Over 1 million tech questions and answers.

Spywarestrike 2.5 And Mallware

Q: Spywarestrike 2.5 And Mallware

I get every five seconds a message on my computer with the text : Your computer is infected! Dangerous infection was detected on your pc. The system will now download and install most efficient antimalware program to prevent data loss and your private information theft. Click here to protect your computer from the biggest malware threats. -> But it don't help at all and when i remove SpywareStrike 2.5 it comes back when i restart my computer. He goes very slow to Logfile of HijackThis v1.99.1Scan saved at 14:28:17, on 3/02/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\hkcmd.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exeC:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEC:\WINDOWS\system32\pctspk.exeC:\Program Files\BullGuard\bgnewsag.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exeC:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exeC:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\DOCUME~1\VANDEP~1\LOCALS~1\Temp\Tijdelijke map 2 voor hijackthis[1].zip\HijackThis.exeR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exeO4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXEO4 - HKLM\..\Run: [PCTVOICE] pctspk.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dllO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dllO23 - Service: BullGuard Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

RELEVANCY SCORE 200
Preferred Solution: Spywarestrike 2.5 And Mallware

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Spywarestrike 2.5 And Mallware

Hi,Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Place a shortcut to Panda ActiveScan on your desktop.Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.Wait for the tool to complete and disk cleanup to finish.The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.Open Ad-aware and do a full scan. Remove all it finds.Run Ewido:Click on scannerClick on Complete System Scan and the scan will begin.While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Close ewido anti-malware.Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.Reboot back into Windows and click the Panda ActiveScan shortcut.Once you are on the Panda site click the Scan your PC button.A new window will open...click the Check Now button.Enter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When the download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using Add Reply.Let us know if any problems persist.dk

Read other 1 answers
RELEVANCY SCORE 44.4

here is the HJT log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:22 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\aswUpdSv.exe
D:\Program Files\Alwil Software\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\ashMaiSv.exe
D:\Program Files\Alwil Software\ashWebSv.exe
D:\PROGRA~1\ALWILS~1\ashDisp.exe
D:\Program Files\Ace Explorer\Ace Explorer\Aexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Alwil Software\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gsmsandwich.com.ph/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\ashDisp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: avast!... Read more

Read other answers
RELEVANCY SCORE 44.4

http://ad.yieldmanager.com/st%3Fad_type

How do I get rid of this off of my computer...Someone please help me

Read other answers
RELEVANCY SCORE 44.4

Hello,
a few days ago i got some virus, which took all of my memory slowly and after 15 min. it releases it slowly. Ot prevents me to instal any mallware software, and use of it when i+m logged on.
It does allow me to go to safe mode and clean stuff from there, which doesn't help when i log on normally again. System is Win XP professional SP3. Please see my comboFix log below if anyone can help me to solve my problem.
Thank you in advance,
Matjaz
ComboFix 11-10-08.01 - Matja? 08.10.2011 20:27:01.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.959.659 [GMT 2:00]
Running from: c:\documents and settings\Matja?\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matja?\My Documents\HijackThis.exe
c:\windows\$NtUninstallKB14177$\2256817183
c:\windows\$NtUninstallKB14177$\3265923636\@
c:\windows\$NtUninstallKB14177$\3265923636\click.tlb
c:\windows\$NtUninstallKB14177$\3265923636\L\hznbllxz
c:\windows\$NtUninstallKB14177$\3265923636\loader.tlb
c:\windows\$NtUninstallKB14177$\3265923636\U\@00000001
c:\windows\$NtUninstallKB14177$\3265923636\U\@000000c0
c:\windows\$NtUnins... Read more

A:some mallware

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422516 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 43.6

Having problems with program wanting me to buy an antispyware to fix my computer and I have a program already.

A:Mallware and Adware

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

Read other 1 answers
RELEVANCY SCORE 43.6

I can?t remove a software called Tango trough windows control pannel. It redirects to a site/message as in Tango.doc attached.I followed the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' but had problems with the gmer.exe file - it opens, but windows generated error message as showed in gmer-error.doc attached. I attached also the .txt log files from DDS.Any help on this topic?Thanks,Gustavo

A:Tango Mallware (?)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 43.6

Here is the log from HJT.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:39 PM, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\1E\SMSNomad\SMSNomadP2P.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\TEMP\WQ8FEE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\AccelerometerSt.... Read more

Read other answers
RELEVANCY SCORE 43.2

Windows XP.

I have tried to scan my computer numerous times for both virus/mallware trying different software programs AVG, Ad-aware, etc.. However every time I try, the scan after freezes, or computer dies (blue screen). It doesn't matter what software I use. It could freeze anywhere between 10 minutes and an hour after starting the scan. I currently just have AVG virus only on my computer. I would be nice to be able to scan my computer. Any ideas? This has been going on for quite sometime now.

I don't know if this is related or not but I also cannot get a security update (Excel) installed on my computer. All other windows updates were completed.
 

A:cannot scan for virus/mallware

Read other 9 answers
RELEVANCY SCORE 43.2

I am new to this forum so I hope I am doing this rightWell where to start. I have run countless different malware adware and antivirus programs and they all catch some problems and Remove them but they keep coming back. When I restarted my computer the other night I got an error message saying error loading c\eindows\ststem 32\kodoebu.dll I have looked for the file but it does not exisit. When I try to delete it in my startup manager it keeps coming back. I have ran all the programs that I have In safe mode and for the most part come up clean, but as soon as I restart and run them It catches more problems I am going to post my Hijack this log in hopes of getting this fixed. Thank you In advance. malwarebytes find 3 things called trojan vondo or somethingit deletes the one with the HKLM\..\Run: [dipehifage] Rundll32.exe " but it comes back after restart the other 2 say they will be deleted upon restart but arent. i am going to also post my malwarebytes log file.thank you in advance. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:28:06 AM, on 12/4/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\s... Read more

A:Mallware Keeps comeing back

Hello makemoney11 and welcome to BC. Let's see what we can find.Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop.Double-click ATF-Cleaner.exe to run the program.Click Select All found at the bottom of the list.Click the Empty Selected button.If you use Firefox browser, do this also:Click Firefox at the top and choose Select All from the list.Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser, do this also:Click Opera at the top and choose Select All from the list.Close ALL Internet browsers (very important).Click the Empty Selected button.NOTE : If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.Note: You must be logged on to the system with an account that has Administrator privileges to run this program.Close ALL OTHER PROGRAMS.Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).Click the Scan All Users checkbox on the toolbar.Do not change any other settings.Now click the Run Scan button on the toolbar.Let it run unhindered until it finishes.When the scan is complete Notepad will open with the re... Read more

Read other 1 answers
RELEVANCY SCORE 43.2

Setting: Family members PC (Dell, WinXP, round 2 years old, specs ?)

Problem: Was running slow/partial lockups, had no AV, no AntiSpy, no software firewall for DSL (yeah perfect cluter-fudge waiting right there).

What I did: First ran Ad-Aware in safe mode (cause Normal was too slow/lockups). AW found bout 500 various unpleasantries & removed them (Note: it is a year old version thats on a disc i burnt, so it could'nt find all the newer "stuff" but should have helped enough to be able to d/l new version and scan in Normal mode). Then ran Registry Mechanic found some 500 "problems" and fixed them. Booted to Normal was still slow; with WMI errors every some 10 secs, and MS Money trying to "install" (ended up uninstaling that one). Attempted to install Norton AV '04 but opted not run pre-install scan. Norton then failed to install shortly after starting, so I rebooted, began install again but did the pre-install scan. Now the fun begins: after a 1 1/2 hour scan it found some 8000 files infected with W32.Pinfi virus . Norton repaired 3000 some files and deleted some 5000 files, installed rebooted, finished install, and then I updated Norton, rebooted and then after going into the main account, it kicked me out imedately to the select user account screen. I tried other accounts, same. Even tried safe mode, same. Its almost like i'm locked out of the comp. Was thinking of ERD commander and see if some of its tools could repair it ... Read more

A:Virus/Mallware Issue

Well my friend... Norton is not a good idea.

If norton hasn't totally corrupted windows yet by improperly removing files (or lack of), then you can try un-installing it and the old version of ad-aware and try running the latest version of kaspersky anti-virus personal pro + latest updates, in safe mode with no internet connection.
This will get rid of all the viruses / spyware / malware. Some files may still be corrupted from all the viruses but chances are most will be ok. After you've finished that put a proper firewall on it. I recomend Kaspersky Anti-Hacker, or ProtoWall + BlockList Manager.
 

Read other 1 answers
RELEVANCY SCORE 43.2

Newbie Here

After Several Virus scans, and anti spy software runs I am still getting browser hijacks from party poker. what can i do next Help.

This is my Log from Symantec,
Date Filename Threat Threat Type
6/18/2007 16:31 retadpu77.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 retadpu2000219.exe Downloader File
6/18/2007 16:30 core.sys Hacktool.Rootkit File
6/18/2007 16:30 func.exe Trojan.Adclicker File

here is my hijack this log
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:10:59 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files... Read more

A:Help Virus, Mallware, Hijacks

Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {B39780D1-0EB1-43DA-B4AE-664E9732D345} - C:\Program Files\Windows Media Player\hokep43855.dll
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"



---------------


1. Download this file -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 19 answers
RELEVANCY SCORE 42.8

Hello this is my first post.
symptoms are, mouse out of control, random pop ups, programs wont start.

The following is my logs;

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:02 PM, on 15/11/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jtompai\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.msn.com/?ocid=OIE9HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = ... Read more

A:Windows 7 Mallware/virus issue

Hello crusher101048, and Welcome to the forum!
My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.
Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
The instructions being given are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
You must have Administrator rights, permissions for this computer.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
Absence of symptoms does not mean that everything is clear.
I am currently reviewing your l... Read more

Read other 2 answers
RELEVANCY SCORE 42.8

hello i downloaded ytd downloader and got a few hits in the registery by adwcleaner.Mcafee also picked up 2 trojans.
i scanned with tdss killer,malwarebyes antiroot kit,malwarebytes and zero infections.i have uninstalled new.net toolbar and ytd download from the system.

A:ytd download mallware and news.net toolbar

Were the hits related to YTD Video Downloader? YTD Video Downloader is a legitimate program hosted by popular download sites.In some cases AdwCleaner may detect items related to legitimate programs...a search should always be performed first so the detections can be reviewed.If the hits were related to News.Net Toolbar, ignore the above.Did Mcafee provide a log or a specific file(s) name associated with the malware threat(s) detected? If so, what was that name and where was it located (full file path) at on your system?

Read other 12 answers
RELEVANCY SCORE 42.8

Hello,

I was having an issue with mallware called "Mallware Doctor." So I ran Malware Bytes and after the scan it found 2 Trojans. I removed them and it asked to restart my computer to complete the process. I clicked ok, then when it restarted the normal screen came up then just went black.

I have tried rebooting several times, I am able to hit F2 and get to setup. I can also hit F8, but when I make any selection after hitting F8 it either starts again with the black screen or if i select to start it in safe mode I get a bunch of white text saying That stops halfway through the screen.

Rob

Read other answers
RELEVANCY SCORE 42.8

i can't install sp2 or access my msn home page, only hotmail. mywebsearch, funweb search, isearch keep showing up on scans, also clean my pc and bestoffers won't let me uninstall. here is my hijack this log. i have run the suggested scans and anti virus- thaLogfile of HijackThis v1.99.1Scan saved at 2:51:53 PM, on 10/1/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\runservice.exec:\program files\mcafee.com\agent\mcdetect.exec:\PROGRA~1\mcafee.com\agent\mctskshd.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\WgaTray.exeC:\WINDOWS\System32\Rscmpt.exeC:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXEC:\PROGRA~1\mcafee.com\vso\mcvsshld.exeC:\PROGRA~1\McAfee.com\PE... Read more

A:Can;t Install Sp2 Or Access Msn- Suspect Mallware

Hello johnnyw and welcome to the BC HijackThis forum. I do not see any of the items mentioned above in the log. Let's do a little cleaning and then go from there.Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htmR3 - URLSearchHook: (no name) - - (no file)O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)O2 - BHO: (no name) - {6FB72287-7980-4777-BF0C-1242A4CF3908} - C:\Program Files\ComPlus Applications\mebovik.dll (file missing)Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.OK. Reboot your computer normally, start HijackThis and perform a new scan. Use the Add Reply button to post your new log file back here along with details of any problems you encountered performing the above steps and I will review it when it comes in. Also run whatever scanner is showing the items mentioned in your post and post that log back here as well so I can see what is being reported and where it is being found.Cheers.OT

Read other 3 answers
RELEVANCY SCORE 42.8

Hi,I am in a bit of a bind here... Leave it to dumb luck to get hijacked my malware as i am writing my thesis... due in ten short days... it is manageable but really slowing my machine down.. i tried to first run a kapersky scan but IE gets hijacked when it is running...any help would be very very very appreciated...thanks you all for devoting your time to help people like me...- joshs Deckard's System Scanner v20071014.68Run by Josh on 2008-04-18 11:05:40Computer is in Normal Mode.---------------------------------------------------------------------------------- HijackThis (run as Josh.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:05:56 AM, on 4/18/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16643)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Program Files\McAfee\MPS\mpsevh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\sttray.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Winamp\winampa.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files\PowerISO\PWRISO... Read more

A:Hi... Please Help... Writing Thesis.. Mallware Hijack

Hi jotamon Sorry for the delay in answering your post. Things are very busy here at the moment.If you still need help could you please post back a new Hjt log.... things change so quickly and we need to see what's happening now.Thanks

Read other 14 answers
RELEVANCY SCORE 42.8

Hi All,

I am hoping to get help with a problem a recently discovered. I am using Windows XP SP3 (Media Center Edition). I recently noticed my computer misbehaving, slowness, occasional pop-up from Super Anti-Spyware when browsing IE7. I started to look in the usual places like msconfig and current processes running and found a suspicious dll in the startup menu. The line in msconfig currently reads O4 - HKLM\..\Run: [Jrobibere] rundll32.exe "C:\WINDOWS\atadavakul.dll",e. I have tried several utilities to erradicate the dll without success. Here are the steps I have taken so far (both in standard and safe mode):

- Run CCLeaner
- Run AD-Aware
- Run Search & Destroy
- Run Avira AnitVir
- Run SUPERAntispyware
- Run HijackThis

Running the above utilities does not get rid of the dll. The only app that seems to locate it is HijackThis. I try removing it via Hijack, but it comes immediately back after a re-scan. I also ran ProcessExplorer to look up the dll relation, and it seems to be hooked into Explorer.exe. I even went as far as running through a suggested Vundo fix solution, I saw on here months back. Still no luck. I am able to rename the dll, reboot, and successfully remove the dll. However the dll gets randomly renamed. The only things that seems to stay the same is the "Jrobibere" name. Also I tried to remove the run key from the regisrty and it immediately comes back, even if Windows Restore is turned off. Below is my DDS resu... Read more

A:Possible virus/trojan/mallware in explorer.exe

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructio... Read more

Read other 22 answers
RELEVANCY SCORE 42.8

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-06-10 21:19:16
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00047863 adware/ieplugin Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{886DD... Read more

A:Wallpaper Locked! Bugs! Mallware! Help!

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.

What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 42.8

Hello guys. I encountered this malware yesterday as I was browsing what I thought was a normal news site. I wonder if this is a "Christmas Present" others are receiving? It started giving me conflicting "virus detected" reports which I didn't know were real or AVG-related. I have AVG on my machine and ran it and it detected no problems. I have HijackThis software which I ran but am not knowledgeable enough to interpret the results. I've read several threads with this same topic but not sure if I should just follow those instructions or start a new thread. I'm running NT on a Compaq machine. Can someone help me please?

Edit: I should also mention that I had to run the System Restore option on my machine since when I attempted to boot it, and start windows, it immediately started some applications indicating that virus were present on my machine. I restored it to the previous day and this eliminated that problem but the google redirect problem is still on my machine.

Thanks!

A:Google redirect mallware on my machine

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 42.8

Referred from here: http://www.bleepingcomputer.com/forums/t/298223/ive-been-hacked-i-think/ ~ OB I'm sure I screwed up somewhere. Give me hell. I deserve it. Was I supposed to have uninstalled AVG?

A:Unknown Culprit Mallware or Virus etc.

hi,I looked at your other post. It looks like your blog may have been compromised, not your machine. Web sites can be hacked to dish out malware and/or redirects etc.

Read other 13 answers
RELEVANCY SCORE 42.8

Thanks in advance!

Problem seemed to manifest after I download a torrent of an .avi file.

- computer restarts out of the blue
- mad amount of pop ups
- won't recognize USB flash device
- desktop background image w/ text "warning dangerous spyware following viruses were found on your computer: trojan horse, pass capture and etc. Your private information may be potentially transferred to third parties. Please, check the computer using advance software. Thanks."
- taskbar popup of "warning! computer is infected"
- ntdll64.exe error (send error report or don't send) on start up and at other various intervals.





DDS (Ver_09-05-14.01) - NTFSx86
Run by Erin at 11:20:24.95 on Sun 05/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.191 [GMT -3:00]

AV: avast! antivirus 4.8.1229 [VPS 080930-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java... Read more

A:Help Needed W/ Trojan/Mallware Infection.

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Somethings to remember while we are working together.
1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am going over your logs now an... Read more

Read other 17 answers
RELEVANCY SCORE 42.4

I have an hijackthis log posted on the hijackthis forum but I thought I'd ask here too. I ran the smitremove program and it came back, several times.

is there anything extra that can be done while in safe mode, a file to remove? if theres something simple I can try I might as well save someone from wasting time going through that log.

love what your doin here fellas, thanks!

A:Spywarestrike

Please wait until someone reviews your log. This will avoid any potential conflict caused by two people attempting to help you at the same time. If you have followed the Self-help Tutorial's steps to remove it, but without success, it would be best to await experienced help from the HJT team.
Regards,
John

Read other 2 answers
RELEVANCY SCORE 42.4

Hello I cant get rid of spywarestrike . I have tried spydoctor full version and xoftspy full version and hijackthis none have done it I dont know what to do. Can someone please help? Thanx

A:Spywarestrike

How to remove SpywareStrikehttp://www.bleepingcomputer.com/forums/t/40303/how-to-remove-spywarestrike/

Read other 2 answers
RELEVANCY SCORE 42.4

Here is the LogLogfile of HijackThis v1.99.1Scan saved at 10:34:56 PM, on 1/5/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\mssearchnet.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Google\Gmail Notifier\gnotify.exeC:\Program Files\SpywareStrike\SpywareStrike.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Microsoft Location Finder\LocationFinder.exeC:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exeC:\Program Files\Koda... Read more

A:Spywarestrike

Download this program:submit files packerHighlight the files listed below in bold and right-click and selecting copy.C:\Program Files\SpywareStrike\*c:\windows\system32\netwrap.dllThen start the file packer program and right click in the white box and select paste to paste the copied file names in the field.Then press the Continue button.I will create an archive with these files and a small log on your Desktop that starts with a name like requested-file[date].cab.Rename this file to yourmembername.cab (for example grinler.cab).Then go to:http://www.bleepingcomputer.com/submit-malware.phpand fill in the required fields and browse to this file on your desktop. Finally click on the Send File button.Download Silentrunners.zip from:http://www.silentrunners.org/Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run. When it asks if you want to skip the supplemental search tests, press the No button.When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

Read other 19 answers
RELEVANCY SCORE 42.4

I followed the directions on your site to no avail. I have an icon in my system tray (notification area) that looks like a globe with the Windows logo in the upper right corner of the globe that blinks with a red circle with a white X in it.Here is my HijackThis log:Logfile of HijackThis v1.99.1Scan saved at 16:45:51, on 1/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\cisvc.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\HP Web Jetadmin\hpwebjetd.exeC:\WINDOWS\System32\inetsrv\inetinfo.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\HP Web Jetadmin\hpwebjetd.exeC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS ... Read more

A:Spywarestrike 2.5

Mod edit: unauthorized advice removed. Please see the forum guidelines at the top of this page. cjbarth, if you have acted on this advice, please post back and let us know.Papakid--Admin

Read other 2 answers
RELEVANCY SCORE 42.4

Hi, My names Brian, from Pittsburgh. first, thank you to anyone who takes the time to read this and help, I need it badly and I appreciate it. I'm happy to return the favor with any heating airconditioning problems at hvac-talk.com, im always there and always willing to help. I picked up the spywarestrike virus and ran the smitremove program in accordance with the instructions here. the program gradually crawls back in after restart. I use trendmicro and just picked up bitdefender, umm heres the hijackthis log you can take it from here.Logfile of HijackThis v1.99.1Scan saved at 6:50:33 PM, on 1/28/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\drivers\KodakCCS.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\System32\ScsiAccess.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\PD6000SM.EXEC:\SMC\SMC.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:&#... Read more

A:Spywarestrike

I need to get an export of the files being started via the SharedTaskScheduler registry key.Please download the following file and save it to your desktop:getsts.exeOnce it has downloaded, please double-click on the file, which should now be on your desktop. When the program is finished, it will create a text file on your desktop called getsts.txt and open it in notepad.Please post the contents of this notepad as a reply to this topic.

Read other 29 answers
RELEVANCY SCORE 42.4

Hello!

I am new to the forums and am seeking help. I am a computer support analyst for Tippmann & Associates and we are having problems.

A user within the company has contracted the Trojan.Zlob / SpywareStrike virus. I was reading another thread ( http://forums.techguy.org/security/431809-solved-cannot-remove-spywarestrike-help.html ) that seemed to have work for that user and I was wondering if that was a solution for just him or a global solution.

Would anyone be interested in helping? This is turning into a serious problem and I would like to know how to rid the computers of this pesky virus. Thanks!
 

A:SpywareStrike .... Help!

Read other 7 answers
RELEVANCY SCORE 42.4

Hello, I am having a problem removing Spywarestrike 2.5. I have read several forums and have ran every program that they said including, Smitrem (in safe mode), Ewido Suite, Ad Aware 1.6, Spy Doctor, Panda Activescan and my brand new McAfee software. Nothing seems to work. I ran a Hijack This scan and will post it on here for you guys. I'm at my wits end, and would really appreciate some help. Thanks!Logfile of HijackThis v1.99.1Scan saved at 2:51:55 PM, on 2/5/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\System32\hkcmd.exeC:\HP\KBD\KBD.EXEC:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exeC:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\McAfee.com\VSO\mcvsshld.exeC:\Program Files\McAfee.com\VSO\oasclnt.e... Read more

A:Spywarestrike 2.5

Hello Angi and welcome to the forum. This is a nasty one to remove and the fix must be done in a specific order. I will post those instructions, but first your HJT is not safe. It is running from a Temporary situation, this is not safe and it must be moved. I prefer: C:\HJT\HijackThis.exe. If you need more instructions, use these: http://russelltexas.com/malware/createhjtfolder.htmUse these instruction and follow the directions carefully for the best chance of success.http://www.bleepingcomputer.com/forums/t/40303/how-to-remove-spywarestrike/In #8 of the instructions, post smitfiles.txt and a new HJT log in this same thread. I will be notified and respond letting you know if we have more to do as soon as possible.Thanks...pskelleyBleepingComputer

Read other 5 answers
RELEVANCY SCORE 42.4

I hope I am doing this right... I am trying to learn about computers but there is a huge difference between adding new programs and deleting spyware. so I it says to do this:Logfile of HijackThis v1.99.1Scan saved at 12:28:31 AM, on 2/2/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\PROGRA~1\mcafee.com\vso\mcvsrte.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exec:\PROGRA~1\mcafee.com\vso\mcshield.exeC:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOW... Read more

A:Spywarestrike

Click here to download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.Click here to download ewido security suite - it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Do NOT run a scan yet. Exit the program.Click here to download Ad-Aware SE 1.06 and install' if you haven't already got it. Launch Ad-aware and click on "check for updates now" to make sure you have the latest reference file. Do NOT run a scan yet. Exit the program.Next reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive (where your operating system is installed). You will need that log later.... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

Logfile of HijackThis v1.99.1
Scan saved at 16:52:43, on 11/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\FEELitDM.exe
C:\PROGRA~1\IMMERS~1\IMMERS~1.1\IDesktop.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDO... Read more

A:spywarestrike

I followed your instructions re desparado. What do I do now to remove spywarestrike?
 

Read other 2 answers
RELEVANCY SCORE 42.4

I definitely have spywarestrike that i cannot remove and im not sure if i have anything else possibly spyaxe. any help you can give me would be much appreciated.Logfile of HijackThis v1.99.1Scan saved at 5:25:23 PM, on 2/4/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\Program Files\Common Files\AOL\1138330758\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\mssearchnet.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Java\j2re1.4.2_03\bin\jusched.exeC:\WINDOWS\system32 ... Read more

A:Spywarestrike

Hello Cooley, Welcome to BleepingComputer!My name is Nick and I will be checking over your log.Let's get started. You will want to save or print out these instructions.Download smitRem.exe ?noahdfear, and save the file to your desktop.Double click on the file to extract it to it's own folder on the desktop.Please download ATF Cleaner by Atribune.Place a shortcut to Panda ActiveScan on your desktop (in Internet Explorer, right click on Panda ActiveScan link select "Copy Shortcut" then right click on your desktop and select "Paste Shortcut" or in FireFox right-click the link and select "Save Link As" and save it to your desktop).Please download the trial version of ewido anti-malware here:http://www.ewido.net/en/download/Please read Ewido Setup InstructionsInstall it, and update the definitions to the newest files. Do NOT run a scan yet.If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:Ad-Aware SE SetupDon't run it yet!Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:===================================================O2 ... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

Cookiegal said:

Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Click here for info on how to boot to safe mode if you don't already know how.
Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
Restart your computer into safe mode now. Perform the following steps in safe mode:
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
Go... Read more

A:SpywareStrike

Cookiegal said:

Click here to download smitRem.exe.
Save the file to your desktop.
It is a self extracting file.
Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
Download the trial version of Ewido Security Suite here.
Install ewido.
During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click update
Click on Start and let it update.
DO NOT run a scan yet. You will do that later in safe mode.

Click here for info on how to boot to safe mode if you don't already know how.
Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.
Restart your computer into safe mode now. Perform the following steps in safe mode:
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop
Go... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

I keep having Spyware STrike reinstall. I also get a pseudo windows update icon in the system tray that will blink with a red X.Here's the log.Logfile of HijackThis v1.99.1Scan saved at 9:46:14 AM, on 1/10/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exeC:\WINDOWS\system32\spoolsv.exeC:�... Read more

A:Spywarestrike

Hello mct557, A tip of the hat to noahdfear for this fix. Print out these instructions as we will need to shutdown every window that is open later in the fix.Download SmitRem and save the file to your desktop. Double click on smitRem.exe and then click on Start. When it is done, click on the OK button. You should now have a folder called smitRem on your desktop.Next, please reboot your computer in SafeMode by doing the following:Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, press F8.Instead of Windows loading as normal, a menu should appearSelect the first option, to run Windows in Safe Mode.When your computer has started in safe mode and you see the desktop, close all open Windows.Open the smitRem folder on your desktop and double click the RunThis.bat file to start the tool.Follow the prompts on screen and wait for the tool to complete and disk cleanup to finish.When the tool is finished, it will will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned.Reboot your computer back to normal mode.Click on the Start button, then click on All Programs (or Programs), and then locate the SpywareStrike folder and right-click on it. Select the option to delete that folder. Post a fresh Hijackthis log, the smitfiles.txt log, and tell me how your computer is running.

Read other 2 answers
RELEVANCY SCORE 42.4

My computer starts up really slowly and lately the wireless speed starts out strong, then drops to a weaker signal. While browsing internet, mallware windows pop-up. Here are the DDS logs:DDS (Version 1.1.0) - NTFSx86 Run by Todd Maniscalco at 10:34:56.89 on Sat 12/27/2008Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.45 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated)FW: McAfee Personal Firewall *enabled*============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe... Read more

A:Computer slow, Mallware browser windows pop-up

Please download Malwarebytes' Anti-Malware from HERE or HERENote: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.NEXTPlease download RSIT by random/random and save it to your Desktop.Double click on RSIT.exe to run RSITBefore you click "Continue", make sure you change the List files/folders created or modified in the last 3 monthsClick Continue at the disclaimer screen.Once it has finished, two lo... Read more

Read other 11 answers
RELEVANCY SCORE 42.4

Hello.

I just found this site after a quick search on google and read some of the other topics with the similar problems I have.

The messages I constantly have poping up out of the right hand corner and in the middle of the screen are:

1. [email protected]
2. [email protected]
3. black door antivirus
4. net [email protected]
5. spyware cyberlog-X
6. PSW.X-Vir

I am running a windiws XP system and have used superantispyware, ad-aware 07 and spybot and deleted whatever things they have come up with but the results are the same, these messages keep popping up.

I would have added a hijackthis log if I only know how and where to acquire one.
As you can see I am an amateur at this and any help you could give would be greatly appreciated.

Thanks in advance.
 

A:Solved: A bunch of trojans and mallware problems. Please Help!

Read other 16 answers
RELEVANCY SCORE 42.4

Dear all..
I have a problem with laptop for a couple of days and I believe that you can provide me some help. I tried to find some answers in similar topics but no luck.
Here is the story..

I had ESET NOD32 installed and it failed to start. Once, twice and all of the sudden it disapeard in sys tray where it was ussually. So I tried to install an AVG but it failed to start some service. Firewall (sygate personal) also wont start...
I checked my connection and there was no local area connection! In device manager there are all exclamation marks on all network adapters.
On laptop there are Win XP SP3...

Any ideas?
Best wishes,
Milan

A:trojan/mallware or what? unable to install any antivirus

there are all exclamation marks on all network adaptersSomehow they have become corruptYou need to replace them. What is the make and model number of the computer?

Read other 1 answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

A:Installing spy mallware while laptop is sleeping or hybernating?

A file on a flash drive can not open itself.

Read other 2 answers
RELEVANCY SCORE 42.4

Hello all,First, thank you all for this site and the work everyone puts into helping us out! Now to business, noticed last weekend google results were hijacked. Haven't been able to get rid of it. Also noticed Spybot wasn't working when I clicked on the shortcut - I changed the filename of the executable and it ran ok, but nothing has really picked up a problem, between Spybot and Avira. Here is my iniital info per the Prep guide instructions:Regards,Mike SchneiderDDS.txt:DDS (Ver_10-03-17.01) - NTFSx86 Run by Mike at 21:53:31.75 on Mon 08/30/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1194 [GMT -7:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}============== Running Processes ===============C:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Common Files ... Read more

A:Infected by Google Hijack Mallware/Virus:

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs.* Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste it into your next reply. Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console so, should you choose not to allow the installation, you may not get the results you hoped for.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for either.

Read other 20 answers
RELEVANCY SCORE 42.4

Lets go straight to point, i recently moved out from a place with bad neighbours (I even had privious thread here about logons) Now what i fear is i was usually sining out of my account (adimn) and closethe laptop (which i belive leaves it in hybernating state). Now i started to fear what if some USB flash was inserted while i was out? Now i know it cant take action while the laptop is locked but, lets assume, i start it and start working without noticing there is usb insterted, will it immidiatly transmit and install anthing whitout asking for premision, Will i at least see some loading pops up or it could install/infect me silenltly. 

Read other answers
RELEVANCY SCORE 42.4

Hows it going? recently my computer started doing a whole bunch of things it has never done before and i think it all started with a program called outerinfo that appeared on my computer at the same time all this started happening. trend micro pc cillin internet security 14 came with my computer and is showing me about 10 infected files on my computer with various trojans. ive tried to manually delete and it says the file is in use or write protected. next 2 new icons appeared in my system tray that i do not trust. one is a red circle with an x in it. it says it is windows antivirus and i should download some spyware even though i already have it and i just downloaded AVG antispyware yesterday. the other icon is a yellow triangle with an exclamation point in it. when you hover the mouse over it, it says "your computer is infected"
i have a combofix and a hijackthis log. any help is very much appreciated. thank you.

Combo Fix Log
ComboFix 08-01-23.1C - Bob G 2008-01-25 21:23:24.1 - NTFSx86
Running from: C:\Documents and Settings\Bob G\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\BOBG~1\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Bob G\Application Data\macromedia\Flash Player\#SharedObjects\5W7GUH3M\www.broadcast... Read more

Read other answers
RELEVANCY SCORE 42

Hi,

I have a very persistent spywarestrike problem. I've run thru all the steps that I've seen w/going into safe mode and doing the killbox, fix.reg, smitrem, and ewido. It is to the point that smitrem and ewido don't find anything, yet when my computer restarts, Spywarestrike reinstalls itself and the pop-up in the bottom right keeps showing up. Here is my HJT log file, any light to be shed on this issue would be great. I just can't seem to find the installer that keeps on popping this malware back pn my system.

Logfile of HijackThis v1.99.1
Scan saved at 1:13:51 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\ewido anti-mal... Read more

A:Solved: More spywarestrike

Read other 6 answers
RELEVANCY SCORE 42

I followed the instructions and the following is what I have. What's next?

Logfile of HijackThis v1.99.1
Scan saved at 11:59:25 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Pr... Read more

A:Remove Spywarestrike

What instructions have you followed

If you say you have spywarestrike pop uops or screens then do this
Download smitRem.exe

or HERE
or Here
and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Next, please reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

then

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
Click the Free Trial link under "Downloads/SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:

[*]Sweep Memory
[*]Sweep Registry
[*]Sweep Cookies
[*]Sweep All User Accounts
[*]Enab... Read more

Read other 2 answers
RELEVANCY SCORE 42

I dont know where I got it, but I've got the lovely spywarestrike on my hands! I found another post on here with directions how to get rid of it but I couldnt understand them.. I've been uninstalling and deleting and... whatever and it always reinstalls intself after rebooting.. please help!
 

A:SpywareStrike Removal

Read other 7 answers
RELEVANCY SCORE 42

I have been having a problem with a recent virus or spyware that is on my computer. I use Virus Scan On Access, and every time that it pops up with the virus message it says that the virus: Spywarestrike.dldr has been deleted, But about 10 minutes later the same message will pop up. I have tried almost everything there is on the net to fix the problem. If any one could help me i would appreciate it.
 

A:Spywarestrike.dldr

Read other 9 answers
RELEVANCY SCORE 42

here is my log file

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\khooker.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe Heng\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 ... Read more

A:Solved: Help cant del away spywarestrike

Read other 16 answers
RELEVANCY SCORE 42

I need help removing spyware strike virus. I ran HJT and here is the log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:38:59 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\hpb2ksrv.exe
C:\WINDOWS\system32\hpbhksrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\s3hotkey.exe
C:\WINDOWS\system32\S3Tray2.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\hpnra.exe
C:\WINDOWS\system32\hpstatus.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\View... Read more

A:SPYWARESTRIKE Virus

Read other 16 answers