Over 1 million tech questions and answers.

W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(

Q: W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(

W32/Rootkit.BAK
I have recieved this virus W32/Rootkit.bac, and its stopping any updates and other applications! I can't seem to find out how to remove it or where it is, my virus scan says it will be deleted after I reboot but it returns as soon as i try viewing anything on the web, i thought by uninstalling and then re-installing Internet Explorer would help but it hasn't, does anyone know what to do? I BEG FOR YOUR HELP!!

I have it for months now and i really need it sorting, i almost reformatted my PC.. but i dont have any external storage to back everything up!

Please helpp!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:55, on 17/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Users\Freddy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.formula1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Presario&pf=desktop" target="_blank" class="wLink">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=74&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D5FBF9-3EC0-417F-A10B-B2C17F97A9E8}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{299AD407-1516-462C-A4E7-8F021A77927F}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Update Service (gupdate1c9935b12a7018a) (gupdate1c9935b12a7018a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12050 bytes

RELEVANCY SCORE 200
Preferred Solution: W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(

Read other 16 answers
RELEVANCY SCORE 50.4

I have been fighting this virus/rootkit/bootkit whatever it is for getting close to 6 months now. It started as some virus on my little brothers computer at his house which infected his router and about 5 other computers in the house. I connected to the router and it proceeded to infect my laptop, the router at my home and all the computers there as well. It also has infected 4 android phones a Palm Treo Pro with windows mobile and a palm Pre. Along with infecting anyone who connected to any of the routers. I am currently writing this from my mothers laptop which has the worst infection. She purchased a new one to replace the old one which seemed to be impossible to to fix at a cost of around $2,000. 1 Day later her new laptop was infected although it wasn't apparent to to her. I am currently go to school for my Bachelors in Computer science, my Cisco CCNA and Network security certifications. Have been building computers since I was 10 (am 28 now) and I have never come across anything like this in my life. She has been content with just letting it be because the computer works to a point. I on the other hand will not have someone or something controlling my computer. The os on this computer is Windows 7 Home Premium x64 HP laptop with a 2nd gen core i-7 that runs like its a 486 and its so infected its unreal. Also the infection causes the computers to load in Windows PE mode in a virtualized environment so nothing picks it up. I have 2 desktops and a several laptops ... Read more

A:Persistant Rootkit for over 6 months now Infects Routers Windows x32 and x64 Linux Android Phones etc

here is the dds log as well as an additional one. Will c if if it uploads this time.

Read other 3 answers
RELEVANCY SCORE 46.8

I update and save quite a few files each day, and I can see in File History that there are many saved versions for these files.
This would fill up my backup drive fairly quickly, and therefore, I need to reduce 'Keep saved versions' from the default of 'forever' to about 3 months.  But does this mean that all files older than 3 months will be deleted my File History backup?
 What happens to all my files that have only ever been saved once, but are older than 3 months?  Are these retained in File History or deleted?
The forums on File History do no make this very clear.

Read other answers
RELEVANCY SCORE 46.4

Hello,
 
Okay first of all I would like to say I have been having on going issues for months to almost a year... I have tried everything I can think of... Including wiping harddrives to DoD standards with dban, gparted etc.... I have tried monitering my connections with wireshark...  I have tried several differet anti- (virus and malware) programs including paid version of kaspersky, malwarebytes, bitdefender, eset.....
 
This problem also has involved some black hat hackers compromising my system and bank account, credit card etc all being hit and continueing to do so... I have switched ISPs , changed hardware, thrown away devices including cell phones and laptops... It seems that they were also backdoored into several of my devices and were using several different methods to continue to spread and infect other devices.. These devices include android, iphone, ipod, ipad, netbook, laptop, smart tv and even my dvd player (java).. I have tried to ask for help and seek help for this and no one can figure it out or think this cant be real.
 
I have now thrown out all laptops, and all phones at the same time and started from scratch but having issues on a brand new laptop... I am not sure this is the same issue as before... However, I would like and really appreciate if someone could help me out and view my logs and make sure.. because I have been through hell and back with all these issues.. Loss of finances, time, and sleep... SO, I truly appreciate any and a... Read more

A:Malware, Spyware, And hackers...equals months and months of going insane!! help!

GMER 2.1.19357 - http://www.gmer.net
3rd party scan 2015-06-29 18:38:16
Windows 6.3.9600  x64 \Device\Harddisk0\DR0 -> \Device\00000036 HGST_HTS721075A9E630 rev.JB2OA3J0 698.64GB
Running: 11ybrc3o.exe; Driver: C:\Users\M4M8A\AppData\Local\Temp\kxldypow.sys
---- Modules - GMER 2.1 ----
Module   \SystemRoot\System32\drivers\iaStorA.sys (Intel Rapid Storage Technology driver - x64/Intel Corporation SIGNED)(2014-09-02 06:28:41)                                                fffff800f9c65000-fffff800f9f1b000 (2842624 bytes)
Module   \SystemRoot\system32\DRIVERS\edevmon.sys (Devmon monitor/ESET SIGNED)(2015-01-30 23:13:30)                                                                                          fffff800fa393000-fffff800fa3d2000 (258048 bytes)
Module   \SystemRoo... Read more

Read other 3 answers
RELEVANCY SCORE 42.8

I've already run malwarebytes, combofix, Spybot.

The winfiles and Pe-files attachments are from rootkitty running on ubcd4win, although they could possibly have been modified by the rootkit before uploading, as I uploaded them from the infected machine.

Here's dds.txt,
DDS (Ver_09-07-30.01) - NTFSx86
Run by Winxp at 9:13:45.14 on Sun 08/30/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.511.182 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\avgas\guard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C... Read more

A:Rootkit, Vundo.h, Rootkit.agent, Rootkit.Rustock, Rootkit.Dropper, Slenugga, FakeAlert, WinWebSec, etc....

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 34.4

OK- I am not extremely computer savvy... I may have destroyed the computer beyond repair, but my files are not backed up and all of the videos of my son when he was a baby are on there and only there. So, HELP!!!! I had a bad virus that started as pop ups for fake virus protection- I can't even remember what it said. I gave it to my brother in law to fix and it took him a month to tell me I needed to backup my files cause he was going to dump the whole thing. Last night after plugging in the USB and having it fill up without even getting through a 1/4 of our pictures, I decided to try to get rid of the virus myself. I ran malwarebytes which found some items and told me to shut down to complete. I did, got the blue screen- started in safe mode w/ networking (got a pop up that said malwarebytes could not be located). After some more searching, I downloaded Hitman that was made for the DNS virus- I know whatever it is on my computer is really bad. The local connection icon was completely removed. Ethernet driver gone and microsoft system tools like firewall and security all gone. Here is a what hitman said before it told me to reboot to complete the deletion of the virus (s). Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.graftor.13001 (engine A), backdoor.maxplus, trojan-dropper.win32.sirefeflIK... and 57 items in tempfiles..... HELP PLEASE!

A:. Rootkit rootkit.mbr.pihar.d (boot image) ,trojan.tdlphaze.1, rootkit.win32.pihar!Ik, Win32/bootkit, Malware gen:variant.g...

Copy this tool to the infected PC FSS Checkmark all the boxesClick on "Scan".Please copy and paste the log to your reply.

Read other 1 answers
RELEVANCY SCORE 32.8

Got some problems.I am running Vista on a Gateway. Everytime I run a AVG or otherscan the computer just restarts itself without being prompted. Before it restarts it shows a Trojan, Windows Antiviruspro and Rootkit.cloaked/service-gen 3. RootkitRepeal and dds will not run but HJT will run.Any help is appreciated.Here is a HJT logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 3:18:36 PM, on 8/18/2009Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16890)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Windows\System32\hkcmd.exeC:\Windows\WindowsMobile\wmdc.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\igfxpers.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXEC:\Program Files\Glance23\Glance.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\System32\mobsync.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software ... Read more

A:> Rootkit, Trojans and Windows Antiviruspro, cannot run rootkit tool, restarts computer on scans

Hello my name is Sempai and welcome to Bleeping Computer.*We apologize for the delay. Forum have been busy.*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.*You must reply within 5 days otherwise this topic will be closed.Your log will be analyzed and you will be instructed on what to do next as soon as possible.

Read other 21 answers
RELEVANCY SCORE 32.8

I'm working on a friend's laptop and they believe one of the kids went somewhere they didn't need to be going. They said they started noticing issues on 7-20. I was going to try and clean it my self and did a little research on the rootkit and decided I needed to ask for some help. I attached the logs from malwarebytes and TDSSkiller. When using TDSSkiller I had it skip trying to "cure" the infection.
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:50 on 24/07/2012 (Elizabeth)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
-=E.O.F=-
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Elizabeth at 14:51:40 on 2012-07-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3031.2286 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C... Read more

A:Infected with Rootkit.Zaccess/Rootkit.Boot.Pihar.c, Trojan.Dropper.BCMiner

please go ahead and re-run TDSSKiller and allow it to "cure" what it findsNEXTRefer to the ComboFix User's Guide Download ComboFix from the following location:

Link

* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here
Double click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Read other 21 answers
RELEVANCY SCORE 32.8

I originally received Security Tool 2011 from golf.com.au. It came through svchost.exe.

I found and deleted the .exe and System Restored to before the infection. In safe mode with networking (i..e without firewall), iexplore.exe was startig by itself and before I picked up on this I believe I was infected with a series of trojans and other nasties. Many of these were picked up by Malwarebytes and SUPERAntiSpyware. I then used Avast! and it picked up a Win32:Cossta and the Alureon Rootkit. The Cossta trojan was cleaned. The rootkit has remained.

MBRCheck diagnosed the MBR Code as being non-normal or infected. Boot_remover identified the code as 'FAKED!'

After cleaning as much as I could with Avast! Boot scans, I attempted to use both MBRCheck and boot_remover to 'fix' the MBR. Neither were able to.

My next step was to download aswMBR.exe but it would not run. I then attempted to download GMER but the options were greyed out. I then downloaded TDSSKiller which detected 1 Rootkit which I 'cured' and 1 locked file which was 'skipped'. A log is provided below.

This allowed me to access aswMBR.exe which I ran, and posted the log below. After this I ran ComboFix (sorry!!) which said I had Rootkit: Zero Access. ComboFix rebooted and successfully went through all its 'stages'. The ComboFix log is provided below. Interestingly, I had uninstalled all my Anti-Virus software prior to running ComboFix, except for Malware Anti... Read more

A:Infected with Rootkit: Zero Access from Security Tool 2011 [Also potentially Rootkit: Alureon]

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427038 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 14 answers
RELEVANCY SCORE 32.8

Hello,I have been working on cleaning this system(Desktop PC: Dell Optiplex 7500: Windows XP SP3)for a few days now after discovering an old partially removed infection of Paladin Antivirus. Ran the usual removal tools, MBAM, Combofix, Avast Boot Scan, and F-Secure Online scans, and all show up clean now; however, the Avast real time behavior scanned is still flagging a latent Rootkit service: SVC:PRAGMApxevsticxr. Of course when avast asks what I want to do I choose delete, and it recommends boot scan which comes up clean, and the avast process starts again. Knowing I was still infected, I decided to go to the ever trusty, but lengthy ESET online scanner which found: C:\WINDOWS\PRAGMApxevsticxr\PRAGMAc.dll a variant of Win32/Kryptik.EXT trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\PRAGMAd.sys a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz1D.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz3.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedC:\WINDOWS\PRAGMApxevsticxr\trz7.tmp a variant of Win32/Rootkit.Kryptik.AZ trojan cleaned by deleting - quarantinedand then in a subsequent ESET scan: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP6\A0000075.dll a variant of Win32/Krypt... Read more

Read other answers
RELEVANCY SCORE 32.8

On Feb 14th, I posted about a rootkit that is on my system HERE in the 'Am I infected" section. It has been a very long time since I have been here, but I believe you used to have to post there first and only ended up here once someone started helping you, but I truely can't recall. Should I leave that where it is and wait for a reply there? or can that post be moved here? can the topics be merged? or should I repost my issue here and delete that post? I apologize that I am so out of touch with forum protocol here, but on the other hand, I don't want to waste anyone's time by posting in the wrong place and clogging up the wrong queue.I do have a nasty version PRAGMA Rootkit (Win32/Rootkit.Kryptik.AZ trojan) TDSS Variant. All other infections have been removed, and I believe the bulk of the rootkit has been disabled. I *think* I just need to drop a custom script into ComboFix or Avenger2 to finish the removal; however, I am not sure because I haven't seen a piece of malware this resiliant in years.The following scans have been run and their logs are saved and available for posting:DDSGMERRkillCombofixRootRepealHijackThisMBAMESET Online ScanFSecure Online ScanSuperAntiSpywareAvast Boot ScanAs well as a manually created record of all self deleted registry keys related to PRAGMA.The bulk of the pertinent information (at least what I *think* is pertinent) is in the original thread linked above with the exception of the GMER info on the rootkit.Please advis... Read more

A:PRAGMA Rootkit (Win32/Rootkit.Kryptik.AZ trojan) TDSS Variant

Post removed due to Crossposts

Read other 28 answers
RELEVANCY SCORE 32.8

Hi,Since Friday my computer started to run slow and kept crashing. I also noticed it would redirect Google searches to various webpages and not the actual link it was meant to...I have McAfee Security Centre (updated daily), so ran a scan. It revealed some trojans, namely "Spy-Agent.bw!mem, DNSChanger!ba and Generic FakeAlert!cd". Some of it was removed/quarantined while 1 or 2 files couldnt be fixed by McAfee.I then ran MBAM which managed to clear everything. Here is the log from then (28th Aug):[/color][/color]-----------------------------------------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.40Database version: 2709Windows 5.1.2600 Service Pack 328/08/2009 18:07:25mbam-log-2009-08-28 (18-07-25).txtScan type: Full Scan (C:\|)Objects scanned: 165024Time elapsed: 36 minute(s), 47 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 6Registry Values Infected: 1Registry Data Items Infected: 2Folders Infected: 1Files Infected: 12Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\C... Read more

A:Infected with Google redirect & Rootkit TDSS and Rootkit.Agent/Gen-Rustock[KBI]

UPDATE:Did an online scan with Eset, it reported the following: C:\Documents and Settings\Amit Sinha\Application Data\Sun\Java\Deployment\cache\6.0\56\3c28cc78-2a20046a probably a variant of Win32/Agent trojan deleted - quarantinedSo lloks like there are still some remanents...Anyone?===========Hello While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are... Read more

Read other 4 answers
RELEVANCY SCORE 32.8

I would really appreciate some help from someone with experience with this matter.

Introduction:

Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence.

Presentation: Installed a 2nd HDD (Exclusively for daily backups - ironic!) I did manage to fire off one Backup with win 7 backup including an image, but I doubt it is clean. Then next morning the computer was no longer in WIN7 environment but had rebooted to System Repair Panel, and despite a week of working on the problem with lots of pro and sub-pro advice online and offline, I could not get the startup repair to stop reporting that my code integrety file"C:\ci.dll" was corrupt and it could not help me. I was locked in a loop [boot start->system repair]. Safe mode, bios changes/resets, drive removals rearrangments, win7 orig DVD repair, triple startup repair cycle, replacing ci.dll w/ correct sized version (which simply reverted to "corrupt size on reboot"), restore points, using the one imagefile i had made .... no help - all roads lead to the sys rec panel.

B.T.W. SafeMode would halt boot at driver #5 "CLFS.sys" to enter system recovery console.

Positive (hopefully) Headway I've Made: I researched the details of the component library ci.dll and looked for a vulenerability or weakness I could exploit to avoid the error, and I learned it doesn't lend it's function set during kernel debug mode and unsigned d... Read more

A:Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough

Mike,

You need Jacee and/or Corinne's help with this - they are our resident security MVP's. No doubt they will see this, but I'll drop them a message and ask them to have a look at this for you.

Regards,
Golden

Read other 9 answers
RELEVANCY SCORE 32.8

Hello, I was sent here from the Am I Infected Forum by garmanma. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/260361/requesting-virus-help-malware-greenav-and-rootkit-etc/ ~ OBPrior to posting in that forum. I tried to run MBAM, Spybot, Spyunter. The programs would not run at all, I would get an error stating I didn't have appropriate permissions. I downloaded the DDS.scr file and tried to execute a scan. The scan screen popped open for about one second and closed....every program that I try to run will either not run at all, or if it does run, it will close a few seconds into the scan then shut down. If I try to run it again, I'll get an error saying I don't have permission to run that file.I have tried online scans from Bitdefender, Microsoft's OneCare, and one more (forgot the name)...but every online scan shuts down the entire browser. Also, on occasion I get a fake page saying that the webpage I requested has been blocked due to my infections, and links to me to a page regarding GreenAV. I could not run most of the tools in the preparation guide, even after renaming them. However, in the other forum I was able to run a couple of scans before the programs shut down. I was requested to start a new topic here and post the logs that I have. Thanks in advance:I was instructed to download "peek.bat" and run that program and also RootRepeal. The results from both are listed below:Peek.bat Log:Volume in drive C is SQ004214P01Volume Serial Number i... Read more

A:Rootkit and Spyware Problems: Antispyware/Antivirus/Rootkit Scanner programs all shut down when executed...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 3 answers
RELEVANCY SCORE 32.4

well once again my co workers have managed to get something that i cannot remove, last time i had a issue you guys fixed it perfectly and i am here again asking for help, somehow this computer got a virus on it that has been spamming e-mails, because of this our ip has been blacklisted and e-mails we need to go out are not going out ect ect... i would just reformat this machine but it has very specific software on it and i cannot

as far as i know the virus's are called
rootkit-agent, rootkit.protector, and agprotector, here is my DDS.txt and again i hope i have done everything correctly and i hope you can help, thank you again


DDS (Ver_09-12-01.01) - NTFSx86
Run by Big Fox at 15:18:51.93 on Thu 12/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.389 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe... Read more

Read other answers
RELEVANCY SCORE 32.4

 Attach.zip   4.33KB
  1 downloadsThis was a redirect by OBlossom,Hi Hope you can help. I clicked on a link to a web page that I shouldn't have and got a popup saying I needed to update my Adobe, thinking all was ok! When I did that another popup came and said I may be infected and it wanted me to click on their link. Which I didn't, instead I tried closing the windows, even with Ctrl-Alt-Del, it wouldn't let me. Then returning to desktop, McAfee said something wanted access and if I allowed. Again, no! The only way out was a reboot, which took some time to shutdown. When the system came back on I got a window saying Google installer had a problem and had to close, never had that before. It did have a "more info" link, which I clicked and a new window opened up saying something about UACD.SYS & WJQS.EXE! I found them in the registry, I knew I had a problem. After running McAfee it said something about NTOSKRNL-HOOK and Generic RootKit.d!RootKit. Needless to say I am here. I would continue to get that popup, about Google Installer needing to close. Also when I did a search and would click on a link I would get the "WindowsClick" and was redirected to another web page. Ok, try to shorten it, I tried a lot and nothing seemed to help. Until I read here and ran ComboFix, it seemed to work! Had to make note of some files "UAC******.dll and one UAC******.dat another was Service_Uac.sys, ... Read more

A:NTosKrnl-Hook UACD.SYS WJQS.EXE Generic RootKit.d!RootKit

I just wanted to mention an oddity I've noticed, my msn.com link in favorites keeps disappearing, I've saved it then, it's gone again! I'm not proceeding with anything else until told to do so. Though I do hope to understand this soon and rectify its problems!?thanks again,Hello RikCab,We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.Thank you for understanding.Regards,The weatherman (Moderator)Thanks weatherman, I did just read about that while scanning another's post. I was going to make a note of it here, but you beat me to it, lol. I did try to edit m... Read more

Read other 17 answers
RELEVANCY SCORE 32.4

A. McAfee scan has found multiple instances of a ?Generic Rootkit.d!rootkit?, which it calls NTOSKRNL-HOOK, and classifies as a Trojan. It has both eliminated and quarantined them.
1) As many as 2 to 5 have been found at once.
2) Once ?removed,? they appear again in no time.
B. McAfee ? Update Error
?An error occurred in updating. Please reinstall these programs:
- McAfee Security Center?
NOT DONE ? Expected to be repetitive.
C. Defrag ? no access
1) Norton Speed Disk won?t start. Error Message:
?An unexpected error occurred while communicating with the Speed Disk Service (NOPDB.EXE). Please exit Speed Disk, restart the Speed Disk Service, and try again. If the problem persists, reinstall Speed Disk.?
Reinstalled Speed Disk. Same result.
2) Windows XP Accessories Disk Defragmenter Error message:
?Disk Defragmenter could not start.?
D. Backup ? presently unable to back up.
1) My backup utility, XXCLONE, will not start. (Last backup was WAY too old.) It returns following Error Message from its initial disk scan:
?The source volume (C:) specified in the command line does not exist, or the volume label does not match. Therefore, it will be ignored.?
2) Windows XP Accessories backup component refused to start as well. Error message:
?The Backup Utility cannot connect to the Removable Storage service. This service is required for use of tape drives and other backup devices. Please exit and start the Removable Storage service using the System Services function of the Management ... Read more

A:Hijacked; Generic Rootkit.d!rootkit (NTOSKRNL-HOOK); certainly other probs.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 1 answers
RELEVANCY SCORE 32.4

Hello to any and all helpers,
I am new to this forum, so please help me follow the rules. I downloaded/ran the scans on the "new instructions" thing and will connect them to this post. 2 wks ago Friday I checked "the official" website of St. Exupery to see if one book was written before the other and up pops McAfee saying it identified 2 instances of the trojan named in the title of this thread. I was already late to class so I closed the window (IE7) and shut down the comuter, hoping it would be better later(bad move!). When I got home.. I'm trying to remember, I believe the computer started up ok to run the scan, somewhere in that day I had to restart several times because it stalled (windows was open but wouldn't do anything). I did run the McAfee scan and delete the trojans, but my computer wouldnt restart fully until the next day, when I discovered that my internet connection would no longer work (it may not have been working right away, I'm sorry I dont remember). It said it was connected but no pages would load. Since then it has not worked, even though I tried to reconfigure the connection (and my IP address). I would say that this is a problem with the modem/router, but my bf's computer is connected to the same and it works fine (this is the computer Im writing from btw, and he has no antivirus and is resolutely against it and so I can do nothing about it. I wanted to try to reestablish my internet connection before starting a thread so that I do... Read more

A:NTOSKRNL-HOOK, Generic Rootkit.d!rootkit & NO INTERNET CONNECTION

Hello, Exams+this :)
Welcome to TSF

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.
Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .

We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it'... Read more

Read other 19 answers
RELEVANCY SCORE 32.4

Dear Folks,

It looks like my computer is infected with Generic Rootkit.d!rootkit (Trojen) - File: NTOSKRNL-HOOK

I use McAfree Antivirus. Whenever I scan, it shows the following log and it says detected 1 and fixed 1.

8/1/2009 10:24:13 PM Scan Started: 08/01/2009 10:24:13 PM
8/1/2009 10:24:59 PM Scan Started: 08/01/2009 10:24:59 PM
8/1/2009 10:25:44 PM "NTOSKRNL-HOOK" "Generic Rootkit.d!rootkit" "5"
8/1/2009 10:29:00 PM Total objects scanned: 12981
8/1/2009 10:29:00 PM Objects detected: 1
8/1/2009 10:29:00 PM Scan Done: 08/01/2009 10:29:00 PM

Also I get BLUE Screen very often and my system gets rebooted automatically (screenshot attached).

Please help me in resolving this issue.

I downloaded "ComboFix.exe" from your website but didn't run it as I saw many times that I should not be run without the proper instruction / help from Technical Folks.

I'm just waiting for your response. Please help..!!

Thanks in advance.

Cheers,
Siraj

A:Generic Rootkit.d!rootkit (Trojen) - File: NTOSKRNL-HOOK

Hi Folks,Thanks for responding for my "Personal Message" from Orange Blossom ~ forum moderator and email from Administrator.As mentioned in the email, I followed the steps mentioned in the following "Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools" which is located @ http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/1. Data Backup - Done2. Verified that my computer is infected by NTOSKRNL-HOOK trojan3. Steps 3, 4 & 5 are also done6. Downloaded DDS and scanned my computer. When I tried to run this scan, I got the warning in the same Command Prompt with the message three times like "Not enough memory to complete the sort.". After that the scan has produced two files (DDS.txt and Attach.txt).7. Responded to my own topic which I've created on Aug 2nd, 2009. Please help me out in resolving this issue ASAP.Please find the log from DDS.txt file which is pasted at the bottom of this message.I'll upload the Attach.txt file, if you want. Please let me know.Problem with my computer is that - I get blue screen often and gets rebooted by itself (I'm loosing all the data). - System hangs when Windows Logon Screen appears (only sometimes); I'm not able to login. I've to hardboot.Just curious: When DDS.scr was scanning, I found that the following EXE files processing in the background in "TASK MANAGER". Please confirm are they genuine.fi.exewregs.exefindstr.exedds.screds.execs... Read more

Read other 13 answers
RELEVANCY SCORE 32.4

I have tried Norton AntiVirus and also Kapersky's TDSSKiller and neither have found any Trojans. However, I know I have one because my whenever I do a google search the results pop up but when I click on something I get redirected to another website via Click.LiveSearchNow (the addresses usually aren't website names, they're random IP addresses to sites). I have attached my logfile from HijackThis below. Any ideas?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:54 PM, on 11/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Users\Brendan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Users\Brendan\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxi... Read more

A:Trojan / Rootkit - Click.LivesearchNow - Not Detected by Rootkit Removers

I'm going to try the Junkware Removal tool since I didn't have any luck with any of the other programs I've seen thus far. I will paste the log when I'm done per the instructions I saw in another thread (see below for those).

Shutdown your antivirus to avoid any conflicts.
Right-mouse click JRT.exe and select Run as administrator
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

Read other 21 answers
RELEVANCY SCORE 32.4

Logfile of HijackThis v1.99.1
Scan saved at 2:37:34 AM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\OpenOffice.org1.1.3\program\soffice.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDO... Read more

A:first HJT log in a few months

Read other 9 answers
RELEVANCY SCORE 32.4

This computer got a virus several months ago. It redirects the browser and doesn't allow me to do a lot of things, so I got frustrated back then and stuck it in the closet. I fired it up this morning, deleted a bunch of programs, and decided to give it another try. Here's the DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Marc at 16:40:26 on 2012-06-18
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3006.1956 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\1774633010:3443472790.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe ... Read more

A:down for months

I know, being patient is one of the rules, so I apologize in advance. Maybe the title I chose, "down for months" gives the impression that I'm not too interested in resolving this issue - I don't know. I am very interested in getting help with this. I realize this is free voluntary help, and I appreciate that. I noticed that I've had 28 or 29 views, but no one has replied. I'm honestly not trying to seem impatient. Just curious that's all. I have no idea what's wrong with this computer, or how to read that DDS log. My concern is that, since there have been 29 views, I'm assuming those who do know how to read that log have looked at it and decided not to get involved, for whatever reason. If someone who reads the log and doesn't want to help could just leave me a reply saying, "You're screwed - your computer is now an anchor" that would be very much appreciated also.

Thanks again and sorry if I seem impatient. I'm not . . . much

Read other 19 answers
RELEVANCY SCORE 32.4

Site looks great... But, when you put in OT at work and have a new born at home it's hard to visit your favorite forum.... I had a quicky for the group to help solve - a 3 parter.

1st part - create a user form to display xml data - what is the vba code to display an xml node in a user form text box.

2nd part - create a macro that when run captures the hilighted words in the current PPT slide then displays it in the VBA userform textbox.

3rd part - on the same userform create a button and code that when clicked will add the text from the "selected text" field then add it to the XML doc.

thanks in advance for the input,
Red
 

Read other answers
RELEVANCY SCORE 32

I've tried almost everything to get rid of this trojan and I alway end up with one of two results. First either when the computer reboots it automatically reboot through a continous cycle once it hits the window screen. Second, I log onto windows and start to run a program, a physical memory dump occurs. I also think my external hard drive has the virus on it, although none of the hundreds of virus scans I've completed show a virus on the drive. Please give me some insite on what to do. Thanks



DDS (Ver_09-07-30.01) - NTFSx86
Run by paul at 19:41:12.95 on Sat 08/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.527 [GMT 4.5:30]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
c:\WINDOWS\system32\ZuneBusEnum.exe ... Read more

A:generic rootkit.d rootkit NTOSKRNL-HOOK problems

Hi there,

Looks a lot better, but lets run a few more checks.

1. Please open Notepad Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:


Code:
FileLook::
c:\windows\S0A0D9E6F.tmp
c:\users\paul\cc_20090725_201550.reg

DirLook::
c:\program files\My-Proxy
c:\users\paul\APPLIC~1\lsptttiq
c:\users\NetworkService\Application Data\lsptttiq

RegNull::
[HKEY_USERS\S-1-5-21-436374069-1715567821-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{52432C9E-AC35-115A-59A8-20D2B4352033}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{d620a955-eb2d-4b83-8024-1840b1f2d536}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.



5. After reboot, (in case it asks to reboot), please post the Combofix.txt report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download RegQuery by Noviciate to your desktopCopy the following registry keypath by highlighting the text an pressing CTRL and C at the same time
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogonDouble click RegQuery.exe to run the program
Paste the text you have copied using CRTL and V, into the textbox
Cli... Read more

Read other 5 answers
RELEVANCY SCORE 32

Yes I've tried running almost every possible program in safe mode to remove this trojan, but everytime I reboot I get either continuious cycle of reoccuring blue screens that reboot the computer or anytime I trying running a program the a physical memory dump occurs and the computer restarts this way. I've been working on this for about 2 weeks now and its really starting to get annoying. Please help.

A:Can't remove generic rootkit.d rootkit NTOSKRNL-HOOK

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 32

Earlier tonight, I was apparently infected with the above rootkit. I started to get Symantec AntiVirus notifications that downloaders were being deleted, and Windows Firewall kept popping up asking me if I wanted to block access to different nefarious items, the first being Rootkit.Win32.Agent.PP. I did a google search for this and found this site, in particular, this page. I started to follow the instructions on this page, so I ran MalwareBytes, which found a rootkit, among other things. I also ran the TFC program mentioned next. I rebooted after each of these. However, before doing anything else, I stopped and read the preparation guide for this forum. I next ran DDS and RootRepeal and am attaching the log files to this post.Before running MalwareBytes, I was getting frequent Symantec AntiVirus notifications, and frequent Windows Firewall notifications as mentioned above ("frequent" being 1 every minute or so). After running it and TFC, I have not gotten any more notifications. Upon reboot, though, Symantec AntiVirus reported that there were items it could not remediate after rebooting. So, I'm not entirely sure if I've gotten everything or not. I'm pasting my MalwareBytes log below, and then the DDS log.Thanks in advance for any help you can provide. Just to be safe, I am disconnecting my computer from the network tonight and will check any replies from another computer.-----MalwareBytes log:Malwarebytes' Anti-Malware 1.43Database version: 3485Windows 5.1.2600 Service Pack... Read more

A:Rootkit infection (possibly Rootkit.Win32.Agent.PP)

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

Read other 11 answers
RELEVANCY SCORE 32

I need help removing Generic Rootkit.d!rootkit from my computer using Windows 2000. My McAfee virus scanner is erasing it but it keeps coming back. I've tried to run McAfee in Safe Mode but it won't run. I've also tried to install and run Malwarebytes' Anti-Malware but it won't run. I was able to run Stopzilla in Safe Mode but it didn't do anything. Can't get PC Tools to run either.

Any help would be appreciated.

My other 2 laptops were infected also but they utilize Windows XP and I was able to get rid of this trojan/virus on those computers. Right clicked on My Computer and disabled system restore. Then ran Malwarebytes' Anti-Malware program which seemed to do the job.

Looking for something free to download and get rid of this.

Was afraid to try ComboFix.exe due to posts warning about this program

Read other answers
RELEVANCY SCORE 32

Currently system shows to have ntoskrnl-hook - generic rootkit.d!rootkit 5. The only AV that seems to detect it is Mcafee. It states that it has removed it and it keeps coming back. System restore is off. The different scans I have ran have seemed to taken most of it out but it just starts over and infects more. Below are the reports. Thanks for any and all help in advance. Below is DDS and I have attached the other DDS "Attach" and the RootRepeal report "ark".
DDS (Ver_09-07-30.01) - NTFSx86
Run by Bryan Miller at 20:30:32.37 on Tue 08/18/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.399 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Offi... Read more

A:Infected with ntoskrnl-hook - generic rootkit.d!rootkit 5

Hello.One of the infection is a rootkit.Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?Although the rootkit has been identified and may be removed, your PC has l... Read more

Read other 11 answers
RELEVANCY SCORE 32

Hi,

I am here to ask for help with removing NTOSKRNL-HOOK Generic Rootkit.d!rootkit infection that appears to be redirecting most browser search attempts indicating 'www.clickover.cn' within the url.

I have run DDS and included the resulting .txt and Attach as instructed.

Thank you for your support!

Regards

DDS (Ver_09-06-26.01) - NTFSx86
Run by Norm at 1:38:45.54 on Thu 07/30/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1287 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\p... Read more

A:Please Help Removing NTOSKRNL-HOOK Generic Rootkit.d!rootkit

Hello and welcome to TSF!

Regarding the rootkit and backdoors in general:

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


----

If you wish to continue follow the steps below, otherwise let me know



We are going to start with Combofix.

Download and Run ComboFix

Note to readers of t... Read more

Read other 19 answers
RELEVANCY SCORE 32

Hello! I believe my computer has an infection, and I'm not sure what it is or how to get rid of it. Hopefully I have followed the log and posting instructions carefully as I would like to avoid any delays and try to resolve this as soon as possible.What my computer is doing:It's slower than normal, but the big thing that seems to have started on Saturday 12/12/09 is that whenever I log into my eBay and PayPal account, the next page I'm directed to is a Fraud Prevention page asking me to submit a ton of personal and financial information, everything from my SS# to my ATM + PIN number. I am on the official eBay and PayPal website, happens after I log in using my username and password, I see no way to skip it, and no way to get rid of it. This is NOT eBay or PayPal, it's absolutely fake, neither site would ask for such information, there are even spelling errors. You can view a screen shot of the page here:Screenshot of Fake eBay Fraud Prevention PageDoesn't appear every single time, but often enough throughout the following day (today), at least 5-6 times out of 10. I have several eBay listings currently listed, eBay and PayPal are both important to me.What I have done - my computer infoI'm running Windows XP, sp 3, Firefox browser, Dell desktop, wired DSL connection. Only things I have done "prior" to the logs and steps asked by BleepingComputer are: 1. ran a scan with Malwarebytes (4 objects found)2. scanned with Avast antivirus (nothing found) 3. scanned... Read more

A:Rootkit infection - MBR Rootkit?? eBay & PayPal affected

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.Please download ComboFix from one of these locations:Link 1Link 2Link 3Important!You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Make sure that you save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow ... Read more

Read other 32 answers
RELEVANCY SCORE 32

64 bit, Windows 7I was having issues with youtube. Streaming was very slow and would often times stop altogether. At first, I thought I had an issue with flash player and so I uninstalled it, installed it again, and checked on updates. I still had the same issues.I ran Spyware Doctor and Malwarebytes to see if the issue was malware. Previously, when I ran either program, it would show a lot of infections, but now there were none. I then thought that it could be a browser issue so I downloaded Google Chrome. Though it downloaded, Google Chrome would not open any sites. I got an error code. This is what it says:"This webpage is not available. The webpage at http://google.com/ might be temporarily down or it may have been moved permanently to a new web address. Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error."It said a couple of times that I wasn't connected to the server, but to me that didn't make sense because I was online and surf the web with Firefox.I downloaded other types of anti virus and malware programs to see if it would help. This is a list: spybots, ad aware, bitdefender, avg, kaspersky.None downloaded. I received messages saying that the files were corrupted. There would be a bunch of programs opening while doing this. They were moving so fast so I couldn't catch any of them.I tried to do online scans. Those didn't work either. Same message.I tried to download these programs in safe mode with networks. They did not download. I trie... Read more

Read other answers
RELEVANCY SCORE 32

Hello,
Malware has been detected on my computer and I cannot seem to to get rid of it. AdAware detected the rootkit specified in the post title, and what sound like radio ads are playing even when I have no programs running. I downloaded and ran the DDS program but the dds.txt file did not generate. The attach.txt file did generate but I can't attach it since I had to write this on my iPad (see below).
I'm trying to give as much information as possible, so here are two more issues that I believe are related:
1. IE was barraged with unrequested cookies from random websites until I changed the settings to reject all cookies. IE and Firefox also now take 1-2 minutes to load a page, and in some cases never load it. This is also what happened when I tried to submit this post from my computer (I'm now typing this on my iPad).
2. McAfee has blocked about 25 executions of svchost.exe as mass mailing worms. I can upload that log file if needed.
Please help me get rid of the malware on my computer, and adjust my settings to increase security and prevent future infections.
Thank you!

A:Rootkit detected [Rootkit.MBR.Mayachok.B (Boot image)]

Hello, I am a Computer Software Technician. I will help with your rootkit. There is a few different solutions to your rootkit. (I GAVE EXTRA INFO TO HELP YOUR COMPUTER SPEED INCREASE.)
 
1. Install and Run TDSS Killer (download from bleepingcomputer.com)
 
2. Install and Open MalwareBytes DO A THREAT SCAN (malwarebytes.org) download it from there and make sure you go into settings and then detection and protection and set it to scan for rootkits. Fix anything it finds. Restart computer. There is manual ways of removing viruses but that I will not tell you. You can damage your computer. You have to be highly skilled to know what to delete.
 
3. Run Hitman Pro (download from surfright.nl) and delete what it finds and restart your computer. It will find what Malwarebytes did not. If anything was not found.
 
4. Download from bleepingcomputer.com AdwCleaner and run it and delete anything it finds. That will speed up your computer. Will delete adware and registry issues. Restart Computer
 
5. Download CCleaner free version from piriform.com. Run the cleaner and registry cleaner and delete everything it finds.
 
6. Click the Start Orb type run in the search box and click it. Type temp and clear everything out of that folder and then repeat opening run and type %temp% and delete everything in that folder. Run once more and type prefetch and delete everything in that folder. Restart computer. This will speed up your computer as well. MalwareBytes may hav... Read more

Read other 8 answers
RELEVANCY SCORE 32

Good afternoon

As the title says, I have been getting BSOD for nearly 2 months and I have tried almost everything to fix it as follows:

- I have reinstalled windows 7 and formatted my harddrive
- Sent the pc to an IT expert for 3 days where he performed all sorts of diagnostics and found nothing to be wrong with it
- Sent it to 2 other IT experts and specifically explained to them that they need to use the pc and make sure to turn it off and on about 3 times before the bsod happens again (which they did do) yet the bsod never happens at any one else's house/workplace (perhaps I have a problem with my actual power supply socket at my room??)
- I have made sure all drivers are up to date
- I have run the command prompt "chkdsk" and it found no problems
- I have turned on the pc in safe mode (making sure to do this on the 2nd or 3rd time using it so as to expect a bsod) and the bsod still happens
- I have turned on the pc with only the essentials (monitor, mouse and keyboard) and it still crashes
- The person I sent it to said that there are no problems with the harddrive, motherboard or RAM and CPU (although I am not sure what to believe anymore)
- I have run a registry cleaner using CCleaner and it still crashed

Please help me, I am not sure what else I can try without throwing the pc in the bin. I'v attached the zipped file with all the info from the sf diagnostic tool hopefully you can help me

A:BSOD for nearly 2 months - 1E, DA, 3B and 19

3 x IT experts hey? Apparently not that expert.....


Code:
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
127.0.0.1 validation.sls.microsoft.com
Before we look any further, you need to do this:

1. Download and save this tool to your desktop:
http://go.microsoft.com/fwlink/?linkid=52012

2. Run the tool, and then click Copy - ignore any errors if they appear

3. Use CTRL+V to paste the unedited results of the tool here in your next reply

Read other 1 answers
RELEVANCY SCORE 32

June 14th was my notebook disabled by HP customer service representive. Since that date I m not able to use it. Support doesn t care. The only thing is they write me messages to calm down, that there is someone going to call me. In 2 days it is going to be 2 long months and nobody did help me. I m writting you regulary, but no effect. I did call you many times but effortless, just time wasting I spent more than 15 hours on the phone. I spent more than 6 hours calling to Microsoft guys, no solution so far. So 1/12 of the warranty of the NTB is over, but warranty is not used, because nobody from HP support cares.THIS IS BiG FAIL OF HP.Ivan




Ivan - dare to call me HP Support

Read other answers
RELEVANCY SCORE 32

Hello all. I have recently bought this laptop in February. In the past week it has decided to start crashing on me.... I am not using strenuous software, only youtube, microsoft word and google chrome.  It happens very randomly, the screen will freeze on the current page and then a buzzing noise for 10 seconds will follow.The noise will stop but the screen continues to stay frozen... Only resolved by holding the power button down as both mouse and keyboard are frozen/inactive.  I have searched for solutions.... updating drivers.... reinstalling drivers.... scanning for viruses.... however nothing has come up or resolved this.I am in desperate need of the laptop at the moment due to University deadlines, however the freezing continues to hamper my progress, whilst losing work between saves.  Any solutions would be much appreciated! Thanks in advance! P.S. I do have the HP 1 Year warranty? Aswell as a John Lewis 7 Year warranty.

Read other answers
RELEVANCY SCORE 32

Hello,

I have noticed that over time my computer has begin to run very slow, especially when i am on the internet. On any occasions i have had stop loading the page to try it again and i dont lose any what i was working on it comes right back to the page. My has also been shutting down of it's own, but once i reboot it does not do it again for a while. i have heard about P2P sharing and yes i was one of the idiot who was involve in it. i was using limewire but has now removed it from my machine. if you could help me get my system up and running the way it should i would greatly appreciate it.

Thanks,
Fred



DDS (Ver_09-06-26.01) - NTFSx86
Run by Fred and Tiffany at 21:07:31.17 on Sat 07/18/2009
Internet Explorer: 7.0.6001.18000
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2494.1277 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService ... Read more

A:I post three months ago please help

Please read ?Virus/Trojan/Spyware Removal Help ? and follow the instructions very carefully; then, post all the requested logs and information in the Virus Help Forum

If you cannot complete any step, just miss it out and do what you can, but be sure to include this information in your post.
Please ensure that you create a new thread in the Virus Help Forum; not back here in this one.

Please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can.

Because of recent changes in the way malware affects the computer and the way it incorporates itself into the operating system we no longer allow users that are NOT a part of the security team to post a reply or fix to a users thread, nor to offer specific malware removal advice in any section of the forums.

Read other 5 answers
RELEVANCY SCORE 32

For around the past three months I have been getting the bsod. I have changed hds and reformatted twice to load the os but still get this bsod. Whats strange is that the puter may work fine for days and then crash or then start to crash over and over (reformat). I am getting tired of reinstalling the os so is ther anyone here who can read these minidumps and maybe tell me what to look at first, thanks.

A:BSOD 3 months

For some reason I cant read the minidump files. What errors are you
getting when it bluescreens? When you format are you using the
xp format utility?, if so bad idea, xp does a very poor job at that. If
you had os problems before the format, you will more than likely
have the same problems after the format.

Read other 19 answers
RELEVANCY SCORE 32

To this point, I've replaced the video card and hard drive once, and the RAM twice. So physically it's not any of those.

But I'm still getting crashes when I try to play games, and I can't figure it out. Very frustrating. When I get a crash, it will also crash on startup some of the time.

I would really appreciate some help to get this fixed after months and months of problems!

Windows 7 64 bit (I reinstalled Windows once since installation, but it's off the same installation CD)
OEM version of Windows
Computer is a little over one year old
Reinstalled Windows once, a few months ago I believe

AMD Phenom II x2 (3.1 ghz)
ATI Radeon HD 5670 w/ 2 gigs RAM
Power supply: Azza Xtremegear 600 watt
ASUS M4A78LT-ME LE motherboard

A:BSOD, months later

Please enable driver verifier - http://www.techsupportforum.com/foru...ed-473665.html

You may have a possible virus/rootkit infection. Please read the instructions outlined here on how to scan and remove a rootkit

Please also run a malware scan using a program such as Malwarebytes.

Run a hard drive scan using Seatools


Code:
\SystemRoot\SysWow64\Drivers\tcpipBM.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
This belongs to Bytemobile Kernel Network Provider for Bytemobile Optimization Client. Is this some sort of software installed on your system. Try browsing to c:\windows\system32\drivers and changing the extension from .sys to .bak. This will prevent it from loading and should eliminate that error.


Code:
Rt64win7.sys Fri May 22 10:52:30 2009 (4A16BC2E)
Update your Realtek network driver - here


Code:
athrx.sys Mon Sep 21 22:47:11 2009 (4AB83AAF)
Update your Atheros WiFi driver - here. Scroll down a little bit and you will see Click for Download. Click it and the download should start.


Code:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\Mike\Downloads\Zipped Files\Windows_NT6_BSOD_jcgriff2\032911-30794-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*C:\Symbols*... Read more

Read other 19 answers
RELEVANCY SCORE 32

I don't remember what I was doing with the computer (if anything) when it BSOD-ed last month, but this month I was capturing video from a PVR. Something not very stressful at all and something that's been done hundreds of times before. Attached are the dumps and, being a novice, I have no idea what they mean. Thanks in advance for any help!

Read other answers
RELEVANCY SCORE 32

I built my computer about 2 years ago. Here is the hardware:
Gigabyte GA-EG45M-DS2H motherboard
Intel E8500
Corsair 8GB (4x2GB) DDR2 800MHz/PC2-6400 XMS2 DHX Memory Non-ECC Unbuffered CL4(4-4-4-12)
3x Samsung SpinPoint 1TB hard drives
Running Windows 7 in 64-bit

Every three or 4 months, the computer "dies". At start up i get blue screen saying:

A problem has been detected and windows has been shut down to prevent damage to your computer.
A process or thread crucial to system operation has been unexpectedly exited or
(some other stuff about did i just install new hardware etc)
Technical information:
STOP: 0x000000F4 (0x0000000000000003, 0xFFFFFA8007699730, 0XFFFFFA8007699A10,00
XXFFFFF80002D9FF40)

Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memory.
Dumping physical memory to disk:

Over the last couple of years this has happened 4 times. What I did in the past was to re-install the operating system on a new, blank hard drive, and then copy over all the info from the previous hard drive. That has worked fine, which makes me believe this is not a problem with Windows, but possibly a problem with the motherboard.
What i also find strange is that after installing the OS again, things are fine for about 3 of 4 months, then ... BSOD!

Are you able to tell me more about the error message, the reason for this problem, and how to solve it?

Many thanks in advance for any assistance you can offer.

Alex

A:Same problem every 3 months.

Can you please provide a JCGriff report as mentioned here? Thanks. That'll give us enough to feed on.

While waiting for us to analyze, you may also want to do some hardware tests in the meantime. Here's some options:

CPU: Prime95 (Torture Test; Large FFTs; 9+ hours)
RAM: Memtest86+ Run overnight (or at least 7 passes)
HD: Seatools (Short & Long Self Tests)
GPU: MemtestG80/CL

To add, you can turn on Driver Verifier. Any crashes produced while it is on have a much better chance pointing us at an offending driver (if it's caused by a driver).

Read other 7 answers
RELEVANCY SCORE 32

Hi,
I've used Windows Backup and Restore ever since I installed Win7 on this machine. There is a 750gb drive backed up to a 1.5tb WD Elements drive. I have backups set to run early Monday mornings.

Yesterday, Backup told me that my drive was full and there was no room for another backup. "manage space" told me that there were two backup sets, and one system image. The system image was 615gb. The datafile backups were 700gb, and there were two. The big one was from 5/08/11-2/20/12 and was 530gb while the second was from 2/20/12-2/20/12 and was 170gb. There were 80gb of free space.

I figured the second one was not a complete datafile backup and decided to throw caution to the wind and delete the earlier set, and then run Backup again, which it completed Tuesday afternoon. This resulted in a single datafile backup set from 2/20/12-2/21/12 which was 419gb. The system image is now 619gb, and there is 359gb of free space.


I always thought I was supposed to see multiple backup sets, but now I'm thinking it has no room to make a completely new backup set, so it just keeps appending deltas to the original set until it gets full. In that case I probably wouldn't see additional sets unless I was using, say, a 3tb drive. Is that correct?

A:Only one backup set after nine months?

its possible it is saving incremental backups, only saving the changes made since the initial backup,
check the settings

Read other 1 answers
RELEVANCY SCORE 32

hi i get bsod since a while and mostly while watching videos etc. the dump is attached. i have a dv7 2037ez hp laptop. mobility 4650, amd zm-84 2.3 ghz 4 gb ram. as we know the fan is very loud since ever and the heat problem of a common hp issue exists here too. i had some error cods on bluescreen lie 00...x124 and other i think. sometimes it says hardware error. pls help

A:Bsod once a day since months.

Welcome

Go through this thread: Stop 0x124 - what it means and what to try step by step.

Read other 9 answers
RELEVANCY SCORE 32

A warranty is supposidly 12 months yet i have only had mine 1 1/2 months and is says i only have 8 months warranty left, somethings wrong there and looking at the dispute page it looks like you cant dispute it until they says its run out????

A:warranty 12 months ????

Hi Is it registered with HP? When registration occurs the warranty would be adjusted to start from the born on date (I think you press ESC and then F1 to view this). So if you could try that and then ask again if there is still a difficulty.



Happy 2 [email protected]

Read other 1 answers
RELEVANCY SCORE 32

Hi guys.. well first of all thanks for reading my problem ...
Since about May I have been having problems with my Pc but had been finding ways for it to work somehow but today the same problem that has been going on for 3 months started again... I have a Pentium 4 Pc 1.6GHz 394mb Ram and have Windows Xp Pro installed...

The problem is that many times my computer crashes and runs into a blue screen that states that the file "sys32k.sys" has caused an error and the computer has been shut down... another blue screen that appears states that there is a "memory_management" problem and that the computer was shut down and a third blue scrren that appears says that there was a fatal error and that windows could not be started...

this last blue screen appears only whe starting up windows... and the first 2 while I am usually working or simply while on the desktop...

this is making me NUTS... literally...
I have the theory that my Hard Drive is the one with the problem because I have formatted the drive completely about 10 times and made a clean windows Xp again and the same problem appears or that my windows xp is faulty and doesn't install the file -->"sys32k.sys" correctly... I even changed the motherboard and tested it without the VideoCard I recently bought (which I taught was the original problem) but the same occurs.. I also tried using the recovery console that comes in the Windows XP instalation disc and repairing the current instala... Read more

A:3 months of terror with my PC Please help....

Read other 6 answers
RELEVANCY SCORE 32

Hi all,

Never tried using a forum before so please excuse me if I do something wrong.
I'm desperate.
I built this PC with a little help from a computer savant. He helped me chose the pieces and I put it together. It's about 15 months old. Recently it fried the main SSD from which the OS booted (after 11 months of use). It was of course my fault for filling the SSD more than 80% (I have no computer certifications, I go by instinct most of the time and then learn the hard way) ... so it wouldn't surprise me if I have something to do with the computer failing so much now.
I've also had the feeling that my system has never really ran at full potential.
I think my BIOS settings need seen to as well. It's all on "default", when I think they can be tuned according to the components... but I don't know how to do that

Anyway, I'll do my best to answer and follow the guide you provide;

? OS - Windows 7
? x64
? What was original installed OS on system? Nothing, I built the tower from scratch
? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? No, pirated version of Windows Ultimate 7
? Age of system (hardware) 15 months
? Age of OS installation - have you re-installed the OS? Twice, because fried the SSD in January-ish this year

? CPU AMD Phenom II X4 980 Quad-Core Black Edition 3.70 GHz
? Video Card AMD Radeon HD 6800 Series
? MotherBoard Asus M5A88-M EVO AM3+
? Power Supply - brand &... Read more

A:50 or so BSODs in the last 2 months

Welcome to TSF!
Quote:




? Is the OS an OEM version (came pre-installed on system) or full retail version (YOU purchased it from retailer)? No, pirated version of Windows Ultimate 7




We're not allowed to help with illegal software here as per the TSF Rules:
Quote:




You may not ask for assistance with any deemed illegal activities such as but NOT restricted to the following::

software pirating




When you have a legit version of Windows installed, please return and start a new Thread if you still have problems.

/locked.

Read other 1 answers
RELEVANCY SCORE 32

Hey guys, about 2 months ago my 30" dell lcd went, video card and mobo ( replaced it all except the 30" dell which im still trying to fix) today my 20" dell went, is this is just a coincident or could there be something else im not considering, possibly a faulty APC battery backup, or maybe something in my computer that's causing this.

thanks.

A:2 DEAD LCD in 2 months!?!?!?!

This would be the time I'd start accusing poltergeists. I know they live in my home office and do all kinds of mischief at night while I'm asleep. They've only killed one Samsung LCD monitor here.

In the real world, it's likely a terrible coincidence. It's slightly possible that your APC unit allowed a nasty power glitch to pass in to these guys and kill them. That would be harder than winning the lottery. It's most likely you ended up with the statistical anomaly of two bad LCD monitors, along with that video card and motherboard.

Do you have a lot of power outages and glitches? Do you live in lightning alley or some area with lots of thunderstorms? I still remember the night when there was a thunderstorm here and I saw bolts of electricity flashing along the chain holding the ceiling fan in our bedroom. I fully expected to go downstairs and find our computers in a smoldering pile on the floor. Nothing - fully protected by APC UPS units! Then there was the time at work when a guy hit a power pole with his car down the street and caused a 27,000 volt line to fall on the 600 volt line feeding the building where I work. There were two washing machine sized APC UPS units in the lab - they both were fried and took some PCs with them.

I know this may not help much, but you may have enjoyed reading it.

Bye.

Read other 3 answers