Over 1 million tech questions and answers.

AVG Resident Shield popped up on my PC to announce it had detected a "Multiple Threat

Q: AVG Resident Shield popped up on my PC to announce it had detected a "Multiple Threat

AVG Resident Shield has popped up several times on my home PC to announce it had detected a "Multiple Threat" with the name Trojan Horse Downloader.Agent2.BIL. The file named was C:\\WINDOWS\system32\userinit.exe and multiple instances were logged for various applications.

I note that Yeti49 had the same problem and extremeboy provided a repair strategy.

I have followed the same instructions and have run combofix. Since, there does not appear to be any further AVG alerts. Please find attached the log report of which, I would be very grateful if someone could inspect and advise if further issues are evident.

Many thanks

RELEVANCY SCORE 200
Preferred Solution: AVG Resident Shield popped up on my PC to announce it had detected a "Multiple Threat

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: AVG Resident Shield popped up on my PC to announce it had detected a "Multiple Threat

Hello and Welcome.

A Reminder....

As seen in Post #2 of our sticky topic 'NEW INSTRUCTIONS Read this Before Posting For Malware Removal Help'

Quote:




Why we don't ask you to run ComboFix from the onset

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there's any rootkits present and how they could affect our tools. DDS & GMER are preliminary scans. We use their logs to map our strategy for attack.

With these logs we can determine the infections present & decide whether to deploy ComboFix




---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 2 answers
RELEVANCY SCORE 114

Hi Guys Just a quick question everytime I go to do anything on my laptop this thing keeps popping up satin resident shield alert multiple threat detection, gives me 3 options . Remove selection infections, remove unhealed infection, close !!

I just keep pressing close but it keeps popping up! Is that a virus???

I would really appreciate any help whatsoever

Thanks a lot

A:resident shield alert multiple threat detection

This is a 'balloon' notification from AVG. To correct this, open the AVG control panel and select 'Tools' and then 'Advanced settings'. Under the 'Appearance' settings you will see a box for 'Balloon tray notifications'. Uncheck this box and then 'Apply'. Return to 'Overview', double-click on 'Resident Shield', and select 'Remove all threats automatically'. You can now choose whether or not you want AVG to scan for and remove 'Tracking cookies'.

To answer your original question, it is AVG probably detecting a 'Tracking cookie' and asking you what to do. Having the 'Resident Shield' remove all threats automatically will remedy this.

Read other 1 answers
RELEVANCY SCORE 114

Hiya Guys

I keep getting a couple of AVG Resident Shield alerts that I don't understand.

They say "Multiple threat detection
File name C:\Program Files\BitDownload\player.dll
Threat name Multiple runtime compression aspack.nupx
Detected on open.

Process name C:\Windows\System32\svchost.exe
Process ID 988"

Any ideas would be much appreciated - .

Thanks in anticipation
Gilli
here is my Hjt file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:07:15, on 05/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\Arc... Read more

Read other answers
RELEVANCY SCORE 114

Hi,

I recently formatted my hdd and reinstalled Windows XP Pro on my PC. Everything seemed ok until i installed AVG Anti-virus Free ver. 8.0.237 software. After that, AVG started to detect infected files. While some of them seemed like genuine infection, some didn't. Some threats reported were trojans but most of them were reported as "Virus found Win32/Heur". I know this is due to the heuristic scanning and could be fake alarms but i was not sure. To save trouble and since i had not installed too many software, i decided to reformat the hdd and reinstall WinXP again.

This time i was careful and made sure that after settling with the service packs, i installed AVG before any other apps to ensure any threats would be detected early. Everytime i installed a new app, i would scan my hdd to make sure no new threat appeared. Then suddenly, AVG's Resident Shield alert started popping up its alert window with multiple threat warnings. All were "Win32/Heur" and this seemed to have affected a lot of system files in C:\Windows\ directory. Trying to heal these infections were not successful as they would reappear again and again. As i remember correctly, the most recent apps installed were Mozila Firefox, Ad-Aware and WinRAR. I tried to do a system restore but i noticed many of the earlier restore points were gone. Trying to restore to some of the restore points available failed.

Well, i know that i can always repeat what i did i.e. reformat and... Read more

A:AVG's Resident Shield alert "Multiple threat detection"

It looks like you may be saving a very nasty file infector and reloading it after a format

The other candidates are you are not deleting the system partition before a format(unlikely infection tho)

Maybe an infected router that's redirecting your dns

When you reload are you sure your usb flash and external drives are clean?

Read other 3 answers
RELEVANCY SCORE 88.4

AVG Resident shield detected Trojan Horse Vundo.FE. Cannot repair because file is inaccessible.here is a copy of my HiJack This Log. I am using Windows XP Service Pack 2. Thank you in advance for your help.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:07:11 AM, on 8/19/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16981)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC: ... Read more

A:AVG Resident shield detected Vundo...

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 86.4

Problem: 
 
AVG Resident Shield detected 2 instances of  PureLeadsUp.exe (c:Program Files (x86)\PureLeads\PureLeadsUp.exe).  One was removed but the second said that it “was inaccessible.”  (I’m sorry but I can’t remember the exact words.  I closed the window and can’t find the report.) – Related adware:
1 / 68      (Adware)
PureLeads.Service.exe  (867e32c5083c4f90c4c704eb03ac29ef0a7c378d)
1 / 68      (Adware)
PureLeadsSvc.exe  (7598dd84cf1c4089af7554f2c23d8c69a72f49dc)
1 / 68      (Adware)
DynLib.dll  (ec07efdecb7e21a63c8c04ea962fcb890a10b095)
1 / 68      (Adware)
plsapp.exe  (d0aa9c701934b9542ecf42b6a4bc8fb34eb16d7b)
1 / 68      (Adware)
plsappdll.dll  (7df6f58a0f3d132ac3a783c1577514beb5b5cfb3)
 
My computer is running extremely slow and just taking three times longer to follow a click/command.  It’s behaving awkwardly when opening documents and websites.  I’m not sure how to describe “awkward” any better than that.
 
PureLeads was not mentioned in your self-help guide list of infections.  Although I didn’t check all the related ones.
 
I’m including the AVG infection log – I’m not sure which have been healed. (It’s attached as a... Read more

A:PureLeadsUp.exe detected by AVG Resident Shield - can't remove - "inaccessible"

Clarifications on my post:
 
I received another warning from Resident Shield alert and have the text from it:  File name is PureLeads\sqlite3.dll. 
 
The threat name: Adware Generic5.AXWM. 
 
I removed it to the vault as a "power user." 
 
Computer reactions:  Web pages are displaying only partially with pieces (mostly at the bottom) missing and weird spacing.  There is a long lag between commands and actions - spinning wheels before doing what I've clicked on.
 
Hope that helps.  I'm really anxious to get this fixed.  Working is a challenge.
 
Thanks much,
 
Accentaa

Read other 11 answers
RELEVANCY SCORE 84.4

After reading through logs, I think I need to change my status to "beginner"!

I got a virus the other day, can't remember the exact name, but it appeared a popup appeared telling me I had multiple virus's and my computer was being attacked. Initially I started the scan, as it appeared with McAfee signage, but my McAfee had expired (I already know this was stupid to let it happen).

I ran Spybot, which could not remove the virus. Went to my son's computer (not networked to mine), purchased the AVG program (the program you have to pay for, not the free version), downloaded the software on a stick drive, and installed it on my computer. Ran a scan, and it found three or four malware/virus's, which I thought I "removed".

First, I get a "Resident Shield" alert every 2-3 hours, with AVG signage. Is this normal? After my last experience, I'm mortified to click anything that doesn't say AVG. Second, am I supposed to remove these things as a "Power User" if this is indeed AVG? Third, is this all I have to do? Do I need to do something else?

Also, after installing the AVG softward, my Microsoft Outlook has been acting completely crazy! I have my settings so that Outlook will pull in my email off my providers server, but it does not appear to be doing that! And, when I open emails, they "disappear".

I just ran another scan, and nothing was found.

What do I need to do to get my computer "back to nor... Read more

A:AVG/Resident Shield/Microsoft Outlook/multiple issues!

Read other 14 answers
RELEVANCY SCORE 74.4

Hello,

My computer has been infected by Trojan horse Sheur.AMSD, Win32/Cryptor, jlchura. pl/rc/sploits/f2.html, jlchura.pl/rc/sploits/i1.html and jl.chura.pl/rc/.

I went into Safe mode and did a scan using AVG.

Apparently, from the avg log it manages to clean this trojan horse (Trojan horse Sheur.AMSD)

BUT it is still in my computer.

Now, everything in my computer have been slowed down significantly - from the movement of my mouse pointer to keying of words to opening of files.

There is also a unique occurrence where I could not access into ANY antivirus related website such as AVG website, malwarebytes , Panda, kaspersky etc..

So, I couldnt update my AVG antivirus software and my malwarebytes software.

Not only these, my usual xp boot up screen also changes from the one that shows light blue background to only a popup asking me to key in my user password...

PLEASE PLEASE help me...thank you.

p.s. i dunno whether i am posting at the correct thread.. i be very thankful to you if you could point to me the right direction and forgive if i post this topic wrongly..

akibaxsan

A:Multiple Threat Detected!!

Run this scan. You can copy it over from another computer if you need to.Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.alternate download linkNote: The file will be randomly named (i.e. 5mkuvc4z.exe).Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current versionRead the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.If an infected object is found, you will be prompted to move anything th... Read more

Read other 29 answers
RELEVANCY SCORE 70.8

Solution found: http://forums.techguy.org/malware-removal-hijackthis-logs/755040-trojan-horse-sheur-clze-winamp.html - Click here for solution

Hello + thanks for your help in advance ;-)
I always use Winamp as my audio player and today randomly recieved the following message from avg anti-virus free (up to date):

I've reported it/sent to analysis. I've tried removing the threat as a power user as I uninstalled winamp and installed it again. After that process, winamp will not repond and the above will come up again. This happens if I try to open winamp every time now... winamp just won't respond and avg will tell me about zlib.dll
Moving to vault did not help either. Neither did heal. Is it a virus, or a false positive?

Here's my hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:18 PM, on 1/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Mozilla Firefox 3\firefox.exe
C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\vstudio.exe
C:\Pr... Read more

Read other answers
RELEVANCY SCORE 70.4

I recently downloaded something and opened a file named "run.exe" and then my computer kinda died, the backround changed to blue with a text in middle, and when I dont move anything it will come larvas from the sides and crawl all over the screen. Also, i get popups wanting me to buy stuff and internet explorer changed start site and leads me to wierd stuff. With my 2nd computer i looked this up in google but couldnt rly find any good solution, since I didnt find something exactly the same, but i tried some anti spyware/malware programs, deleted some stuff. But now im stuck, the things i delete keeps coming back. I have stopped getting popups but my screen is still blue (text is removed), and everything i try is "Disabled by Admin" which cant be true since im the only 1 on this computer. The start bar and icons are all gone and i cant right click anywhere either. Also where the clock should be it sais "VIRUS DETECTED!!"

I use XP and have Kaspersky 7.0.

Im gonna try to post a HJT file as soon as i get back to my PC.

Thx.
 

A:"Warning! Spyware Threat Detected On Your Computer!..."

Aight, I got the HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:53: VIRUS ALERT!, on 2008-05-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program\Razer\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\NetLimiter 2 Pro\NLClient.exe
C:\Program\Razer\razertra.exe
C:\Program\Razer\razerofa.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\Program\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\WinRAR\WinRAR.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUME~1\Micke\LOKALA~1\Temp\Rar$EX17.4359\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Star... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

Please Help,

my anti virus is popping up with "threat detected" in lots of different programme files in the last hour and a bit, only the last one was for a programme that isn't even running at the moment! i had thought i had malware last week due to sqm files - okay so it was just windows live being a pain it seems.

but this time AVG Free keeps telling me, about every 10min(or so) that it has detected a threat. only it wont let me heal the file or put it in the virus vault. so please help! these are the files it came up as being a threat (or at least the ones i thought to write out) so i think the 2nd line is the virus???

C:\\WINDOWS\system32\drivers\drmcdb.sys
@CoreException C0000005, 0006548F

C:\PROGRAM`1\Grift\AVG\avgw.exe
@CoreException C000005, 0006548F

C:\\WINDOWS\system32\drivers\pxhelp20.sys
@CoreException C0000005, 0006548F

C:\\Program Files\Messenger\msgsc.dll
@CoreException C0000005, 0006548F

C:\Program Files\apoint\Elprop.dll
@CoreException C0000005, 0006548F
i don't know if that is helpful at all!
my operating system is windows XP - i think it just loaded the 3 service pack...
also i ran hijack this and here is my log.

i hope that is enough information - and thakyou ahead of time for taking the time to read this messege

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:17 PM, on 22/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C... Read more

A:Solved: help AVG "threat detected" and wont let me heal, and different

Read other 14 answers
RELEVANCY SCORE 69.2

Hi all,

First of all I would like to thank everyone in advance for taking time to help out.

Starting today I keep getting pop up messages that there is spyware on my pc. It has also has changed my wallpaper to a blue screen with the message "Spyware threat has been detected on your PC'' Also when i search anything in google it defaults to some random spyware removal page.

I have attached a screenshot of the error messages. (please ignore the colors, I dumbed it down so its a small file )

Here is my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 09:07, on 2008-04-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Progr... Read more

A:"Spyware threat has been detected on your PC'' Please help!

Read other 7 answers
RELEVANCY SCORE 68.4

Please help!
I've tried everything I know of to get this off my desktop.
Windows Live Onecare
Highjackthis
Smit..
RogueR
windows defender
etc etc...

can someone please help?? Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:08 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rxjddnvj.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe,
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F0... Read more

A:Warning: spyware threat has been detected on your PC"

Hello and welcome to TSF.

Since you've already started with SmitfraudFix, let's continue with it.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the co... Read more

Read other 3 answers
RELEVANCY SCORE 67.2

i rebooted my computer and received the message resident shield is not loaded. where and how do i correct this problem.
 

Read other answers
RELEVANCY SCORE 67.2

I just updated my computer to AVG 9.0 (free) and it is saying that resident shield is not activate and I am not sure how to activate it. Can anybody help?

thanks - Great site

A:AVG Resident Shield

Try right click on the AVG icon in the tray by the clock.
Open User Interface, double-click Resident Shield
- Uncheck the "Activate..." option, click "save changes"
- Double-click RS again, check the "Activate.." option, click "save changes.
reboot

Read other 2 answers
RELEVANCY SCORE 67.2

Hi, I am very much a beginner and having used the Free version of AVG for the past year with no probs. since renewing to version 7 I get the message each time I boot up that Resident Shield is not loaded and I cannot find a means of putting this right. Can anyone help in laymans terms please?
 

A:Resident Shield

Hi and welcome to TSG,

Please see the following link and perform the repair installation as described there.

http://free.grisoft.com/doc/29029

Let us know how it goes please.
 

Read other 1 answers
RELEVANCY SCORE 67.2

Every hour or so I get a pop-up that says I have numerous infections that need to be removed. In the top left corner of the message their is an icon that looks like the AVG icon, but this message pops up even when running a scan. My AVG log says it has not detected any viruses,malware, etc. I am attaching the log files. any help you can give me in resolving this issue would be greatly appreciated. Further is there any Software I can install that will help in the future from eliminating issues like this. This is my work computer, and I have lots of data stored and an CAD program that I cannot afford to be without. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_09-12-01.01)Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 10/26/2009 12:24:21 PMSystem Uptime: 2/10/2010 7:22:41 AM (2 hours ago)Motherboard: Intel Corporation | | D865GVHZ Processor: Intel® Pentium® 4 CPU 2.80GHz | J2E1 | 2793/133mhz==== Disk Partitions =========================A: is RemovableC: is FIXED (NTFS) - 75 GiB total, 30.83 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 298 GiB total, 219.675 GiB free.==== Disabled Device Manager Items ================= System Restore Points ===================RP30: 11/13/2009 5:23:40 PM - Avg8 UpdateRP31: 11/14/2009 6:15:11 PM - System CheckpointRP32: 11/16/2009 4:05:25 PM - System CheckpointRP33: 11/17/2009 6:52:51 PM - S... Read more

A:Resident Shield Pop-up

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 67.2

My Toshiba Tecra running XP has a popup posing as AVG Resident Shield ! Have tried different Spyware scans, but have had no successs getting rid of it. Can anyone help ?
Cheers
Al

A:AVG Resident Shield

Welcome to the forums. Read the information in the post below:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

Read other 2 answers
RELEVANCY SCORE 66.4

Ignored a problem I started getting last nite (I was tired). Wife clicked it today, PC no longer boots, even thru safe mode. The first thing I remember seeing was something that looked like it was part of my free AVG program, I think it was entitled "resident shield". It kept listing problems, all the same one, I think it was trojan_J...... can't remember the whole file name. I'm typing this from a laptop, it's the desktop that's got the issue. The machine OS is Windows XP, service pack two I believe.I recall back in the day we had boot discs, I would try one but I'm not even sure how to make one these days. Should I go start looking for my Windows disc now?Any help would be greatly appreciated!BTW, got that malware from pdga.com , a disc (frisbee) golf website. These virus's/trojans/whatever are everywhere anymore.Well, after 40 plus hits, doubt I'll be able to do it thru here, but I'll continue to check back a few times during the next 24 hrs. I'll prolly take it in in the next day or so, and if it's not a hardware issue, maybe just have it formatted and start over, there's nothing major on there. One more item to add, I saw a post about a browser being misdirected.....Yahoo is main home page (I use Mozilla primarily too) and my searches there lately have been taking me not to the desired link but to another search engine. Same thing tho on other search portals like Google. I can get to it tho if I click... Read more

A:AVG "resident Shield" possible rootkit?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 66.4

I am running Windows XP Service Pack 3 and AVG Anti-Virus Free Edition 9.

AVG Resident Shield alert window pops up stating Treat detected! Virus identified Win32/Patched.DX Detected on open.

AVG Virus Vault shows this virus and Scan Results shows C:\WINDOWS\system32\drivers\ipsec.sys and says Object is white-listed (critical/system file that should not be removed).

Read other answers
RELEVANCY SCORE 66.4

Since yesterday evening my Eee PC (Windows XP) has had popups calling themselves "Resident Shield Alert" and telling me I have infected files, trojans and all sorts of things. However from what I can find online, the villain of the piece is actually the program making the popups, rather than what they're purporting to have found. If I ignore it or if I click it, it performs a fake scan and displays its results. Screen print available if needed, but I have a feeling that you guys have probably seen this one a thousand times.

Additionally I've noticed this morning that random words in websites texts are being double-underlined and turned into links, hovering over them with my mouse opens tiny advert windows that may or may not even be connected to the highlighted word. Obviously, I haven't clicked any of these words because I'm not a complete fool, I'm only fool enough to get myself into this situation, lol.

I've run Trendmicro's Housecall and Spybot - S&D, but neither of them found anything. While searching online I found a manual removal involving the copy/pasting of the atapi driver, but that action seemed to prove fruitless too.

Also, it would appear that on Start Up my Windows Firewall is being disabled, although I don't know if that's being caused by whatever is infecting my system or the AVG 9.0.725 with a firewall that is also enabled.

I apologise if this post is lacking a great deal of detail, I really have tried to... Read more

A:Resident Shield Alert

I just finished 2 days of cleaning out ANTIVIRUS SOFT from my wife's computer.
Now RESIDENT SHIELD ALERT has started showing up

Plan on running Malware again
Any other advice would be appreciated.

Thanks for the help w/ AVS the instruction list was spot on

Read other 5 answers
RELEVANCY SCORE 66.4

Avg resident shield continues to pop up a resident shield alert (the alert is attached).

I have run Malwarebytes Anti-Malware and removed everything found. The computer seems to run fine, but I'm concerned about this alert.

Thank you in advance for any advise.
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_26
Run by kendra at 9:22:21 on 2011-08-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.1497 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSof... Read more

A:avg resident shield acpi.sys

Good evening. Take a trip to this webpage for download links and instructions for running Combofix by sUBs: http://www.bleepingcomputer.com/combofix/how-to-use-combofix * When prompted to save Combofix, change the filename BEFORE saving it - any name will do, as long as it has .exe at the end. Please be aware that this tool may require the PC to be rebooted so close any programs you have open before you start. When CF has finished, it will produce a log - C:\ComboFix.txt - copy and paste Let me know how the PC is behaving.* There are two points to note from the instructions page:1) The Recovery Console.It is recommended that you install this as, in certain circumstances, it may be the difference between a successful repair and a reformat. If you are uncertain as to whether or not you already have the Recovery Console installed, simply run CF and it will prompt you if it does not detect it.CF will complete some, but not all, of it's removal tasks without the installation of the Console, so you are free to choose whether you want to complete this step, but it is in your interests to do so.2) Disabling your Anti-Virus.CF has been the victim of false-positive detections on occasion and a resident AV may incorrectly identify and delete part of the tool which won't do it much good. If you don't disable your AV, you may not get the results you hoped for!

Read other 2 answers
RELEVANCY SCORE 66.4

I fixed registry errors and erased temporary files with CCleaner.
I scanned with Chkdsk.
I defragmented my hard drive.
I used Dial-a-Fix to repair permissions since I have other protection software as well.
If I uninstall reinstall I get this error:

Local machine: installation failed
Installation:
Error: Action failed for file avgmfx86.sys: starting service....
Error 0x8007007f

I did all that because that's what I was told in the AVG forum.

A:Resident Shield down after updating AVG 7.5 to 8.0

Are you aware that AVG 7.5 and AVG 8.0 are two completley different programs?MaY one ask how you uninstalled the AVG 7.5 program ?

Read other 1 answers
RELEVANCY SCORE 66.4

I recently download the new Spybot 1.3 rc 4. I am running the Resident Shield. I guess it is not like SpywareBlaster which doesn't have to be in the system tray to be running.

What I am asking is does it (RS) have to be in the system tray to be active?
 

A:Spybot Resident Shield

If you are referring to the RS which prevents most spyware programs that lurk on websites (BlueMountain on www.bluemountain.com, Advertising, Inc. on www.msn.com and www.hotmail.com, etc.) then no, Spybot S&D does not have to be running, but you have to have the Resident Shield option activated. I believe that it is not activated by default.

I've upgraded my SS&D to the final-product version of 1.3, and it's been a while since I had RC4, so it may or may not have the TeaTimer RS which alerts you when your registry changes. For TeaTimer, it does need to be running to work, but I don't like TeaTimer and how much memory it needs to run, so I don't really recommend having it running.

Hope this helps.
 

Read other 2 answers
RELEVANCY SCORE 66.4

When AVG starts, the icon in the system tray is in black and white. This is its signal that its not working properly. I right click on it, choose Run AVG antivirus and Resident Shield is disabled by default. I havent found a setting that disables this. The only thing ive changed about my boot up is that it runs a batch file deleting temps.
 

A:AVG Turns off Resident Shield

Read other 8 answers
RELEVANCY SCORE 66.4

How do I remove resident shield virus?

A:resident shield virus

Hello, and to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!If you have since resolved the original problem you were having, we would appreciate you letting us know.In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.I ask that you please refrain fro... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

Hello! About a week ago, I got some malware didn't allow me to open programs. I ran the computer in safe mode and removed the infections with Malwarebytes Anti-Malware. It seems like it is gone but the only thing is, I keep on getting pop-ups every 10 minutes from "Resident Shield alert". When I run Malwarebytes, it doesn't detect an infection.Below are the 2 pop-ups that keep on showing up. Below I will attach the logs. Thanks in advance! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_29Run by Juan Reyes at 19:17:16 on 2012-12-17Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.2942.1560 [GMT -8:00].AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\rundll32.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\ProgramData\ActivePath\ActiveMail\UpdateClient.exeC... Read more

A:Keep on seeing pop-ups from "Resident Shield alert"

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 15 answers
RELEVANCY SCORE 66.4

When I turned on my computer this morning, a red box came from AVG saying: I have a "Resident Shield Alert" that says There is a threat in my computer. The File Name is C\Windows\Imgtask.exe and the Threat Name is Trojan Horse Agent.AXSO. I am not able to find much on AXSO. Any assistance?
Thanks
 

Read other answers
RELEVANCY SCORE 66.4

After trying several freeware antivirus (I need to stay a short while in that status) I choosed AVG 7.5, for it's lightness for my current PC (I do not know if at the cost of a mediocre protection). I just installed it again from the same "exe" that I already had used before succesfully. Well, every other starting, the famous resident shield doesn't get installed and I have to restart. Isn't any other way to avoid this inconvenient? Many thanks. Greetings

Read other answers
RELEVANCY SCORE 66.4

I have AVG Free 7 on my comp (xp hom sp2) runs perfectly.
I did have AVG free 6 on my other win98se comp - ran fine. i upgraded it to avg free 7, but notice that the resident shield doesnt load at start up. after playing around i have figured out that the email scanner isnt activated each time it loads. so i activate it, restart but its deactivated again. i reinstalled it with the latest build from avgs website, but still no luck. My ad-watch monitoring detects a registry change so i know something is happening... after i activate it again the resident shield runs its icon in the task bar as it should be... why does the email scanner keep shutting down and then stop resident shield running? thanx
 

A:AVG Resident Shield not loading

Read other 6 answers
RELEVANCY SCORE 66.4

Actually, I have a twofold problem that I think is related. Several times a day I get an AVG Resident Shield warning that says, "Warning Found tracking cookie.2o7" or with other extensions such as .247realmedia, .Revsci, .Realmedia, .Serving-sys, .Tribalfusion, .Questionmarket or .Overture. The "Path to file" is always the same, C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\4m2lsrtw.default\cookies.sqlite. This started after I had the computer cleaned of a virus not too far back. The second part of my problem is that sites that I have to log on to are not always retaining my information even when I have "remember me" checked. The baffling part is that it happens intermittently, sometimes I have to log in two or 3 times in a row and then the same site might "remember me" the next few times I go to it. Is there some setting that needs to be changed or do I have another problem? For what it's worth, the computer is running fine and my daily AVG scan finds no infections. However, those cookie warnings do end up in the virus vault. Spybot tells me I have no threats, too.

Thanks again,

Tom

A:AVG resident shield warnings

Cookies are text string messages given to a Web browser by a Web server. Whenever you visit a web page or navigate different pages with your browser, the web site generates a unique ID number which your browser stores in a text (cookie) file that is sent back to the server each time the browser requests a page from that server. Cookies allow third-party providers such as ad serving networks, spyware or adware providers to track personal information. The main purpose of cookies is to identify users and prepare customized Web pages for them.Persistent cookies have expiration dates set by the Web server when it passes the cookie and are stored on a user's hard drive until they expire or are deleted. These types of cookies are used to store information between visits to a site and collect identifying information about the user such as surfing behavior or preferences for a specific web site.Session (transient) cookies are not saved to the hard drive, do not collect any information and have no set expiration date. They are used to temporarily hold information in the form of a session identification stored in memory as you browse web pages. These types of cookies are cached only while a user is visiting the Web server issuing the session cookie and are deleted from the cache when the user closes the session.The type of persistent cookie that is a cause for some concern are "tracking cookies" because they can be considered a privacy risk. These types of cookies are used to ... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

Resident Shield alert is telling me I have Multiple threats detected, however I can't move it to a vault. Malwarebytes' Anti Malware doesn't find these possible infections. However I can't work on my desktop at all without resident shield popping up every few seconds. Is their something else I can do?
Thanks,
Kazree

Read other answers
RELEVANCY SCORE 66.4

Hi,Today AVG apparently popped up a box saying computer restart needed, with a countdown box & an OK to click.No reboot happened after it was clicked, but Windows warned that AVG was disabled.Resident Shield is disabled & says the driver is missing if I try to re-enable it.I have recieved help from this forum quite recently on this same computerhttp://www.bleepingcomputer.com/forums/t/194256/bestantivirusscanner-popups-monder-virus-after-avg-removed-virus/I wonder if something remains from the previous problem.AVG & Microsoft Updates are all kept rigorously up to date.Thanks very much.DDS (Ver_09-02-01.01) - NTFSx86 Run by Hinson at 9:38:00.32 on 04/02/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.256 [GMT 0:00]AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\Ati2evxx.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exeC:\Program Files\Logitech\QuickCam10\QuickCam10.exeC:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exeC:\Program Files\lg_fwupdate\fwupdate.exesvchost.exeC:\WINDOWS\system32\tcpsvcs.exeC:\Program Files\Opera\op... Read more

A:AVG Resident shield disabled

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

Hello,

I'm trying to scan and fix someone else's computer. I'm running a full malwarebytes scan right now and it already says that 11 files are infected. During the scan, a popup came up that says Resident Shield Alert Accessed Accessed file is infected, etc... A quick google search indicates that this is fake and a sign of infection. (I think this popup had come up earlier, hence my being asked to look at the computer.) Apparently this started when the person connected a flash drive.
I thought I would go ahead and post on this site while waiting for the scan to finish. Any and all help will be greatly appreciated!

Read other answers
RELEVANCY SCORE 66.4

Since I started using AVG Free anti-virus v.8, my PC started to slow CONSIDERABLY....especially when I put my mouse cursor on the "Start" button...After a few hours of PC use,it would take minutes for the program list to populate !! This is most marked in branching menus...I have this empty gray rectangle totally paralyzing the PC till it fills..!!

I tried defrag,added RAM,stopped Win Defender,stopped my Mc Afee Firewall...no effect..

The Task manager always shows the criminal process: AVGrsx.exe consuming 98% of CPU for ages !!!

Whenever I deactivate this cursed process,my PC becomes "Superfast"...
Is there a solution without compromising protection??

Please help

 

A:AVG Resident Shield paralysing my PC

Read other 16 answers
RELEVANCY SCORE 66.4

Hi not sure where it came from but I have a resident shield type infection that tries to get me to install their "anti virus" software, and tells me i have google redirector installed.

Any help much appreciated


DDS LOG BELOW and zip attached with requested files:

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Gary Sumner at 19:02:16.04 on 08/08/2010
Internet Explorer: 8.0.6001.18928
Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.1015.404 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atashost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.e... Read more

A:Resident Shield Type

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 5 answers
RELEVANCY SCORE 66.4

HiAVG Resident Shield alertC:\WINDOWS\system32\Drivers\mchlnjDrv.sysTrojan horse Small.AOQDetected on open.Can't seem to remove it with AVG or other programs.Here is the log.....Thanks!!Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:42:07, on 01/10/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.20861)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\XpertVision\TBPanel.exeC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\LVCOMSX.EXEC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files&#... Read more

A:Help! Avg Resident Shield Alert

Hello, vodkaparrot. to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)Please give me some time to look over your computer's log(s).Please take note of the following:In the meantime, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Finally, please reply using the button in the lower left hand corner of your screen.We need to run ComboFix.Please disable any running anti-virus programs.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/Please visit the following page for instructions on running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.
Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a prob... Read more

Read other 11 answers
RELEVANCY SCORE 66.4

Hi,
I am sending this from my laptop because it is my PC that is infected by this Resident Shield Alert.
I have tried various antispayware programmes and antivirus programmes to get rid of this virus, all to no avail!
The resident shield alert tells me that I have a Trojan Horse Downloader.VB.7.Y and the infected file is C:\Documents and Settings\user\Application Data\winupd
Furthermore, after re-booting my desktop now has a white background with "Active Desktop Recovery" superimposed on it. Clicking on 'restore my active desktop' does nothing so I assume it is all part of the virus.
Please can you help me remove this virus.
Many thanks in anticipation
Mike

A:Resident Shield Alert

Member being helped here:http://www.freepchelp.co.uk/forum/malware-...ield-alert.html

Read other 1 answers
RELEVANCY SCORE 66.4

Hey Guys/Girls. It appears that there are several fake anti-malware programs installed on my computer, as I am getting popups about running scans for programs I never installed. (Anti-malware Doctor and Resident Shield Alert are just a few of them.) I am also getting internet pop-ups as well. Here are the requested scans; you guys have been awesome in the past and I hope you are able to help me again. Thanks for your time:

HJT:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:55:04 PM, on 8/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\TomTom HOM... Read more

A:Resident Shield Alert and Pop-Ups

Read other 16 answers
RELEVANCY SCORE 65.6

Hi, hoping you can help.

I recently got several "fake" dialogs popping up with the title of "Resident Shield Alert". I see this alert is linked to the "Virus Scanner" virus/trojan although the screen shots of that virus did not match what I was seeing. Anyway, the popups stated I had some viruses and, of course, wants me to use "Resident Shield" to clean them. I recognized it as a trojan so I left them alone and immediately ran Malwarebytes. I noticed that although I could run Malwarebytes, it would not let me update it to the latest version. I could also not open Task Manager. I got "Your administrator has disabled this functionality".

Malwarebytes finished and said it cleaned some entries (sorry, I don't remember what they were) and had me reboot. Upon rebooting, still could not access Task Manager and a Resident Shield Alert popped up again.

I rebooted to Safe Mode and ran Malwarebytes in Administrator mode. Again, said it cleaned up the machine. I noted a "hijack.taskmanager" in the list. It said it cleaned them and to reboot. This time, when I rebooted and ran Malwarebytes again, it found no problems. However, a dialog appeared that said it could not find "fcadlot.dll". Just to be sure, I ran Microsoft Live Scanner. It found 10 items but could not remove them.

Thus, I unplugged the network cable to prevent any (more) data from being sent out and came here. I ran the DDS too... Read more

A:Resident Shield Alert trojan

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Thanks,
K27.

Read other 16 answers
RELEVANCY SCORE 65.6

Hi,
I opened an email apparently from FED EX, saying it was having problems delivering a parcel. As soon as I opened it, my AVG resident shield started going crazy, telling me I had a virus in win 32 patched, it says the object is white listed.

I have since scanned the computer with AVG and found 2 viruses which were successfully deleted. My computer seems ( at present) to be fine, however the resident shield hasn't stopped, it's as if I have hundreds of viruses.

I am not very computer literate so I'm desperate for help.

Kind Regards
Al

A:White listed on AVG Resident Shield

Hello and Welcome.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 65.6

So, I got infected with some nasty spyware/malware/trojans. I ran through the guide of using Rkill & MalwareBytes Anti-Malware program and it caught some things (see attachment). I later ran it again and it didn't seem to catch anything (again, see attachment for the log), so I thought everything was fine. However, this morning I started getting "Resident Shield alert" messages from AVG telling me I have a couple trojans on my computer. I'm suspecting this is a hi-jacked AVG message I'm getting.So, I tried to go through the guidelines for posting here but I couldn't get past the GMER Log step (tried twice--keep getting blue-screen of death flashed and my computer suddenly started rebooting in the middle of the scan). Would trying it in Safe Mode help (or would that not give accurate information?)? Here's the log from the "Windows has recovered from an unexpected shutdown":Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.256.48
Locale ID: 1033

Additional information about the problem:
BCCode: 1000008e
BCP1: C0000005
BCP2: 82D3F795
BCP3: ADEA1B2C
BCP4: 00000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\072411-49857-01.dmp
C:\Users\Azure\AppData\Local\Temp\WER-398832-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&... Read more

A:"Resident Shield alert" message from AVG

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:***************************************************First, I need to know if you still need help! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411021 and follow the instructions there. If you no longer need help, this is all you need to do. If you do need help please continue below.***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have prev... Read more

Read other 2 answers
RELEVANCY SCORE 65.6

I guess now that just about every virus or trojan detected by AVG is a generic something or other. Before I get to the point, here's a little history:

Aug 27, 2008: Resident shield detects Trojan Horse Downloader.ZLOB.AAXQ. File name is Dc3.exe, and another Dc4.exe. Resident shield found them in the C:\RECYLCER... portion of the HDD. Moved to virus vault.

Oct 2, 2008: Resident shield detects Trojan Horse Downloader.ZLOB.ABBY. File name is Dc3.exe. Again, in C:\RECYLCER..

July 27, 2009: Resident shield detects Trojan Horse Generic14 AWH. File name is Dc13.exe, once again, in C:\RECYCLER.

In all 3 cases, after moving the so-called files (which never existed anywhere else besides AVG's interface) to the vault, immediately or soon thereafter, I get the same alert from AVG, only the "file" is located in the system volume information, system restore portion of the HDD. The only way to stop the alert has been to delete ALL restore points.

These are the only virus alerts I have had since 1994, and the file doesn't exist, never did, and they are all in locked portions of the HDD that cannot be scanned using a regular full system scan. It's funny that I get 3 similar virus alerts by AVG when It took from 1994 to 2009 for me to collect 3 virus alerts from any program, and those 3 were from files I had just downloaded or was in the process of downloading.

How can AVG be detecting trojan horses, or viruses in the recycler or system restore points when t... Read more

A:AVG Resident Shield blunder or virus?

Read other 16 answers
RELEVANCY SCORE 65.6

I am using AVG free edition including resident shield. Almost every minute I receive a pop up alert that a problem was detected and has been dealt with. Can I continue to use resident shield but cancel the pop up alerts?
 

A:AVG free edition Resident Shield

Read other 8 answers
RELEVANCY SCORE 65.6

I have a nasty virus that we cannot remove. I have been told this might be a "flower" that is deep in the computer, we do a temporary fix, and then it shows itself again.

When I start the computer I get a pop-up that says "Resident Shield Alert". It then says "Multiple threat detection". It wants me to try removing two files called "Trojan Horse Dropper.generic2".

When I run a scan with our Malware program, it doesn't find anything. But this happens every time that I start the computer.

It also won't let me shut down unless I push the power button.

Any suggestions? Thanks.

A:Resident Shield Alert Virus

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When... Read more

Read other 12 answers
RELEVANCY SCORE 65.6

I have a Toshiba laptop with XP Home.

A window keeps popping up that says Antivir Resident Shield on top and claims a virus was detected. It has a shield that looks somewhat like Windows in 4 color.

Several pop ups keep occurring over and over and this results in the rest of the screen being shaded so I cannot do anything.

Even if I manage to get the AVG scan begun, it fails. I cannot get on the internet.

It keeps adding red shields with an X in the center on the task bar.

One says Warning Active virus detected, another says application cannot be executed. The file ...... is infected. (These keep changing.)
And then asks Do you want to activate your antivirus software now?
I tried to run C Cleaner, my AVG program, and a spyware program, but it cuts them all off.

Can anyone tell me how I can get at this to remove it? Thank you.
 

Read other answers