Over 1 million tech questions and answers.

Probable malware - 2nd time in 2 months Don't know what infection I have

Q: Probable malware - 2nd time in 2 months Don't know what infection I have

Hi, this is my first time on this site, so bear with me - and thanks for your help. A couple of months ago I was infected severely with malware - the computer guy was unable to get rid of all of it and suggested wiping the hard drive and reinstalling, which I did. Things worked okay for a while, but same symptoms are back. They include:
hangups - inability to close programs except with Windoews Task Manager "End Now", pop-ups, changed home page, slow or unable to access some web sites - crashes - blue screen - safe mode timer symbol.

I am hoping for some help, and to find out why I would get this twice - I have ATT server (sbcglobal.net) which has McAfee - I update both McAfee and WIndows XP regularly amd since my crash, I have been cleaning up disk almost daily. There isn't much on my computer now.

Here are my scans, and thank you for anything you can do to help me.

As per the instructions you would have received, kindly ensure any onboard
script blocking tools have been disabled for they shall interfere with DDS.

DDS is a non-invasive diagnostic tool.

- DDS makes no registry writes/changes

- DDS does not create any permanent files/folders.

This scan should not take longer than three minutes to complete.

When the scan is complete, a logfile/report shall pop open.

Post the contents of the logfile to the forum where it was requested

We only require it to run just once. Dispose after use.

RELEVANCY SCORE 200
Preferred Solution: Probable malware - 2nd time in 2 months Don't know what infection I have

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Probable malware - 2nd time in 2 months Don't know what infection I have

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Read other 29 answers
RELEVANCY SCORE 72.8

Hi all,

I'm a regular user of Ad-Aware and Mcafee security center for for antivurus/ anti spyware removal, however about 6-7 months ago(i waited awhile) I noticed some strange behavior and decided to run a complete scan with both tools to remove anything that may be infecting my PC. Doing so got rid of the issue I was having at the time, however I still get these two error messages everytime I turn on my PC:
Error loading C:\Users\Nickdoom\AppData\Local\rsLEV2.dll
The specified module could not be found.

and

Error loading C:\Users\Nickdoom\AppData\Local\amanoguqutoqih.dll
The specified module could not be found.

Which leads me to believe something is still trying to load these programs which My programs most likely removed.
Also, I have noticed some general slowness remaining since then. Any assistance would be much appreciated. Logs below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:32:22 PM, on 11/23/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\AOL\1279125156\ee\aolsoftware.exe
C:\ProgramData\Ad-Aware Browsi... Read more

A:Possible(probable) Malware infection

Read other 16 answers
RELEVANCY SCORE 72.8

I have a computer at work running Windows XP professional, service pack 3. Windows security essentials is my current anti-virus.

About a week ago I observed a program had installed itself that I immediately identified as bogus, it was called XP Security 2012.

I re-launched the machine in safe mode, ran the latest version of rkill, updated Malware Bytes anti-malware and ran it. It found about 11 infections and removed them without incident. I relaunched the machine at it seemed fine. That was a Friday.

On Monday I noticed that the machine was very sluggish. I kept seeing a svchost file taking up a lot of system resources. A condition I have dealt with in the past on several machines. Knowing that it can sometimes be a problem with automatic updates I attempted to temporarily disable them, but I cannot do this because our network policy is to ahve them enabled and all options controlling them are greyed out. I also noticed that both internet explorer and firefox would not use search engines properly and were constantly being redirected. I went back to safe mode, ran Malwarebytes again and zippo. I then tried spybot search and destroy and it found about 9 problems not caught by Malwarebytes and successfully removed them. I then installed lavasofts anti-malware and it reported a clean computer.

After re-booting, the exact same problems recurred within minutes. I stopped the growing svchost file and ran rkill in regular windows and this stabilized things. The brow... Read more

A:Probable Malware Infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 4 answers
RELEVANCY SCORE 72.8

Hi All,I made the mistake of clicking an unfamiliar link, and am pretty sure some malware was downloaded onto my computer. An image of the culprit is given here: Something called "Jollywallet", and an unfamiliar search tab. MS Security and MBAM aren't picking it up, and I'm highly suspicious. Your guidance and input would be highly appreciated.

A:Probable Infection of Malware

Hello abraxasFirst we'll see if it's in Add Ons...and remove it.In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.How to disable extensions and pluginsKeeping your third-party plugins up to dateNow do a scan..ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.And Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet and double-click on the renamed file to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.Malwarebytes will automatically start and you will be asked to update the program before performing a scan.If... Read more

Read other 6 answers
RELEVANCY SCORE 72.8

I am running a Pentium 4 (3 GHz) HP desktop with 512 meg (PC 2700) RAM. It has a WD 240 GB HD with 147 GB free

My problem started with the computer being unusably slow for first 15 minutes or so. Taskmanager showed that wuauclt.exe was hogging memory. So was one of the processes running under svchost.

I poked around the Internet and found some suggestions that it was malware causing the problem. I ran Malwarebytes and it found nothing. I have a subscription to ESET NOD32 so I ran a scan with it. It found nothing. I contacted ESET and they suggetsed I download the newest version of NOD32. I couldn't find the link on their website to get the download. In course of communication with them I finally got so frustrated that I uninstalled NOD 32 and installed Microsoft Security Essentials. It too found nothing.

I poked around the internet more and found a post somewhere that said the issue was with Microsoft Update and that if you switched to Windows Update the problem would go away. Sure enough, it did.

I then contacted Microsoft Support because I was having an issue with a Windows Update failing (it was (2) HID Updates). They resolved the problem and I complained about the wuauclt.exe issue. The Tech who contacted me was not of much help. His solution for fixing the wuauclt problem was just don't use Microsoft Update. I want to use Microsoft Update. I have other Microsoft programs that I want kept up to date. Anyway on to the current problems.

He had me run ComboF... Read more

Read other answers
RELEVANCY SCORE 72

A couple of days ago, I started noticing that clicking on Google search results did not take me to the actual link, but to all sorts of other, commercial pages (I can get around this to some extent by getting the addresses and going directly or using the cached page, when available). As I searched relative to this problem, I found various suggestions, such as run HiJackThis or Malwarebyte's AntiMalware or RootRepeal. I am able to download and install these programs, but they will not run. Trying to make them run gives me a "You don't have permission" message. More research suggested, for instance, renaming the executable for AntiMalware -- that didn't work as I was denied access. I re-downloaded AntiMalware and saved it to a flash memory stick, and was able to rename the executable there. I was able to open it, but as soon as the scan started, the program was terminated. The same was true of RootRepeal, and I tried running your DDS, but the scan was immediately terminated. I've also noticed that in my anti-virus software (AVG 8.5) the email scanner is not activated, and I am unable to activate it. I've successfully run AVG scans, and they turn up nothing. I am running Windows XP. Please let me know what further info is needed, and please HELP!

A:Need Help With Probable Malware Infection [Moved]

Since I posted the above, I downloaded and ran ComboFix, which deleted some files. I was then able to run AntiMalware from my flash memory stick, without it shutting down, and it found no infected objects. The problem with re-direction from Google seems to be fixed as a result of what ComboFix did. However, I am still unable to open AntiMalware or HiJackThis from my hard drive (I continue to get the "Windows unable to access" message), and I am still unable to re-start the Email scanner on AVG (Following instructions from an AVG forum, I went to the local services list, checked that the scanner was on automatic, and hit "start" for the service. The message I received was that the service was started and then shut down). There seem to be a lot of people having problems with the email scanner on AVG, so it is possible that this is a separate issue from the others. Any ideas?

Read other 3 answers
RELEVANCY SCORE 72

Operating system is Windows XP Professional v. 5.1.2600 SP2
Spybot S&D installed but not working properly.

A week ago began receiving almost continual pop-ups when using IE7, also error 1058 for Windows AU. Tried Microsoft directions to turn AU back on and it was not successful. Downloaded SUPERAntispyware, though it ran and quarantined/deleted some items the system hung before the scan completed.

Current status: IE7 continues to get continual pop-ups(they are blocked) but I can see them
happening; about every 2 minutes a window pops-up with messages that the machine is being
attacked apparently by every known malware program out there and then asks if I want to run
MS Spyware 2009 - response is always "NO". Every time I try to access an anti-spyware site, including this one, a Google error "Oops! This link appears broken". All other websites appear to be accessible but I am fearful to use the internet at all. We use a DSL modem and it is turned off for now.

Any guidance would be greatly appreciated. Thanks.

Kathy

A:Probable malware infection, need direction

Hello. Perhaps a copy of the SAS scan log would help us see what was found as that may give us some clues. Also scan again with MBAM.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click... Read more

Read other 9 answers
RELEVANCY SCORE 72

Cannot see screen after probable malware infection
 
I have acquired what I believe is the Mandiant ransomeware malware.  I downloaded the HitmanPro program from this page on your site ( http://www.bleepingcomputer.com/virus-removal/remove-mandiant-usa-cyber-security-ransomware ) and followed the instuctions.
 
I turned off the computer, turned it back on,, and... no screen.  Tried three times.  It's cranking away as I type this with no screen.  I get a quick "DVI" logo in the top corner (which is normal), then nothing but blank screen.  Hence, I cannot see what my boot menu key is to direct it to the USB drive that I made using HitmanPro.
 
It is my desktop that is at issue.  I created the USB boot drive on my laptop.
 
It is a custom made desktop, not from a specific manufacturer.  I do not recall the boot menu key.  I did run a AVG full scan and a Malwarebytes scan before I shut down, and both found nothing.  I was able to open files on my C Drive just fine prior to shutdown.  I unplugged all my external drives.
 
Win 7 64 bit

A:Cannot see screen after probable malware infection

ETA:  Have tried booting from my original Windows disk, same result... nothing.  Just a black screen, no cursor or anyhthing.  The light comes on for the CD-ROM drive as it boots, but doesn't boot from the disk.
 
I'm kind of doubting that the boot issue is virus related, and is probably just coincidence, but it sure is one big coincidence.
 
Also, I have dual mirrored hard drives, which leads me away from it being a hard drive potentially going bad.

Read other 5 answers
RELEVANCY SCORE 70.4

Hi:
 
windows 7 64-bit system
 
I haven't run a virus scan of my computer for some time.  After allowing my nephew to use my computer for several weeks, I decided I'd better run a scan so I attempted to run my 2013 Kaspersky Pure 3.0 program to check for viruses this afternoon.
 
It started to run, then went to a blue screen before going to a black screen before rebooting.  I attempted to run the scan three times with the same results.
 
I can surf the net as long as I don't attempt to go anywhere that allows me to update drivers and/or virus/malware protection.  When I visit any virus or malware site, I get the blue screen to black screen and my computer reboots.
 
I contacted Kasperky support.  They wanted me to create a System State Report.  Once it runs, I'm to click on Finish, then View Report, then Save Report.  The report will run.  I click finish, but it won't allow me to view the report so I can't save the report or send it to Kaspersky.
 
When I attempted to update the Adobe Flash Player, the same thing.  Blue screen to black screen and reboot.
 
I attempted to manually update my Kaspersky,  It failed to update giving me the following error message;  Task failed.  Cannot create folder.
 
Hoping for help.  Thanks.
 
*edit*  Now can't open any browsers.  I'm on wireless internet and tried to disconnect the computer and it wouldn't let me.  I had to t... Read more

A:Probable Infection Preventing Virus/Malware Programs

I am replying to this topic in order to update.  I definitely seem to be infected with something.  My virus protection is corrupted.  I had Iobit Advanced System Care 7 with it's Malware Protection.  It seems to have been turned off and/or become corrupted.  Both programs say they are working, but they're not.  I tried to boot from a Kaspersky rescue disk, it said the databases were corrupted.  I've tried to turn on Windows firewall, but it won't let me.  I tried to install BitDefender and received an error message indicating that it can't install the drivers, try again, which I did with the same results.  Unfortunately whatever is going on is preventing me from performing a screen capture or copying the message to my PAINT program so that it can be attached to this post.  My .32 dlls, etc are also becoming involved.  I ran a couple of the Malware programs, AdwCleaner and SuperAnti Spyware...they each found a few things which I had them remove but as soon as I rebooted they were back.  Again, things moved to quickly for me to try to write down what the items were and I couldn't use the screen capture.  I finally turned off my computer because it was only getting worse, not to mention there was no antivirus protection or firewall running.  I patiently await help.  

Read other 6 answers
RELEVANCY SCORE 61.6

Hello,
 
Okay first of all I would like to say I have been having on going issues for months to almost a year... I have tried everything I can think of... Including wiping harddrives to DoD standards with dban, gparted etc.... I have tried monitering my connections with wireshark...  I have tried several differet anti- (virus and malware) programs including paid version of kaspersky, malwarebytes, bitdefender, eset.....
 
This problem also has involved some black hat hackers compromising my system and bank account, credit card etc all being hit and continueing to do so... I have switched ISPs , changed hardware, thrown away devices including cell phones and laptops... It seems that they were also backdoored into several of my devices and were using several different methods to continue to spread and infect other devices.. These devices include android, iphone, ipod, ipad, netbook, laptop, smart tv and even my dvd player (java).. I have tried to ask for help and seek help for this and no one can figure it out or think this cant be real.
 
I have now thrown out all laptops, and all phones at the same time and started from scratch but having issues on a brand new laptop... I am not sure this is the same issue as before... However, I would like and really appreciate if someone could help me out and view my logs and make sure.. because I have been through hell and back with all these issues.. Loss of finances, time, and sleep... SO, I truly appreciate any and a... Read more

A:Malware, Spyware, And hackers...equals months and months of going insane!! help!

GMER 2.1.19357 - http://www.gmer.net
3rd party scan 2015-06-29 18:38:16
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\00000036 HGST_HTS721075A9E630 rev.JB2OA3J0 698.64GB
Running: 11ybrc3o.exe; Driver: C:\Users\M4M8A\AppData\Local\Temp\kxldypow.sys
---- Modules - GMER 2.1 ----
Module   \SystemRoot\System32\drivers\iaStorA.sys (Intel Rapid Storage Technology driver - x64/Intel Corporation SIGNED)(2014-09-02 06:28:41)                                                fffff800f9c65000-fffff800f9f1b000 (2842624 bytes)
Module   \SystemRoot\system32\DRIVERS\edevmon.sys (Devmon monitor/ESET SIGNED)(2015-01-30 23:13:30)                                                                                          fffff800fa393000-fffff800fa3d2000 (258048 bytes)
Module   \SystemRoo... Read more

Read other 3 answers
RELEVANCY SCORE 56.8

Hi guys, Ive recently been infected with a series of malware and spyware infections. Ive scanned with a few programs:
SpySweeper6
SpywareTerminator
Spybot S&D
Malwarebytes'
Exterminate It!
and ParetoLogic
all spyware/ malware removers.....all failed.
Theres some type of DNS infection also which redirects my browser when I try to visit Microsoft Support sites and most other updating or online scanning sites. I have posted a HijackPatrol log (generated by WinPatrol) for your expert review... please help.
 

A:(first time post!)malware infection

The site is telling me my Hijack log contains to many characters to post pls help..
 

Read other 2 answers
RELEVANCY SCORE 56

Hi guys, im sure this isnt a new one for you. IE is slow or non responsive, Iexplore processes max out CPU and cannot be cancelled w/o reboot. HJT log below;Hope you can help!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:36:48 AM, on 5/26/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Dell\QuickSet\NICCONFIGSVC.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXE... Read more

A:probable infection

Hmm. No replies yet? Perhaps i did something wrong/incomplete? Attached DDS log as well.===========Hello No, you haven't done anything wrong. While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.We ask that once you have posted your log and are waiting, plea... Read more

Read other 3 answers
RELEVANCY SCORE 56

My father-in-law's computer appears to have an infection.
My guess is that it started with the installation of Registry Mechanic which has alerted him to some enourmous number of problems which can be fixed by PCTools.com provided he follows their instructions and pays them money. They've been paid $150 so far and it smells like a scam.

The computer does have a rather large array of security tools and PC utilities and he really doesn't understand PC's much.

AVG 8.5,
Winpatrol,
Avast,
Zonealarm (which I just uninstalled because he doesn't have the capacity to understand how to configure)

The HDD is thrashing, the computer operates slowly and the alerts from security tools keep popping up frequently, often halting further progress. There's no telling what he has granted permission to in the past months

I've tried installing MBAM but the installation fails. I recall that when I had a similar rootkit and trojan infection, MBAM was blocked.

I am removing the HDD from his machine and will back it up in my computer and expect to run MBAM on the drive.

I will post reports ASAP

A:Probable infection

Have you tried installing MBAM under safe mode with networking?Also:Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to i... Read more

Read other 7 answers
RELEVANCY SCORE 56

Referred from here: http://www.bleepingcomputer.com/forums/t/330813/fraudsysgoogle-redirect-malware-virus-tried-everything-help/ ~ OBAt the request of moderator boopme, I am posting this and requesting assistance in getting rid of this MBR infection. This follows discussion of the google redirect, random pop-up window virus I have been dealing with. This is occurring on my Dell Latitude 4300, running Windows XP and no other operating systems.Bootkit remover found the following:Bootkit Remover version 1.0.0.1? 2009 eSage Labwww.esagelab.com\\.\C: -> \\.\PhysicalDrive0MD5: 33651d4929a84a7ab9d65c115ce1bdc0CreateFile() ERROR 5Size Device Name MBR Status--------------------------------------------149 GB \\.\PhysicalDrive0 Unknown boot codeUnknown boot code has been found on some of your physical disks.To inspect the boot code manually, dump the master boot sector:remover.exe dump [output_file]To disinfect the master boot sector, use the following command:remover.exe fix Then, I ran DDS and I have attached the two logs from that. I am not an administrator on my computer, so I was not able to run defogger before doing the DDS scan.Thanks for any assistance you can provide.

A:Probable MBR infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 17 answers
RELEVANCY SCORE 56

I believe I have some malware on my computer. In windows vista, I cannot install/run malwarebytes in normal mode, I finally got the laptop to boot in safe mode and I installed, updated, and ran malwarebytes in safe mode. It did find many things infected, and after a reboot, i still have my problems. When I start windows explorer, the program starts, but I get no response from the program. I try to run malwarebytes in normal mode, but I still get my two errors (vbAccelerator SGrid II Control {! Run-time error 'o'} OK is the only option), then I get my second error (Malwarebytes' Anti-Malware {! Run-time error '440' Automation error) OK is the only option again. I also tried to go removed programs through control panel, but when I select a program and click "uninstall" I get "An error occured while trying to uninstall MySpaceIM. It may have already been uninstalled. Would you like to remove MySpaceIM from the programs and features list." Either option (yes or no) and the program remains. Any help would be appreciated.
Here is my DDS Log:

DDS (Ver_09-09-24.01) - NTFSx86
Run by Paul Barrios at 21:28:51.84 on Sun 09/27/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3581.2418 [GMT -5:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLa... Read more

A:Probable Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 56

Hi,

Have inherited a laptop from my sister in law, she had massive problems with it a few months ago after clicking on a link purporting to be a virus scanner (you know the drill, messages pop up saying your computer is infected and you can remove them by installing this program etc). Her neighbour tried to fix it and failed, she lost her patience with it and went out and purchased a new one. No idea what her neighbour did to it as he has gone back to Holland.

Here are the details I do know:

Toshiba Satellite A200 running 32Bit Windows Vista Home Premium Service Pack 2.

Was freezing within 1-5 minutes of booting up, I discovered it was because Windows update was trying to activate automatically and it would hang as soon as updates were trying to download, disabled auto Windows updates and can now boot up without it hanging. Tried manual update, hangs. Tried updating Windows Defender and it hangs.

Malwarebytes already installed so I ran it, found nothing. No antivirus software installed, tried installing Avast, and (separately) Avira several times and it would freeze everytime.

When it freezes nothing responds except for the mouse cursor, ctrl alt del turns the screen black, if you don't do a hard reboot and leave it on the black screen for a while, you sometimes get a WerFault.exe Bad Image error come up.

Can't do system restore either because all restore points have disappeared.

Thanks

A:Probable infection

Can you post the logs from Malwarebytes and run the following as well:Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.SUPERAntiSpyware:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" ... Read more

Read other 9 answers
RELEVANCY SCORE 56

Symptoms which lead me to believe I have been infected are as follows:
I cannot change any settings or check for updates via Windows Update, and when I attempt to do so I get the following message: "Some settings are managed by your system administrator." I am not under any network policy of any kind, and have ensured that all my LOCAL group policy settings are set to NOT CONFIGURED. I did a full scan of my computer with Norton Internet Security 2011 Beta as well as Microsoft Security Essentials and came up clean. I cleaned my registry with CCleaner also. The only virus protection I had at the time I started having these problems was Avast Antivirus Free Edition, the other programs were installed afterward as an attempt to solve my problem. To the best of my knowledge, if I am system administrator with administrator privileges and local group policy is not configured, I should be able to turn on Windows Update. As stated in the following log, I am operating on Windows 7 Ultimate. I have engaged in risky online behavior recently and it is very likely this is a virus of some kind.. I followed preparation instructions for posting this new thread, however, the final step I could not complete. When I run gmer.exe I get the following error message: "C:\Windows\system32\config\system: The system cannot find the file specified." I ran a scan after pressing ok, with only the following checked off: Services, Registry, Files, C:\, ADS. When it started it gave me the... Read more

Read other answers
RELEVANCY SCORE 56

My problem computer is my Toshiba Laptop running windows 10 Home version 1607.  This laptop has been with me this summer to Northern Europe and Alaska and has visited many servers. My programs and security software are up to date.  Recently it has been acting very strange, sometimes taking minutes to boot up which used to be seconds.  Occasion the computer becomes completely frozen and can only freed by manual shutdown and restart.  Programs sometimes refuse to start or start after a long pause.   A couple times I have noticed strange entries in my startup list such as Microsoft Application Host. An Avira scan runs very slow only reaching 15% after an hour. Two other computers attached to my home network run fine.
 
Advice would be appreciated

Read other answers
RELEVANCY SCORE 56

I took on a repair job on a friend's XP Home laptop yesterday and already I'm regretting it. The computer will not boot, it crashes with a Stop 21a error. First I went into Safe Mode and ran chkdsk /f and that didn't do anything at all. Next I plugged in a USB thumb drive and ran the latest version of McAfee's Stinger virus scanner. It scanned for almost 3 hours and didn't find anything. Next I tried to install Ad Aware to check for malware and was greeted with a message that the Administrator hat set policies to prevent this action. That's when it became pretty clear that the computer has some kind of trojan infection on it. Since XP Home doesn't have a Group Policy editor I can't check to see if a policy has actually been set to stop the installation and I don't really know that any such policy even exists in Home edition. If there is such an entry in the registry I don't know how to find it. And finally, I seriously doubt that any such administrative policy has been set at all. My friend only has one account on the computer and that is an Administrator's account and he certainly does not know enough to set any policies like this one.

I could install the Group Policy editor files on the computer but I don't think it is going to be worth the effort. So I came here to see if perhaps anyone here can suggest a better solution to my problem. I imagine that many of you have seen system hijacks of this type before.

TIA ... Read more

A:Probable Infection

I had the same problem not so long ago with a customer's computer. I just wish I could remember exactly what I did to resolve it.There's lots of Google stuff on a stop: c000021a error. Try one of these:http://support.microsoft.com/?kbid=318666&sd=RMVPIf he has Norton System Works installed, this one may help:http://support.microsoft.com/?kbid=316503&sd=RMVPPost back if either of these works or not.Good luck!

Read other 6 answers
RELEVANCY SCORE 56

Hello Everyone!
My old desktop is probably infected with something...I have run my basic virus protection that came with my isp but it has not detected anything. The pc is old; however, since I am not working right now I cannot afford a new one! When I try to log onto IE or Firefox most of the time I get "cannot connect to internet" screen. I then reboot and it may or may not let my get online. It runs very slowly when I do get on the net. Most of the time it freezes up using either browser. I have had not redirects to any porn sites, google, etc..
I appreciate any and all help, and a "donation" will be made now that I have paypal!
Warm Regards,
Chupa

A:Probable Infection

Do you get any messages from programs called Antivirus 2009, Microsoft Security Essentials Alert, or just continuous mesages asking and annoying you to pay to remove a virus?

Read other 2 answers
RELEVANCY SCORE 56

My computer slowed down lately, and it's lagging horribly even with simple tasks, like launching MS word. What's more, when I sent a mail to one of my friends (with ms outlook) his antivirus detected a virus in my letter. I launched Norton search, but it didn't find anything on my PC. Is there a better tool to check if I'm infected?

Read other answers
RELEVANCY SCORE 55.2

Hello,

I'm following the instructions in the Bleeping manual, after my daughter downloaded an infected streaming video on my machine a week ago.
I have downloaded the necessary tools, have run Defogger, but I am having a problem running dds.scr. When I click on it, I get a momentary flash as if a box is appearing on the screen (gone too fast to read, almost to fast to register). I am running Nod32, but that shouldn't (I believe) interfere with running a script. Is it possible that the infection is interfering with it? Suggestions would be appreciated.

Per instructions, I am posting the GMER log, which shows (I think) a rootkit

I wanted to list most of the issues of which I am aware

1. Periodic intense bursts of Internet activity, Comodo recording up to 1000 outbound connections.

2. A few times a day, several times when there has been no browser or similar software going (and when it has), NOD32 will note that it has disconnected a dangerous connection. Also, the log shows several trojans caught yesterday and today:

5/1/2011 7:26:21 PM HTTP filter file http://torpeda.cx.cc/fgdtshjdkyfhxtgstre.jar multiple threats connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.
5/1/2011 7:26:20 PM HTTP filter file http://torpeda.cx.cc/fgdtshjdkyfhxtgstre.jar multiple threats connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon a... Read more

A:Probable Rootkit infection

P.S. In the note above, I mention Comodo as my firewall. After a connectivity problem (which may have been more virus than Comodo), I had to remove it, and am using ZoneAlarm Free instead.

Read other 33 answers
RELEVANCY SCORE 55.2

Avast antivirus pointed at atapi.sys. I have popups from MS Internet Explorer for full page pop up adds every 10 minutes or so. And there is iexplorer.exe activity that I am not initiating in the Windows Task Manager.Thank you for the help.DDS (Ver_09-11-24.02) - NTFSx86 Run by Scott at 16:10:56.39 on Mon 03/29/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2045.1123 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchC:\WINDOWS\system32\rundll32.exesvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\system32\RioMSC.exeC:\Program Files\Spyware Terminator\sp_rsser.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\AVG\AVG9\avgnsx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\P... Read more

A:Probable rootkit infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 14 answers
RELEVANCY SCORE 55.2

Hello all,I am having regular (every 15 seconds) alerts from Avast : Virus foundFile name : C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYSWin32:Alureon-EUIt keeps happeing.Also, I've noticed that my explorer is redirecting to un-wanted web sites.Many thanks in advance for your help.Here is the DDS logs as requested :DDS (Ver_09-12-01.01) - NTFSx86 Run by 203859 at 22:23:13,83 on 16/12/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1033.18.1014.82 [GMT 1:00]AV: System Defender *On-access scanning enabled* (Updated) {EE00314C-8A66-43FE-B190-42B70B4501FC}AV: avast! antivirus 4.8.1368 [VPS 091216-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}FW: System Defender *enabled* {EB947184-3592-4AD1-BDFA-F8208D4A3F85}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Intel\Wireless\Bin\S24EvMon.exesvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev... Read more

A:Probable infection with Alureon-EU

avira's antivir at http://www.avira.com has a better antivirus and http://www.superantispyware.com has great spyware detector. and they are both free

Read other 7 answers
RELEVANCY SCORE 55.2

Thank you in advance for your help. Unfortunately, before reading this forum, I ran adaware se and norton antivirus. Hopefully this will not make it too much more difficult to clean the computer. I have attached the log file below. I get the "System Infected" wallpaper and some system tray icons (one is an x in a red circle and the other looks like a spider octopus kind of). Logfile of HijackThis v1.99.1Scan saved at 11:05:15 AM, on 1/15/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Documents and Settings\Russell\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR0 - ... Read more

A:Probable Spysheriff Infection. Please Help.

Hi,You have probably been helped elsewhere, but if you still need help can you post a new log from HijackThis. The notification system will tell me that you posted.In case you are not using the latest version of HijackThis (1.99.1), please download the latest version from one of these addresses:http://www.bleepingcomputer.com/files/hijackthis.phphttp://209.133.47.12/~merijn/files/HijackThis.exehttp://www.downloads.subratam.org/hijackthis.zip

Read other 1 answers
RELEVANCY SCORE 55.2

i think my system has been hit by a virus. it is not letting my antivirus (AVG free) upgrade, nor it is letting anyother antivirus installation. Windows is not updating as well. Msssage shows " cannot stablish connection with the remote computer" although my net is connected.

DDS results are

DS (Ver_09-01-07.01) - NTFSx86
Run by hp at 23:14:18.08 on 05-02-2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.91.1033.18.1013.163 [GMT 5.5:30]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: Norton Internet Security *On-access scanning disabled* (Outdated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwor... Read more

A:probable virus infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Random freezes, can't boot/reboot normally, certain apps won't run or complete, i.e. DDS hangs at "generating attach.txt" (found part of it, though), and Todo Backup 5.0 won't start a system backup.  Unfortunately, I did run rKill, then SUPERAntiMalware, then ComboFix before reading your "Preparation Guide".  I'm still limping along, however.

A:Probable Rootkit Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/516486 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 5 answers
RELEVANCY SCORE 55.2

Hey guys,I've had a Vundo infection for a couple days? I'm not entirely certain, but I can probably trace it back to Wednesday night. I'm usually the kind of person who does this stuff himself, so I've tried some things.1) Attempted HijackThis scan and analysis (Not attached)2) Ran Spybot Search & Destroy, once in normal mode once in safe mode. Virtumonde.dll and Virtumonde detected. Repeatedly scan and remove, new files repeatedly appear.3) Reattempt HijackThis scan, no new results (not attached).4) Attempt a full system scan using avast!. No results.5) Use VundoFix utility from this website. No results found. (No Logs produced)6) Use FixVundo Utility from Computer Associates. (Log Attached)7) Get desperate. Run DSS.exe as requested (Logs below)In addition to this, the malware appears to have changed my default browser from Firefox to IE. Its deleted my startup entry from avast!, though it appears only to have removed the icon from my system tray and not the resident scanners themselves. It has been triggering my Spybot Search and Destroy resident scanner as well, and I've attached the log file for that as well for what changes it has blocked and allowed. The relevant results start on 7/2/2008 (Resident.log). I've excerpted some entries since the file is very long (way bigger than 512k), but its been spamming my computer with registry change requests and browser helpers.From Resident.log is this entry, which repeats about a gagillion times: "7/2/2008 9:28:24... Read more

A:Probable Vundo Infection

Hello DSRML,Welcome to Bleeping Computer Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.Thanks,tea

Read other 9 answers
RELEVANCY SCORE 55.2

A friend of mine told me that he was getting a tremendous amount of "pop ups" and odd behavior on his laptop. I advised him to download Stinger since he was not using an AV program at the time and to start his computer in safe mode and run Stinger. He called me back and told me that he could not successfully get into safe mode, every time he tried he ended up with a BSOD.

I then had him run some basic Malware Removal Programs (Ad-Aware, Spybot, etc.). He told me that his laptop was still acting poorly and he was still plagued with "pop ups". He brought his laptop to me and I have been playing with it for a bit, and seem to have resolved the "pop up" issue, improved the performance issue, but I can't seem to make any progress with booting into safe mode (booting into Regular Mode is fine) or removing what i believe to be is a root kit infection.

I have gone thru the Malware removal process on these forums and still am not having any luck. I used to work on computers but have fallen way off the troubleshooting wagon as of late.

Any advice anyone can give would be greatly appreciated. Thank you very much in advance.

Sincerely:

Matt

A:Probable Rootkit Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 55.2

Hello,

I am running Windows 7 64-bit on my laptop. I use Microsoft Security Essentials for my antivirus. I had put in my pendrive (after it returned from a friend's machine) and had got the prompt of a security threat, I chose clean computer, and it said it has been successfully done so. I then proceeded to formate the pendrive.

I wouldn't have guessed my computer was still infected, but when I tried to download a file, I was prompted I do not have permission (which I supposedly had prior to using the pendrive). I then went to a folder in the drive holding widows (C drive)>properties>security, there are additional gorups/usernames that I am pretty sure are not by choice (they go by the names TrustedInstaller, CREATOR OWNER, SYSTEM). I am unable to change permissions and remove their rights. This is more or less everything that happened :|

As I am running a 64-bit OS, I have not run GMER. Please et me know if I still should. Also, I do have a Windows OS boot disc with me.

Thanks a ton!!!
Cheers
Devvrat
------------------------------------------------------------
DDS:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by DELTA at 1:56:45 on 2011-08-13
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3959.2475 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: ... Read more

A:Probable infection: Recycler

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 14 answers
RELEVANCY SCORE 55.2

Greetings,

This is about a Gateway laptop running Vista with SP2. Google searches redirect routinely in Firefox. Windows Update consistently fails with an "unknown error" - Code 80072EFE. IE blue screens on launch with the error "IRQL_Not_Less_or_equal". The machine is running extremely slow (DDS took over 20 minutes), and has constant hard disk activity, even with no programs explicitly running. GMER blue screened with the message "Page_fault_in_nonpaged_area". Before it did, though it detected a rootkit even before I pressed the scan button, \Device\Harddisk0\DR0, sector 00 (MBR, rootkit-like behavior. Similar messages for sectors 32, 63, and 156301232. It asked whether I wanted a full scan, said no in order to uncheck the IAT/EAT box. Saved that portion of the log as gmer_partial.log, which is attached. Tried GMER again, ran for much longer, but eventually blue screened, couldn't catch the error message, but it was different.

So, hopefully this will give you enough to start with. Thanks in advance for your assistance.

Mark

Here's the DDS.txt:
DDS (Ver_10-12-05.01) - NTFSx86
Run by Cal Robotics at 19:46:17.89 on Wed 12/29/2010
Internet Explorer: 7.0.6002.18005
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.1021.159 [GMT -8:00]

AV: Symantec AntiVirus *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *disabled* (Updated) {6C85A515-B91D-... Read more

A:Probable rootkit infection

Greetings,

A bit of an update. I got GMER to run to completion in safe mode, log is attached. I also uninstalled StopZilla (it had expired anyway), and ran a full Symantec scan, which found three risks, two of which were ancient and can be ignored. The one of interest was Backdoor.cycbot!gen2. It reported all of them as cleaned. In any case, I ran dds again to reflect these changes, ran much faster this time, and the logs are below. Also, a further detail, I frequently get messages saying that the "Host Process for Windows services stopped working and was closed". The Symantec logs report blocking it because it targets running Symantec processes. Don't know if that helps, but when that happens, Windows wants to get updates, which of course aren't working, so it makes matters worse. Finally, IE has stopped blue-screening for some reason, but definitely has the redirect problem as well.

I totally understand the need not to have a moving target, and will not tamper with the system except at your direction once we start working together.

Thanks again,

Mark
DDS (Ver_10-12-05.01) - NTFSx86
Run by Cal Robotics at 1:08:51.97 on Thu 12/30/2010
Internet Explorer: 7.0.6002.18005
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.1021.163 [GMT -8:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP:... Read more

Read other 14 answers
RELEVANCY SCORE 55.2

I posted the following in the general security forum. See below for updates.

<---begin paste--->

I have a new laptop (Vista home premium 7.0) with which I have done little surfing. I have used it mainly to update my webpages at a new subdomain. Recently, when I access the website through IE7, the browser shows me the following:

This website wants to run the following addon: 'Remote Data Services Data Control' from 'Microsoft Corporation'. If you trust the website and want to allow it to run, click here... Click to expand...
At the same instant, I get a message that my computer has blocked bloodhound.exploit.109, and that my computer is secure.

There is an image placeholder on the page, and when I do a view>source, an extra line has been added to the source code just after the <body> tag, as follows:


<script language='JavaScript' type='text/javascript' src='?????.js'></script> Click to expand...

where ????? is a 'random' filename. If I check the server, that file does not exist on the server.

If I refresh the page, the line is gone, and the page is normal.

Of course, this isn't from Microsoft, so I haven't installed it. I have seen the same thing happen on another computer from the same webpage. No other webpages on the site show this. The webpage will load normally for some length of time before it tries again.

The website it wants to connect to is
http://bds(dot)... Read more

A:probable infection - me or server?

Bump and another update:

The mal/iframeF was evidently a server bug that was quite prevalent earlier in the year. I am assuming this is on the server rather than my machine, but of course I don't have the knowledge to make that call. Still waiting for someone in the know to give me a point in the right direction, at least!

Thank you for your support.

Donating member TBF
 

Read other 1 answers
RELEVANCY SCORE 55.2

Ran some more diagnostic tools

THIS APPEARS TO BE A ZEROACCESS INFECTION!

Please help.

Attaching all the diagnostic output I can.

Thanks
Brian

A:Have possible/probable rootkit infection

Output of combofix, in a zip file, attached.

Read other 11 answers
RELEVANCY SCORE 55.2

Hi,My desktop is exhibiting the symptoms of a rootkit virus. My Google and Bing search results are being hijacked, some links when clicked on spawn another window that points to search.google-analytics.com or wordslife.com or a few other URLs, I am unable to open anti-malware programs (SpyBot, which I uninstalled before I did any research, and Malwarebytes), and (this symptom may or may not be related) after remaining idle for more than say, half an hour, my computer restarts of its own accord. I ran TDSSKiller, which came up with this: C:\Windows\system32\drivers\ndis.sys, but it was unable to fix the problem. And now I'm here, having followed the instructions on this page: http://www.bleepingcomputer.com/forums/topic34773.html.Can you help me? (I'm running Vista on an HP, and the problem is in both IE8 and Firefox.)DDS (Ver_10-03-17.01) - NTFSx86 Run by brady at 18:28:42.26 on Mon 09/13/2010Internet Explorer: 8.0.6001.18943Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2942.1736 [GMT -7:00]AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: Norton Internet Security *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Windows\system32\win... Read more

A:Probable Rootkit Infection

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 25 answers
RELEVANCY SCORE 55.2

Hi all,

Great forum with a ton of info.. I am not an expert by any means but help out a bunch of friends and family with computer hardware/software issues. Most are spyware/viruses as you all know all too well. I use superantivirus/spybot and maiwarebytes all the time and they have always fixed the virus issues for the most part. Well, the other day my friend said his kids computer took a crap and asked if I can look at it, so I did. Man was this thing in some trouble. When I logged on for the 1st time, a crap load of (what I suspect to be trojans) popped up all over and I could not install or even open any file other than task manger. I went into safe mode and pretty much the same thing. I found some nasty trojans rite off the bat like Windows Police Pro, and Windows AntiVirus Pro. After a bunch of dicking around, I was finally able to manually delete many of the trojan files and at least get into regedit to do some repairs. After I fixed regedit I was at least able to open files and run some programs. The 1st was superantivirus (1 of my favs) and it found a bunch of trojans and stuff. But when it got to a certain bug (rootkit.mailer I think) it would crash and or reboot the system. I was like holy *^&%$. I have not come a cross a trojan that would crash the anti virus software when it was detected before.?.. Major bummer. I did some more research and could not find exacts. I can't install malwarebytes or Hijackthis (they just close after I hit install), but I was ... Read more

A:Probable rootkit infection.

Here is a quick summary of what changed since my post last night. I seen a few posts here with very simular issues and followed that instruction.1st I installed Combo Fix and followed all the instructions. It fine at 1st and after loading and found about 12 Rootkit trojans. I asked me to jot them down and then reboot. Some were system32/drivers/SKTNET.ofibijgm.dll ect.When it rebooted, I noticed it tried to start but was killed. I tried it again and the same thing. So I was like crap, here we go again. I booted in safe mode this time a strated the process over. It worked again up to stating there was a bunch rootik bugs found (this time about 7 more) like GASFKYrhqrwqxr.dll. But after I rebooted this time, the program started up and began to run. I found a bunch of issues and fixed most of them (I think). I created a log that I will attach this time. But I still could not open/install malwarebytes or a couple other antivirus programs. I go go all over the web, but if I try to go to malwarebytes web, I lose the page. So it appears I am still hijacked BIGTIME. 1 good thing is that I am now able to run superantispyware all the way without it rebooting my system or crashing the program. A thorough scan found about 70 issues and cleaned them. But still can't install malwarebytes. When I do another thorough scan in superantispy, it still finds about 20 of the same issues like "Rootkit.Mailer/Gen".So it appears it is finding them, but just can't kill/quarentine them correc... Read more

Read other 3 answers
RELEVANCY SCORE 55.2

I think I'm infected with the ctfmon32.exe thing. I have scanned my computer several times with spybot (fully updated) and with spysweeper (also updated, but no virus scan), and even Trendmicro (with virus scan). None of them have been able to catch it.

whenever I restart my computer, spybot will have a popup window that says something with a change in the registry and this program is trying to startup. So I look for more info and it says that it's the ctfmon32.exe, that is some sort of malware or spyware. After I click, "deny change", other spybot warning windows appear, showing the following application names also indicated as being changed in the registry: SsAAD.exe and TkBell.exe. Each time I have put deny change.

These are just 3 of the main windows that appear from spybot, there were another 4 or so. But these have since stopped appearing when I attempted to delete the ctfmon32.exe thing by running my computer on safe mode based on advice from bleepingcomputer website.

So, how can I make sure I don't have this bugger anymore?

HOpe someone can help!

A:Probable Infection With Ctfmon32.exe, Need Help!

Please download MsnCleaner.zip and save to you Desktop. (in addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.)Extract (unzip) the file to your desktop. (click here if you're not sure how to do this) but DO NOT use it yet.Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Double-click MsnCleaner.exe to run the tool.Click the "Analyze" button.A report will be created after the scan and will be saved to C:\MsnCleaner.txt.If it finds an infection, click the "Deleted" button.Reboot normally and post the contents of MsnCleaner.txt in your next reply.

Read other 7 answers
RELEVANCY SCORE 55.2

Hello all , and let me first thank you all for the help that you will provide.

a couple of days ago while shutting down the pc I got a box telling me "shutting down program xxxxxxxxxwx" (the x are small boxes as the one when you don't have the right char set).

I think the pc is a little slower and uses some more swap memory.

here is the log

Deckard's System Scanner v20071014.68
Run by Paolo on 2008-02-01 21:19:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-01 10:19:51 UTC - RP1 - Punto di arresto del sistema


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-01 21:23:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\v... Read more

A:probable unidentified infection

bump, bump

Read other 1 answers
RELEVANCY SCORE 54.8

Here is my hijack this log. I believe it is the virus.bat.8fish, and possibly more. I got the "a whale will drop monday" message. I am currently running Microsoft Windows Malicious Software Removal Tool because it has done well in the past for me. I am also running a program called GMER but i don't have any experience with it and i'm not sure what it is really doing at the moment.... Any help will be much appreciated!Edit: some other useful information, I keep getting the Vista Internet Security popupsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:53:37 PM, on 3/7/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18385)Boot mode: Safe mode with network supportRunning processes:C:\Users\Tony\AppData\Local\av.exeC:\Users\Tony\Desktop\gmer.exeC:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\TrendMicro\HiJackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion... Read more

A:probable virus.bat.8fish infection

I'm pretty sure I fixed it! It was a rogue and I used the http://www.bleepingcomputer.com/virus-remo...irus-vista-2010 tutorial to get rid of it. I'm still running scans to make sure it's all gone but so far all obvious symptoms have disappeared.

Read other 2 answers
RELEVANCY SCORE 54.8

I am using a Dell OptiPlex 390 (Core i5-2400 CPU) with 8GB RAM. I am running Windows 7 Professional (64-bit) with the latest patches applied. A couple of weeks ago I started getting lots of popups while browsing (using IE 9.0.8112.16421). Also having problems accessing some secure websites (I get the following error message: ?The site's security certificate is signed using a weak signature algorithm?). Occasionally, I?ll get the message ? ?mcconsole.exe ? Ordinal Not Found The ordinal 1112 could not be located in the dynamic link library WSOCK32.dll?. Also getting random browser redirections. I'm pretty sure I am infected with something. I had malwarebytes installed (free version) so I updated and did a scan, but it did not detect anything. I also ran TDSSKiller, but again, it did not detect anything. I have not taken any further action.

A:Browser redirect/Probable infection

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 3 answers
RELEVANCY SCORE 54.8

Hi
 
Hopefully somebody here can help me.  I posted on the "Am I infected? What do I do ?" board a few days ago and was advised by Broni that it looks like I'm infected with ZeroAccess Rootkit and that the good people here should be able to help me.
 
The original thread can be found here  http://www.bleepingcomputer.com/forums/t/499686/cant-start-security-centre-cant-download-anything/
 
I'm running a Toshiba Satellite laptop with Windows Vista Home Premium Service Pack 2 (32bit)
 
If you need any more information then I'll do my very best to provide it.
 
Regards
Alec
 
Description of fault:
 
I'm using a laptop running Vista home premium SP2. My browser is IE9. I have been using MSE as my anti virus software. Approx 2 weeks ago I instructed MSE to run a full scan rather than a quick scan (which it is set to do every 24hours). This detected several threats which it removed/deleted/cleaned. However I then realised that my windows firewall couldn't be started through the Security Centre. I noticed it was missing when I ran "services". Looking at various sites I did something in the registry and installed a fix from the microsoft site which fixed the problem. Everything seemed to be fine and security centre showed everything working as it should.
 
However today I tried to download a catalogue from a website and got the message "file contained a virus and was deleted". I've tried to download several files. It doesn't matter wha... Read more

A:Probable ZeroAccess Rootkit infection - please help!!

Hello alecandlaura I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the s... Read more

Read other 34 answers
RELEVANCY SCORE 54.8

So here's the problem...   my computer has been acting up for a while, but I've dealt with it because it worked for what I needed it to and wasn't worth the hassle to fix it.  However recently, my explorer.exe file suddenly started to use all of my computer resources.  I have a very high suspicion that I'm infected with at least one type of malicious software.
 
I've always been able to get rid of viruses and malware myself in the past, with the aid of reading forums like this dealing with similar problems, but this time I am at a loss and posting is my last resort.
 
I have used ad-aware, superantispyware, spybot - search & destroy, tdss killer, AVG, GMER, and yes, even Combofix, even though I know I shouldn't have.  Combofix used to always solve any problem I would have, but now it says I'm infected with Rootkit.ZeroAccess and just sits there for days on end without working in Safe or Normal mode.
 
I even followed the Preperation Guide and tried running dds.com, but it just sits there too indefinitely.  So therefore, at this point, the only thing I can provide is a Hijackthis log and await further instructions.
 
Even though I probably have done most of the steps y'all will recommend, I am more than willing to do them again and whatever else it takes to finally get my clean computer.  Thank you in advance for anyone willing to help.
Logfile of Trend Micro HijackThis v2.0.4
Scan sa... Read more

A:Explorer.exe @ 100%. Probable Rootkit infection.

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

--RogueKiller--
Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+==============

Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.
IMPORTANT

If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.

Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait... Read more

Read other 37 answers
RELEVANCY SCORE 54.8

The last few days my pc has been doing some really weird stuff. Upon opening MSN, coversation windows will "flicker" on and off the screen, and some people have said i have spammed them with links, though i haven't. Tried a system restore a few days ago, got as far as "Click next to retstore you system to the selected point" but clicking next did nothing. There has also been some very random error messages, with options like Ok to terminate Cancel to debug which i've never seen before. There's also a few things in my list of processes that look a little sus. I honestly don't know how many times svchost.exe is supposed to be in there ><

here's my HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:13 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Inter... Read more

A:Probable Infection. Unsure what type though.

Bump
 

Read other 3 answers
RELEVANCY SCORE 54.8

So I have had to change passwords on several different sites because my passwords no longer worked. I know they were right because I wrote them down and typed them in correctly. This has happened twice on teh same site, and several times on a few others. I'm guessing possible keylogging/spyware software on my computer. I've run malwarebytes and norton antivirus but have not found any indications of anything on my computer. Are there any good free programs that can detect and remove spyware extremely well? Please help, thanks!

This is my first post here so if I need to change something or put more info, please tell me!! thanks!!!

A:Probable infection with keylogger/spyware

Hello and welcome, Let's try these.Next run ATF and SAS:Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser c... Read more

Read other 13 answers
RELEVANCY SCORE 54.8

Hello,

My daughter had an Antivirus Pro 2010 popup occur on the family desktop yesterday. I closed the popup but later noticed the McAfee OAS icon on the toolbar indicated it was disabled. I was unable to restart McAfee OAS and also found that I could not start Task Manager.

I have disconnected the infected PC from the internet and am contacting you via a clean laptop. I have attached the reports produced by DDS.scr. I can't produce a GMER report as I get a BSOD when I run the exe.

Hope you can help.

A:Probable AntiVirus Pro 2010 infection - cf

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for postin... Read more

Read other 22 answers
RELEVANCY SCORE 54.8

I stupidly downloaded an exe the other day and executed it before I scanned it and have since been absolutely torn apart by this nasty virus. Not exactly sure what it is, but it blocks task manager, windows security center, changes the background, stops me from accessing folder options, continuous pop-ups, etc.. I have since stopped and removed most of the ailing issues but the prevailing pop-ups and the background are still unchangeable. So here is my hijackthis log, tell me if I can help any other way. Please help me get rid of this!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:37 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\alg.exe
D:\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WIN... Read more

Read other answers
RELEVANCY SCORE 54.8

Here it is:
Logfile of HijackThis v1.98.2
Scan saved at 21:29:35, on 30/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SmFjcXVl\command.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
D:\programs\系統維護/Security\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3C... Read more

A:Hijackthis log - probable winlogon.exe infection

Hi. Sorry that I need to post my log again. A friend of mine did me a favour to help me fix the problem. Then I was asked to "fix" some lines in the HijackThis and my windows XP starts to act funny...

So I re-install the windows and re-do the HijackThis log again:

Logfile of HijackThis v1.99.1
Scan saved at 2:00:12, on 1/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinRAR\WinRAR.exe
D:\programs\系統維護/Security\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKL... Read more

Read other 11 answers