Over 1 million tech questions and answers.

System Alert: Malwear threats and System Alert: [email protected], can anyone help?

Q: System Alert: Malwear threats and System Alert: [email protected], can anyone help?

Hi, i've just come home and i have started to get lots on pop-up balloons saying System Alert: Malwear threats and System alert: [email protected]
I've also had an anti-virus search bar added to my internet explorer toolbar.

Heres my HijackThis report, could somebody please help me remove these?

Thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:01, on 20/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="wLink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9CA68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A170A6E2E} - C:\Program Files\WebMediaViewer\browseul.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.exe
O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Joseph')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Joseph')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Joseph')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent (User 'Joseph')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent (User 'Joseph')
O4 - HKUS\S-1-5-21-2158385449-3484259174-4104047386-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Joseph')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9390 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: System Alert: Malwear threats and System Alert: [email protected], can anyone help?

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

RELEVANCY SCORE 154.4

I have read on other threads that people have gotten help on these ridiculously aggravating Trojans. I keep getting a porno picture pop-up. My start page keeps going to some pestpatrol page and I keep getting a System Alert: malware Threat. I have Malwarewipe n my laptop by for some reason, it isn't detecting or seeing this Trojan. Can someone help me......In reading other requests, I figured out how to do my hijackthis: here it is:

Logfile of HijackThis v1.99.1
Scan saved at 8:08:28 PM, on 11/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1163375281\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.e... Read more

A:[email protected] Error - System Alert - marware threats

Closing duplicate.
Continue posting here: http://forums.techguy.org/security/522938-getting-trojan-spy-win32-mx.html
 

Read other 1 answers
RELEVANCY SCORE 130.4

Hi,

I got this error "Critical System Error! / System Alert:Trojan [email protected] " a few days ago. I had to select a Restore point in order to get back on the internet and now my computer is running excruciatingly slow. I ran Trend Micro Call, spybot, and a few others to try and get rid of the problem before I found this website. I have included the log as requested. Any assistance would be appreciated!!! Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:26 PM, on 12/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\... Read more

A:Critical System Error! / System Alert:Trojan [email protected]

Bump
 

Read other 1 answers
RELEVANCY SCORE 127.2

Hi,

I'm new. I think my computer has spyware / virus. This yellow triagle keeps appearing and I have new icons on my desktop as well as a different looking toolbar. I did a google search and typed in the subject [email protected] This site came up so I did some research with others that had the same problem. I ran the Bitware scan and here are the results:
BitDefender Online Scanner - Real Time Virus Report

Generated at: Sat, Nov 24, 2007 - 16:22:34
--------------------------------------------------------------------------------

Scan Info

Scanned Files
148327

Infected Files
19


Virus Detected

Trojan.Vundo.DQO
2

Trojan.Vundo.DRA
1

Trojan.Fotomoto.F
2

Trojan.Clicker.MNB
1

Trojan.Downloader.Obfuscated.CF
1

Trojan.Downloader.Agent.BHU
6

Trojan.Downloader.Purityscan.EN
1

Trojan.Downloader.JJEJ
1

Trojan.Vundo.DQZ
1

Trojan.Downloader.Downloader.DLT
3

BitDefender Online Scanner

Scan report generated at: Sat, Nov 24, 2007 - 16:14:07

Scan path: A:\;C:\;D:\;



Statistics

Time
02:04:32

Files
141982

Folders
3648

Boot Sectors
2

Archives
864

Packed Files
6658


Results

Identified Viruses
10

Infected Files
19

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
18


Engines Info

Virus Definitions
878762

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1


Scan Settings

First Action
Disinfect

Second Ac... Read more

A:System Alert: [email protected]

Bump.....help please!
 

Read other 1 answers
RELEVANCY SCORE 127.2

Yesterday I received some sort of virus/spyware. I am not sure how I got it because I was not the one using the computer when it happened, but here is whats up. I get a yellow pop-up notification in the lower right corner of my desktop saying "System Alert: [email protected]" and then some stuff about downloading software to fix it. Of course, I know that this software is fake and will only lead to more problems, but this pop-up notification will not go away. Could someone please help me get rid my computer of the spyware? I've already read some of the basic instructions on how to remove common threats but that didn't help. I've downloaded a couple of anti-spyware programs that this site has recommended and ran those with no luck. I've scanned my computer with a half-dozen anti-spyware and anti-virus programs already.

So what is the first step in fixing this problem? Thank you in advance for any help!
 

A:System Alert: [email protected]

Read other 9 answers
RELEVANCY SCORE 127.2

That is one of the things that this new spyware on my computer keeps saying. I have seen a lot of things on the web to get rid of it but they all cost a lot of money or want me to download something from a site I have never heard of. I am lost and frusterated I can not take it off myself. Any sugestions??
 

A:System Alert: [email protected]

Read other 9 answers
RELEVANCY SCORE 127.2

Help It seems like I just downloaded a virus with this message. Also a yellow triangle in the toolbar. Any help would be great! Norton doesn't help!
 

A:system alert: [email protected]

Read other 13 answers
RELEVANCY SCORE 127.2

I just came home from college for Thanksgiving break and found that my family, who's pretty computer illiterate, had managed to get a virus on the family computer. There's a bubble that keeps popping up on the task bar that says "System Alert: [email protected]" If you could help me get rid of this spyware, I'd greatly appreciate it. Thank you!
 

A:System Alert: [email protected]

Hi and welcome

* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 127.2

Hi, i'm having a problem of having a popup ,metioned about my computer is infected and required me to go to online to download the cure. I've run the microworld anti virus & spyware toolkit utility and the result shown as follow:

Object new trojan.zlob Trojan" found in File System! Action Taken: Entries Removed.

but still the problem not solve.

I've run HijackThis and here is the HijackThis Log

thank you and please do help me.
Nizam

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:56 AM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cusrvc.exe
C:\PROGRA~1\eScan\VISTA\avpmapp.exe
C:\PROGRA~1\eScan\TRAYCSER.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\PROGRA~1\eScan\TRAYICOC.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TCOstream\Client\tsrvctl_nt.exe
C:\Program Files\TCOstream\Client\tclient.exe
C:\PROGRA~1\eScan\Vista\eScanMon.exe
C:\WINDOWS\system32\wuauclt.exe
Z:\pnnvlssonew.exe
C:\WINDOWS... Read more

A:pop-up system alert [email protected]

Hi Welcome to TSG!!
Please visit this webpage for instructions for downloading and running ComboFix.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
 

Read other 1 answers
RELEVANCY SCORE 127.2

Bummer. Brand new Laptop running Win XP Pro, can't use IE, just Netscape and a persistent System Alert: [email protected] balloon in the system tray.

What do I do?

Thanks in advance.
 

A:System Alert: [email protected]

Read other 16 answers
RELEVANCY SCORE 127.2

I'm getting the same message/error as a thread I read on your site. The thread said to open a new thread (so .. here it is). I followed the steps I read in the original thread (see below), and have pasted the log file (again, below).
Any tips to help me?

(ORIGINAL THREAD STEPS I FOLLOWED)

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

(ENTIRE CONTENTS OF MY LOG)

Logfile of HijackThis v1.99.1
Scan saved at 9:14:20 PM, on 1/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winl... Read more

A:System Alert: [email protected]

Read other 9 answers
RELEVANCY SCORE 127.2

I found a thread on a similar problem and have installed Hijack this per instructions 16Apr07 in the correspondance between Cheeseball81 (tech) and diamondD1. I will paste the log file from notepad. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 1:00:25 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedul... Read more

A:System Alert: [email protected]

Read other 15 answers
RELEVANCY SCORE 127.2

This isn't my first time posting on this forum, and I prayed hard I wouldn't get infected again yet here I am. I'm not sure how I acquired this particular problem as I'm very careful not to click ads or download suspicious programs...is there any other way I could have contracted this?

Problems Associated with my bug bite: "Task Manager has been disabled by your administrator", False Security alert pop ups, task bar pop ups that say my security is at risk etc., my Desktop Background has been replaced and includes embedded links, Windows Security Center system warning pop up with alert details, and my my default internet page reset to C:\WINDOWS\system32\spywarewarning.mht on Internet Explorer. Also I'm not sure if this is of any relevence, but it takes several double clicks to activate programs, instead of the usual click-and-go.

I ran my ad-aware earlier and some of these popped up: 2020 Search, adware.BHO, CoolWebSearch, Submithook.BHO, ToolBar CC, Win Res Hijacker, and Windows.

As always, I'm deeply grateful for the help!! Here's my HJT Log, I hope someone is able to help quickly! *Fingers crossed*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:28 PM, on 5/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\servi... Read more

A:System Alert: [email protected]

Read other 7 answers
RELEVANCY SCORE 127.2

Hello I've started getting the system alert icon and all I knew that I was in trouble. I checked up a few other forums of the same subject. However I wanted to start my own so that I can post logs and know what to do to fix the problem in my computer specifically. I downloaded the HijackThis program and the log I got is as follows, and help would be greatly apreciated! Thanks:
Logfile of HijackThis v1.99.1
Scan saved at 7:39:12 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spm\spmd.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\Alias\Maya7.0\docs\wrapper.exe
D:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointServic... Read more

A:System Alert: [email protected]

Read other 6 answers
RELEVANCY SCORE 127.2

Hello!! Well, i have this problem on my machine of System Alert, there's a blue question mark button blinking all the time and giving me fake warnings of viruses. I attach here my HijackThis log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 07:46:35 a.m., on 02/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forospyware.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aplicación auxiliar de vín... Read more

Read other answers
RELEVANCY SCORE 127.2

I have the yellow warning triangle in my system tray. I have installed a couple of antivirus and antispyware programs trying to remove this spyware. A google search brough tme to this site - I've read through previous emails and installed and run Hijack This.
Could someone please help me fix this problem?
Thank you!

Here is the log from Hijack This.

Logfile of HijackThis v1.99.1
Scan saved at 8:12:26 PM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\winlogin.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\P... Read more

A:System Alert: [email protected]

Read other 10 answers
RELEVANCY SCORE 127.2

Hi there. Just wondering if you could check this logg from Hijackthis, and tell me what I'll have to do to remove the trojan, if possible:

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Norman\Npf\BIN\NPFSVICE.EXE
C:\Programs\Norman\Bin\Zanda.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programfiler\Video Access ActiveX Object\pmsnrr.exe
C:\Programfiler\Video Access ActiveX Object\pmmnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAMMER!\FRAPS\FRAPS.EXE
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programs\Norman\bin\NJEEVES.EXE
C:\PROGRAMS\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Erik\Mine dokumenter\?dobe\l?gonui.exe
C:\Downloads\aawsepersonal.exe
C:\WINDOWS\system32\MSIEXEC.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programfiler\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programs\Norman\Nvc\bin\nvcoas.exe
C:\Programs\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Programs\Norman\Nvc\BIN\nipsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Documents and Settings\Erik\Skrivebord\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - Default ... Read more

A:System Alert: [email protected]

You cut off the top of the log
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, ... Read more

Read other 3 answers
RELEVANCY SCORE 127.2

Hey

A trojan which sits on my start bar pops up in a windows looking alert with a yellow triangle and black exclamation mark, caiming that i need to download official security software. It causes winows to pop claiming to find adult files on my computer. I found a program called PMSNGR.EXE and deleted it without being in safe mode but the problem persists.

Please help, here is my hijackthis log

Thank you in advance
______________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:14, on 26/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.ex... Read more

Read other answers
RELEVANCY SCORE 127.2

Hi there!

I keep getting a pop up on my task bar with a spyware/trojan alert.

I now and again get a very annoying 'critical' pop up box telling me that my computer is infected.

I have tried AVG and ad-aware but can't get rid of it, and its very annyoing.

Could you help please x
 

A:System Alert: [email protected]

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:39:28, on 04/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\algg.exe
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\iebtmm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Ba... Read more

Read other 1 answers
RELEVANCY SCORE 127.2

Hello im new here and not very familiar with this stuff but ill do my best. A couple days ago, i just randomly got an icon on my tray which was a yellow triangle caution sign that popped up a box that said "System Alert: [email protected] and said something about downloading some antivirus thing, which i obviously didnt. Anyhoo, i got the hijackthis log and i figured since a lot of people already did, ill post it here. Thanks a lot to anyone that can help.

Also for some reason, when i open SmitFraudFix, it just opens a quick command prompt that closes in a fraction of a second. Dont know if anyone can help with that either.

Logfile of HijackThis v1.99.1
Scan saved at 20:09:28, on 11/26/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\4.bin\MWSOEMON.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WebMediaViewer\qttaskm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WebMediaViewer\hpmom.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Adin K\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program ... Read more

A:System Alert: [email protected]

anyone?
 

Read other 1 answers
RELEVANCY SCORE 127.2

Hello, my computer recently has come under attack by endless pop-ups from the system tray saying: "System Alert: [email protected]" which I'm assuming is fake. Also Internet Explorer windows continuously pop-up as well.

I have run SpyBot, Ad-Aware, and Norton AntiVirus.
SpyBot came up with a few things like Zlob Downloader which I promptly deleted but when I rebooted the pop-ups were still there.

I have searched around on the internet for a solution but have not found any.

I am running WINDOWS VISTA so I don't think SmitFraudFix will work for me. Any help would be appreciated!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:44 AM, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\WebMediaViewer\qttask.exe
C:\Program Files\WebMediaViewer\hpmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program F... Read more

Read other answers
RELEVANCY SCORE 125.6

here is my log from hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:22 AM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Intern... Read more

A:System Alert: [email protected] removal help me

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning pr... Read more

Read other 1 answers
RELEVANCY SCORE 125.6

Help, what should I post to help figure out what needs cleaned up on my computer?!
Thanks!
 

A:Solved: system alert:[email protected]

Read other 9 answers
RELEVANCY SCORE 125.6

HI, last night i got a pop up saying system alert:[email protected]
I did a bit of reading up about it on the internet and found out i needed to use HijackThis and Smitfraudfix. After using them to check my pc and saving a log file i don't know what to do next. Any help would be appreciated. I have enclosed the log files.
 

Read other answers
RELEVANCY SCORE 125.6

I have read other threads regarding this balloon popping up from the system tray every 60 seconds but they all seem to have slightly different fixing techniques so i'll post mine.
i keep getting the title message 'System Alert: [email protected]' in a balloon popping up from my system tray and it is obviously fake with it simply being a link and no other information about it so i am wondering how to get rid of it but i can see that you always ask for a hjt log so here it is.. thanks

Logfile of HijackThis v1.99.1
Scan saved at 19:05:28, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.e... Read more

A:Solved: System Alert: [email protected]

Read other 11 answers
RELEVANCY SCORE 125.6

I've read other threads about people experiencing the same problems, but I wanted to start my own just to be safe.

There's a pop-up on my system tray that says:

System Alert: [email protected]
Vulnerable: Windows 95/98/ME/NT/2003/Windows XP
Description: Spyware program that sends confidential information to a remote attacker
Protection: Click this baloon(sic) to download official security software

My IE homepage has been changed to http://asecuritypaper.com and I keep getting these pop-ups that tell me to download fake spyware programs like SpyHeal, VirusBlast, etc. There was also this new toolbar in my IE window, and links in my Start -> Programs menu to Online Security Guard Security Troubleshooting.

Spybot didn't do anything, so I tried fixing this by deleting everything that seemed malicious. Specifically, I tried add/remove programs on this Video Access ActiveX Object 1.15 that I thought was the cause of everything, but it said I had to reboot my computer before even uninstalling and it never worked. I deleted everything I could from that folder in my C drive, but some things I just can't remove. As a result, the toolbar on IE is gone, I still get pop-ups. I also tried a system restore which did nothing.

I ran HijackThis as was advised in similar cases. Here is the Log file:

Logfile of HijackThis v1.99.1
Scan saved at 4:53:25 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Ru... Read more

A:Solved: System Alert: [email protected]

Read other 13 answers
RELEVANCY SCORE 124.4

I have picked up some virys that puts an annoying pop up through the system tray. It say: "System Alert: [email protected]". My Norton Anti-virus does not detect it and my spyware doctor does not stop it. I would very much like to get rid of it. I have already downloaded "Hijackthis" Below is the scan file created. What next???? Thanks

Logfile of HijackThis v1.99.1
Scan saved at 8:37:47 PM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\W... Read more

A:Solved: Pop up Virus (System Alert: [email protected])

Read other 7 answers
RELEVANCY SCORE 124.4

Hello All,
I found amongst your forum partial instructions as to how to address this problem I am having. I downloaded HijackThis and did as you had instructed another victim. How do I rid myself of this popup warning me of this trojan-spy..... violation?
Below, please find what Hijack this discovered:

Logfile of HijackThis v1.99.1
Scan saved at 8:22:10 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Fi... Read more

A:System Alert: [email protected] Warning PopUp

Read other 8 answers
RELEVANCY SCORE 124.4

Hi, I read in an other post that a guy was having the same problem, but I cant find the thread again. A balloon message is poping on the systray saying: System Alert: [email protected], im pretty sure is malware. I used the VirusBurst automatic fix that I found searching in google but the alert is still there . Can you help me please?
Here is my HJT Log.

Logfile of HijackThis v1.99.1
Scan saved at 11:30:04 a.m., on 28/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Agnitum\Outpost Firewall\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VideosCodec\pmsngr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\VideosCodec\pmmon.exe
C:\SCANJET\PrecisionScanLT\hppwrsav.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\... Read more

A:System Alert: [email protected] false message

Read other 15 answers
RELEVANCY SCORE 113.2

I'm getting a balloon from my bar with the message in the title. Could someone help me get rid of it? It also said something about spyware...what do I do?
 

A:System Alert: Malwar Threats

Read other 7 answers
RELEVANCY SCORE 113.2

Please help!

I get the following popup in the notification area of the taskbar:

"System Alert: Malware threats
your computer is infected with a back door trojan that allows the remote attacker to perform various malicious actions. Click this baloon to download malware removal software."

I also get popups from Internet Explorer eventhough I actually use Firefox as a browser.

See Hijackthis log below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:40:10 AM, on 2008/03/20
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetProject\scm.exe
C:\Windows\ATK0100\HControl.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\UMonit.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\Go... Read more

Read other answers
RELEVANCY SCORE 113.2

Hi, Need some help. Getting plagued with pop-ups and Malware alerts. I have scanned with :

Ad-ware SE
Spy Bot
Error Doctor
XoftSpy

But nothing seems to clear it!!!

I keep getting the SYSTEM ALERT:MALWARE THREATS (Your computer is infected with a back door Trojan that allows the remote attacter to perform various actions. Click this balloon to download malware removal software.

When you click this, it takes you to various cleaning sites/software!!!


Any Help Appreciated!!!

ComboScan v20070221.16 run by Gary Gregg on 2007-02-23 at 14:26:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis (run as Gary Gregg.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:27:32, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Video Access ActiveX Objec... Read more

A:System Alert:Malware Threats

Hello and Welcome -

There should also have been a file created, Supplementary.txt

It should be located in C:\ComboScan folder

Can you please post it?

Also, do this:

Download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

Read other 1 answers
RELEVANCY SCORE 113.2

I have a triangle with exclamation point in it that constantly says "System Alert: Malware threats" with the following message: "your computer is infected with a back door trojan that allows the remote attacker to perform various malicious actions...."

I saw another person had this problem and followed the steps you told them and paste in the notepad script from hijackthis

Here is mine:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:34 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Fi... Read more

A:System Alert: Malware threats ( I cant get rid of )

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

Launch AVG Anti-Spyware by ... Read more

Read other 1 answers
RELEVANCY SCORE 113.2

Went ahead and took a HijackThis log, as well as a SmitFraudFix log.

Logfile of HijackThis v1.99.1
Scan saved at 5:28:18 PM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe Ple
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\ismini.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Java\j... Read more

A:That System Alert: Malware Threats...

Hi Macrona and welcome to Bleeping Computer You got infections there....At first, well have to disable Ewido guard since it may interfere with our cleaning (We can enable it when you're clean) Open Ewido Click Guard Click under "resident shield is" Change it to inactive Close EwidoPlease download VundoFix.exe to your desktop.Double-click VundoFix.exe to run it.Click the Scan for Vundo button.Once it's done scanning, click the Remove Vundo button.You will receive a prompt asking if you want to remove the files, click YESOnce you click yes, your desktop will go blank as it starts removing Vundo.When completed, it will prompt that it will reboot your computer, click OK.Please post the contents of C:\vundofix.txt and a new HiJackThis log.Note: It is possible that VundoFix encountered a file it could not remove.In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Read other 1 answers
RELEVANCY SCORE 113.2

I keep getting a pop-up on the bottom right side of my screen with the above message. The HiJack Report is below. Please let me know what else you need. I have run the smitfraud fix and have AVG, but this stupid balloon won't go away. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:17, on 11/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElemen... Read more

Read other answers
RELEVANCY SCORE 113.2

okay, just like everyone else in the world!!, i am having this issue and it is not allowing me to view any web pages.

The bubble pops up that says System Alert Malware threats at the top and when i open IE or Firefox it never loads the page.

I am logged in under safe mode right now and have access to the internet. I have down loaded hijack this and will include my first scan and log. Now what do i do?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:16 PM, on 1/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explor... Read more

A:System Alert: Malware threats

Read other 7 answers
RELEVANCY SCORE 113.2

I have the same problem
I get re-directed when i open IE (but not on firfox)
I also get a baloon constantly popping up

System Alert: Malware threats

your computer is infected with a back door trojan that allows the remote attacker to perform various malicious actions. Click this baloon to download malware removal software.

Before this I had a VirusBuster program keep poping up but i used RogueScanfix & smitRem to remove that program, in safe mode.

I will monitor this thread to try and rid myself of this PIA
 

A:System Alert: Malware threats

Read other 16 answers
RELEVANCY SCORE 113.2

My problem is exactly identical to one reported by "cbateman". But I am reporting it in a new thread as advised under "Welcome Guide" (Step:2), as it relates to Security.

Following sjpritch25's reply to cbateman, below are tha contents of rapport.txt obtained by running the SmitfraudFix.exe program:

SmitFraudFix v2.195

Scan done at 14:43:19.17, Thu 06/21/2007
Run from C:\Documents and Settings\admin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\system32\STacSV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»?... Read more

A:System Alert: Malware Threats

Read other 8 answers
RELEVANCY SCORE 113.2

I have the same problem
I get re-directed when i open IE (but not on firfox)
I also get a baloon constantly popping up

System Alert: Malware threats

your computer is infected with a back door trojan that allows the remote attacker to perform various malicious actions. Click this baloon to download malware removal software.

Here is the HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:00 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\VideosCodec\pmsngr.exe
C:\Program Files\VideosCodec\pmmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\program files\seekmo\seekmo.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720... Read more

A:System Alert: Malware Threats

Read other 10 answers
RELEVANCY SCORE 113.2

Hi everybody..im not really all that computer smart when it comes to trying to fix these things.. but i have the icon on the bottom of the screen that says system alert: Malware Threats it is a yellow triangle with an exlclamation mark in it.. i downloaded the HijackThis -v1.99.1 i have the log report saved if anyone would please look at it and help me out...

Thanks.. Tiff

A:System Alert: Malware Threats

Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/forum/index....=tpmod;dl=item5Scroll down to the download sectionSave HJTsetup.exe to your desktop.Double click on the HJTsetup.exe icon on your desktop.By default it will install to C:\Program Files\Hijack This.Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.Put a check by Create a desktop icon then click Next again.Continue to follow the rest of the prompts from there.At the final dialogue box click Finish and it will launch Hijack This.Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.Click Save to save the log file and then the log will open in notepad.Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.Come back here to this thread and Paste the log in your next reply.DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Read other 1 answers
RELEVANCY SCORE 113.2

Have the same problem as another member on here with the System Alert malware. I'm running windows XP. I did a scan with AVG AntiSpyware, Bit Defender, SuperAntiSpyware, however I only have the log from AVG so I will post this. I'll hold off until someone tells me to attatch that logfile.
All help is grealy appreciated

AVG log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:51:13 AM 11/4/2007

+ Scan result:

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0356150.exe -> Adware.180Solutions : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0356146.exe -> Adware.Agent : Ignored.
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Ignored.
C:\Downloads\Monopoly3-dm[1].exe -> Adware.Trymedia : Ignored.
C:\Downloads\PizzaFrenzySetup-dm[1].exe -> Adware.Trymedia : Ignored.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
C:\Documents and Settings\Mick\Cookies\[email protected][2].txt -> TrackingCookie.Netflame : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0356143.exe -> Trojan.Agent.qg : Ignored.
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP563\A0356147.dll -> Trojan.Agent.qg : Ignored.
::Report end
 

A:System Alert: Malware threats ---HELP!!

Here's the HJT logfile as well

Logfile of HijackThis v1.99.1
Scan saved at 8:12:03 AM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ace Explorer\Aexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Spyware removal\software\analysethis1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mick\Application Data\Mozilla\Profiles\default\oaqjog6q.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelpe... Read more

Read other 3 answers
RELEVANCY SCORE 113.2

Hi there I have the following problems

1) "System Alert: Malware Threat" popping up ever 5 seconds in the bottom right of my task bar.
2) I keep getting this "Internet explorer Alert" window and "Windows internet explorer windows
3) There are also two icons in my desktop "Online Security Guide" & Live Safety Center" that I cannot get rid of, no matter how many times I try to delete and reboot they keep coming back like an unwanted cat.

I looked at previous posts regarding this issue and have tried them all and the problem continues. These pop-ups also appear whenever i run windows in safe mode. I have been able to remove them, but a few hours later they return. I thought I'd start from scratch, any help will be appreciated, I am posting my "Hijackthis" notes results:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:35:42 PM, on 10/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\fhneomre.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G ... Read more

A:System Alert: Malware threats ---HELP!!

Read other 14 answers
RELEVANCY SCORE 113.2

I have this malware pop up crap that keeps showing up on my PC. I've used spybot and destroy and ad-aware but it doesn't take away this particular one. I've ran Hijack this and the log is below. Anyone know how I can get rid of this stuff? Thanks in advance!Logfile of HijackThis v1.99.1Scan saved at 12:01:32 AM, on 2/26/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\setrysvc.exeC:\WINDOWS\System32\semwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Common Files\Microsoft Shar... Read more

A:System Alert:malware Threats

Hello,* Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Don't use it yet.* Reboot into Safe Mode`: ( without networking support !)?To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe <== it is a bad idea to let p2p programs startup with WindowsO21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - C:\WINDOWS\system32\higehsg.dll (file missing)* Click on Fix Checked when finished and exit HijackThis.Make sure your Internet Explorer is closed when you click Fix Checked!* Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.(Warning : running option #2 on a non infected computer will remove your Desktop background and set it blank again. But you can reapply your desktop background again afterwardsYou will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infect... Read more

Read other 2 answers
RELEVANCY SCORE 113.2

I need help getting rid of this malware. The one with the yellow triangle, and all the popups. I've seen others with the same problem, but it says to create your own posting.

I have a Dell Precision M70 laptop with 2G of memory running WinXP Pro.

Where do I start?

Thanks,
Bob2007
 

A:System Alert: Malware threats

Read other 8 answers
RELEVANCY SCORE 113.2

Hello All,

I have been dealing with the problems of; System alert: malware threats, security alert pop ups, security alert net worm-i, security alert toolbar... for the past two days.

I' ve used norton, superspyware, spyware doctor, symantec antivirus but none of them have worked.

I' ve searched the forum sites and try to do what was said about the same problem, but I was unsuccessful. I think I need some guidance.

If someone could help, that will be wonderfull. Because the computer in question, is my computer at work

I am pasting the hijackthis report below.

Thanks for your interest,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:46, on 01.11.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\AllWallpapersLite\awplite.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\ksnhepqk.exe
C:\Program Files\Common Files\Microsoft Sh... Read more

Read other answers
RELEVANCY SCORE 113.2

I keep getting this popup in the baloon at the bottom ot the screen. I follow instructions from an earlier post I found on this site and recommendation for copying a hijackthis.log If you could give me suggestions on getting rid of this that would save me a great deal of frusturation. Here is the log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:15 PM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vi... Read more

A:System Alert: Malware threats

Read other 7 answers