a desperate friend who can't get online after replying "yes" when Mcaffee asked if it should block a program that was trying to access the internet. Since then he hasn't been able to get online at all. He can't remember now which program it was.

Neither of us is that savvy about these things, so is there something simple that we should do (that everyone else knows about!)? I think he is using Windows 2000 but I don't know other details. I can find out though.

Thanks so much.

LJ
 

A:Can't get online after Mcafee blocked program

Read other 6 answers
RELEVANCY SCORE 51.6

This is what happened when I tried to access Task Manager.

I think I might have a virus.

A:Task manager blocked? Virus? Not "blocked by admin"

Notice in the bottom right corner the task manager is still running and the restriction thing just prevents it from working. When I open it, task manager opens for a split second before the restriction thing pops up.

Read other 1 answers
RELEVANCY SCORE 51.2

Hi. I have been having puter problems for about 3 days. If I google anything when I click on the website I want, I am redirected to an ad site with a similar name. I can get the site I want by hitting the back button. I got an error message from mcafee saying I needed to reinstall because there was an error - I can't get onto any mcafee sites, totally blocked. Also unable to run virus scan. The computer also has been slow during this time period and doing other strange things. Sometimes the pointer doesn't jive with the mouse. I tried to go back to a restore point before the problems, was able to restore to Saturday. Mcafee worked at that spot, but I could not get on the internet, so had to undo my restore. I did a Mcafee scan before undoing though and that was clean. I could not go to restore points farther back than Saturday, it just wouldn't do it. I've tried spybot and malware scans. I downloaded hijackthis and will post the log. I use windows XP. Whoever tries to help, let me warn you, I am very computer illiterate. Here is the log from hijackthis. Thanks for helping.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:16 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svc... Read more

A:blocked from mcafee site and redirected to ad sites

Hi. This is an updated hijackthis log. I'm still having all the problems I had early in the week plus new ones. I have no desktop anymore and no start button, I have to navigate using the windows task manager. My popup blocker says a popup is blocked, yet the popup plays on my screen. Still can't get on mcafee or several other sites. Malware bytes still says clean. Ran windowslive scan last night, claimed to remove/fix one item, but wouldn't tell me what that was. Not trying to bump by replying, just updating info. Hoping for help, getting close to just buying a new puter which I can't afford, but I use this for 2 of my part time jobs and its getting worse every day/ Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:51 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightSc... Read more

Read other 1 answers
RELEVANCY SCORE 51.2

Hello, I'd be very grateful for any help you can give me.

I started getting problems a couple of weeks ago. Something downloaded and pretended to do scans, using a very convincing Windows update shield in the taskbar. I did a System Restore and it went away.

Since then, McAfee Secrity Centre flashed up that it caught and blocked a few things.

I noticed last night that the red McAfee shield was missing from the taskbar. I last used it for a scan two nights before. Neither the desktop shortcut or Start menu shortcut would start it. However, I could see that mcshield.exe was running.

When I couldn't access mcafee.com on IE or Firefox, I knew something was wrong.

Reading about for advice, I was able to download and start Combofix. This wasn't easy as any site which could help was blocked, including microsoft.com. I didn't get Combofix running properly but, just by starting it, it cleared the problem. I could start McAfee Security Center and access the websites. I then downloaded and ran Malwarebytes overnight. It caught and killed 5 things. I kept details of them but wouldn't be surprised if some were old things which McAfee missed.

After a restart this morning, I still had the problem. I ran Combofix. It was scary but did some more things (again, I kept details). This didn't fix the problem.

I left the computer for a few hours to back-up files onto an external drive. When I returned, the problem was fixed again (I don't know how). I star... Read more

A:Secuity sites and McAfee S Center blocked

I also tried a System Restore last night - to 1 May.
 

Read other 1 answers
RELEVANCY SCORE 51.2

I recently uninstalled Avast and replaced it with McAfee. A few days ago I started getting a popup notification from McAfee that the firewall was disabled. McAfee Security Suite says the firewall is enabled, but when I go to the settings, it's turned off, and when I try to turn it back on, it simply shuts itself off again. Windows firewall is disabled, and says my settings need updated. But when I click to update the settings, I get an error popup "Windows Firewall can't change some of your settings. Error code 0x80070424" I've run MBAM, Spybot S&D, Adaware, Stinger, and McAfee scans, and they all come up with nothing.DDS:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Vaughn at 14:12:48 on 2012-03-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4085.1922 [GMT -4:00].AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC: ... Read more

A:McAfee and Windows firewalls being blocked from enabling

My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us1.Do not run any other tool untill instructed to do so!doing so will only at best cause you unneeded worry as it finds our backups and may even list our toolsand at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback It does not need to be long but just something so I know how things are going it can be something likeI am still getting redirected The computer is running as it shouldDon't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anythingPay special attention to the Notes** I have put inThese are things I have found that happen allot and can be taken care of easily just by reading the Notes**Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any i... Read more

Read other 6 answers
RELEVANCY SCORE 51.2

The IP address is Telecom Algeria but I got a McAfee popup like this:
http://imgur.com/2LB0898
Should I be scared? Is someone trying to hack my very little known Skype? Do I have Malware? I am so concerned. I've tried having a look around and some people say it's Skype client itself but I'm so unsure. I was about to use MWB to scan and it had been disabled so I've reinstalled it. What do I do?

A:McAfee blocked a connection via Skype from Algeria?

It's always worrisome when MWB gets disabled and requires a fresh install.  Usually, I find some kind of nastiness lurking in the depths but sometimes not.  Nothing worse than having to wait for the other shoe to drop.  I'm deep in battle right now with a Ransomware attack, and although I have all the files decrypted, and everthing working as it should, I still get the ransom note recurring from time to time.  So I know there's some subversive activity, but the re-installed MWB, having disposed of the original trojan, can't find the lurker.  
 
I'd employ every anti-virus app that you have, and maintain extra due diligence.  It might be nothing, but I wouldn't assume that with 100% confidence.

Read other 0 answers
RELEVANCY SCORE 51.2

Hi --I have a problem on a home Dell Inspiron 700m laptop running Windows XP-SP3.SYMPTOMSHere is a short list of the discovered symptoms:1. Something is tampering with most mcafee.com web page retrievals. When I use Firefox to attempt to reach http://www.mcafee.com/, I get "The specified method is not supported".When I use IE7.0 to attempt to reach http://www.mcafee.com/, I get "The website is unable to display the webpage" and"This error (HTTP 501 Not Implemented or HTTP 505 Version Not Supported) means that the website you are visiting doesn't currently have the ability to display the webpage, or support the HTTP version used to request the page."(All other comments are when using Firefox)Upon googling "mcafee" and getting some links within the mcafee web site, when I click on, e.g., "http://www.mcafee.com/us/support/index.html", I get something that looks like a stripped-down text only web page, with only a hierarchical list of links and no graphics.However, when I retrieve "http://community.mcafee.com/", it appears that most of the page content is retrieved, although no graphics. It was from this post http://community.mcafee.com/showthread.php?t=229619 that convinced me that I had some type of malware and that mentioned ComboFix that led me here to bleepingcomputer.com.2. I have not found any other web sites that are blocked or tampered.2. I cannot get a DOS cmd prompt to run. 3. I cannot run regedit from the "Run..." menu or a folder, but if I rename regedit.exe. t... Read more

A:Mcafee site blocked. DDS.scr, cmd prompt, regedit don't run

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/25/2009 12:00:11 PM
mbam-log-2009-04-25 (12-00-11).txt

Scan type: Quick Scan
Objects scanned: 83451
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)
... Read more

Read other 15 answers
RELEVANCY SCORE 51.2

Hi I'm new to this forum (actually new to forums in general) and I'm in need of some help.

I've been fighting a virus/malware/trojan/etc for a few days now and feel like I'm stuck.

System Info:
Windows XP Pro Service Pack 3
Internet Explorer 7

Here's the symptoms:
-Cannot update McAfee Suite (the free version for Comcast subscribers)
-Cannot visit any McAfee website ("The website is unable to display the webpage")
-Occasionally when I click on a link I'm redirected to a random other site (usually businesses)
-When redirected, I've seen web addresses such as "www.abcsearch.com", "redirect.clicksheild.net"
-When typing CMD or REGEDIT into the Run dialog box, the screen flashes and the Windows icons reload, the black command box dissappears instantly

Here's what I've done:
-AdAware - updated and ran - found a few things, all removed
-SuperAntiSpyware - installed, updated and ran - found a few things, all removed
-MalwareBytes - installed and ran - could not update ("update failed") - found a few things, all removed
-McAfee - ran - hasn't found anything
-Norton Online Scan - ran - didn't find anything
I've run all the programs multiple times, in Safe Mode and under normal startup

I'm starting to get very frustrated and contemplating a hard drive format unless someone can help me out.

Thank you so much!

A:McAfee sites blocked, redirected websites, help!

Try this scan - you can copy it over from another computer on a CD or pen drive if you need to.Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected ... Read more

Read other 15 answers
RELEVANCY SCORE 51.2

OS: XPSymptoms:1) McAfee security center is closed, not by me. No longer comes up automatically on start-up. When I do start it up, it tries to update and the update times out and McAfee posts a message that I need to reinstall it. See #2 for why I can't reinstall.2) Cannot get to any web site that contains the word mcafee. The page tries to load for a very long time and then I get a message that the network connection has been interrupted. I have tried to look at this error page with view source and I just get a plain white page. This evil thing is even blocking view source!3) Cannot get to any really useful anti-malware sites, including bleepingcomputer.com. For that reason, I am communicating from a desktop that I also own, not the infected computer. I emailed the dds.scr to my laptop (the infected one) and it will start up, the black screen is there for about a half a second, and then it is killed. So I cannot provide the files from that scan. I have to only send you hijackthis info because it's all I have.4) Both IE and Firefox browsers have been hijacked so that when I google airline, for example, and click on Southwest Airline's link, the browser goes past the SW Airlines page to some travel agency site. I can hit the back button to get to the SW Airlines site. I have a list of a few of the sites that the browsers are redirected to, if that's useful. (Why can't these guys be caught based on who their clients are??)5) I installed windows updates last ni... Read more

A:McAfee updates blocked, browsers hijacked, and more

Hi HCZ,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please as a test go to start => Run => type cmd in the run box and click OK. Do the same for: regedit

To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

Note 2: The tool takes not more than one minute to scan the system.You might want to save this page on your favorites, so you can find it again when you return.

Read other 13 answers
RELEVANCY SCORE 51.2

Whenever I try to access my system, I'm getting a message from Mcafee saying that Unwanted program blocked.

I click to know more information about this program it gives:

Name: Generic.pup.y

Quarantined from - c:\program files(x86)\settings manager\systemk\x64\sysapcrt.dll

System info:

Operating system : Windows 8.1(Dell inspiron laptop)

Ram - 4GB

I3 processor @ 1.80 ghz

Antivirus: McAfee Anti-Virus, Updated and Enabled

Any help would be appreciated
 

A:pop up message from Mcafee saying that blocked unwanted program.

Read other 16 answers
RELEVANCY SCORE 50.8

I have a Dell 8400, windows XP home, McAfee viruscan, adaware, spybot.
Had a series of infections starting with McAfee finding and deleting an infection. I had updated McAfee the day before. Subsequently, each time I tried to update McAfee I would get a ddl file error (The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll) and could not update. McAfee ?on access scan? would not turn on regularly.
Scan found XSLT.Class and reported clean failed and found Generic exploit!ka .
I tried to use recovery console as explained on McAfee website with XP CD but the CD was SP2 and I had upgraded to SP3, so it would not work.
AdAware scan found Trojan.win32.Generic!BT.
Another McAfee scan found Adaware open candy.dll, Generic downloader. XPGFK six times.
I tried to repair with sfc scannow but it would not repair files because my disk was SP2 and I am running SP3.
Ran McAfee in safe mode found artemis A7701557ICFO, crop.class, zoom.class, image.class, mulitzoom.class,zoom.class.
Made boodable disk from AVG to scan when OS not running and found:
Windows/system32/drivers/acpi.sys Trojan horse Agent3.wjv Object is white listed (critical system file) and Windows/system32/dirvers/serial.sys Trojanhorse Agent_r.ats. Object is white listed (critical system file).

Used Acronis to restore my C: windows files.
Reran AVG scan and now clean.
Ran malaware scan-OK
Ran stinger-nothing found
Uninstalled and reinstalled McAfee, scan found 14 detections in C: document... Read more

A:infection blocked McAfee, possibly Generic exploit!ka and others

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432522 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 18 answers
RELEVANCY SCORE 50.8

Hi.

Yesterday, I got a pop-up from McAfee that a Trojan had been blocked and a pop-up from Spybot Search & Destroy about a registry change (which I denied) at the same time. At the time, I had clicked to view a picture on Yfrog from Twitter and know of at least two others who (while viewing different pictures on Yfrog) also got infected with something.

Even though McAfee said it was blocked, I ran scans from MalwareBytes, Spybot S&D, Ad-Aware, & CCleaner.

I've had viruses before and have been able to fix the issues myself but this one's got me stumped.

Spybot found a Trojan installer or downloader (I forget the exact name), which it removed. One of the other scans found some tracking cookies. One of the scans (I can't remember which) required a restart.

Before I restarted, I noticed that my CPU was staying at 100%.

The only unusual thing I saw was that msiexec.exe was present under processes, in about six different versions. I Googled and discovered that this is an installer that shouldn't be running all the time.

At about this time, my internet connection was dropped and saying there was no signal.

I freaked out a little bit and shut down the computer (since either Spybot or Malwarebytes said I needed to restart, anyway.)

When I restarted, everything seemed fine. The CPU was running normal and all those msiexec.exe files were gone.

But last night, while on the internet, my cursor started flashing and disappearing, which I have heard ... Read more

A:McAfee Blocked Trojan, All Scans Clean, But Something Is Still Wrong

I got the Registry change pop-up from McAfee again.

I realized earlier I hadn't checked the Recent Events tab in McAfee, so I did so.

Even though I've been manually blocking this change every time it pops up, I saw that overnight, McAfee had been allowing it, every hour on the hour.

Here's what it says:

SystemGuards have allowed a one-time change to your computer.

Process: C:\Documents And Settings\HP_Administrator\Local Settings\Temp
Setup.exe

Process Description: Wrapper Application

Process Publisher: Ask

Process Version: 1.8.0.0 HKEY_LOCAL_MACHINE\SOFTWARE\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}'HKEY_LOCAL_MACHINE\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\InProcServer32C:\Program Files\Ask.com\GenericAskToolbar.dll

----------

I don't know if it matters or not but though IE is installed on my system, I never use it. I run Firefox.
 

Read other 2 answers
RELEVANCY SCORE 50.8

Dear BleepingComputer.Com Technical Staff:I am running Windows XP.My PC exhibits these behaviors:1 - Mbam will launch but then it will close unexpectedly after a few seconds. Sometimes it will not even get to the splash screen or won't launch at all.2 - The sites: www.symantec.com and www.mcafee.com are missdirected. The browser just simply gives an error.3 - All else seem to work fine. The CPU shows 0% in the task manager even for extended periods of time.IMPORTANT: I have done the following to not avail.- Scan with Norton- Remove hard drive, connected via USB to 2nd computer and scan with Mbam.ADDITIONAL INFORMATION:I was able to STOP this behavior by doing the following:- Launched GMER and kill EXPLORER.EXE (It restarted automatically).- Then I could visit the Symantec and McAfee sites and run Mbam.But after rebooting the behavior re-occurs.Please adviseKind regards,Jose

A:Mbam Shuts Down - Symantec and McAfee sites are blocked

Hello there, and sorry for the delay,GMER-------Please download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 18 answers
RELEVANCY SCORE 50.8

First, Thanks in Advance for the help on this issue!One of my employees got a "?" something on their workstation computer. McAfees VirusScan On Access shows that it is updating, but it does not look right. The window that comes up does not look like anything from McAfee.The Windows Security Alert icon in the task bar is red with a ballon to fix it, but double clicking it gets a long hour glass, and then nothing.I also can not open the security section of the control panel, nothing happens.DDS.scr was unable to run, it asked what program I wanted to use to open it. I am posting a Hijack this log, and root repeal log. Let me know if I need to collect more data.Thanks!ROOTREPEAL © AD, 2007-2009==================================================Scan Start Time: 2009/08/28 07:45Program Version: Version 1.3.5.0Windows Version: Windows XP SP3==================================================Drivers-------------------Name: dump_atapi.sysImage Path: C:\WINDOWS\System32\Drivers\dump_atapi.sysAddress: 0xF4299000 Size: 98304 File Visible: No Signed: -Status: -Name: dump_WMILIB.SYSImage Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYSAddress: 0xF7B08000 Size: 8192 File Visible: No Signed: -Status: -Name: rootrepeal.sysImage Path: C:\WINDOWS\system32\drivers\rootrepeal.sysAddress: 0xB6914000 Size: 49152 File Visible: No Signed: -Status: -Hidden/Locked Files-------------------Path: c:\documents an... Read more

A:McAfee blocked updates - Window Security Alert

Hello and to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.-----------------------------------------------------------We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, ... Read more

Read other 4 answers
RELEVANCY SCORE 50.8

Hi, please help me!
 
Several days ago my computer started running slow and my husband was being redirected when he tried to log into BofA so he called the bank and they suggested we run our anti virus software.  I have both McAfee and Malwarebytes installed on my computer.  I was not able to open either, a window came up reading "this program blocked by group policy, contact your system administrator".  At this point I hit the forums and tried to problem solve myself.  I was able to open Malwarebytes in Safe Mode and it came up with two Trojan horses and several other bad things.  I first quarantined then deleted the files.  Below is my log from Malwarebytes:
 
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org
Database version: v2014.06.10.06
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16686
Fawver Family :: MININT-0VFAH6A [administrator]
6/10/2014 10:49:56 AM
mbam-log-2014-06-10 (10-49-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258538
Time elapsed: 8 minute(s), 25 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKLM\... Read more

A:"This program blocked by group policy" McAfee & Malwarebytes

Hello mothership2000 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the... Read more

Read other 15 answers
RELEVANCY SCORE 50.8

Hi all. Thanks in advance for your help. Here is what has happened. It began with an error in svhost.exe (was in the drivers directory). My McAfee became disabled. Spybot teatimer keeps giving me popups about WinLogon value changing (wants to place value ...systems32\oembios.exe in the UserInit. Initial scans with spybot showed Smitfraud-C.gp and Win32.agent.pz. I clicked fix problems and the Smitfraud-C has not come back up but the Win32.agent.pz keeps reappearing. After some research because of the teatimer popus I tried to delete the data (oembios string) in the Winlogon registry entry. It keeps reappearing. I'm at a loss. I've been racking my brain and the woman I work for is really upset that she can't get on the net to pay her bills. I refuse to let her connect with this problem present. HiJackThis log follows. Please help. I hope this is good. The first time I ran HJT I got 2 errors, but it completed the scan. This is from a subsequent scan. I also did a startup scan and ADSspy scan. They also follow.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:19:52 PM, on 9/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalWindows folder: C:\WINDOWSSystem folder: C:\WINDOWS\system32Hosts file: C:\WINDOWS\System32\drivers\etc\hostsRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WI... Read more

A:Mcafee Blocked, Browser Redirect/deny, Oembios.exe!

to BleepingComputer.comI want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you would still like help, please post a new HiJack This log below, as things may have changed on your system.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .Please do an online scan with Kaspersky WebS... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

Hello,
 
 
At the moment I am trying desperately to remove various malware and Trojans from my Dell Laptop running on a Windows 7 64 operating system.
 
The apparent symptoms are:
 
Windows Firewall/Security Center are turned off, and any effort to enable them through the Control Panel or services.msc is ineffective. At the moment I am relying on my McAfee firewall. (Error: 0x80070424 "The Windows Security Center service can't be started" when trying to turn on Windows Security Center Service)
 
I am unable to run any Windows Updates
 
Internet Explorer is behaving strangely. The back button requires multiple clicks, a McAfee banner I have never encountered before appears often on the most benign pages. When I try to install any .exe files (including from BleepingComputer, such as ComboFix) I am presented with the IE 'This Page cannot be displayed'.
 
McAfee initially spotted malware on computer but now detects nothing. TDSSKiller hasn't found anything. MalwareBytes continues to detects threats (The MB Anti Rootkit also spots malware)
 
 
From what I've read the symptoms point towards ZeroAccess, but I of course need help from people who know what they are talking about.
 
 
Here are the reports from MalwareBytes:
 
Malwarebytes Anti-Malwarewww.malwarebytes.org
Scan Date: 06/09/2014
Scan Time: 13:56:36
Logfile:
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.09.06.01
Rootkit Database: v2014.08.2... Read more

A:Suspicious behaviour from McAfee SiteAdvisor and blocked firewall

Update: In services.msc 'Windows Firewall', 'Windows Defender', 'Windows Update' and 'Security Center' are disabled and stopped. If I try to correct this, they stay on for about 2 seconds and are then disabled again.
 
My User Account Control is also set to 'Never Notify Me' and will not change.
 
Dell Datasafe Local Backup also stops working when I boot the machine.

Read other 4 answers
RELEVANCY SCORE 50.8

I evidently have several viruses on my computer that my virus protection is not detecting. McAfee and Microsoft update websites are being blocked. I am getting popups when opening IE, and redirects. Also, Vimax add follows me from site to site. I have scanned twice and the result is clean (small tracking cookies were removed.) There are threads out there on these issues however they seem so situation specific i was scared to apply them to my system. I see lots of other people loading and using multiple virus detecting programs, etc. If I should try this first as well please advise. I am attaching my Hijack log for a review.

Thanks
Hijack Log Reads:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:38 AM, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\mm_tray.... Read more

A:Pop-ups, Redirects, Microsoft Update site blocked, McAfee Update Site blocked

Read other 6 answers
RELEVANCY SCORE 50.4

Hi,

I seem to have the same problem as shaq237, who posted on 11/05/12. Every time I boot my computer a message pops up from McAfee that says a potentially harmful device driver has been blocked and it gives a path name to the file. Every time the computer boots the path name is the same but the file name changes. Using windows explorer to try and delete the file, the file is never there. If you look at the bottom of the Attach.txt file in the Event Viewer Messages From the Past Week section, the most recent message is on line number 3 with some earlier boot-time messages below it. I have run a full scan with McAfee but it finds nothing. Can you please advise me if this is some sort of malware? If so, how can I go about removing it? Thank you for your help. Below is the contents of the dds.txt file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by xxxxx at 19:52:44 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4009.2104 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows�... Read more

A:McAfee Reports Blocked Driver Every Time System Boots Up

Please run the following:Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.... Read more

Read other 16 answers
RELEVANCY SCORE 50.4

Been having an issue where McAfee firewall repeatedly turns off. I can turn it back on manually but it only stays on for around 30 seconds to 1 min. When the firewall is off the internet connection is seemingly blocked. On chrome I receive the message

"Google Chrome is having trouble accessing the network.
This may be because your firewall or antivirus software wrongly thinks that Google Chrome is an intruder on your computer and is blocking it from connecting to the Internet."

If I manually turn the firewall back on the internet connection resumes but only for the 30 seconds that the firewall stays on.

I'm assuming this is some sort of malware? I'm unsure what to do.
Scanning with McAfee and MBAM leads to no results.
Have previously scanned with TDSSkiller but that too reports no results.

Thanks for any help.

A:Mcafee firewall repeatedly turns off, then internet connection blocked

DownloadFSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

Read other 6 answers
RELEVANCY SCORE 50.4

The first thing that I noticed was that google links were not taking me where they said they were (initially in Firefox, then also in IE), and then noticed that my McAfee Security Center was not running. When I tried to start it up and update it, it simply sat there. I tried to access their website, but it is completely blocked. I obviously have something messing with my system, but I have no idea where to start. I am including the HijackThis log below. Any suggestions?

Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:51 PM, on 4/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\OPLIMIT\ocrawr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:... Read more

A:McAfee update/website blocked, google links redirected

bump
 

Read other 1 answers
RELEVANCY SCORE 50

Hi im totally new to here and a novice to the pc world, i noticed a while back the bProtector thing attaching to my photos every time i try to delite it then empty recycle bin, and my homepage changed which i managed to get back to google,
My son who claims hes a dab hand clearly isnt, im not sure when this started but ive had it a while and it must of been some videos hes watched.

I have AVG that found nothing, tried deliting in programs and features, ( i have vista)

I have no idea on how to remove, if this has been mentioned before i dont mind a link, but hopefully its in plain english

A:bProtect

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 24 answers
RELEVANCY SCORE 49.6

Hi, i downloaded one thing on limewire,(it is now uninstalled) and the file was basically viruses trojans and adware waiting to infect my computer. After tons of scans, ive finally got rid of most viruses and trojans before they could spread. But i still have tons of adware, avsystemcare, winantivirus popups and just other popups that come up when im not even online its really annoying and after tons of scans i still cant ged rid of them. PLEASE HELP!
 

A:tons of adware McAfee

Read other 16 answers
RELEVANCY SCORE 49.6

My Avast free antivirus recommended that I run a boot-time scan, resulting in the following messages
 
FileC:\Users\*******me******\AppData\Local\Microsoft\windows\TemporaryInternetFiles\Content.IES\42MGUI\pack[1].7z|>bprotector.xpi|>bprotector.js is infected by JS:Bprotect-C [Trj]
 
Some more infections, all in Temporary Internet Files, were listed as: 
 
Win 32: BProtect-D [Trj]
Win 32: BProtect-G [Trj]
Win 32: BProtect-D [Trj]
 
Avast could not delete or quarantine these files, quoting error 42111, or repair, quoting error 42060.  I had already deleted my Temporary Internet Files.
 
My Computer is running Windows 7, 64 bit version
 
If anyone can help me please, I will be very grateful, thank you.  

A:JS:BProtect-C [Trj] discovered

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 7 answers
RELEVANCY SCORE 49.2

My father's McAfee Virus Scan has been warning him of potentially unwanted item after his nightly virus scans. This is what it says: C:\_RESTORE\ARCHIVE\FS581.CAB
PUP Name Adware-HiWire

The choices to Delete, Quarantine or Repair are useless. Each one he has clicked on will cause "Disk is write protected" to appear. I've scouraged the internet for information and haven't found a thing.

I will be doing a hijack this log tonight and will post that tomorrow, but in the meantime, do any of you have an idea what this is?

Thank you,
Barb
 

A:Adware Hi-Wire detected with McAfee

hi, welcome to TSG.
Turn off system restore.

How to turn off system restore

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so
we can take a look at it for you. Don't click fix on anything in hijack this
as most of the files are legitimate.
 

Read other 1 answers
RELEVANCY SCORE 49.2

I have a problem. Something infected an older computer (Windows XP SP1) I use to download and read e-mail and record radio show streams. McAfee updates are being blocked and when I try to go to McAfee's Website with IE 6, FIrefox 3 and Netscape 7.1, I get re-directed to an error page. Also Windows Media streams are being blocked in all audio programs, although MP3s and Real Audio streams play fine in Windows Media, WinAmp and Real Player. Windows Media will play wma files already on the PC. IE and Firefox both crashed frequently.

I had McAfee, SuperAntiSpyware, Adaware and NoAdware 3 already installed. So I ran them. McAfee saw nothing. NoAdware took off some tracking cookies. Adaware took off a "critical infection" and SuperAntiSpyware saw a Win32 Trojan. But they didn't solve the problem. I downloaded and ran Malwarebyte's Anti-Malware which saw some traces of a trojan agent, trojan fakealert and Rogue Installer and removed them. I ran Microsoft's Malware Removal Tool which showed nothing. I ran Spybot Search and Destroy which saw a few things and removed them. I ran PC Tool's Spyware Doctor that saw 3 Trojan Fake Alerts and a bunch of other stuff in the registry, etc. and removed them. But McAfee and WMA streams are still being blocked. When I try to play a stream, it says "Windows Media Player cannot play the file because a network error occurred. However, the streams play fine on other PCs.

I tried WinsockxpFix, which was recommended ... Read more

A:McAfee updates blocked, Anti-virus sites redirected to error page

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_Sca... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

I have a Windows 2002 XP/SP3 computer with Firefox. Three weeks ago I had a malware infection, Windows Security Essentials, that seemed to be deleted by an install of Malwarebytes. As my AVG anti-virus free software had been begging for an update I did so but noted that the install screen seemed to run for hours and after a reboot though the AVG folder was in the Program folder there were no AVG icons or EXE's to run. I was busy and time passed. A week later I noticed the Just-in-time debugger started popping up and asking me to run a JIT debugger but there was not one to run. Dismissing it simply let it pop up minutes later so I minimized it and ignored it. After a week of that I found that my browser started redirecting to other sites, first on occasional searches then on every search. Re-running the Malwarebytes and the already installed Spydoctor did not help. One time a pop-up window appeared asking me to install some alternate browser, I used the task window to close it. I now cannot do any searching though I can plug in a website and go to it directly. After reading your "how to" message I ran the programs and will attach the proper files and post below.
Thank you for your time and attention.

DDS (Ver_10-11-10.01) - NTFSx86
Run by Owner at 20:22:15.68 on Sun 11/14/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.495.114 [GMT -5:00]

============== Running Processes ===========... Read more

A:IE blocked searches go to Adware sites

Hello VetDoctor, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click... Read more

Read other 5 answers
RELEVANCY SCORE 48.8

I use avast and it has been blocking at least 7 urls and 1 adware called Agent Asoc. I have ran tdsskiller and it says nothing was found but i know a problem still exists. Also it continually says its in my processes. The problem started when I was on the steam workshop and a guy redirected his mod to a dll. I have never had this problem so i ran malwarebytes. It detected a trojan sprotector and tidynetwork potentially unwanted program.
 
The files attacking are all urls and before i ran malwarebytes it was closing my browsers when i went to install other virus detection services. Also I ran HitmanPro and it detected a few parts of it I believe but they continually appear in Avast Antivirus. 
 
I really need help as this is a major inconvenience. Thanks in advance
 
Also I have run numerous adware detection programs listed on this site and the problem persists
 
It is now moving my taskbar items around where the battery indicator and volume bar are

A:I have 8 adware being blocked at one time. Am I infected?

Hi Sonny, run these also and see if there is more.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed..ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.After reviewing the log, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.Press OK again to allow AdwCleaner to restart the computer and complete the removal process.After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.-- Note: The contents of the Ad... Read more

Read other 12 answers
RELEVANCY SCORE 48.8

McAfee was disabled without my consent on my PC. When I turned it back on, I got -- and am still getting -- bombarded by virsuscan alerts from McAfee vursuscan. They say:

Potentially Unwanted Program Found
Program name: Adware-MWS
File A0008595.DLL
File path: c:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP58
Status: PUP found

If I click on Remove, I lose all my work, my windows all close, and it claims that the PUP was removed but I get the alert all over again.

If I click Cancel, the warning pops up immediately again.

I've run McAfee, Spybot, and Ad-aware, all with the latest updated uploaded (as of five minutes ago). All to no avail.

What should I do? Thanks.
 

A:Having major adware problem! McAfee is out of control.

Read other 16 answers