Over 1 million tech questions and answers.

Antivirus XP 2008 and Malware Protector 2008

Q: Antivirus XP 2008 and Malware Protector 2008

Hello, my wife was downloading a "David Cook Video" from some unknown website. She screamed when all of these pop-ups came up. I closed them out and ran AVG 8. It was unable to remove the virus. Then the desktop went blue and the system kept trying to restart but could not, another blue screen came up with white text. I was able to restart in safe mode. I have 2 new items on my desktop XP antivirus 2008 and Malware Protector 2008. Thanks in advance for your help.

I have posted my System Scanner file below and will attach my Active Scan and Extra.txt file.



Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 09:04:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-07-08 13:04:04 UTC - RP4 - Deckard's System Scanner Restore Point
2: 2008-07-08 11:41:55 UTC - RP3 - Last good restore point
1: 2008-07-08 11:41:33 UTC - RP2 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:20 AM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\lphcgu5j0e1cl.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://activate.verizon.net/launch/...o_pc_help.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [lphcgu5j0e1cl] C:\WINDOWS\system32\lphcgu5j0e1cl.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [SMshcnu5j0e1cl] C:\Program Files\shcnu5j0e1cl\shcnu5j0e1cl.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe

--
End of file - 10297 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys

S3 sysrest.sys - c:\windows\system32\sysrest.sys (file missing)
S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 09:55:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 07:39:59 60928 --a------ C:\WINDOWS\system32\blphcgu5j0e1cl.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-07 20:47:16 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\shcnu5j0e1cl
2008-07-07 20:47:09 0 d-------- C:\Program Files\shcnu5j0e1cl
2008-07-07 07:32:55 0 d-------- C:\ie-spyad_zo
2008-07-07 07:26:17 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-07 07:21:42 0 d-------- C:\Program Files\SpywareBlaster
2008-07-07 01:00:09 0 d-------- C:\Program Files\Panda Security
2008-07-06 23:04:32 0 dr-h----- C:\Documents and Settings\Compaq_Owner\Recent
2008-07-06 21:04:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\rhclu5j0e1cl
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Templates
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Start Menu
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\SendTo
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Recent
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\PrintHood
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\NetHood
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-06 13:08:46 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-06 13:08:46 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-06 13:08:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-06 13:08:44 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-06 11:25:17 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\rhclu5j0e1cl
2008-07-06 11:25:13 0 d-------- C:\Program Files\rhclu5j0e1cl
2008-07-06 11:24:20 109056 --a------ C:\WINDOWS\system32\lphcgu5j0e1cl.exe
2008-06-14 1400 0 d--h----- C:\$AVG8.VAULT$


-- Find3M Report ---------------------------------------------------------------

2008-07-08 09:07:00 0 d-------- C:\Program Files\Trend Micro
2008-07-06 12:58:01 0 d-------- C:\Program Files\Virtools
2008-06-18 16:29:56 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2008-06-15 10:55:53 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-05-27 11:10:44 0 d-------- C:\Documents and Settings\Compaq_Owner\Application Data\AVGTOOLBAR
2008-05-27 08:59:30 0 d-------- C:\Program Files\AVG
2008-05-22 09:55:01 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/03/2008 10:05 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 10:05 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/08/2005 01:11 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"SMSERIAL"="sm56hlpr.exe" [01/24/2005 05:56 AM C:\WINDOWS\sm56hlpr.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [10/25/2004 06:17 PM]
"PCDrProfiler"="" []
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [12/26/2005 11:01 PM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [05/10/2005 08:50 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 01:34 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [02/17/2005 09:11 AM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [09/17/2007 01:07 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [05/16/2006 05:58 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 10:05 PM]
"lphcgu5j0e1cl"="C:\WINDOWS\system32\lphcgu5j0e1cl.exe" [07/06/2008 11:24 AM]
"sysrest32.exe"="C:\WINDOWS\system32\sysrest32.exe" []
"SMshcnu5j0e1cl"="C:\Program Files\shcnu5j0e1cl\shcnu5j0e1cl.exe" [07/07/2008 01:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 10:51 PM]
"Steam"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 2:17:18 AM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 258 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [11/18/2005 10:58:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eligmini]
C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe 0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\x3watch]
C:\Program Files\X3watch\x3watch.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1dd6b764-5ba9-11da-9f09-0013d4d6fb6f}]
AutoRun\command- J:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ec924e6-5ddb-11db-a091-0013d4d6fb6f}]
AutoRun\command- J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a6533d4-b3f0-11dc-a311-0013d4d6fb6f}]
AutoRun\command- J:\setupSNK.exe

*Newly Created Service* - PAVBOOT



-- End of Deckard's System Scanner: finished at 2008-07-08 09:09:09 ------------

RELEVANCY SCORE 200
Preferred Solution: Antivirus XP 2008 and Malware Protector 2008

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Antivirus XP 2008 and Malware Protector 2008

Bump.

Read other 12 answers
RELEVANCY SCORE 123.6

suddenly those programs appears at my pc!!! please help me... here is the hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 15:33:59, on 10/7/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\TEMP\wyn3.tmpC:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Arquivos de programas\Bonjour\mDNSResponder.exeC:\Arquivos de programas\Nero\Nero 7\InCD\InCDsrv.exeC:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\syst... Read more

A:Infected With Malware Protector 2008 And Antivirus Xp

Hello Thiago Ol?vio and welcome to BC. Let's see what we can find. Please follow the steps below in order:Before running a new scan let's clean out the temporary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Close ALL Internet browsers (very important).Click the Empty Selected button.Click Exit on the Main menu to close the program.Now download OTScanIt from here or here to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
In the Drivers section click on Non-Microsoft.Under Additional Scans click the checkboxes in front of the following items to select them:Reg - BotCheck
File - Add... Read more

Read other 5 answers
RELEVANCY SCORE 123.6

I got XP antivirus 08 on 7-2-08, I tryed removing it with add/remove programs and didn't work, after 5 min I got Malware protector 2008, So I scanned my computer with AVG anti virus, Ad aware 2007, Spyware terminator, spyware doctor and malwarebytes anti malware, I also did the cleaning process with Smitfraudfix, and heres is the good thing, there's no pop ups, nothing starts when I restart the pc, theres no bugs on the screen and is not bothering me at all right now, but i still see them, the folders are still in program files (malware protector = shcl67j0e3ul , xp antivirus = rhcn67j0e3ul ) and they are in add/remove programs still. I also followed some manual instructions on how to remove them ( http://www.xp-vista.com/spyware-removal/xp...-antivirus-2008 ) and it seems like the re-produce or something, because they came back. Also the uninstall option has a red "x" on the side, I guess that means it doesn't work. I don't know what else to do, I was thinking on restoring the computer to a day before I got these viruses, but I don't want to mess my computer up and I don't have the windows cd with me. If you guys could help me I would really appreciate it. Thanks! Deckard's System Scanner v20071014.68Run by Owner on 2008-07-07 18:46:12Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System... Read more

A:Infected With Malware Protector 2008 And Xp Antivirus 08

Hello Jota_leslie and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is compl... Read more

Read other 5 answers
RELEVANCY SCORE 121.2

I have tried to stop this spyware xp2008 with no sucess. It has stopped me from doing anything on my computer. I have Spywear Doctor that took me 10 hours to run. It found 6 trojans and delted them but now I still get a sign saying that I have MalwareProtector 2008. A website told me to download mbam-setup. There is no way for me to get into "my computer" from "start". I did download it but now I can't open it to run it. When I click on my "start" button now, all programs are missing.

When I turn off the computer and power it on again, this is the message - RUNDLL Error loading C:\WINDOWS\system32\oljqvcfu.dll. Next line says The specified module could not be found.

Please help.

Read other answers
RELEVANCY SCORE 107.2

I am in need of some MAJOR help.... this is my daughters computer and is majorlly infected....


ComboFix 08-06-20.4 - Cat 2008-06-25 19:49:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.482 [GMT -4:00]
Running from: C:\Documents and Settings\Cat\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Desktop\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\How to Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Register Malware Protector 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\b\Favorites\Online Security Test.url
C:\Documents and Settings\Cat\Application Data\AXPDefender
C:\Documents and Settings\Cat\Application... Read more

A:Malware 2008 / Antivirus XP 2008 HELP PLEASE!!!!

Deckard's System Scanner v20071014.68
Run by Cat on 2008-06-25 20:23:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-25 20:23:58
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security 12\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security 12\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 12\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\syste... Read more

Read other 17 answers
RELEVANCY SCORE 105.2

Hello all. This is my third time making this thread, so I assume that I am doing something wrong. If so, please let me know what it is so I can receive help.

I am having a problem with the Malware Protector 2008 malware. It causes bugs to appear when idle, sends me popups, and placed a tray icon in the corner that wont leave.

I followed all 5 steps, but I had trouble with 2 and 5. With 2, the scan found nothing and will not give me a chance to save the log. With step 5, only the main.txt file shows after the DSS scan. No extra.txt file appears. Here is the DSS scan.

Deckard's System Scanner v20071014.68
Run by Tashaun on 2008-06-09 12:19:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 9.72 GiB (less than 15%) free.


-- HijackThis (run as Tashaun.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:06 PM, on 6/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\syste... Read more

A:Please Help, Malware Protector 2008

Hello -

Part of the problem is, we're just very busy in this section. Creating new threads is not the solution.

The first thread, you asked to be deleted, so it was. You've now created a third thread, when we ask that all members be patient, and if no reply is received after 3 days, to bump their thread once.

This thread is closed.

Read other 1 answers
RELEVANCY SCORE 105.2

I woke up this morning to see bugs eating my desktop. I was furious to say the least. With a whole lot of searching and trying random things, I have yet to rid of the Malware Protector 2008. I followed all your guides and have come with this:Deckard's System Scanner v20071014.68Run by Owner on 2008-06-11 17:48:49Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Failed to create restore point; System Restore is disabled (service is not running).Backed up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Owner.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:49:15, on 6/11/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spools... Read more

A:Malware Protector 2008...

Hi and Welcome to the forums.Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yetO4 - HKLM\..\Run: [ArtChk] C:\WINDOWS\system32\artchker.exeO4 - HKLM\..\Run: [lphclunj0ea1a] C:\WINDOWS\system32\lphclunj0ea1a.exeO4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKCU\..\Run: [Xerng] C:\WINDOWS\system32\?ssembly\?hkntfs.exeO4 - HKCU\..\Run: [Kzhvig] C:\WINDOWS\system32\??pPatch\t?skmgr.exeO4 - HKCU\..\Run: [Lorlc] C:\WINDOWS\system32\?ssembly\w?nspool.exeO4 - HKCU\..\Run: [Yewmwa] "C:\Documents and Settings\Owner\Application Data\?ssembly\w?auboot.exe"O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked ButtonNext,update MBAM and run a quickscan,remove all it finds and reboot if needed.Once thats complete,Download ComboFix from Here or Here to your Desktop.Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackt... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

Looks like Malware Protector 2008 made its way onto my computer. Not sure if I was successful in getting rid of it. It wiped out my background screen to a plain blue screen and am still getting booted to an error message screen stating I must shut down my computer to avoid permanent damage.Can someone take a look at my log and let me know if I need to do something else? Thanks in advance.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:14:48 PM, on 6/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\winlogon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: Adobe PDF Reader Link Hel... Read more

A:Malware Protector 2008

Hello Pors and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

Hi,Malware Protector is constantly popping up after I login to my laptop as well my desktop background reads, "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer. I used Malwarebytes' Anti-Malware to no avail. As you've requested, a copy of "main.txt" from DSS will be included in the body of this email, but the other txt file (extra.txt) didn't display. If you need that file as well, let me know another way to get that file and I'll try again. ThanksDeckard's System Scanner v20071014.68Run by TrombetD on 2008-06-16 20:37:00Computer is in Normal Mode.--------------------------------------------------------------------------------Percentage of Memory in Use: 86% (more than 75%).Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as TrombetD.exe) --------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:37:05 PM, on 6/16/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\Novell\XTAgent.exeC:\WINNT\system32\ibmpmsvc.exeC:\WINNT\system32\Ati2evxx.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32 ... Read more

A:Malware Protector 2008

Hello Troms and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, ... Read more

Read other 5 answers
RELEVANCY SCORE 105.2

I have been infected by this fake Spyware Remover program and there is a box on my desktop that says, "Warning! Spyware detected on your computer! Install an anti-virus or spyware remover to clean your computer." Every now and then I get a blue screen saying my computer has to shut down but it doesn't. I found some sites that say they have solutions to this, but I suspect they may also be fake. What can I do to remove this from my computer and restore it fully? Please help. Thank you.

A:Malware Protector 2008

G'Day Powerpunk5000, Welcome to TSF!

Please read this article? "Having problems with spyware and pop-ups? - First Steps"; follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the HiJackThis Log Help Forum.
(Simply, click on the coloured links to be re-directed.)

Please ensure that you create a new thread in the HiJackThis Log Help Forum; not back here in this one.

When carrying out The 5 Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed.
However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to The HJT Help Forum; where an Analyst will assist you with other workarounds.

Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Good Luck with it.

Kind Regards,

Read other 1 answers
RELEVANCY SCORE 105.2

i don't know what i must doing... attacked my computer malware 2008 and I installed more porgrams...but he still is on! pls help me
(Mod edit: Moved to a more appropriate forum ~ rigel Win XP => Am I Infected)

A:Malware Protector 2008 Wtf?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Acan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen:Click on the Show Results button to se... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

Hi,

I've been reading through these forums for a couple of days trying to figure out some more options for myself.

I appear to be yet another victim of Malware Protector 2008; I've read up quite a bit on-line and have followed most of the automatic removal instructions;

I've restarted in safe mode, run SmitFraudFix, let it do it's thing and emptied out my temp folder.
I've also tried Malwarebyte's Anti-Malware,
Spybot Search & Destroy,
and AVG.

When I remove the files in Safe mode, it appears that my computer is clean. The second I restart in normal mode, the program reasserts itself.

It has changed my clock to read in military time, and has made my desktop a blue screen with a warning that have Spyware which must be removed; Also, occasionally a window named "BluScreen Screen Save Configure" pops up and reads:
Sysinterals; with an option to check "Fake disk activity".

I've bee attempting to get rid of this for two days now, so any help would be much appreciated.

A:Malware Protector 2008

Hello, Klmnumbers.Download Ad-ware this may find it, update it then go into safemode then scan with it: heres the link: Ad-wareIf Ad-ware doesnt pick anything up then please download SuperantispywareAnd run this in safemodeGet back to us and let us know the results.

Read other 29 answers
RELEVANCY SCORE 105.2

I have been infected with this program and I am very computer dumb.

I could not understand instructions on other websites on how to remove things.

I think I have deleted most the stuff but the biggest annoyance still there is this screensaver with bugs crawling on screen and also i found that the option to change my screensaver is not there anymore.

Like I right click the desktop and go to properties and only tabs up top are theme appearance and settings.
Sorry if I didn't post right and for being dumb but i can't seem to figure this out.

A:Malware Protector 2008

Hello Tony99 and welcome to BC I see that you have a HiJack This log posted here: http://www.bleepingcomputer.com/forums/t/151189/combofix-log-blue-screen-problem/ Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you an... Read more

Read other 1 answers
RELEVANCY SCORE 105.2

I can't get rid of this, please help.Deckard's System Scanner v20071014.68Run by Compaq_Administrator on 2008-06-08 17:15:42Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-08 21:15:48 UTC - RP6 - Deckard's System Scanner Restore Point1: 2008-06-08 21:04:00 UTC - RP5 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Compaq_Administrator.exe) --------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 17:17:39, on 6/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EX... Read more

A:Malware Protector 2008

Hello Ianmaybeme and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is comple... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

Operating system: Windows XP SP2
My son downloaded something yesterday that included this and maybe more. I thought I got rid of part of it last night but spybot keeps popping up with different things and I know part of it is still there. I have run AVG and Spybot numerous times. If anyone can help, I would really appreciate it!
Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:27 AM, on 7/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C... Read more

A:Solved: Help getting rid of Malware Protector 2008

Hi, Welcome to TSG!!

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be p... Read more

Read other 3 answers
RELEVANCY SCORE 104.4

Hi,Have been infected wsith Antivirus XP 2008 & Malware Protector 2008. Have the dreaded blue screen and a "warning Spyware detected on your computer"Restore points have been removed, ran virus scan, Malwarebytes Anti-Malware, Ad-Aware, Spybot, have cleaned outtemp files, internet files, sysclean, and numerous other things. Have done this repeatedly in regular and safe mode, still no luck.What am I missing? Any help will be greatly appreciated...Here is my Hijackthis log....Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:49:51 PM, on 6/28/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\... Read more

A:Antivirusxp & Malware Protector 2008

Hi, welcome to BC. Unfortunately, one or more of the identified infections is a backdoor trojan.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Read other 22 answers
RELEVANCY SCORE 104.4

Hello. I've recently been infected with Malware Protector 2008, I think just on the 21st. I have tried feverishly to remove that nasty program. I think I've gotten in, but it seems to me that I have other residents in my system! I am posting a Deckard's scan log as well as my Hijack This log. I am begging for help here! I work from home and handle confidential legal matters so I am freaking out here.

Thanks so much in advance for your help. What an invaluable service!
Janice

Deckard's System Scanner v20071014.68
Run by Mom on 2008-06-23 20:44:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-24 00:44:51 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-23 23:09:47 UTC - RP3 - System Checkpoint
2: 2008-06-22 21:19:54 UTC - RP2 - Software Distribution Service 3.0
1: 2008-06-22 19:19:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mom.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:45 PM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\Syste... Read more

A:Malware Protector 2008, afinding.exe and others!

Hello and Welcome. Apologies for any delay in replying, but we have been rather busy lately.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

If you're not receiving help elsewhere, and still require assistance for this issue, and since it has been a few days since you first posted, please do this:

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

---------------------------------------------------------------------------------------------

Thank you.

Read other 1 answers
RELEVANCY SCORE 104.4

*EDIT* *I did not attach a log or run a scan for the Panda web scanner. It was down at the time of this posting and I could not get it to respond. Sorry if that complicates things.*

As the title says, this malware got me. I'm not sure from what, I don't really do any browsing that I would consider questionable. Constand pop-ups and ad sound bytes playing in the backround, fake BSODs and it changed my desktop, homepage, clock, screensaver and probably lots of other stuff i've yet to discover. I did try to get rid of it on my own, as I am usually capable of doing so. I stopped the processes and deleted the files and registry keys associated with this malware. It helped, but didn't solve the problem.


Thanks in advance, and here are my logs:

Deckard's System Scanner v20071014.68
Run by Dan on 2008-06-20 22:20:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-06-21 02:21:00 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-06-20 23:35:56 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-20 22:22:17
Platfor... Read more

A:I am infected with Malware Protector 2008

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

I see you have WildTangent Web Driver installed on your system. Although not technically spyware, it does have built-in components to update itself and collect information about your computer. We recommend uninstalling it. Please read here for information, removal instructions, and a link to an automatic removal to... Read more

Read other 1 answers
RELEVANCY SCORE 104.4

After reading the rules, I think I wasnt informative enough with my other thread. Please delete it, I hope I followed all the rules with this one.


I have sthe same problem as another person on the front page. The Malware Protector 2008 is causing bugs to eat my screen when idle. Its also causing popups for their Malware removal program.

I have done the 5 steps. Step 2 didnt give me the export button to print it out. Here is the DSS scan info. Also, there was no extra.txt file, it just gave me the main file.

Deckard's System Scanner v20071014.68
Run by Tashaun on 2008-06-08 18:54:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 10.04 GiB (less than 15%) free.


-- HijackThis (run as Tashaun.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:52 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile... Read more

A:Problems With Malware Protector 2008

Please run Deckard's System Scanner once again, this time using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK
"%userprofile%\desktop\dss.exe" /config Click on "Check All"

Click Scan!

When finished, it shall produce two logs for you. Post those logs in your next reply.

Read other 5 answers
RELEVANCY SCORE 104.4

Hello,
Thank you right up front for you help.

I get repeated pop-ups warning that my machine is unprotected.
They seem to clone legitimate windows security center warnings.
Closing the warning window spawns a new instance of IE7 directed to <http://antispyspider.us/119>
Trying to run REGEDIT or TASK MANAGER creates a message that the Administrator has disabled that function.

The first day this all seemed to originate from Malware Protector 2008. It downloaded with what I thought was a legitimate ActiveX update.
Today a program called Advanced XP Defender showed up. I killed it with Process Explorer and have not seen it since. But the Malware Protector 2008 pop-ups are constant.
I kept them at bay while performing your 5 step process to get to this point. (7 hours so far)

I went through several steps from other websites yesterday to get rid of MP2008.
I deleted .exe files, .dll files, and cleaned registry entries.
I downloaded Process Explorer to circumvent the trouble with Task Manager and I found that immediately after a Sybot Search & Destroy scan, I was able to get into Regedit, but I had to get in quick.

So now I can no longer see the files I cleaned up yesterday, yet the script continues to repeat

Below is the DSS Main.txt
Attached are the DSS Extra.txt
and the Panda ActiveScan.txt as requested


Deckard's System Scanner v20071014.68
Run by Maloy on 2008-06-17 13:40:20
Computer is in Normal Mode.
-------------------------------... Read more

A:Malware Protector 2008 has taken over my machine

Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.


Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double-click mbam-setup.exe and follow the prompts to install the program.Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will o... Read more

Read other 1 answers
RELEVANCY SCORE 104.4

I believe I acquired Malware Protector 2008........amongst other things (Advanced XP Defender or Winifixer), including a popup entitled BlueScreen Screensaver Configure that resurfaces every 15 minute or so. This popup advertises Freeware Sysinternals version 3.2 (copyright Mark Russinovich) and has a box that can be checked "Fake Disk Activity".Additionally, my computer is running very slow and my internet connection was shut off........got that resolved. I have run MULTIPLE programs/scans to try and get back to "normal" but all are unsuccessful. I was able to get the majority of the Malware Protector to disappear (no more bugs on screen, but my screensaver is still blue and the program is still in my program files (can't delete it). Also, the tab to change my screensaver is gone. Also, it appears that Malware Protector 2008 has resurfaced under the name Winifixer or Advanced XP Defender? Similar popups to MProtector........I am confused, help! hahaHere are some of the scans I have run:MalwareBytesAd-AwareSpybot Search and Destoryvarious others......Edit: I also ran a Kaspersky scan:KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, June 17, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Tuesday, June 17, 2008 21:40:37Records in database: 877129 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes... Read more

A:Malware Protector 2008 (and Likely Other Problems)

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following...Please show hidden files and folders. Please visit HERE if you don't know how.Jotti File Submission:Please go to Jotti's malware scanCopy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Documents and Settings\Patrick McCabe\Local Settings\Temp\UIUCU.EXEClick on the submit buttonPlease post the results in your next reply.If Jotti server is too busy, please submit the file to VirusTotal instead.NEXTPlease re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [lphcjqwj0elea] C:\WINDOWS\system32\lphcjqwj0elea.exeO4 - HKLM\..\Run: [SMshclqwj0elea] C:\Program Files\shclqwj0elea\shclqwj0elea.exeNow close all windows other than HijackThis, then click Fix checked. Close HijackThis.NEXTPlease download the OTMoveIt2 by OldTimer.Save it to your desktop.Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]
C:\Documents and Settings\Patrick McCabe\Application Data\shclqwj0elea
C:\WINDOWS\system32�... Read more

Read other 22 answers
RELEVANCY SCORE 104.4

Hello, Yesterday Maware protector 2008 was inadvertantly downloaded onto our computer. I used our Norton Anti Virus, your Anti Malware and even went into the Registry to manually remove but have had no success in removing it. Before attempting removal - when turned on there would be a blue windows generated screen stating a security risk was found by windows and it would want to restart. Also Malware auto started. Then every 10-15 minutes the blue windows warning would pop up and the computer would want to restart but could be stopped by pressing the space bar. After deleting some of the registry entries and running Norton (found 1 virus) we no longer received the blue warning window at start up but still had all the malware problems. Today I used your Anti Malware. It has removed more of the program the it still auto starts and gives pop ups requesting we pay for the program. All links and icons remain. Also there is a blue wallpaper with a yellow box stating Warning! Sptware Detected on Your Computer. Install an anti virus or spyware remover to clean your computer. One other thing I've noticed ... the associated registry info contains ... your website it says shclkrj0etfg and Symantec says shcev9j0e1b1 However in my registry the folder where the malware files are located is shc585j0ej91 I can't delete this folder (tried but it won't let me)however I can the contents. Once the computer is restarted the contents reappear after the malware program restarts. After... Read more

A:Malware Protector 2008 Can't Remove

Hello Lisa and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a... Read more

Read other 2 answers
RELEVANCY SCORE 104.4

My roommate's gonna kill me if I can't fix his computer! (I could say it's his fault for not having anti-virus software, yes? )I ran the Kaspersky Online Scanner and Deckard's System Scanner and it found bad stuff, but when I start up the computer I still get that blasted "Warning! Spyware detected" etc.etc. junk from Malware Protector 2008. I am also getting a warning from Windows about needing to start in safe mode, which happened after using the DSS program. I have a feeling you're going to tell me this computer is waay messed up already. Here are the maintxt and extra.txt files:Deckard's System Scanner v20071014.68Run by Lisa on 2008-06-19 15:56:18Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Lisa.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:56:22 PM, on 6/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Commo... Read more

A:Can't Remove Malware Protector 2008

I may have found the problem. The scans found bad stuff which I quarantined, but I was still getting that stupid message on my desktop. Well! I found that there was a new desktop theme added today, which, guess what, had the "Warning! Spyware detected" message as part of the lovely graphics. I changed my desktop theme to a real one and that message is gone...and I think the software itself was already removed by the scans.

Read other 8 answers
RELEVANCY SCORE 104.4

Here's my hijack this file. Deckard's System Scanner v20071014.68Run by Jeru on 2008-06-06 10:48:38Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 3 Restore Point(s) --3: 2008-06-06 17:48:41 UTC - RP3 - Deckard's System Scanner Restore Point2: 2008-06-06 08:49:36 UTC - RP2 - Software Distribution Service 3.01: 2008-06-06 06:07:19 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Jeru.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:50:21 AM, on 6/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device S... Read more

A:Malware Protector 2008 Problem

Welcome to Bleeping Computer, please be sure you have read and followed the Preparation Guide For Use Before Posting A Hijackthis Log, Instructions for receiving help in cleaning your computer http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/All advice given is taken at your own risk.I apologize for the wait, if your issues are not resolved, read the instructions posted above and then follow the directions below. If you no longer need help, I would appreciate a quick post letting me know so I can close your topic.1) You are running two antivirus programs at the same time and this is not a good thing. They conflict with each other and you will be less safe than if you ran one good program and maintained it properly. http://service1.symantec.com/SUPPORT/nav.n...000031316555206"Microsoft recommends that you have only one anti-virus program installed on your computer."http://www.washingtonpost.com/wp-dyn/conte...5120300087.htmlhttp://www.smartcomputing.com/editorial/ar...38s07/38s07.aspC:\PROGRA~1\Grisoft\AVG7\C:\Program Files\Alwil Software\Avast4\(uninstall one of those)I do not see this in the HJT log: Malware Protector 2008. If you have not resolved this issue, tell me more about it, what program is finding the rouge spyware, and where is it located? Have you tried to remove it in Add Remove programs. Post more information and complete #2 before you post.2) C:\DOCUME~1\Jeru\Desktop\Jeru.exe <... Read more

Read other 2 answers
RELEVANCY SCORE 103.2

My computer became infected with Malware Protector 2008 on June 9. I have tried just about everything to get rid of it, run AVG, SmitfraudFix, Malwarebytes Anti-Malware but it always comes back when I restart my computer. I get an error box when I log in telling me that a script is missing, the script name changes when I restart. Then the little black bugs appear and eat my screen, and the Malware Protector 2008 pop ups start. Here are the results of the scans that I did as instructed.Deckard's System Scanner v20071014.68Run by raspberrysalamander on 2008-06-10 15:45:22Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 2 Restore Point(s) --2: 2008-06-10 19:45:55 UTC - RP2 - Deckard's System Scanner Restore Point1: 2008-06-10 16:47:38 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 503 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-10 15:50:15Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\servic... Read more

A:Computer Infected With Malware Protector 2008

Hello raspberrysalamander, I see Viewpoint installed. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now, if you did not install it. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present. Viewpoint Viewpoint Manager Viewpoint Media Player If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint**************************************Click the Windows 'Start' button > Select 'Run' - then copy/paste this into the run box & click OK (this assumes dss.exe is on your desktop "%userprofile%\desktop\dss.exe" /daft Click on Scan. Tick the boxes which should appear for these entries: .reg .scr then Click on Fix Click Scan again, you should get a message "All Associations OK!" Next, click Save Log, and post this log in your next reply. By default, it will save as daft.txt.**************************************We will run ComboFix. You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. ?It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could lead to disastro... Read more

Read other 2 answers
RELEVANCY SCORE 103.2

I do not know very much about internet security but was refered to your forums through geeksquad at a best buy. My friend clicked on a picture off of yahoo pictures and this malware program called Malware Protector 2008 apeared without a download. It shows little bugs eating at my screen and changed my background to say "Warning spyware detected on your computer." I did not have any protection besides the default firewall to the best of my knowledge. I proceeded to buy kapersky's at best buy in hopes to get rid of the malware. I went through your 5 steps to take before posting and i have logs from deckard's.
Thank you for your help, I apreciate your time and concern.
-Garrett

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.66GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.66GHz
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 990.42 MiB / 630.3 MiB
Pagefile Memory (total/avail): 2385.6 MiB / 2060.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.72 MiB

C: is Fixed (FAT32) - 222.59 GiB total, 208.72 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: i... Read more

A:I also have bugs on my screen( malware protector 2008)

Hello, kersplatz

You appear to have posted only the extra.txt from DSS

There should be another log, main.txt located at C:\Deckard\System Scanner\main.txt

Please post it.

The bugs are a screensaver which gets installed by the rogue. You should be able to disable it immediately by changing the screensaver to "none" or another of your choice. We'll remove the file later. It's annoying, but not malicious in and of itself.

Read other 19 answers
RELEVANCY SCORE 103.2

Hello!
One of my users seems to have downloaded this ugly little bugger and I'm not sure how to get rid of it. She thought it was our anti-spam/anti-virus program cleaning out her system and kept responding to it for two days!
The machine is a Windows XP Pro in a Windows 2003 Server environment. Following is the Hijack This log (I hope this is correct as I have never done this before):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:30 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\OpenManage\OMCC\iws\bin\win32\omaws32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Dell\OpenManage\OMCC\oma\bin\omsad32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\NJC2... Read more

Read other answers
RELEVANCY SCORE 103.2

I seem to be infected with the Malware Protector 2008 virus. My desktop has a message indicating that I have spyware on my machine, and the start menu has two new menu items, "Malware Protector 2008" and "Register Malware Protector 2008". I am running Windows XP Professional SP2. Can anyone help?

Here is the log from HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:55 PM, on 6/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qt... Read more

A:Solved: Malware Protector 2008 virus

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entri... Read more

Read other 3 answers
RELEVANCY SCORE 102

Hello, I am having a real problem with some things on my computer. I am running OS Windows XP on a Sony Vaio.It started with clicking on a person's website, which led to my computer lagging for a few minutes and once finished lagging, Malware Protector 2008 was on my computer scanning away, combined with a Sysinternals blue background advertising "remove spyware now" which also disabled my some tabs for changing my desktop back to normal. Since I do know some things about computers, I was able to uninstall it, manually delete files and delete things in regedit. That problem was taken care of.However, Here's the fun part - there is something else residual that I found today. While trying to log into AOL Mail, Yahoo Mail and eBay, it is not allowing sign in by making you provide credit card #'s, card verification number, social security number, mother's maiden name, and bank account and routining #'s. Also on the "Start" toolbar/taskbar, the clock is in military time and cannot be switched back to normal. I don't seem to be noticing anything named too weirdly (to me atleast) running in the background but a few svchost.exe's more than normal, and in HijackThis there is WINNT\Systems32\Explorer.exe which i've read is a virus. Since I run my business from my computer this is driving. I greatly appreciate the help!Deckard's System Scanner v20071014.68Run by James on 2008-06-20 02:31:11Computer is in Normal Mode.-------------------------------------... Read more

A:Malware Protector 2008 Deleted, But Possible Virus Attatched?

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Read other 2 answers
RELEVANCY SCORE 100

Thank you in advance for any help you can give me.

My problem is a persistent pop-up and desktop/screen saver replacement. My McAfee antivirus is also out-of-date, and I get an error when I try to update it.

The pop-up reads:

Malware Alert!
Warning!
Attention! Adware.W32.SpyShredder spyware detected. Adware.W32.SpyShredder provides REMOTE ACCESS to ... blah, blah blah, ... click yes to get all available antispyware software

(there are a couple of variations with different spyware names that are rotated through)

Of course, I never clicked yes, but I recently did it just to get the name of the bogus spyware. When I clicked yes, a program called "Malware Protector 2008" immediately appears. (way too fast to indicate a download of any kind). This program is also listed as "MProtector" under the uninstall list.

When I uninstalled it, a message comes up warning me that anything the program had fixed would go back to how it was before. When I re-confirmed the uninstall, it takes me to the Malware Protector website.

The desktop change makes it a blue background with yellow lettering warning me about spyware having been detected, and to immediately get malware and spyware protection.

The screensaver changes to bugs "chewing" black holes in the screen. Creepy.

I haven't had any problems yet since I went through the five steps prior to posting here, so the Panda Active scan may have just done the trick, but I am not taki... Read more

A:Malware Protector 2008 popups w desktop and screen saver replacement

Hi, welcome to TSF!

if you still need assistance, please post a fresh main.txt log

Read other 18 answers
RELEVANCY SCORE 98.8

These are just a few things that were found on my computer, have no idea how it got so out of control.
I worked all day trying to get rid of all of these and finally succeeded by running and updating antivirus/Spyware detector and then rebooting in safe mode, while doing this many times I recieved "blue screen" and sometimes it was fake and sometimes it was real, if I pressed ESC I knew it was a fake screen.
Eventually it let me stay on long enough to get rid of everything
But I'm still getting the FAKE blue screen so could someone take a look at my highjackthis log please


Logfile of HijackThis v1.99.1
Scan saved at 10:33:46 PM, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Rogers\Update Manager\RogersUpdate... Read more

Read other answers
RELEVANCY SCORE 93.6

I downloaded a video codec that turned out to be a trojan.
In turn for that I also got a couple of annoying supposedly helpful Antivirus programs
I tried deleting it but I just don't know how to solve it.
You guys helped me out before so it would be cool if you guys could help again.
Heres my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:49 PM, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\wltray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Nuria... Read more

A:Antivirus 2008 Malware

Whatever this is it is really starting to act up.
The program started opening some other downloads.
Other programs like rundll32 keeps popping up.
Can some one please help
 

Read other 2 answers
RELEVANCY SCORE 93.6

hi, i just got infected by the malware antivirus xp 2008, i found a removal guide here in bleepingcomputer in spyware removal and followed the instructions by using the malwarebytes anti-malware, it removed most of the malware but there were a couple that was left in my pc and i cant seem to remove it. here's my malwarebytes log:Malwarebytes' Anti-Malware 1.24Database version: 1029Windows 5.1.2600 Service Pack 23:01:28 AM 8/7/2008mbam-log-8-7-2008 (03-01-28).txtScan type: Quick ScanObjects scanned: 36927Time elapsed: 3 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 1Folders Infected: 0Files Infected: 1Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\lich.dat (Stolen.Data) -> Delete on reboot.everytime i reboot and rescan using malwarebytes these 2 always comes up and whenever i start my pc theres a program that wants to run but it cant since windows do... Read more

A:Antivirus Xp 2008 Malware

Hello and welcome to BCWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay. Please see here for instructionshow to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.NextPlease do a scan with Kaspersky Online ScannerNote: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Click on the Accept button and install any components it needs.The program will install and then begin downloading the latest definition files.After the files have been downloaded on the left side of the page in the Scan section select My ComputerThis will start the program and scan your system.The scan will take a while, so b... Read more

Read other 3 answers
RELEVANCY SCORE 93.6

Hi! I am pretty certain I have some malware that I need advice how to remove. Antivirus XP 2008 or something of the sort was installed, and I thought I got rid of it. However, now I am left with adware and other stuff that I don't know how to get rid of! I have ran AVG free, adaware, spybot, and stinger. I then created the first log file. Aftewards, I ran malwarebytes' anti-malware which found more trojans, etc. I went to msconfig and edited the startup list and unchecked glove.exe, cssrss.exe, and sysrest32.exe. I still think I have adware or something because when I type a direct link in, it takes me to some ezcoolpages.com website. I would sincerely appreciate anyone's advice! Thanks so much.HJT Log File BEFORE MalwarebytesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:34:42 PM, on 8/15/2008Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WI... Read more

A:Antivirus Xp 2008-malware

Hello and welcome Cody DeanDownload Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofixLink 1Link 2Link 3 **Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Read other 6 answers
RELEVANCY SCORE 93.6

I got all kinds of malware, I ran Super Antispyware, roguefix and cc cleaner but nothing. I can only work on safe mode as the system has been completely hijacked.

Here is the HJ log, any help is greatly appreciated. Thanks:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:28 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Application Data\U3\000018711570704F\LaunchPad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft S... Read more

A:Antivirus XP 2008 and other malware

After reading all the related posts here and the help forum from bleeping computer, I was able to get rid of most of the issues. I still have the antivirus XP 2008 icons in the computer but I should be able to get rid of them as well.

Mods, you may close or delete this thread.

Thanks

Read other 2 answers
RELEVANCY SCORE 92.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:37: VIRUS ALERT!, on 8/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\Program Files\Common Files\Virtual Token\vtserver.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\QCONSVC.EXEC:\Program Files\Sandboxie\SandboxieServer.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\SYSTEM32\Ati2evxx.exeC:\WINDOWS\Explorer.exeC:\Program Files\Microsoft IntelliPoint\point32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_04\bin\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files... Read more

A:Antivirus Xp 2008, Antispyware 2008 Xp

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.I will need some time to look over your computer's log(s). I am still in training, so my responses to you must be checked by a coach.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. Please take note of a few guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself. Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directl... Read more

Read other 9 answers
RELEVANCY SCORE 92.4

To Whomever can help,

First of all, thank you in advance for your assistance. It is greatly appreciated. Unfortunately, my girlfriend has managed to get some Malware on our new laptop.

Currently we have frequent pop ups coming from Windows AntiVirus 2008. I tried following your pre-post instructions as best as I can but unfortunately the panda scan and the Windows Update website would not work because IE would freeze. Only Firefox is working now, and its very slow. Listed below is our log:

Deckard's System Scanner v20071014.68
Run by Kate on 2008-05-02 21:22:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2008-05-03 01:22:57 UTC - RP87 - Deckard's System Scanner Restore Point
75: 2008-05-02 04:15:08 UTC - RP86 - System Checkpoint
74: 2008-05-01 04:12:14 UTC - RP85 - System Checkpoint
73: 2008-04-30 04:05:15 UTC - RP84 - System Checkpoint
72: 2008-04-29 00:30:12 UTC - RP83 - System Checkpoint


-- First Restore Point --
1: 2008-02-03 23:39:53 UTC - RP12 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Kate.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v... Read more

A:Malware and Pop Ups - Windows AntiVirus 2008

BUMP

(just three hours before 72, sorry, I have to leave work and I will check when I get home)

Read other 4 answers
RELEVANCY SCORE 92.4

Hi There,
We have a Dell Dimension 8400 with Windows XP. We use Zone Alarm Security Suite, and we were unable to use Internet Explorer without disabling Zone Alarm for awhile. Instead of fixing this problem, we stupidly just kept disabling our security suite and, of course, now we have a virus and/or malware infection. I went to Zone Alarm's site and read how to uninstall some windows update that was messing up our security suite, but we are still faced with the virus/malware. The virus scan says we have the virus "not-a-virus:FraudTool.Win32.MalwareProtector.d" with a filename "C:\WINDOWS\SYSTEM32\pphce8qj0eral.exe". When we try to quarantine it and delete it, it just keeps popping back up. Our wallpaper has been replaced with, "Warning! Spyware detected on your computer! Install and antivirus or spyware remover to clean up your computer". An "Antivirus XP 2008" icon is now on our desktop, and now we get tons of little bubble warnings and "demo mode" popups from them, but I haven't tried to delete it off our system, because I wanted to ask you guys first. I have a feeling it is part of the virus and won't let me delete it anyway. We would really appreciate your help. We haven't been infected with this malware type stuff since before we got Zone Alarm, so I suspect is got infected when we had the suite disabled because of the problems with it and the internet. Oh well. Too la... Read more

A:Antivirus Xp 2008 And Not-a-virus Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a li... Read more

Read other 3 answers
RELEVANCY SCORE 92.4

So I got the bug (watching the Olympics and not paying attention to incoming spam email). Tried everything including several AV programs. Spent hours on the phone with Tech Support at Trend Micro. Nada. Started looking for my OS CDs as I thought I'd have to reformat my hard drive and start all over. Then one last try on Google and ended up here in bleepingcomputer land. Read a few posts and saw the stuff on Malware. What the heck - it was free. Tried it and it took care of everything!

I had the following issues:

- Unable to boot in SAFE mode
- Unable to print from web pages
- Unable to cut and paste from web pages
- Unable to access Internet Tools Options in IE
- Fake Blue Screen of Death
- No screen saver capability from the Display program in Control Panel

Lord knows what else I hadn't discovered. Malware fixed them all!

Thank you so very much - 3 days of bleepingcomputer hell!!!!

A:Malware Kills Antivirus Xp 2008

You're welcome on behalf of the Bleeping Computer community.If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.The easiest and safest way to do this is:Go to Start > Programs > Accessories > System Tools and click "System Restore".Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.Then use Disk Cleanup to remove all but the most recently created Restore Point.Go to Start > Run and type: CleanmgrClick "Ok"Disk Cleanup will scan your files for several minutes, then open.Click the "More Options" Tab.Click the "Clean up" button under System Restore.Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"Click Yes, then click Ok.Click Yes again when prompted with "Are you sure you want to perform these actions?"Disk Cleanup will remov... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

I have a pop up warning 'you have a security problem' and the associated link with it is http://scan.online-security-check.com/110102/3/ which then does a 'scan' for viruses on your pc - it says 'Antivirus 2008' on the pop up windows.

I have 4 different virus scanners running and it has not picked it up!

When i restart my laptop a desktop warning window pops up saying "Could not load or run 'C:\users\brian\appdata\roaming\adobe\manager.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry"

The interesting thing is when i don't close that warning window it stops the pop up 'you have a security problem' which stops all the random pop up explorer windows.

I am running Windows Vista

Not sure what to do! Any ideas?
 

A:Frustrating AntiVirus 2008 Malware

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while download... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

UGH! I was finally able to get the Malware downloaded into my other computer, since I was unable to access it from there... and it ran its scan and detected 71 items!!! I selected to remove the items it found, and it couldn't have been more than 6 seconds after it started the quarantine that I had a pop up telling me that the program encountered a problem and needed to close. I ran it again with the same end result. How can I get these items into quarantine if the virus keeps shutting the program down on me? Am I in over my head now? Do I need to take the computer in somewhere?

Help please???????

A:AntiVirus 2008 - Malware shuts down

Try uninstalling and reinstalling. Also you can try running in safe mode. If sucessful please post back the scan log. Are you running XP or anotther system?If you run Spybot try Disabling it first.Also run this SAS scan if possible and post its log also. SAS is btter from safe mode also.Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".NOW SAS Scan:Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading t... Read more

Read other 1 answers
RELEVANCY SCORE 92.4

Guys,

I have posted before regarding this issue but at the time I did not have the latest version of HiJackThis thus I am posting again...Sorry!

Anyway here is my problem:

While on the internet a program (System Antivirus 2008) appeared on my PC and is informing me that my machine has a virus ect. The program is wanting me to purchase a registered virsion which will have the capabilities of removing the virus.

I have ran SpyBot Search & Destroy as well as Registry Mechanic.

Should I remove this program and if so how?

I have downloaded the latest version of HijackThis and pasted the following log. I have also performed a screen capture of the new program and attached it as a jpeg file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:03 AM, on 9/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\LonWorks\bin\LnsMtsSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mc... Read more

Read other answers
RELEVANCY SCORE 91.6

To the Gurus, pls help me.

Thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:08 AM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lphcer7j0epb3.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\WINDOWS\system3... Read more

A:fake programe/malware XP antivirus 2008

Hi again, this is the combofix log


ComboFix 08-08-19.06 - David 2008-08-22 0:53:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2524 [GMT 8:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Secure Solutions
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821013610533.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821180250515.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080821201422718.log
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080822001531750.log
C:\WINDOWS\epgl.exe
C:\WINDOWS\system32\lphcer7j0epb3.exe
C:\WINDOWS\system32\phcer7j0epb3.bmp

----- BITS: Possible infected sites -----

http://freefile.kristopherw.us
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))... Read more

Read other 16 answers
RELEVANCY SCORE 91.6

I got infected with the subject malware and managed to remove enough of the pieces that my Dell is operational again (Windows XP Home SP2). However, I still have two problems I haven't been able to eliminate. One, just to the right of the time in my toolbar, I keep seeing the msg "VIRUS ALERT!" and it also appears in various other places. The larger issue though, is that although I have 3 hard drives (C, D and F), since the malware problem, the only hard drive that "My Computer" shows is F. Using Acronis partition software, that software sees the other drives and all the files are still there. Although I've lost some desktop icons that used to be there, if I go into All Programs and tell the system to start a program that resides on one of the "unseen by Windows" drives, the program starts up and runs just fine.

How do I restore the ability of My Computer to show me all the installed drives (I'm guessing it's some trick in the registry). Thanks for any assistance.

Ted

A:Antivirus 2008 Malware Leftover Issue

Download and install TweakUI (the download is on the right hand side of the screen). Run TweakUI and then click on My Computer > Drives and place a check next to the drives you want to unhide.

Read other 2 answers
RELEVANCY SCORE 90.4

Here is a link to my previous posts (pre DSS) so you can get an idea of what's happening to my system:http://www.bleepingcomputer.com/forums/t/156344/i-have-the-same-hijacked-system-problems-as-neo147-need-help-w-combofix-logsplease/also noticed that the infection seems to have taken control of my desktop settings. when you right click on the desktop to get the settings window (with the image menu, screen saver menu, etc) it's different from prior to the infection. i no longer have tabs for some things to click on in this menu now. this has to be related somehow to the background screen image going back to the "Your computer is infected with..." at reboot. very weird.anyhow, here is the "main" DSS logfile, followed by the "extra" one:"main"Deckard's System Scanner v20071014.68Run by Jeff on 2008-07-08 17:58:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-07-08 21:58:26 UTC - RP8 - Deckard's System Scanner Restore Point6: 2008-07-08 02:10:27 UTC - RP7 - Software Distribution Service 3.05: 2008-07-08 02:02:54 UTC - RP6 - Software Distribution Service 3.04: 2008-07-08 02:01:47 UTC - RP5 - before spack33: 2008-07-08 01:59:22 UTC - RP4 - Software Distribution Service 3.0-- First Restore Point -- 1: 2008-07-07 15:50:39 UTC - RP2 - System Chec... Read more

A:Infected By Antivirus Xp/malware Xp 2008 - Trojans Keep Getting Found...

Hello stiahhh,

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.
White Warrior

Read other 20 answers
RELEVANCY SCORE 90.4

When ever i log into my computer i have a blue background saying im infected. Then i get a pop up of AntiVirus XP 2008. Iv tried using Smitfraudfix but didn't work.Heres my Hijack File. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:15:56, on 7/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\VIA\RAID\raid_tool.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\system32\wltray.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\WINDOWS\system32\lphc9acj0epba.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\rhc... Read more

A:Blue Screen Background/ Antivirus Xp 2008/ Malware

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.Close all other windows before proceeding.Double-click on dss.exe and follow the prompts.Please let your firewall allow the scanning/downloading process.When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.If you are using Vista, you need to right-click at dss.exe icon and choose Run as AdministratorRegardsfenzodahl512

Read other 9 answers