Over 1 million tech questions and answers.

Windows Security Alert/Antivirus software Alert Virus

Q: Windows Security Alert/Antivirus software Alert Virus

I am working on a Windows XP Pro machine. I was getting pop up ads with a Windows security alert warning, along with a few others. My time also changed to military time. I could not run any malware programs until I ran a HJT log and corrected on of the entries, something with a ip address in it, I didn't write it down like an idiot. That then allowed me to update and run Spybot , malwarebyte and superantispyware. All came back with issues. Mywebsearch, trojan.fakealert.gen, disabled.securitycenter ,Trojan.vundo,trojan.fakealert,torjan.fakealert.gen,rogue.antivirusoft.Thank you in advance for your help!Here is the DDS report:DDS (Ver_09-12-01.01) - NTFSx86 Run by jandreozzi at 11:16:57.68 on Tue 03/09/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1075 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\UltraVNC\WinVNC.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\WINDOWS\stsystra.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exeC:\Program Files\Verizon\McciTrayApp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\America Online 9.0\aoltray.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\XeloPDFWriter\XeloPDFWriter.exeC:\Documents and Settings\j_andreozzi\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=usuSearch Page = hxxp://www.google.comuSearch Bar = hxxp://www.google.com/iemDefault_Search_URL = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = <local>uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%smSearchAssistant = hxxp://www.google.com/ieBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLLBHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dllTB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dllTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenteruRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [Google Update] "c:\documents and settings\j_andreozzi\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exemRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exemRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exemRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exemRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottimemRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstallmRun: [msci] c:\docume~1\jeanan~1\locals~1\temp\2006915114013_mcinfo.exe /insfinmRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [vptray] c:\progra~1\symant~1\VPTray.exemRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exemRun: [SigmatelSysTrayApp] stsystra.exemRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelpermRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exemRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCentermRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exemRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xelopd~1.lnk - c:\xelopdfwriter\XeloPDFWriter.exeIE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.htmlIE: &Search - ?p=ZUxdm265YYUSIE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.htmlIE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.htmlIE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.htmlIE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLLIE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dllIE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dllTrusted Zone: musicmatch.com\onlineDPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cabDPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158340664765DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllAppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllSEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLLHosts: 127.0.0.1 www.spywareinfo.com================= FIREFOX ===================FF - ProfilePath - c:\docume~1\j_andr~1\applic~1\mozilla\firefox\profiles\qnhrc3hw.default\FF - prefs.js: browser.startup.homepage - hxxp://www.amfmission.org/FF - plugin: c:\documents and settings\j_andreozzi\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dllFF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\---- FIREFOX POLICIES ----c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);============= SERVICES / DRIVERS ===============R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]R2 MSSQL$MPSC_DB;MSSQL$MPSC_DB;c:\program files\microsoft sql server\mssql$mpsc_db\binn\sqlservr.exe -smpsc_db --> c:\program files\microsoft sql server\mssql$mpsc_db\binn\sqlservr.exe -sMPSC_DB [?]R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2006-12-4 6016]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-31 102448]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100308.003\naveng.sys [2010-3-9 84912]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100308.003\navex15.sys [2010-3-9 1324720]R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]S3 SQLAgent$MPSC_DB;SQLAgent$MPSC_DB;c:\program files\microsoft sql server\mssql$mpsc_db\binn\sqlagent.exe -i mpsc_db --> c:\program files\microsoft sql server\mssql$mpsc_db\binn\sqlagent.EXE -i MPSC_DB [?]=============== Created Last 30 ================2010-03-09 16:15:43 0 ----a-w- c:\documents and settings\j_andreozzi\defogger_reenable2010-03-09 14:44:03 0 d-----w- C:\HJT2010-03-09 14:27:31 0 d-----w- c:\program files\CCleaner2010-03-09 12:30:36 0 d-----w- c:\program files\Spybot - Search & Destroy2010-03-09 12:30:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy2010-03-09 12:22:28 0 d-----w- c:\program files\Trend Micro2010-03-09 11:53:06 0 d-----w- c:\docume~1\j_andr~1\applic~1\Malwarebytes2010-03-09 11:53:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-03-09 11:52:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes2010-03-09 11:52:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys2010-03-09 11:52:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware2010-03-08 17:48:23 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com2010-03-08 17:47:41 0 d-----w- c:\program files\SUPERAntiSpyware2010-03-08 17:47:41 0 d-----w- c:\docume~1\j_andr~1\applic~1\SUPERAntiSpyware.com2010-03-08 17:47:18 0 d-----w- c:\program files\common files\Wise Installation Wizard2010-03-08 17:14:18 0 d-----w- c:\windows\system32\wbem\Repository2010-03-08 17:10:00 0 d-----w- c:\windows\pss2010-02-16 17:03:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B658C864-2707-4E58-A2C8-74CFC6DE32C9}2010-02-16 17:03:09 0 d-----w- c:\program files\AT&W2010-02-16 17:02:52 0 d-----w- c:\windows\system32\Adobe2010-02-16 17:01:55 380928 ----a-w- c:\windows\system32\ac3filter.acm2010-02-16 17:01:53 0 d-----w- c:\program files\AC3Filter2010-02-16 17:01:21 0 d-----w- c:\windows\system32\windows media2010-02-16 17:01:05 0 d--h--w- c:\windows\msdownld.tmp2010-02-16 17:01:02 0 d-----w- c:\program files\Windows Media Components==================== Find3M ====================2010-03-09 14:08:09 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys2010-03-02 17:26:09 1901 ----a-w- c:\windows\panose.bin2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet.dll2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll============= FINISH: 11:17:52.02 ===============Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:41:13, on 3/9/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exeC:\Program Files\Microsoft SQL Server\MSSQL$MPSC_DB\Binn\sqlservr.exeC:\Program Files\Symantec AntiVirus\SavRoam.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\UltraVNC\WinVNC.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exeC:\WINDOWS\stsystra.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exeC:\Program Files\Verizon\McciTrayApp.exeC:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeC:\Program Files\America Online 9.0\aoltray.exeC:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeC:\XeloPDFWriter\XeloPDFWriter.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEANAN~1\LOCALS~1\Temp\2006915114013_mcinfo.exe /insfinO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exeO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startupO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\j_andreozzi\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exeO4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exeO4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeO4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exeO4 - Global Startup: Xelo PDF Driver.lnk = C:\XeloPDFWriter\XeloPDFWriter.exeO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &Search - ?p=ZUxdm265YYUSO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158340664765O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AMF.localO17 - HKLM\Software\..\Telephony: DomainName = AMF.localO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AMF.localO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AMF.localO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe--End of file - 11578 bytesAttached is the attach.txt file.Any help would be greatly appreciated. I hope that I've attached and posted everything needed.Lisa

RELEVANCY SCORE 200
Preferred Solution: Windows Security Alert/Antivirus software Alert Virus

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Windows Security Alert/Antivirus software Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 29 answers
RELEVANCY SCORE 115.6

When browsing in firefox, I suddenly got a popup in my taskbar from Windows Security Alert. Knowing that was a problem, I immediately came here and downloaded DDS and Rootrepeal. However, this malware will not let me run a program. Every time I try, I get a window popup that says "Security Warning: Application cannot be executed. The file cmd.exeis infected. Do you want to activate your antivirus software now?" And then yes/no boxes. I've since closed firefox, and can no longer open it. I get the same popup for every program I try to open. Any help would be greatly appreciated

A:Windows Security alert/Antivirus System Pro alert

You already stated that no matte rwhat program you try to open, you see that pop up for the scareware. You can try running Rkill first to see if you can kill some of the malware processes that are preventing you from being abel to run other security software. here are some DL links for you. LINK 1LINK 2LINK 3LINK 4Once you get it downloaded double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run MBAM and then I would run SUPERAntiSpyware as well. If all else fails try going in to safemode and install MBAM and run the scans from there to get you started.

Read other 4 answers
RELEVANCY SCORE 109.6

Pop-ups on desk top: remotely accessing wed sites eg Porno.com, ******.com ect.;Windows Secerty center opens;Antivirus Live- showing a open scan box;regsvr32.exe - Application Error box; Security Warning- (application cannot be executed) Spyware Alert ! Velnerabilities found 34 seriousthreats ect. box; Antivirus sostware alert-attack from,Attacked port,Threat, box. I cannot open any files (programs) or access the internet.

Is there anyone that could help eradicate this virus from my computer.

A:Spyware Alert! Antivirus software alert Threat: Bankerfox,A

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 109.2

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 21:33:23.80 on Tue 07/07/2009
Internet Explorer: 7.0.5730.13

============== Pseudo HJT Report ===============

uStart Page = hxxp://newsletters.fool.com/04/index.aspx?source=imysltlnk750252
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5... Read more

A:IE hijacked with porn sites; antivirus system pro alert keeps popping up; windows security alert keeps popping up

Hello pdmuhalk,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Please do this:1. Download HijackThis? here:http://www.trendsecure.com/portal/en-US/th.../hijackthis.php2. Click 'Do a System Scan and Save log'.The HJT log will open in notepad.Thanks,tea

Read other 4 answers
RELEVANCY SCORE 108

All of a sudden today:

"Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now."

Other windows popping up:
SPYWARE ALERT!
Antivirus software alert
"Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?"

Can't run McAfee, or Malware, internet won't work.....but internet sites are popping up....not good ones!

I ran Malware in safe mode. it had picked up two infections. they were removed. but still the exact same thing is happenning. and now i am getting all the pop screens plus a red-x-shield in the bottom popping up a lot too

PLEASE HELP!!!!

A:"windows security alert.....Windows reports that computer is infected. Antivirus software helps to protect..."

Hello.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.

Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log w... Read more

Read other 9 answers
RELEVANCY SCORE 107.6

Hey There This Just popped up on my computer while I was playing medieval 2. It started as as antivirus software alert and then also loaded up xp security center. Then I stepped away from the computer and came back to find internet explorer loaded up to some porn site. I just recently got my machine clean thanks to the help of MOLE but now it or something similar is back. . Sorry the typing is off but I have a large popup right in the middle of my screen. Any help would be greatly appreciated. Thanks.

A:Antivirus software alert and XP Security

I attempted to run dds but it looked like the virus I have prevented it from running. I also tried running antisuperspyware which Mole recommended for me but it hung up while reunning a scan and now will not start again. AVG, adaware, and ccleaner won't execute. Help! I saw that my post got moved because there is no log but I don't know how to get one if dds won't run. Any advice would be greatly appreciated. Thanks.

Read other 58 answers
RELEVANCY SCORE 105.6

Hello, I've recently been infected with "Antivirus software alert" and it's preventing me from opening any program and redirecting me from antivirus-related sites along with all the usual symptoms that occur from contracting a rogue security program. I'm having great difficulty with removing this type of malware, or even starting a removal process and will greatly appreciate any help with fixing my laptop. I'm running on Vista

Thanks!

Read other answers
RELEVANCY SCORE 105.2

I found the site after getting the worst virus ever. It seems that I have removed almost all of the damage it did to my computer, by following the directions in this post, from a person who has the exact same problem as me: http://www.bleepingcomputer.com/forums/t/161834/window-security-alert-keeps-popping-up-saying-i-my-computer-is-infected/I did everything in that post, twice, as well as running SmiFraudFixI then did every thing on the prep page (http://www.bleepingcomputer.com/forums/topic34773.html) to the last detail. The Stinger found many viruses that it would not remove, only list, and I do not knw why my fully updated Symantec cannot find them. I have spent over 12 hours on this, and I am at my wit's end... considering a format & reinstall, but I do not have my original Windows disk...I am still getting the pop-up security alerts, and my virus program keeps catching IEDefender.Should I post a ComboFix or HiJackThis log? My d/l rate and computer speed has slowed significantly since installing all all this third party software.Please help! Thunder seems to have this down.Mod Edit: Topic moved from HJT to more appropriate forum~ TMacK

A:Windows Security Alert, Iedfender, And Anti-virus Software Question.

Please run this tool first Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Sho... Read more

Read other 7 answers
RELEVANCY SCORE 102

Security Alert. Virus Alert! Application can't be started
I am screwed...my kids got this virus on my work laptop.
It just keeps popping up
Windows Security Alert
Attention Spyware alert.

Can anyone help please get rid of this virus..
Thanks,
Stephen

A:Security Alert. Virus Alert! Application can't be started

Hello.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install th... Read more

Read other 1 answers
RELEVANCY SCORE 99.6

My computer is infected by some type of virus and it is saying I have a windows security alert and is blocking me from running any type of scans etc. It is saying I am infected which is all a fake popups and antivirus spyware alerts etc. I did however get to run some logs before it blocked me. I was not able to run the Gmer report though as it started then got blocked and now it will not let me open and run this. I could not even open the logs on my desktop and had to email them to a different computer and open them there to paste them here.Here are the logs I was able to run. Help Please!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Matt at 19:10:27.67 on Thu 04/22/2010Internet Explorer: 6.0.2900.2180Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.337 [GMT -4:00]AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Outdated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program... Read more

A:Infected with fake security virus/ Antivirus spyware alert

hi magoo4242,Your log is a few days old. If you still need help simply reply to my post.

Read other 3 answers
RELEVANCY SCORE 99.6

Hello,
My husband was tricked by a "Your computer is infected, do you want to download" or something like
that message and I guess he clicked 'ok'. Antivirus Protection Trial kept performing a scan and I couldn't stop it.
A lot of alerts kept popping up. Unsecapp.exe is damaged, SSU.exe is damaged and wuauclt.exe is damaged and I saw those are for Webroot which he has a subscription for (but those types of errors kept popping up). I saw a Webroot toolbar for ask.com had been downloaded recently and tried to uninstall it but it won't and says Windows Installer Service is unavailable. Control+Alt+Delete will pop up for a millisecond and disappear so I couldn't stop the attack. Ran Malwarebytes and it found nothing....Webroot found nothing. Disk Defragmenter seems to be disabled now. 2 bad websites keep coming up on IE (www.porno.org/ and www.viagra.com) although I added both to the restricted sites it overrides that. Microsoft Windows Software Removal tool June 2008 (I couldn't get an update because of the windows installer service not working) didn't find anything but probably because it's the 2008 version.
He uses Windows Vista.
Please help!

A:Antivirus Protection Trial or Fake "Security Alert" virus?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

Read other 15 answers
RELEVANCY SCORE 99.2

Fake Alert, Ultimate windows security alert malware just to name a few of the names of the pop up windows i saw. I am using XP SP3 and have successfully used Combofix on another machine at the advise of a network admin friend. This time however i wanted to have this log reviewed by the pros on here because the malware on this machine was formidable! The windows security alert popped up and my spouse unknowingly clicked yes on it. Things just went down hill from there. We disconnected the internet cable and started the process.

As i mentioned before I have used combofix however this time every time i tried to click it the malware would pop up and say this "combofix" file is infected would you like to start the antivirus download? So i couldn't get it to start. I downloaded combofix w/ different machine and changed the name to combo-fix during the download, then used jump drive to put it on the infected machine. Since either combofix nor malwarbytes anti-malware would execute when clicked due to pop ups i restarted the system in SAFE MODE. The microsoft recovery console is already installed on this system. Once in safe mode i clicked on the renamed combo-fix file and it then started, during the start up it stated there are "CD emulators" running on this system and comobfix must disable them before continuing which casued it to re-start the computer and then it completed it's scan. So i have a log to post if you would allow me. Also, af... Read more

A:Fake Alert, Ultimate windows security alert malware Help needed

"Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored."So are you saying there is no one here willing to help me?

Read other 4 answers
RELEVANCY SCORE 96

My computer has been infected with something called "Windows security alert". About every 5 second a warning pops up and wants me to to do a safety scan.
Also a window called antivirus soft pops up. I cant use Internet Explorer and my one virus program, Norton 360, has also been damaged.
Can anybody help me to remove this?

[b]
My DDS-file:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Emma at 13:00:20,96 on 2010-02-09
Internet Explorer: 8.0.6001.18882
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.46.1053.18.2046.917 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C... Read more

A:Infected with Windows security alert/Antivirus soft

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 96

I'm currently running windows xp home sp1.I have a a notification message on my toolbar that's constantly popping up that reads:"Windows antivirusWindows has detected spyware infection!It is recomended to use special antispyware tools to prevent data loss. Winodws will now download and install the most up-to-date antispyware for youClick here to protect your computer from spyware"On a potentially related note, I also receive an error message popup about every two minutes that states there is a windows security alert.I ran adware 2007 on it last night and deleted about malicious/spyware files.Here is my HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:51:22 AM, on 11/26/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\shell.exeC:\Program Files&#... Read more

A:Windows Antivirus Toolbar Popup/security Alert

I found this topic that seems related to my issue, though i don't want to do anything that may be unnecessary/harmful for my particular situation.http://www.bleepingcomputer.com/forums/lof...5B/t107817.html

Read other 3 answers
RELEVANCY SCORE 92

After turning my computer on this morning I received a Balloon pop up from Windows security Centre (red shield in the system tray) informing me that No antivirus and firewall are currently running. I have online armour and AVG Free installed and running (and have had for years). I have tried deleting the contents of WINDOWS\system32\wbem\Repository so the data base could be rebuilt upon start up, no success.

Please note:
- I Have XP professional with Sp3 installed
- AVG and online armour are running fine
- I do not wish to tick the monitor my firewall/antivirus Option found in windows security centre recommendations
- I installed Skype’s whiteboard meeting app last night, besides that nothing has changed from yesterday.

Any Help on this would be greatly Appreciated.
Thanks,
Tom

A:False 'No Antivirus' and 'Firewall Running' Alert from Windows Security Centre (system tray)

Never used it myself but this may help: How To Use Dial-a-fix To Repair Windows Internals Problems http://www.bleepingcomputer.com/forums/topic160132.html

Read other 16 answers
RELEVANCY SCORE 92

Please help! For the past few months our computer has been constantly popping up virus messages. Every few seconds we get a Windows antivirus message that says windows has detected spyware... As soon as I close this box it reappears. Every 2-3 minutes we get a Windows Security Alert stating Warning! Potential Spyware Operation! And sporatically we get a Trojan Found message from McAfee VirusScan although I can not delete the infected file.

I looked through some websites and messages on this board looking for help. I downloaded Super Antispyware Free Edition and ran that program. It deleted 450+ items but the computer is running no better and the messages are popping up just as often.

Moreover, I can not access my control panel through the start menu and can not add or remove programs.

I have seen some people post similar problems and they are told to run a Hijack report. I am not sure how to do that or what that means.

Can someone please advise? Thank you so much in advance for your help!!!
 

A:Solved: Windows antivirus, Trojan Found, Windows Security Alert

Read other 16 answers
RELEVANCY SCORE 91.2

Hello all, I would like to start out by saying that what you all are doing is a wonderful thing. With so many threats on the net, it's nice to come across a site with members who actually care enough to help us out. I want to thank you all for what you do. So here's the problem(s). My son's netbook was somehow infected with this fake windows security alert virus. It would keep giving "security threat detected" messages, and try to get us to subscribe to something to fix it. It also hijacked internet explorer, telling us that we had to subscribe to browse safely. After looking around online a bit, I decided to try malwarebytes. I ran the scan, it found and removed bunch of things. Since the scan however, we have started getting these audible "commercials" that play randomly through the pc's speakers. Also, every few minutes we will get multiple internet explorer script errors, even when internet explorer isn't running. The last part of the problem also started after the malwarebytes scan, this one is that every time we try to open any program, it brings up the "open with" menu. All of this has led my son and I to become very frustrated. Any help is greatly appreciated. I ran the DDS, but could not run the gmer, because it asked me to "open with." Here's the log:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Robert at 19:27:43.75 on Mon 05/09/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.... Read more

A:Windows security alert virus... help please

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------Download EXE File Association Fix and Save it to your Desktop.
Extract the reg file to your desktop and double-click xp_exe_fix.reg
Answer 'Yes' to merge/add it to the registry.
Click 'OK'.
X out of the window.
------------------------------------------------------

You should be able to run gmer and other executables now. Please post the gmer log in your next reply.

------------------------------------------------------

Read other 19 answers
RELEVANCY SCORE 91.2

Please help! Is the "Windows Security Alert" and "the Red shield" on the task bar a Virus?Thank you from TiredOfVirusesLogfile of Trend Micro HijackThis v2.0.2Scan saved at 21:06:52, on 10/11/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\BroadJump\Client Foundation\CFD.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgrssvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exeC:\WINDOWS&#... Read more

A:Is Windows Security Alert a Virus?

Hi tiredofvirusesWelcome to Bleeping Computer.I'm maranatha and I will be handling your log to help you get cleaned up. I am a student here at BC so all my posts will be checked by one of our experts, so there may be a slight delay between posts.Please do this.Download RSIT by random/random and save it to your desktop.Double click RSIT.exe to start the tool.At the disclaimer, please use the drop down box to select 3 months for the file/folder search, then click Continue.If prompted by your firewall to allow RSIT to access the internet, please allow it. It will be updating yourr version of HijackThis.When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.Please post the contents of those logs here in your next reply.Thanksmaranatha

Read other 2 answers
RELEVANCY SCORE 91.2

Hi,

Since yesterday, I keep getting these pop-ups for Windows Security Alert then my computer tries to install Windows Anti-Virus 2009. I've downloaded an ran multiple anti-virus softwares but nothing seems to work. I looked on your forum and saw that you've recommended the following to things for other users with similar problems.

1. SmitfraudFix (by S!Ri) - I downloaded this zip file, extracted the files, rebooted my comp to Safe Mode, but when I try to open the SmitfraudFix.cmd file, I get a command prompt screen for 2 seconds then it disappears.

2. I also tried downloading and running the Superantispyware (SAS) free home version - I was able to successfully download, but when I select the .exe file to install, nothing comes up.

I'm not sure what else i can do, any suggestions?
 

Read other answers
RELEVANCY SCORE 91.2

I ran rkill, malawarebytes, vipre anti-viurs and it stopped the alert message but now my computer is freezing when I shut down and half the time it doesn't get past the welcome screen when I boot it up. Explorer also freezes when I open tabs or try to navigate to links. Also continue to get random pop ups. When I first encountered problems I did a system restore which did not help and afraid it may have caused more damage.DDS (Ver_10-10-10.03) - NTFSx86 Run by Matt Sands at 18:02:28.65 on Fri 10/15/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2490 [GMT -4:00]AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}AV: Sunbelt VIPRE *On-access scanning enabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}FW: Sunbelt VIPRE *enabled* {FF1CD5B7-1553-4625-A258-1775385CED33}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate ... Read more

A:Windows Security Alert Virus

Hello Stakkibotris ,Sorry for the delay. If you still need help, please post a new DDS/HijackThis log and I'll be happy to look at it. Thanks,tea

Read other 17 answers
RELEVANCY SCORE 91.2

Hi my name is Dean and I am new here. I have tried reading some of the othere posts with similar problems to mine and have already run SDFix, SmitfraudFix, Kaspersky Online Scanner, Malwarebytes, Superantispyware Remover, McAfee online Scan, Webroot Windows Washer,AVG Antivirus and Spyware, Spybot and Adaware and Vet Antivirus and I STILL HAVE THIS THING POPPING UP ON MY SCREEN.It has popped up 4 times while I wrote this message so far.Here is a copy of my HJT report and SDFix report and I have attached a word doc that has a pic of the alert I get. Please note that everytime the alert comes up the virus name changes. Some I have seen are:Trojan.Spy.Win32.Logger, Trojan.Spy.Win32.Agent, Trojan.Spy.Win32.Greenscreen, Trojan.Spy.Win32.bankfraud, Trojan.Clicker.Win32.Tiny.h and the list goes on.PLEASE HELP.This is My SDFix Logb]SDFix: Version 1.218 [/b]Run by Dean on Fri 22/08/2008 at 23:32Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRebootingChecking Files : No Trojan Files FoundRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-22 23:38:45Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidde... Read more

A:Pop Up Windows Security Alert Saying I Have A Virus

Hello allin1piWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 1 answers
RELEVANCY SCORE 91.2

I got pop ups for windows security alert and now all these porn sites are popping up and I can't do anything. We got this at work in Dec and someone from here helped me remove it. It was time consuming but it worked well. Can anyone help PLEASEEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:windows security alert virus

BC Removal Guide, Windows Security AlertThere are a number of these bogus programs...users need to provide accurate names to obtain the appropriate attempted solutions.Louis

Read other 18 answers
RELEVANCY SCORE 91.2

I've had this virus for a couple of weeks now I believe. At first it told me that I had a virus or malware had infected my computer, etc., etc. I ran malwarebytes and avira, removed some files from the registry, all based upon reading entries from this forum and others. That seemed to work for about a week. Now, I get popups telling me various things, such as Damaged hard drive clusters; RAM memory is critical; Delayed Write Filed; etc.

It won't let me run Windows Defender, Windows Firewall, DDS, gmer, but it still does let me run Malwarebytes, Avira, and Hijackthis. Also, i can't access MS Outlook and must get my mail from another machine.

Help! I can post the last logs I got from when I ran the above programs or I can run them again to create new ones to post. Please let me know. Thanks!

A:Windows Security Alert Virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

Read other 3 answers
RELEVANCY SCORE 91.2

I keep getting popups in my task bar saying 'windows security alert' telling me the computer is infected. However, upon clicking, it takes me to the AV security suite demo, then wants me to buy the product.

However, now I can't open anything. Ive tried clicking Spybot and Adware and the popups just say, application cannot be executed. File is infected. I tried downloading Malware bytes.. but after installation it too wouldnt open.

Might I be able to run these in safemode?

I dont know what to do. Any advice is greatly appreciated. Thank you.

Read other answers
RELEVANCY SCORE 91.2

where can I get a up to date download of hijack this? Is this where I should start? I have Vista. It says windows security alert, infilration alert, details 114,153,104,236 port 42988 attack port 61441 threat win32/nugel.e , Thanks
 

A:Windows security alert virus. Help

Read other 13 answers
RELEVANCY SCORE 91.2

I have a Windows security alert popup telling me that windows auto update is infected and that I need to activate my AV software and update.I am locked out of task manager and add/remove programs; I have tried Spybot, AVG, MBAM, HijackThis, and Process Explorer...nothing works. Can any of you give me a hand with this? Thanks in advance.
 

A:Windows Security Alert Virus

Read other 6 answers
RELEVANCY SCORE 91.2

Hi,

I recently got a virus on my laptop and am not sure how to remove it. Its the Windows Security Alert Virus. Any program other than browser won't open and I get a prompt saying that file is infected. The Windows Security Alert prompt keeps popping up in the lower right corner of the screen. And another window opens up with a fake scanner, link to purchase the virus software.

I scanned my computer a couple of time. And cleaned up some bugs in that process, but that didn't get rid of this particular virus.

I ran HijackThis and my log is below. Can anyone review this and see if they kow what the problem is? Any thoughts on what to do would be great. Thanks!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:53:13 AM, on 12/1/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Roger\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\... Read more

A:Ad Pop Up Virus - Windows Security Alert Pop Up

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 90.8

Hello:My computer seem to have been infected by a malware. I cannot successfully run DeFogger and DDS tool. Below is a summary of the problem.After visiting an obscure website, I started getting multiple Pop-ups. Several Pop-ups have a title "Antivirus software alert" in white letters on red background. One pop up reads "Attention! Spyware Alert; Vulnerabilities found. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry. It is strongly recommended that you disinfect your computer and activate realtime secure protection against future intrusions," followed by a sentence to urge me to "upgrade to full version of antivirus software to clean your computer and prevent new security and privacy attacks." It has two buttons: "Activate your antivirus software" and "Stay unprotected"Another Pop-up has the same title as the first one, but reads as "Infiltration Alert. Your computer is being attacked by an internet virus...." Then there is a "Details" section. This section has the following info. Attack from: xxx.xxx.xxx.xxx (IP address), port xxxx; Attacked port: 6618.My machine runs Vista. I have Symantec AntiVirus 10.2 Build #276 installed. Running Symantec AntiVirus does not detect any virus file.I followed "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help." But Step 6 to run DeFogger and Step 7 to run DDS to... Read more

A:Antivirus software alert

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 12 answers
RELEVANCY SCORE 90.8

I've recently been infected with a virus that keeps popping up annoying error messages such as

"WINDOWS SECURITY ALERT"
"Application cannot be exceuted. The file wuauclt.exe is infected. Do you want to activate your anti virus software?"

The virus causes pop ups for porno.com to come up constantly. I also can't run any antivirus software or start task manager as a result =/

Thanks in advance.

A:Antivirus Software Alert

Hello and welcome. Here's what we do...Run FixExe.regFixExe.reg ....click Run when the box opensRun RKill....Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way as the malware programs will start again.Now TFC by OTPlease download TFC by Old Timer and save it to your desktop. alternate download linkSave any unsaved work. TFC will close ALL open programs including your browser! Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator. Click the Start button to begin the cleaning process and let it run uninterrupted to completion. Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1alternate download link 2MBAM m... Read more

Read other 5 answers
RELEVANCY SCORE 90.8

Hi, I appear to have a major problem with my desktop pc - I am currently using a borrowed laptop - Mcafee seemed to be running fine, when suddenly an alert appeared informing me of trojans - I am now getting an infiltration alert and anything i try to open says application cannot be executed. The file ......... is infected. I have tried to run malwarebytes, but that closes, the internet will not open, all it suggests i do is run my antivirus software, which appears to be a fake that has opened in the tray. Any suggestions as to what i can do - should i just reinstall windows and lose everything i guess! I am running XP. Please can anyone assist me!

Update - Antimalware Doctor ran automatically when i restarted my computer.

Thank you, Ruth

A:Antivirus Software Alert

Hello, le's give this a go.Open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...." Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does... Read more

Read other 3 answers
RELEVANCY SCORE 90.8

A pop up started on my computer this morning. "Antivirus software alert". Unable to use Internet Explorer. Unable to check to see if Firewall was enabled or download Defogger or DDS. Cannot open Malwarebytes either. Everyonce in a while it opens an Internet Explorer page to Ads. One just popped up now. The details say "Attack from: 151.86.39.38, port 65407, Attacked port: 25937, Threat: Win32/Nuqel.E"
Thank you for the help!

A:Antivirus software alert pop-ups

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

I am writing this on my netbook because my other PC is infected with Antivirus Software Alert. I cannot open Internet Explorer on it. It is running Windows XP Service Pack 3. I tried to run Super AntiSpyware and Spybot Search & Destroy but cannot run them because of the fake security messages. I did run Glary Utilities and it found and cleaned a few things but now the fake "windows security alert" is preventing everything from working. I need to use this PC for work tonight and hope to get this cleaned off by then. I have been on vacation for a week and did not want to come home to this. Thanks in advance for any help. I did read the beginning instructions but cannot download the dds link because I can't get to the internet on my other PC. I have a flash drive so I can copy files back and forth if necessary.

A:Antivirus software alert

Hi

Try using the Last Known Good Configuration:

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY repeatedly,
this will bring up an advanced menu.
Use the Up and Down Arrow Keys to scroll up to Last Known Good Configuration
Then press the Enter Key on your Keyboard
go into your usual account

run the following program if the rogue security program is still active:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.bleepingcomputer.com/grinler/rkill.exe
http://download.bleepingcomputer.com/grinler/rkill.com
http://download.bleepingcomputer.com/grinler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and GMER.

If for some reason the machine reboots, repeat t... Read more

Read other 2 answers
RELEVANCY SCORE 90.8

Dear Tech Support,

Thanks in advance for your help with this problem. Below is the requested information including alert messages, DDS, and zipped files ark.txt and attach.txt.

My system:
Compaq Presario SR1200NX
Windows XP (no disk provided) Service Pack 3
Internet Explorer 8
McAfee Security Center
DSL connection, ethernet, 2-Wire Gateway (modem/router from AT&T)

I received a suspicious pop-up alert while surfing a questionable website. After closing the pop-up an unfamiliar program called Antivirus Live began to scan my computer. Upon closing the program I was directed to a website to purchase Antivirus Live.

Several alerts followed, and reappeared after closing:


-Security Warning
Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?

-Antivirus software alert
INFILTRATION ALERT
Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar.
DETAILS
Attack from 160.182.218.236, port 43366
Attacked port: 51365
Threat: BankerFox.A
Do you want to block this attack?

-Windows Security Alert
Application cannot be executed. The file wscntfy.exe is infected. Do you want to activate your antivirus software now?

-Windows Security Center
Virus Protection - Out of Date

-Internet Explorer
www.porno.org

-Spyware Alert!
Vulnerabilities found
Your computer is infected by spyware - 34 serious threats have been foun... Read more

A:Antivirus software alert

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Please see this >> http://img.photobucket.com/albums/v6...ee_disable.gif

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 90.8

My sons computer is infected. It is XP professional. I can't run AVG or Malwarebytes...I get s Security Warning, application cannot be executed... Theres s box open that says antivirus software alert that keeps coming back. When I click on Internet Explorer it goes to newsoftspot.microsoft.com ... along with pop ups.

A:Antivirus Software alert...

Some types of malware will disable Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.

Read other 13 answers
RELEVANCY SCORE 90.8

Hello! I'm new to this whole website, but I've looked all over for help on this and found nothing that could actually help solve my friend's problem.

I've read a few things on this virus before, and the suggestions posted may work for my friend, but sadly, the virus is preventing add/remove programs from working.

When most files are clicked (including rkill), the virus claims "Application could not be executed. The file *** is infected."

My friend has no professional antivirus system on their computer, but I had her install Avast after the virus entered, which stopped the large red pop ups.

Malwarebytes found nothing, even on a full scan in safe mode. If possible, I would bring a USB/CD with a clean version of Malwarebytes over, but there's just no way to do that right now.

Her computer runs for about 4 or so minutes before whatever open applications freeze.

If necessary, I could get her set up on these forums to reply directly. She'd probably reply over iPhone, but could also on her computer if absolutely necessary.

Please help! Her computer is the only way she can contact a lot of her good friends, and they all miss her! Thank you so much in advance!

A:Antivirus Software Alert help!

Hello and to the BC forums.Have a look at the following removal guide: How to remove AV Security Suite (Uninstall Guide)Is this the malware you are dealing with? If not, have a look at the following link: Virus, Spyware, & Malware Removal GuidesIf you cannot see there, the name of the malware that you have, enter the exact name in the search box under "Search Guides", on the right-hand side of the page, and search for the appropriate guide.Let us know if you can't find a guide that matches your infection.If you do find the appropriate guide, follow the instructions closely.You said: "When most files are clicked (including rkill), the virus claims "Application could not be executed. The file *** is infected.""
When that happens, leave the message on the screen and run another version of rkill .... there are a number of differently named versions on the rkill download page. Continue trying to run rkill until it does run successfully. Post the log too, please.
Ensure that you do have the latest version of MBAM (1.50) AND that you do update the MBAM database definitions to the latest available.The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please post the logs and let us know how the system is running now.

Read other 1 answers
RELEVANCY SCORE 90.8

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ed at 17:02:28.82 on Thu 12/31/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2670 [GMT -8:00]

AV: Norton 360 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\WINDOWS\System32\svchost.exe -k Akamai
E:\WINDOWS\system32\CTsvcCDA.exe
E:\WINDOWS\system32\svchost.exe -k hpdevmgmt
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
E:\Program Files\McAfee\MPF\MPFSrv.exe
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\svchost.exe -k HPZ12
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\System32\snmp.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsv... Read more

A:Antivirus software alert

Here is my description. Somehow it got moved before I sent the post. A bogus antivirus program came up saying my computer is being attacked.I thought it was my virus program and clicked on it. Mistake. It wants to run a scan no matter what so I end up shutting down. I've seen this problem alot doing a search, so I think you guys know the details. I've heard it called scareware. If not, let me know and I will tell you more. At first, I couldn't run any scans and I could not get into safe mode so I ran rkill.com and it gets rid of it until I reboot. Then it returns but I was able to run DDS and GMER so here they are. I do have my Windows XP disc upgrade.

Read other 3 answers
RELEVANCY SCORE 90.8

Hello

my computer is infected with antivirus software alert. when it first popped up, i ran rkill and malwarebytes to remove it and the pop-ups stopped. i had to restart my computer for something else, and after i restarted, the pop-ups came back and now i cannot do anything with it. i cannot run malwarebytes, rkill, internet explorer, microsoft word, open my control panel, open task manager or any program for that matter. i tried going into safe mode with networking and downloading spyware doctor to no avail. i also tried to run my antivirus programs in that mode, and nothing has worked. i do not have firefox installed on the computer. currently, i am using another computer to post here. any help would be gratefully appreciated. thanks.

BK

A:Antivirus Software Alert

I am having the same problem. Everytime I log on I get all sorts of alerts that my computer is infected, and I get sent to Antivirus.net where they try to sell me an anti-virus program to fix the problem.

I am sure this is a scam to get me to by a product that I do not need from whoever is behind antivirus.net for a problem that THEY created with some kind of trojan or worm.

Read other 8 answers
RELEVANCY SCORE 90.8

Hello --

My laptop computer had multiple message windows open with "Antivirus software alert" and "Activate your antivirus software" included in them. I was able to get my Norton 360 to run using "Comprehensive Scan" option with selection to shut computer down when complete.

Several hours later when I restarted computer a message "Your computer is being attacked by an Internet Virus. It could be a password-stealing attack, a trojan - dropper or similar." appeared. I ran "Run LiveUpdate" option within Norton 360 and it completed normally. I ran Norton 360 again, this time using "Quick Scan" option with selection to shut computer down when complete.

When I restarted computer, no virus or trojan horse messages appear, but when I open Internet Explorer I get the message "Internet Explorer cannot display the webpage." When I try to "Diagnose Connection Problems" I get a proxy server configuration error.

I don't know what to try next -- suggestions?

A:Antivirus Software Alert

Hi,
sounds like you have either part of a trojan left or a version where thy messed up the proxy redirect.

On your internet explorer, click tools>internet options
(if you can not do this, mouse right on a desktop icon of IE and select internet options or do start>run, type Inetcpl.cpl and hit return)

on the window that appears click the connections tab

about 2/3rds of the way down on the right is the button "LAN Settings", click on this

on the window that appears, in the bottom half make sure "Use a Proxy Server for your...." button is not checked, if it is, uncheck it and click ok
click ok on the internet options window
try and use the internet

This will get you access to the internet but it does not remove the trojan. It may have been killed by your AV but running something else (I would uses Mbam but you may want to wait for one of the staff members to respond) would be a good idea

Also some versions of this virus will reset the proxy as soon as you exit internet options so if it reverts to not letting you then let us know

Read other 1 answers
RELEVANCY SCORE 90.4

Alright so I got this fake anti-virus from tvshack.cc, and have actually contracted it numerous times (what can I say, tv shack is amazing). Since then I have found an awesome add-on for firefox called NoScript, which blocks all the malicious crap from the site while still allowing the scripts that actually stream the videos through. I've been using this program for a couple weeks now and have not had a problem since. So, contracting this malware should no longer be a problem. The malware caused pop-ups showing fake scans, saying "buy our fake product to solve the issue we caused!" (k maybe not those exact words). It blocked me from being able to execute any application, erased my system restore points, interfered and changed the settings of programs, and would give me the Blue Screen of Death ("A problem has been detected and windows has been shut down to prevent damage to your computer"). Every time it happened, including the most recent, I cleared out most of it with updated versions of Malwarebytes Anti-Malware(first in safe mode, then normal mode) and SUPERAntispyware(normal mode only). However I'm still encountering some leftover problems. The Blue Screen of Death still occurs every once in a while (not nearly as much as it use to) resulting in an immediate and 'unexpected' shutdown. Some programs cannot be updated, installed, or activated. Superantispyware tries to update but a message error comes up saying superantispyware.exe i... Read more

A:Antivirus Software Alert (Fake Antivirus scan)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 16 answers
RELEVANCY SCORE 90.4

I somehow got a windows security alert virus and I can't get rid of it. I used malwarebytes and it did not find anything. I can't get on internet from my laptop and every few seconds windows pop up telling me I have a virus and asking me to run scans and download things.

How do i get rid of this?

A:windows security alert virus removal

Try this: How do I remove the Microsoft FakeAV Alert

Read other 1 answers
RELEVANCY SCORE 90.4

Hi Im new on here...Thanks in advance for anyones help.I have yesterday recieved a virus that pops up a fake windows security alert every 15 minutes or so claiming i have suspicious software, i have read other forums and virus sites and it seems im not the only one.name: Trojan-Keylogger.WIN32.FUngRisk: High"keep blocking" and "unblock" are grey with the only option being "enable protection" which i havnt clicked. I understand it links to a fake spyware site.I have Run virus scanners ...-AVG-Malwarebytes Antimalware-Super anti spyware-regcure-ATF cleanerNon of which have worked, so i am now at a loss at what to do ?Please please HelpThanksLogfile of Trend Micro HijackThis v2.0.2Scan saved at 11:43:51 a.m., on 30/10/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG... Read more

A:Fake windows security alert pop up virus

Hello andrewsha and welcome to BC Please follow these steps:Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Download gmer.zip and save to your desktop.alternate download site 1alternate download site 2Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.Double-click on Gmer.exe to start the program.Allow the gmer.sys driver to load if asked.If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the logYou will be prompted to restart your computer. Please do so.Run Gmer again and click on the Rootkit tab.Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".Click o... Read more

Read other 2 answers
RELEVANCY SCORE 90.4

Hi,

Looks like my laptop has been infected with the security center alert virus. I have XP installed on my laptop & I did a quick search to similar posts. Based on some of the results that I saw I have carried out the following steps

1. Saved HJTInstall.exe to my desktop.
2. Performed a system scan and saved a logfile button.

The entire contents of the log are pasted below.

Appreciate your help.

Thanks & regards

Rockingraj

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:47:34 AM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\NETGEAR\WG511SCU\... Read more

Read other answers
RELEVANCY SCORE 90.4

On Sept. 24 my Windows XP PC began flashing "pop-up" boxes resembling Windows security system, but also simultaneously screensaver page porn icons appeared, random tv-radio sounding audio runs, and security system/protection system icons appear on screensaver page and lower right bar.

I am not a tech-savvy user. I have researched and read some other users' experience with the same, both in the past and in the past week.

I am not tech-savvy. Does anyone know how to permanently remove this spyware/malware program/

Thanks.
 

Read other answers
RELEVANCY SCORE 90.4

Hey guys, need some help getting this stupid security alert virus removed, its been on my computer for months and ive tried most things to try and eliminate it and no joy. Ive been using the right programs just not the right way lol. Can anyone help please?
 

A:Windows security alert virus removal help please?

Read other 16 answers
RELEVANCY SCORE 90.4

I curently have a problem with my security center. It keeps poping up and saying do you want to block this suspicious software, trojan.win.agent.doc , net-worm.win32.dipnet.d it has more than these two these are just the ones poping up while i am writing this. I have searched forever i rand avg and superantispyware in normal mode as well as safe mode and nothing works i also ran a specialized program called sdfix that ran out of ms dos. All of these have found multiple trojans but it is like they aren't deleting them or its multiplying fast.
What really scares me is that when i run in it safe mode is that the pop ups still continue in safe mode.
Any advise on how to fix this would be extreamly appreciated.
THanks
 

Read other answers
RELEVANCY SCORE 90.4

Ive somehow ended up with the fake window security alert virus. Ive run Spyware Doctor and Super Anti Spyware remover and at first the combination of those two seemed to have removed it (the desktop icon dissappeared). However, the system try icon remains and ocassionally pops up to alert me that "Your computer may be at risk. Automatic updates is turned off. Click this balloon to fix problem." So I went into safe mode and ran Smitfraud Fix accordingly however it did not solve my problem, so Im coming to the experts. Any suggestions would be greatly appreciated.Thanks!John

A:Fake Windows Security Alert Virus

Start with this:Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.... Read more

Read other 35 answers