Over 1 million tech questions and answers.

Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware

Q: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware

A Chinese advertising company is responsible for two of the biggest waves of malware for both the Android and iOS ecosystems, a recent Check Point report reveals.

Yingmob, an advertising company based in Chongqing, China, is supposedly the group behind the YiSpecter iOS malware and the HummingBad Android malware.

Both function in the same way, meaning they infect devices to show ads and secretly install other applications, earning their creators money from pay-per-install programs.

Crooks making over $300,000 each month
Check Point estimates that HummingBad alone delivers over 20 million ads per day that achieve a click rate of 12.5 percent, which is the equivalent of 2.5 million clicks per day. Additionally, HummingBad installs over 50,000 fraudulent apps per day.

Putting all these numbers together, Yingmob earns over $3,000 per day from clicks alone and another $7,500 from fraudulent app installs. That's around $300,000 each month, or $3.6 million per year.

Check Point researchers say that HummingBad has managed to infect 85 million devices at the moment, and Yingmob has complete control over these smartphones because it illegally rooted the devices and can push any type of malware or make the devices take any action.

Read more: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Chinese Advertiser Behind YiSpectre iOS Malware and HummingBad Android Malware

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 68.4

Am I in the correct place? New forumer here I have been infected with chinese malware on 1st september. My firefox will automatically connect to1. www.sdo.80809090.com2. www.873511.comMy internet explorer cannot be used at all; everytime I launch it, it will display a VB Script error and close.Using various antivirus and antispyware programs, I tried to search and destroy the virus, all having failed badly.AVG Antivirus, AVG Anti-Spyware, Kaspersky online scanner, Norton 07, ad-aware and some other.Having failed with all the antivirus programs, I turned to combofix and smitfraud. Both failed deleting the host file.Then, I formatted my pc overnight. Thought problem solved, then I connect to internet, one second later, my firefox browser is directed to www.sdo.80809090.com again...I have a HijackThis log, but its totally clean.Logfile of HijackThis v1.99.1Scan saved at 3:37 PM, on 3-Sep-07Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\G... Read more

A:Chinese Malware

Hi ff7ytaPlease rename Hijackthis.exe to Iseeyou.exe. To do this navigate to:D:\zPrograms\Important\HijackThisand then right click on HijackThis.exe and select rename.Then run Iseeyou.exe (Hijackthis) and choose "Do a system scan and save a logfile".Copy/paste the text from the resultant log in a reply to this post.Demon Cleaner

Read other 2 answers
RELEVANCY SCORE 68.4

Today, two chinese programs appeared and installed in my laptop. I am very sure that I didn't installed them
I have slightly read the post in the forum. I can't understand the content of notepad=.= 
 
Can anyone help me to check is there any malware?
If there is, how should I remove?
 
ATTACHMENT: FRST & ADDITION.TXT 
 

 Addition.txt   39.54KB
  4 downloads

 FRST.txt   39.84KB
  4 downloads

A:Chinese Malware?

to BleepingComputer.Hi there,my name is Jo and I will help you with your computer problems.Please follow these guidelines:Read and follow the instructions in the sequence they are posted.print or copy & save instructions.back up all your private data / music / important files on another (external) drive before using our tools.Do not install / uninstall any applications, unless otherwise instructed.Use only that tools you have been instructed to use.Copy and Paste the log files inside your post, unless otherwise instructed.Ask for clarification, if you have any questions. Stay with this topic til you get the all clean post.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.*** Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.Vista / Windows 7/8 users right-click and select Run As Administrator.A Notepad document should open automatically called checkup.txt; please post the contents of that document.*** Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Double click on downloaded file. OK self extracting prompt.MBAR will start. Click in the introduction screen "next"... Read more

Read other 0 answers
RELEVANCY SCORE 68.4

Hi,
I have this problem with my computer that it keeps on installing new programs. Some of them are chinese. There are some changes in my browsers too. For example mylucky123 as a search engine. Please find my logs attached. Thank you in advance.

Read other answers
RELEVANCY SCORE 67.6

hi im haveing a problem so i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus" not sure

Topic deleted, no log and I have replied to Dup in AII here...http://www.bleepingcomputer.com/forums/index.php?showtopic=212043&st=0&gopid=1182701&#entry1182701

Read other 1 answers
RELEVANCY SCORE 67.6

My computer suddenly corrupted with a chinese malware (!) which is shown in the icon tray and desktop. I could not remove it by running AVAST antivirus software. I am attaching the log file for help.

A:I think I am infected by some chinese malware

I have done further scan with spybot. After fixing the issues with spybot, I am attaching again the log files. 

Read other 8 answers
RELEVANCY SCORE 67.6

So this is the case: I recently visited a Chinese Website on my Windows XP system. I have to admit that I had no Antivirus or Antispyware software installed on my computer at the time. Any way, with the help of Yahoo' s Antispy Scan I found out that I had quite a lot of Spyware on my system. The're names: Cinmus A, CNNIC downloader, Quiq, Sogou, Cdn helper, pctools.dll, Cinmeng among others. I used Spybot(free version), Zone Alarm Internet Suite Trial, Xcleaner(free), CWShredder, Hijackthis, AVG AntiSpyware Trial, AVG Antivirus Trial, Avast Antivirus (free), Ad-Aware SE (free) & McAfee Internet Security Suite 30 day Trial. They removed most of the junk, but were unsuccessful in removing Cinmus A, pctools.dll and some of the registry keys from those nasty buggers. I'm not sure but it seems like not much of our top rated Antispyware/Antivirus programs can handle Chinese Adware & Spyware. Please HELP! I'm currently using McAfee Internet Suite trial which really does secure my system, but doesn't detect Cinmus A, and I can't delete or shred pctools.dll. Plus, McAfee Trial ends on the 1st Of July 2007 (so if I don't come up with something quick, I'm kinda screwed: cause all that stuff will phone home to China and reinstall themselves). I'm deperate. Please someone, HELP ME!
 

Read other answers
RELEVANCY SCORE 67.6

I use anti malware bytes its not helping
i have lot of chinese malware things at my pc
sometimes it changes my keybord to chinese x_X
 
I have log files from frst
please help me out
 
michael
 

A:Chinese malware spam

please help me

Read other 0 answers
RELEVANCY SCORE 67.6

will ima post it here since they deleted my post in da other section i did a full format on all drive's " C ' D ' E " full formated and backed up my files and etc and yes my file's were clean so i dont think it was from there cuz these file's been with me for 2 year's now but yea i need some advice now what to do whenever i plug my internet i have these random file's comeing up in taskmanger' processes might be ' server's ' botnet ' infection with the connection or etc not sure but this lil thing works by internet connection i have 2 computer's with the same connection the 2nd computer seem's to be fine and all none file's comeing in processes but im kinda lost on how can it fect my computer network and not the other :-? the file's be found in C:\WINDOWS\Prefetch[/B]

A:malware "chinese virus"

Hello and welcome. You're topic in the HJT forum wasn't deleted. i will tho since it doesn't contain an HJT log so they will not look at it. Let's try these here first and if needed we'll makr a new one there.Please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Next run MBAM:Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.alternate download link 1alternate download link 2If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finish... Read more

Read other 5 answers
RELEVANCY SCORE 66.8

Half of all malware originating in China during October was designed to steal usernames and passwords, an IT security firm warned today.By analysing the malware, which was written in a simplified version of Chinese, Sophos reported that 45.2 percent aimed to steal online game log-in information.A further 7.5 percent was designed to provide the hackers with username and password details for the popular Chinese QQ instant messaging client."Given the ever growing popularity of online gaming in China, this is a worrying trend," said Carole Theriault, senior security consultant at Sophos."Once hackers have stolen log-in details, they can effectively impersonate the victim in the online world.http://www.itnews.com.au/newsstory.aspx?CI...p;src=site-marq

Read other answers
RELEVANCY SCORE 66.8

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 66.8

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 66.8

Hello, and good day! First of all, thanks for the awesome help you've been giving to everybody, this site rocks. Well, after downloading the wrong torrent, my little brother got my laptop full of adware and virus and I haven't been able to clean it with Avira and Malwarebytes. Firefox is dead and the Windows key isn't working. I'm running Windows 10. I'd appreciate any help you could give me.
 
Here are the logs from FRST, as per requested. Thanks a lot!
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-10-2016
Ran by house (administrator) on HOUSE-PC (23-10-2016 11:42:06)
Running from C:\Users\house\Searches\Downloads
Loaded Profiles: house &  (Available Profiles: house)
Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Lenovo Corporation) C:\Program Files\Lenovo\PCManager\LenovoPcManagerService.exe
(Synaptics Incorporated) C:\Program Files... Read more

Read other answers
RELEVANCY SCORE 66.8

So, I've heard about this happening before, but never thought it would hit me... I am very careful about adware, etc, and have never had a problem until now. The other day I purchased a new 750Gb Iomega external hard drive. It was mac-formatted, so I plugged it in and turned it on with the intention of reformatting it. However, once it was connected and installed I started getting these full-screen IE (i use firefox for browsing) popups full of advertisements in chinese. I didn't think much of it so i didn't write down the addresses. Immediately the computer started acting odd... slowing down, hanging up at odd times. Then my norton antivirus notified me of a couple viruses in the temp folder. I started to get worried so I stopped everything and did a full virus scan. The scan crashed with a BSOD and when I rebooted the computer I ran every online virus scan I could find, repeatedly, trying to get rid of all of the crap. I found a bunch of trojans, keyloggers, infostealers, rootkits, etc, could not run task manager or HijackThis, and at one point windows would not even fully boot.I've done a lot of work so far, and am almost there, but there are still a few things that keep coming back. It is for this reason that I am forced to finally ask for help. Here is my HijackThis log... hopefully you can see some things in there that I did not notice.EDIT: I read on another thread that I should list the steps I've taken so far...I have installed and run ad-aware, spybot, av... Read more

A:Infected With Nasty Chinese Malware

Hi,Welcome to BleepingComputer HijackThis Logs and Analysis forum, Peter E. My name is sundavis, I will be helping you to deal with your Malware problems today.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.The log you presented had been a few days away. It may not show what it is. Please rescan your computer and post a new HJT log and an Uninstall List.In the meantime, please refrain from making any changes to your computer. Thanks.Make an Uninstall List1. Start HijackThis2. Click on the Config button3. Click on the Misc Tools button4. Click on the Open Uninstall Manager button5. Click on the Save list button 6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.7. Copy and paste the contents in your next reply and a fresh HJT log.

Read other 23 answers
RELEVANCY SCORE 66.4
RELEVANCY SCORE 66.4

i have spymaxx on my android and it encrypted files saying its factor files so I can't delete them is there anything I can do about this
 

A:Help with Malware on Android

Read other 16 answers
RELEVANCY SCORE 66

Hey,

Have any of y'all seen a box that pops up with a blue border, at the top there is a penguin with 4 Chinese characters beside it. Below is another with QQ: then a box with 10000 in it, two or three more characters, another box with 10000 in it, then a small box with the image of a person in it, followed by 8 more characters.
Then below that is a larger box full of Chinese characters and some numbers. After this pops up, things deteriorate rapidly. The first thing we noticed was that the Task manager would not open. Others had other problems, eventually not being able to work at all.

I'm not asking for a solution. We have been looking High and Low, and we know how to use the tools available. I just want to know if anyone out there has come across this and if anyone knows where it came from?

Thanks!!
 

Read other answers
RELEVANCY SCORE 66

Hi community members  i have bought a new dell vostro 3568. km spico got installed in it i dont know how that kmspico installed some chinese malware so as to remove it i installed mlware bytes it detected 538 threats especially PUPs i deleted all then i installed hitman pro that detected malware tracking cookies  deleted them on next scan those cookies appeared again like tboola.com adaptv advertising,com and many more they come again and again i  tried resetting chrome but these privacy hacking cookies appear again i am new to all this please help me 
                                      

A:Km spico attacked my pc and installed some chinese malware

One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  
Please follow the directions at http://spywarehammer.com/post-here-for-malware-removal/(new-instructions!)-what-do-i-do-first/  to register and post the requested DDS logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.
Good luck!

Read other 1 answers
RELEVANCY SCORE 66

Dear All,

I'm having an issue with a popup in Chinese characters.
it pop up always at the start up and then few times during the day.

it looks I have not other problems on the machine but I've tryed all type of antivirus and malware.
including
Avast, spybot, on line scans,
the machine were running Antivirus,andimalware and firewall since beginning, not only after "infection"

no one finds andy issue but the popup still comes.

I'm running windows 7 64 on an ASUS noteboook, i7, with ATI card.

Does anyone have the same issue? anyone knows how to wipe out?

Thanks in advance

Best Regards

Antonio
 

Read other answers
RELEVANCY SCORE 66

Hello, Firstly I want to say I have learned my lesson and not downloading anything from pirate bay again.
 
I tried to download a tv show tonight. Only to discover (too late) that it's one of the worst viruses I have personally seen, It all appeared after I deleted the tv show I downloaded and went outside for a smoke, when I came back there's chinese porn, chinese dialog boxes of things I simply cannot read, IE opening by itself, adware, redirects, trojans, browsers, you name it. Fake antivirus programs specifically a fake version of rising anti virus that blocks my real programs like adwcleaner and microsoft security essentials. I have tried other antivirus programs with no effect because of the blocking issue.
 
I am accessing this forum on a different pc, because the infected pc is virtually unusable, I have had viruses in the past but nothing like this, I really need a program that I can download with this clean PC and install onto the infected one via USB.   
 
Should I just buy a 2TB drive and try to salvage what I can before it locks up completely. 
 
I am sorry if this seems a little bit rushed, the infected PC is used for some graphic design stuff I need access to for work. I am stupid I know.
 
Any help greatly appreciated.
 
 
-edit-
 
I just checked it again locked up from infinite chinese porn pages automatically loading in IE, starting to accept I've lost everything on that PC

A:Chinese Porn adware malware redirects... Got it all

Hello and welcome to BC,
 
We will try to help you with your problems.
 
Please, use that other computer to download following programs. Use USB to transfer them to infected machine. If you can't run them in normal mode, try in safe mode.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present ... Read more

Read other 1 answers
RELEVANCY SCORE 65.6

Some days ago, suddenly I got a malware on my Android phone. It redirects almost any website I access to an ad. I went back to my pc and surprise: ad banners everywhere. I tried every AV software I could find on Google Play but had no success. Tried some other AV software on PC too, but nothing seemed to work. Then I gave up and backed up what I needed and formated PC and phone. For my surprise, it came. So I checked my mother's phone(android) and found same malware. My laptop got it too. My old iPhone 4S and iPad didn't get them though. I installed Ubuntu on my desktop and no banners there. My guess is that it is installed on the router.
More background info: my router is problematic and if I put password on WiFi it stops working. So it has no password for WiFi, but I use MAC Address Filtering. Before infection, router password(not wifi) was the standard one (literally "password"). I read that some router virus exploits that. Windows Running as guest in Virtual Box with Ubuntu as host got no infection. I can buy a new router, if necessary. I was thinking about doing a mass format if I buy a new router. Right now, I'm running Windows 7 64 bits on my laptop.
Any advice? Nonetheless, logs here:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015
Ran by Hélio Paiva (administrator) on HELIOPAIVA-VAIO on 18-04-2015 23:38:24
Running from C:\Users\Hélio Paiva\Downloads
Loaded Profiles: Hélio Paiva (Available profiles: Hélio Pai... Read more

A:PC/Android malware spreading over Wi-Fi

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015
Ran by Hélio Paiva at 2015-04-18 23:41:32
Running from C:\Users\Hélio Paiva\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32feet.NET (HKLM-x32\...\{652502E8-87A7-4D12-A583-F7448DE5CB84}) (Version: 3.0.0 - In The Hand Ltd)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Premi... Read more

Read other 20 answers
RELEVANCY SCORE 65.6

Sorry but I do not have full details yet, as there will be details released soon.
But a new Malware variation has just been discovered in large Australian cities mainly.
 
The Malware attacks Android type Apps on phones / devices, and has not been covered by most Anti-Malware programs.
 
Current advice is not to do any major financial transactions with these devices.
 
It seems to invade the device, decrypt most passwords, and Bank Account passwords, bypass Anti-Malware programs, and is dangerous..
 
Moderators can do what they wish with this, but I am watching current News updates for information..
 
Regards.

A:A new Malware that raids your Android

Found an article HERE 
 
 
A digital protection company has discovered that nearly all of Australia and New Zealand’s big banks are being targeted by malware on Android phones that can steal customers online banking details.
ESET released research today, showing malware known as Android/Spy.Agent.SI is able to steal login details by locking down a phone when you try to enter a bank’s app. From there, it will display a fake login screen for the bank and won’t let users leave that until they type in the details.
 
The thieves can then use the stolen credentials to log into a victim’s account and transfer money out of it.
 
This latest attack is incredibly sophisticated. After downloading apps infected with the malware, users agree to give the device administrator rights. This gives the malware a self-defence mechanism that prevents it
 
from being uninstalled, as well as access to literally everything on a device, including the ability to hijack SMS messages.

Read other 3 answers
RELEVANCY SCORE 65.6

I've i ball andi 4.5 d royale previousely my antivirus is cm security, but now I turned to 360 security. After checking for virus scan it shows com.sts vulnerablity Which indicates it need to "Force stop" But I don't know what is com.sts Do i STOP IT OR NOT. Is it a malware???
 

Read other answers
RELEVANCY SCORE 65.6

Hello,
during exploration of various app creators for android I came across beta.appinventor.mit.edu. I'm still using IE8(sadly no more support) but have google chrome as a second option. 
I'm not sure when what happened exactly. I did a defrag, cleaned some old files. I tried to open beta.appinventor in chrome and it displays chinese characters across the screen.
Even when I log-in to my modem (portable wifi router) from chrome it displays chinese characters. Very few sites display adds in chinese the rest of the site would be ok. Also if I open a tab in incognito mode the entire window is filled with chinese characters.
Now the chinese characters are not displayed by opening 'normal' url's.
The puzzling thing is, the speed of the system is good. IE8 has no problems. I can open websites in chrome, no problem. 
I tried ccleaner, norton scan, dr.web scan, uninstalled chrome, re installed, several times, knowing I will not be able to remove all chrome instances in the reg, trying it again with revo uninstaller and re install.
Same problem chinese characters. I don't know what else to do.
 

 attach.zip   5.71KB
  0 downloads
 Untitled-1.jpg   61.33KB
  1 downloads
 
did a hijackthis as well, not sure if I should post this as well.
 
thanks in advance for taking a look
 
following the dds and attached zip file plus a screen shot of the chinese characters:
 
DDS (Ver_2012-11-20.01) - NT... Read more

A:possible malware in google chrome, displaying Chinese characters

hi everybody,
sorry for my own confusion. I kept on digging and came across a forum. It was suggested to change the encoding in chrome to autodetect, While my chrome showed unicode. Anyway I tried, the result no chinese characters anymore. Allways thought unicode was more or less universal, that would have been the last thing for me to suspect.
Strange was that a new install to my laptop which never had chrome on it came with unicode already in place. Had to change that, too.
Long story, happy ending, problem solved.

Read other 2 answers
RELEVANCY SCORE 65.6

Hello, this has been posted already, but perhaps the treatment method may vary depending on my situation and logs etc, so reposting...

XP SP3
IE 8 BETA (although using Firefox mainly)
Tried: Fullscan with KIS 2009 (kaspersky) and Adaware.
It removed some win32trojan downloader agent mkav or so, but problem remains.

Description:
I've been experiencing multiple iexplore.exe processes running freely without my control (I use Firefox mainly). While they run, there's a weird chinese speech in the background which sounds like a commercial, it may repeat itself few times and even overrun itself in sound.

The Problem:
iexplore.exe keeps on running along with the CHINESE talking in the background.

Now, if I run full scan on my system with KIS, it wouldn't detect anything, not to mention updated Lavasoft Ad-Aware 2008...

DDS LOG:

DDS (Version 1.0) - NTFSx86
Run by Idan at 22:27:53.26 on Mon 12/08/2008
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2046.1606 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

A:Malware running multiple iexplore.exe & CHINESE talking

Hello Idanshalev,

Post the ComboFix.txt please.

Read other 2 answers
RELEVANCY SCORE 65.6

Here is your SysInfo information: Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit Processor: Intel(R) Pentium(R) M processor 1600MHz, x86 Family 6 Model 9 Stepping 5 Processor Count: 1 RAM: 1534 Mb Graphics Card: ATI MOBILITY RADEON 9000, 32 Mb Hard Drives: C: Total - 147929 MB, Free - 4270 MB; Motherboard: IBM, 2373NG3 Antivirus: 电脑管家系统防护, Updated: Yes, On-Demand Scanner: Enabled I actually use Symantec Endpoint Protection antivirus, but it was unable to recognize an infected .exe file claiming it was clean. Antivirus is still working and does not report any threat! But it seams the Chinese malware is already controlling its behavior. The pop-ups constantly promote something in Chinese, showing mostly images of automatic weaponry (probably Kalashnikov). The Program Files directory contains now a Tencent directory, which includes QQPCMgr with some more subdirectories. I was only able first to delete some of the contents, probably not vitally important files. All other content seems to be very well protected. I am unable to terminate the corresponding processes in the Task Manager nor uninstall the related program with Chinese name. I was also unable to perform System Restore - the system claims its inability to do so. I even could not start windows in Safe Mode. I tried to use SpyHunter, but also with negative resu... Read more

A:Chinese malware Tencent invaded my IBM T40 laptop, MS Windows XP

I tried additionally the Bitdefender online QuickScan - it was not able even to start the scanning process. There seems to be a problem with formatting, at least in my first message: the online editor of this site seems to eliminate the CR (Carriage Return) characters from my text. Is there any tip to avoid such behavior? BTW, I sent this from a different computer, not from the infected one.
 

Read other 3 answers
RELEVANCY SCORE 65.6

Hello! I've noticed a "Good link and associates" icon appear on my computer. When I looked online to see what the cause might be I found my way to this forum where people had helped folk like me with a similar problem.
 
Following advice from Alexstrasza to someone with a similar past problem, I have:
1) Run MiniToolBox and saved result.txt, in case that might be useful
2) Run SecurityCheck.exe and saved the checkup.txt log
 
Would it be helpful if I posted these up? Thanks so much to anyone who can help!
 
 

A:Infected with "Good link and associates" chinese malware?

Hello and welcome to BC,
 
Yes, you can post results here, but we should do some checks.
 
Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 
§  Double-click on the Rkill desktop icon to run the tool.
§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.
§  A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
§  If not, delete the file, then download and use the one provided in Link 2.
§  Do not reboot until instructed.
§  If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from Safe Mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
-----
 
Kaspersky Virus Removal Tool
Please download Kaspersky Virus Removal Tool from here.
§  Right click on KVRT.ex... Read more

Read other 18 answers
RELEVANCY SCORE 64.8

The phone only works for 2 to 4 seconds. Time to draw the unlock pattern and sometimes even click on something else, bit the problem is that the Screen removes the Blue filter and stays in a way that no interaction is possible with the phone: touchscreen is disabled, sound is muted. I can receive calls, but I can't hear them and I can't swipe to answer.

The only thing working are the volume buttons and the power button. I reboot after pressing over 6 seconds. It doesn't stay off, it turns back on again.

If I press power + volume down, sometimes it updates all Apps in the phone, but after finishing that, I am back to the 2-4 seconds where I can only draw my unlock pattern and nothing else.

I thought I might be able to reboot in safe mode, but that screen dialog would not even show up. And if it did, I wouldn't be able to press OK because touchscreen is disabled.

I thought I might be able to get a factory reset, but there is no way I can do that.

The phone is not accepted by my DELL Latitude E4300 laptop.

Guys, this isn't normal. Yesterday I was fine and now I am like this. Can you do something, please?
 

Read other answers
RELEVANCY SCORE 64.8

I've been hacked by whatever's going around this week, (http://www.slate.com/blogs/future_tense/2012/09/24/twitter_direct_message_hack_facebook_youtube_video_links_lead_to_malware.html) and yes, by clicking a link and logging into what I thought was a twitpic app from facebook from a trusted friend who often sends me such things. Here's the problem. I did it on my phone, and yes on my mac using chrome. I never downloaded any .exe files, only gave this facebook app what I thought were my facebook credentials. When I realized what was happening, I changed passwords for both accounts, and revoked app permissions for both as well. Problem solved, right?

48 hours later I appear to be reinfected, and my twitter account is sending direct messages again with spam links. I can only guess two things: 1) it's a chrome extension that's perpetuating the thing or 2) it's the windows partition of my mac (which I haven't been using at all lately) since I run bootcamp on it.

Any suggestions, criticisms (yes I'm a f*g idiot this time and not usually prone to such stupidity), or solutions are welcome.

Read other answers
RELEVANCY SCORE 64

Hackers appear to have compromised a number of unofficial sites to download malware by the name of "NotCompatible" via an iFrame. It apparently only installs if users have enabled downloads from sites other than the official Android Market.

More on the story here: http://www.h-online.com/security/news/item/Android-malware-opens-back-door-to-the-intranet-1567374.html

Read other answers
RELEVANCY SCORE 64

A malware program for Android seen advertised on Russian underground forums in the last few months appears to have made its first big debut.

MazarBOT can take full control of a phone and appears to be targeting online banking customers, wrote Peter Kruse, an IT security expert and founder of CSIS Security Group, based in Copenhagen, which does deep investigations into online crime for financial services companies.
CSIS saw a "swarm" of SMSes sent to random phone number in Denmark on Friday," Kruse wrote. The messages contained a link to an Android package file, which is MazarBOT.

The Onion Router. Tor is a network of distributed nodes that provide greater privacy by encrypting a person?s browsing traffic and routing that traffic through random proxy servers.

The malware then sends an SMS saying "Thank you" along with the device's location to a phone number with Iran's country code.

MazarBOT can exert a lot of control over a phone. It can open up a backdoor to monitor a device, send SMSes to premium rate numbers and read two-factor authentication codes send by SMS.

The malware also has a remote debugging function, which Kruse wrote allows "for a variety of advanced attacks on the network" that a particular Android device uses.

"MazarBOT is pretty advanced and nasty Android malware," Kruse wrote. "Several factors indicate that it was designed as malware primarily targeting online banking customers. In fact, it ... Read more

A:Malware targets all Android phones -- except those in Russia

It's Vladimir Putin's getting us back. The West should stop playing dangerous games. It's amazing that all the dangerous malware comes from Russia, I wonder if Kaspersky is ever involved, after all Eugene is best friends with Putin.
 

Read other 8 answers
RELEVANCY SCORE 64

Ransom virus popped up on kid's phone (yeah, I know)...Samsung Axiom running Android 4.1.2. None of the tactics found online work. Avast does not open. Tried installing Malwarebytes...installed, but unable to open through play store. I tried hooking it up to a pc with Malwarebytes, but the program won't let me scan the phone.
 
I need ideas. Please help.

A:android: malware removal steps not working

G'day nomad, Click on THIS LINK,...(I am assuming this is not the avast program you already have) ....install the program, follow the prompts, and let me know if it gives you any joy.

Read other 3 answers
RELEVANCY SCORE 64

Android Spyware Distributed By Third Party Online Marketplaces::Brought to you by TechWeb.......The latest malware reflects the growing number of Trojans, spyware, and other malicious applications targeting smartphones running Google's Android operating system. SW.SecurePhone is primarily distributed in the U.S. through third-party online marketplaces. Once installed, the app runs in the background, monitoring phone activity and saving collected data on the SD card. Captured data includes messages, call log, location of the phone, recorded sounds around the phone, and pictures,.....................Android apps are more vulnerable to malware implants because Google allows the apps to be offered by third-party app stores, which may not monitor submissions closely. By comparison, Apple takes a walled garden approach by vetting all apps before publishing them on its App Store...................

A:Google Android OS APPs Spread Malware

That is why the first app I downloaded was AVG for Android. No mobile platform is safe without some form of Antivirus to scan incoming apps, messages, ect. Any company/person that thinks they are is in for a seriously abrupt awakening.

Read other 10 answers
RELEVANCY SCORE 64

Hello everyone

Today there are more and more issues concerning the mobile security, in addition to the growing number of smartphone purchased, grow the number of apps downloaded by each user, and the possibility of downloading apps infected with malwares or viruses. In particular, the Android malwares are the subject of several studies by researchers, but have not yet generated proper attention in the users. Users are not aware of the risks related to the installation of applications and don?t pay attention to the permissions they require. Malicious applications developers take advantage of various social engineering techniques to be able to install malware on users' devices. The most common technique is to distribute free versions of popular apps usually supplied with a fee on alternative Android markets that will certainly entice users that don't pay attention to security. Another technique is to leverage the update of an application initially not malicious including in it an update component that will download the malicious payload at runtime. The main goals of criminals that design these malwares ranges from "privilege escalation", trying to get administrative rights on the device, remote control, financial charge by sending SMS to premium numbers or the collection of personal information.

So I thought of introducing another level of analysis in our Malware Hub: the installation of an Android emulator to test specific APK malware for Android antivi... Read more

Read other answers
RELEVANCY SCORE 64

<beginning of quote>

In Android Security, we're constantly working to better understand how to make Android devices operate more smoothly and securely.

<snip>

This blog post explores the Android Security team's research to identify the security-related reasons that devices stop working and prevent it from happening in the future.

Flagging Dead or Insecure (DOI) Apps

To understand this problem more deeply, the Android Security team correlates app install attempts and DOI devices to find apps that harm the device in order to protect our users.

With these factors in mind, we then focus on 'retention'. A device is considered retained if it continues to perform periodic Verify apps security check ups after an app download. If it doesn't, it's considered potentially dead or insecure (DOI). An app's retention rate is the percentage of all retained devices that downloaded the app in one day. Because retention is a strong indicator of device health, we work to maximize the ecosystem's retention rate.

Therefore, we use an app DOI scorer, which assumes that all apps should have a similar device retention rate. If an app's retention rate is a couple of standard deviations lower than average, the DOI scorer flags it. A common way to calculate the number of standard deviations from the average is called a Z-score. The equation for the Z-score is below.


Difference between a regular and DOI app download on the same device.

... Read more

Read other answers
RELEVANCY SCORE 64

Quote : " We showed how modern mobile malware can evade detection by malware scanners that rely on signatures, static and dynamic analysis approaches. Then, we uncovered a working Android malware PoC that can persistently monitor all of a victim?s activity, and allow attackers to read and possibly compose corporate emails and documents via the victim?s device, as well as elevate their permissions to remotely encrypt or wipe the device.

One of the most interesting traits of this kind of malware is its low footprint: it does not require rooting the device and asks for limited permissions upon installation. Yet, this malware is able to circumvent many of the protections that most users assume are reliably protecting their Android devices and compromise corporate resources used via the device. "

Source : ?Accessibility Clickjacking? - The Next Evolution in Android Malware that Impacts More Than 500 Million Devices » Skycure

That's a reson why you should think twice about turn on Accessibility even if it's a long process as shown here :

Getting malicious apps available on Google app store is a totaly different question/topic...
 

Read other answers
RELEVANCY SCORE 64

Yesterday, I did a scan of my network with WireShark 3.2.6  Scan was done on my hardwired Ethernet connection. I am somewhat new to advanced wireshark and I do not know everything there is to know but I am in the process of learning.
While looking at the results of a short scan I saw some unsettling IP Addresses that were appearing on my network. I do a lot of schoolwork online and I need to setup Windows 10 Professional's Firewall to block this IP Address or possibly even a range of
IP Addresses. 
Problem is: When I do searches with keywords such as "Blocking an IP Address with Windows 10 firewall" I end up receiving results that are intended for businesses or results that are meant for a Windows Server.
I need an understandable solution to this potential security problem. One that I can use Microsoft tools to fix and not some 3rd party app if possible.
My system:
Windows 10 Professional build 18363.1016
MS Office 365 Enterprise Edition subscription through my school
Dell Optiplex 790 with the latest BIOS update
16GB RAM
Dual drives  SSD system drive and Mechanical ATA drive for data storage.
WireShark 3.2.6 results
Source: 52.109.12.55    Destination: My private IP Address for my PC. 
Protocol used: TCP   Note: 3 instances.
Below is my PC sending out an 89 byte message to 52.109.2.55   4 different times.
Source: My Private IP,     Dest:
52.109.12.55,  Src Prt: vpad 1516,&nb... Read more

Read other answers
RELEVANCY SCORE 63.6

Android Trojan Mimics PC Drive-by Malware Attack | PCWorld.........Discovered by security company Lookout Mobile Security on a number of webistes, the decidedly odd "NotCompatible" Trojan is distributed using a web page containing a hidden iFrame...............This isn't quite a PC drive-by attack because the user still needs to install the app, at which point it relies on the user having ticked the "Unknown Sources" box (in most cases this box would be unticked) that allows non-market apps to be installed.............The NoScript browser addon will protect you in the same way on your Android smartphone as it does on your PC.From NoScript site: # IFRAMEs embedded in untrusted pages are always blocked, unless they load content from the same site as their parent# IFRAMEs embedded in trusted pages are blocked if they try to load content from untrusted sites# If NoScript Options|Embeddings|Apply these restrictions to trusted sites too is checked, no IFRAME can be loaded unless it loads content from the same site as its parent* You may ask, what if site I really trust gets compromised? Will I get infected as well because I've got it in my whitelist, ...?No, you won't, most probably. When a respectable site gets compromised, 99.9% of the times malicious scripts are still hosted on a different domain which is likely not in your whitelist, and gets just included by the pages you trust. Since NoScript blocks 3rd party scripts which have not ... Read more

Read other answers
RELEVANCY SCORE 62.8

Hi there
While I like open source and Free ware there are some really nasty malwares going round on ANDROID phone apps - one of the latest and nastiest is a little nasty that unknown to the subscriber it sends PREMIUM RATE text messages. The subscriber then gets a real shock when the next bill comes in.

Android apps can often be freely downloaded from locations other than google's App store so no decent control is exercised over these.

Having an open system like this obviously has problems.

Windows 8 could provide some security on the next generation of smart phones.

I don't think I'd use a mobile phone for online Banking -- no problem with a PC however.

Cheers
jimbo

Read other answers
RELEVANCY SCORE 62.8

There are several post like mine out there already but none of the solutions have worked for me. When I am connected to my company LAN I can go to Google (my home page) in IE7 on an XP Corp SP3 Laptop. about every other time I click on a link I get the following error box.Whether I click ok on the error or click the X, a new browser window opens maximises and opens my home page.When I am on my home network the behavior is different, (probably because my home firewall is not blocking the site) When i click any link from my home page there is no error box but my click gets hijacked to an advertisement or fake virus protection sites.Here is what I have tried:1. Full scan and immunize with Spybot S & D (found a lot of cookies etc. didn't fix this issue)2. Full scan with Symantec Endpoint protection (finds trojans once a day, probably friends of this issue)3. Full scan with Malwarebytes (fixed other issues it found but not this one)4. Purchased full version of Spyware Dr (found and fixed 4 issues but not this one)5. Disabled all browser plugins, including those that run without permission. (did not impact the issue)6. Searched for any files or registry enties with "hpprintspool" in them (there were none)7. Installed HijackThis and created the following log -Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:09 AM, on 11/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WI... Read more

A:Malware Cannot find http://(chinese characters) Make sure the path or internet address is correct

Hi jgardner,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.One or more of the identified infections is a backdoor trojan.A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?When Should I Format, How Should I ReinstallWe can still try to clean this machine but I might not be able to make sure it will be 100% secure afterward. Please tell me if you want to go on with cleaning.

Read other 2 answers
RELEVANCY SCORE 58.8

If a program installed malware and the anti malware found something.
Will it delete the malware itself or will it delete the program that came with the malware too?

-thanks!
 

A:Will an anti malware uninstall the program that installed the malware or only the malware itself?

I find your question a bit confusing, maybe it's just me.
But I think I understand your way of asking your question, and I will try to answer:

If for example Internet_Browser_A unintentionally installs stealthy malware by a driveby advertisement / exploit,
then Anti_Malware_B will only detect and remove unwanted malware and leave Internet_Browser_A intact and alone.
But if Internet_Browser_A in the same turn also gets infected, then Anti_Malware_B will try to disinfect or quarantine
Internet_Browser_A aswell.

Does that answer your question and did I understand it correctly?

Welcome! 1Up.
 

Read other 2 answers
RELEVANCY SCORE 58.8

If a program installed malware and the anti malware found something.
Will it delete the malware itself or will it delete the program that came with the malware too?
 

Read other answers
RELEVANCY SCORE 56.8

Android Developers Blog: Strictly Enforced Verified Boot with Error Correction | Android Developers Blog

"Android uses multiple layers of protection to keep users safe. One of these layers is verified boot, which improves security by using cryptographic integrity checking to detect changes to the operating system. Android has alerted about system integrity since Marshmallow, but starting with devices first shipping with Android 7.0, we require verified boot to be strictly enforcing. This means that a device with a corrupt boot image or verified partition will not boot or will boot in a limited capacity with user consent. Such strict checking, though, means that non-malicious data corruption, which previously would be less visible, could now start affecting process functionality more."​
In other words:

"A system integrity feature that prohibits Android mobile devices from booting when the presence of malware is suspected will now be strictly enforced in version 7.0 (Nougat). Unfortunately, the function is so sensitive, it also prevents perfectly legitimate boot attempts when a harmless, non-malicious data corruption surfaces during the start-up process."​
Via scmagazine
 

Read other answers
RELEVANCY SCORE 52.4

My daughter deactivated her facebook acct about 6 months ago. Couple days ago I seen she had reactivated it and posted something about raspberry ultra drops and how much weight she lost. I made a comment. She called me later, said she received an email thanking her for reactivating fb. she checked and sure enough, was reactivated. said she did not post that and she didn't reactivate her fb acct. Im thinking hijacked. What do you think?
 

A:facebook reactivated by advertiser?

Anyone?
 

Read other 1 answers
RELEVANCY SCORE 52.4

[topic=253487.html"]Malware byte's Anti Malware software, Malware byte's Anti Malware Not working[/topic]My google requests are being redirected to other sites. As a first step to correcting this, I started to run Malware byte's Anti Malware software. After I updated it, I started the scan when all of a sudden it stopped working. When I tried to reconnect, I got a message"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item"I re-installed the software, updated it, and tried to run it again, and got the same message.Since then, SuperAntispyware, RootRepeal and now DDS will not work. They download okay, but then terminate during the scan, hence I don't have logs I can insert.I've backed up all my data onto an external hard drive.I'm at my wits end, but I'm happy with any assistance I can give you. Hopefully the topic link works.Here is my Win32kDiag.exe log. The next post will by my Rootrepeal drivers log.Log file is located at: C:Documents and SettingsPhilDesktopWin32kDiag.txtWARNING: Could not get backup privileges!Searching 'C:WINDOWS'...Found mount point : C:WINDOWSaddinsaddinsMount point destination : Device__max++>^Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP247.tmpZAP247.tmpMount point destination : Device__max++>^Found mount point : C:WINDOWSassemblyNativeImages_v2.0.50727_32TempZAP453.tmpZAP453.tmpMount point destination : Device__... Read more

A:> Malware byte's Anti Malware software, Malware byte's Anti Malware Not working

Hello smartjock99,You got a Rootkit on this computer. We will need to take this cleanup in phases. You are not clean until I tell you so - even if it appears that everything is running fine!Let's begin....==========Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -r==========Step 2Please do this: Click on the Start button, then click on Run... In the empty "Open:" box provided, type cmd and press EnterThis will launch a Command Prompt window (looks like DOS). Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\ServicePackFiles\i386\eventlog.dll C:\ /y
In the Command Prompt window, paste the copied text by right-clicking and selecting Paste. Press Enter.When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE[: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #3) won't work if the file copy was not successful. Exit the Command Prompt window.==========Step 3 Warning to others reading this thread!: The Avenger i... Read more

Read other 44 answers
RELEVANCY SCORE 51.6

Using IE8. When I click a link instead of going to the right site it goes to some ad page. But when I go back to that link and click it again IE8 goes to the right site. Frustrating.
 
I'm using XP with SP3 updated,
 
I've run SuperAntiSpyware, Spybot, Malwarebytes Pro, and Norton 360 but found no fix, though they do find lots of cookies.
 
This has been happening for about a week or two. I haven't downloaded anything I can remember to pick this up but then my memory is fickle.
 
I did the searc with  "AdWcleaner by Xplode and it did find a boodle of stuff I don't recognize.
 
So, I'm now stuck.

A:IE8 goes to advertiser site when I click a link to go elsewhere

Security Check
§  Download Security Check from here or here and save it to your Desktop.
§  Double-click on SecurityCheck.exe
§  Follow the on-screen instructions.
§  A Notepad document should open automatically called checkup.txt.
§  Please post the content of that document.
 
Farbar Service Scanner
§  Download Farbar Service Scanner.
§  Run it on the computer.
§  Make sure the following options are checked:
o    Internet Services
o    Windows Firewall
o    System Restore
o    Security Center/Action Center
o    Windows Update
o    Windows Defender
o    Other Services
§  Press "Scan".
§  It will create a log (FSS.txt) in the same directory where you run the tool.
§  Please copy and paste the log to your reply.
 
MiniToolBox
§  Download MiniToolBox
§  Run it on the computer.
§  Checkmark following boxes:
§  Report IE Proxy Settings
§  Report FF Proxy Settings
§  List content of Hosts
§  List IP configuration
§  List Winsock Entries
§  List last 10 Event Viewer log
&#... Read more

Read other 10 answers