Over 1 million tech questions and answers.

Under attack and cannot update Windows

Q: Under attack and cannot update Windows

I am running a Windows XP SP3 system. I had a Malware attack caused I am sure by me. I used Malwarebytes and Mcafee ANtivirus to clean the system. It is operational but is still buggy. I cannot run windows update. And I am under constant attack by two servers at addresses 213.163.89.102 thru 107 and 61.61.20.132 thru 135. Malwarebytes stops their access and I have used an ISP tracker so I know they are in Holland and Taiwan. I am not sure what to do next and could use some help.
Thanks

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Under attack and cannot update Windows

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 52

Hi,
On 12/2/10 my PC was mugged. Warnings by Scotty (Winpatrol) alerted me to possible changes to rundll32 among others.
Scanned with Ad Aware, found & fixed a few things.
Decided to update my windows security, but discovered I couldn't access it. After the update starting page, it would
go to "The website has encountered a problem and cannot display the page you are trying to view. The options provided
below might help you solve the problem....With error code: Error number: 0x80072EFF

Never found the meaning of that specific error code.

Had previously used Malwarebytes so I downloaded the latest version of that which warned me of possible tdl3 rootkit infection, then re-booted and finished the scan.

Operation improved for a bit, but still can't access windows update. Usually I can't even access the page anymore.

a) If I can access the update page (checking your system for the latest version of windows updating software, it switches to
"The website has encountered a problem and cannot display the page you are trying to view.
The options provided below might help you solve the problem." & displays an 0x80072EFF error.
Sometimes re-directed to Google.
c) Usually I get (what i think is a fake) "Internet Explorer cannot display the webpage" with the "Diagnose Connection Problem" button. There is no connection problem

Other symptoms:
1) IE8 launches successfully less than 50% of the time.
2) IE Occasion... Read more

A:Malware attack, windows update block

PC has slowed to a crawl....

Malware causes a couple of instantiations of svchost.exe to run amok slowly increasing in memory usage until PC stops running.
Manually killing continually growing version periodically is temp fix.

Now efforts are made to add malware addresses to HOSTS file. Scotty alerts me.

Read other 19 answers
RELEVANCY SCORE 50

 
Underscoring just how broken the widely used MD5 hashing algorithm is, a software engineer racked up just 65 cents in computing fees to replicate the type of attack a powerful nation-state used in 2012 to hijack Microsoft's Windows Update mechanism.
Nathaniel McHugh ran open source software known as HashClash to modify two separate images—one of them depicting funk legend James Brown and the other R&B singer/songwriter Barry White—that generate precisely the same MD5 hash, e06723d4961a0a3f950e7786f3766338. The exercise—known in cryptographic circles as a hash collision—took just 10 hours and cost only 65 cents plus tax to complete using a GPU instance on Amazon Web Service. In 2007, cryptography expert and HashClash creator Marc Stevens estimated it would require about one day to complete an MD5 collision using a cluster of PlayStation 3 consoles.

 

Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud
 
.
 
 

A:Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud

 
"So I guess the message to take away here is that MD5 is well and truly broken," McHugh wrote in a blog post headlined How I created two images with the same MD5 hash. "Whilst the two images have not shown a break in the pre-image resistance, I cannot think of a single case where the use of a broken cryptographic hash function is an appropriate choice."

Read other 2 answers
RELEVANCY SCORE 50

Whilst surfing on the internet, Animalware Doctor popped up onto my screen appearing to be an urgent authorised Windows Update needing immediate download. I clicked install. (Noooo!!!!)

Panda started to pop up notifying me of various attacks (lots!!).

Windows notified me that some of the OS files for XP had been changed and to insert my OS CD (Dell don't provide one).

Animalware Doctor warned me that my personal info was going to be downloaded in seconds and started to count down, so I pulled my connection plug.

I have Panda Global Protection 2010 permanently on, in licence and up to date with latest virus definitions.

Done several full system scans with Panda that found and deleted lots of infected files.

I ran system restore in safe mode. Restored to a point a week ago but still had problems.

I tried to run Windows Update but it couldn't connect.

I went to the website but the website advises it will check for updates then errors out (Error Code: 0x80072EFF).
I couldn't access some information pages on Microsoft.com. My browser kept going to different websites to those chosen in google searches or popping up a different site as well.

I re installed IE8.

I downloaded Microsoft Security Essentials. This could not update.

I tried the Windows Fix It program 50202 in default and then agressive modes on KB 971058.
Microsoft Security Essentials seems to now be able to update and is now green and showing as computer protected but windows update still cann... Read more

A:Animalware Doctor Attack has left a Hijacker behind and Windows Update blocked

Update Re This ----

I noticed a number of threads that appeared to have similar issues with Hijacking combined with Windows Update not working and all were advised to run TDSSkiller. After much pondering I thought what the heck and ran it.

This found an infected file and removed it.

The Hijacking has now stopped (so far so good) and Windows Auto Update works again. I have used it to reupdate my system. And I can update this forum on the PC!

I went to the Microsoft One Live Website and attempted to run Protection Scan. This would only run in Safe Mode and found another 2 viruses in System Volume Information. These have been removed.

Panda AV, Microsoft Security, TDSSkiller, Malwarebytes, QUAD Registry and Piriform CCleaner all report clean now.

One Live Protection Scan will run in Normal Mode now, but I get a "The Referenced memory could not be written" error when trying the Clean Up Scan. This error does not happen in Safe Mode.

Whilst everything looks to work OK, I would be grateful if anyone could advise me if I need to do anything else to be sure. Below is an updated HJT log and the TDSSkiller log. Thanks.

--------------------------------------------------------

21:25:08:750 3924 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:25:08:750 3924 ================================================================================
21:25:08:750 3924 SystemInfo:
21:25:08:750 3924 OS Version: 5.1.2600 ServicePack: 3.0
21:25:08:750 3924 Product type: Work... Read more

Read other 1 answers
RELEVANCY SCORE 48.4

OS - Windows XP Service Pack 3 with all updates. Antivirus - Norton 360 with all updates
Windows firewall disabled (because Norton says it's better)
Remote computer IP address is 192.168.1.4
Norton says it blocks the attack, but it keeps happening. Am I infected?

A:Norton blocked an attack by : OS Attack: MS Windows Server Service RPC Handling CVE-2008-4250

Hello,And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Full Scan"... Read more

Read other 13 answers
RELEVANCY SCORE 43.2

Split from: http://www.bleepingcomputer.com/forums/t/311481/xp-defender-attack-after-java-update/ ~BPDDS (Ver_10-03-17.01) - NTFSx86 Run by Billie Feltner at 17:01:42.12 on Sun 04/25/2010Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.638.172 [GMT -4:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) SAME TAGGED 1============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\BCMSMMSG.exeC:\PROGRA~1\ALWILS~1\Avast5\avastUI.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\LxrSII1s.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\WINDOWS\System32\svchost.exe -k imgsvcC:\WINDOWS\wanmpsvc.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Billie Feltner\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.theanimalrescuesite.com/clickToGive/home.faces?siteId=3uSearchMigratedDefaultURL = hxxp://www.google.com/s... Read more

A:XP Defender attack after Java update

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 26 answers
RELEVANCY SCORE 43.2

Dell Dimension 2400
Windows XP - Home Edition - Version 2002 - Service Pack 3

I started getting hijacked by XP Defender Pro last week, right after my Java update and my Avast was blocking it, but after running a Malwaybytes scan, I was infected with 6 problems:

However, I have done a number of boot scans through Avast and a number of runs through Malwarebytes and SuperAntispy and now show it's clear, but I'm sure I'm still infected. I think some of my problem might be my external hard drive. I attempted to delete all the backups, but was unable to do so, I would like to use my external hard dive for storage only from now on, since whenever I have a problem, the back up just copies it to my external hard drive. I've stopped scheduled backups, but it does another automatic one that I can't stop.

I have tried to restore to the point before the Java update was done, but although it shows a restore point, it won't restore.

When I restart my computer I always get this message:
error loading c\windows: ohohitamagabobi.dll
I'm sure this is not supposed to be there. I found it on my startup and unchecked it.

I'll post dds and gmer files when requested.

Many thanks!

A:XP Defender attack after Java update

Can you please post your Malwarebytes log.

Read other 14 answers
RELEVANCY SCORE 42.8

Hi, I get this message every 5 to 20 minutes by NOD32. I don't know what is it and I can't get any info on google. I put one attack in quarantine to get some infos and of course I terminate it every time it shows up. Can someone help me please?

Here the infos by NOD32:

FILE NAME: http ://77.91.228.180/last-update/upd_cn.zip
SIZE: 388090
REASON: multiple infiltrations

TYPE: Win32/Adware.Agent application
Here's an hijackthis save log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:06, on 2007-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Eset... Read more

A:http://77.91.228.180/last-update/upd_cn.zip (virus attack?)

Read other 6 answers
RELEVANCY SCORE 42.4

hi boys and girls!!!!i need your help!!!!!i start up my windows and my antivirus symantech endpoint protection open a log event LOP Toolbar log on!!!!!i search in the the site of symantech and it says that is a malware or something like door for viruses and something like that!!!!do you have any solution?sorry for my english!!!!

A:LOP Toolbar Update: Attack Signature - Symantec Corp.

Are you saying that your installed, updated AV program...cannot remove it?Symantec instructions: http://www.symantec.com/business/security_....jsp?asid=21342.Louis

Read other 4 answers
RELEVANCY SCORE 42.4

Hi everyone.
I have been pulling my hair out in frustration trying to resolve what may be a lingering problem due to the bleeping Pokki Start Menu Update pop-up that I naively didn't realise was an attack when I switched my Lenovo PC on on Saturday and then when opening Firefox straight after found that it, along with IE and Chrome, had been hijacked with the homepage-web.com redirect.
I followed all the instructions I found here for resolving the homepage-web.com hijack and here for the Start Menu Update and removal of Pokki and getting my browsers back to an unhijacked state and Pokki off my system (still furious that such a potentially malicious piece of software came preloaded on what has otherwise been a beautiful Lenovo PC purchased late December!).
 
Everything appeared fine and working correctly, but Saturday was also the day I needed to renegotiate my TV/broadband/phone package with my provider and basically have had my cable broadband upgraded to 50 MB there and then (they upped the speed on the line while I was on the phone with them), but was also sent out a new router as my older setup from them was not guaranteed to support the new speeds.
 
All appeared fine - happy computer was back again. Yay.
 
But a day or so later when I next went on any of the tumblr blogs I follow I would receive a connection was reset message in random image frames and they would load fine if I hit try again (this was in Firefox), I tried the same pages in IE and Chrome a... Read more

A:Issues following Start Menu Update pop-up and homepage-web.com attack

Hi, as this Pokki thing is installed by Lenovo and has a few names with long tentacles, I feel it best to get a deeper look to find it all.Please follow this Preparation Guide and post in a new topic.Let me know if all went well.

Read other 4 answers
RELEVANCY SCORE 40.4

Hello,
 
On my web site - http://incinerama.com/ , if you select specific pages like http://incinerama.com/1953_march.htm , you get the error message:
 
"Norton blocked an attack by: Web Attack: Cookie Bomb Injection Website "
 
I ran Malwarebytes, hijackthis, etc. on the computer that uploaded pages to the web site and found no problems.
 
Any ideas on what is causing this and how I can remove this?
 
Thanks!
 
Roland
 
 
 

Read other answers
RELEVANCY SCORE 40.4

Dear friend, I am fedup with the problem of popup security warning and automatic adding of sites in favourite and opening of webpage while brausing internet. Also after sometimes it changes my desktep to red signal showing your privacy in danger. Also three sites shortcut are automatically adding to my desktop.I follow your step by step instruction of running ad-aware and then spybot and then stringer. Also problem is that when i am cleaning with smitfraudfix tool it is getting cleared but after using computer sometimes it is comming back and even if i am not using internet it is comming back. Also when i am using computer sometimes command prompt is opening automatically and something is happened there and it is closing automatically. Same things happened three to four times and then all those things are again came back to my screen.Below is the log of hijack this file. please help me to solve the problem. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:32:28 PM, on 11/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files&... Read more

A:Antispylab Problem- Popup Warning For Virus Attack And Spyware Attack

Hello dipaknpatel,NOTE: If you have downloaded SmitfraudFix previously please delete that version and download it again! Please download SmitfraudFix Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htmYou should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following :Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account.Once in Safe Mode, double-click SmitfraudFix.exe Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infectio... Read more

Read other 2 answers
RELEVANCY SCORE 37.6

I frequently visit a website called comicbookresoures.com for news on the comic book industry and related topics. I have a Norton SafeWeb toolbar installed in my broswer on Internet Explorer 8. Yesterday, the SafeWeb icon displayed a caution icon. When I clicked it, it said that the website had a report on a virus threat. The report can be referenced as follows:
 
http://safeweb.norton.com/report/show?url=http:%2F%2Fwww.comicbookresources.com%2Fnews&product=N360&version=20.4.0.40&layout=OEM&lang=0901&source=toolbar
 
So, out of a sense of caution, I ran scans with Norton 360 (quick and full).  It found and removed tracking cookies.  I ran a scan with Norton Power Eraser and it fixed something with the registry.  Also, I ran scans with TDSS Killer and Malwarebytes Anti-Malware.  Nothing turned up there.  I also ran TFC to clear out the temp files.
 
So far, my PC has been functioning normally.  Is there anything else I should do just in case there is something else hiding on my PC that I don't know anything about?
 
((If you want, I can also forward the logs from Norton 360 and NPE.  I just need to know how I can access and post those logs for review)).
 
Thanks for your time.
 
 

A:Possible attack with Web Attack: Red Exploit Kit Website

I'm nor surprised.
Two days ago my web site was marked by Norton with "Caution".
Here is a funny (or tragic) part.
It was marked with "Caution" because of a few links leading to.....BleepingComputer, specifically to couple of registry fixes posted by....BC owner, Mr. Grinler.
 
On a top of it it happened for the second time this year for the very same links.
 
To make things even more pathetic re-evaluation link at Norton site didn't work so I had to email them.
They fixed it next day but do you want to trust them?
I won't.

Read other 6 answers
RELEVANCY SCORE 37.6

One of my employees is the victim of some kind of cybercrime.  For the last two weeks, she has dealt with thieves calling her credit union, posing as her, and requesting wire transfers.  She has changed account numbers there twice, and still they find out her account numbers THE SAME DAY and attempt to steal from her.
So she changed banks completely, and immediately after the first time she used her new debit card, several fraudulent charges showed up on her account from use of her card number.
This may or may not be related:  Just before all this started, we were staffing a table at an outdoor festival, and both she and her boyfriend noticed a message on their Android phones that seemed to indicate that their phones had been bluesnarfed.  My employee thinks she remembers seeing something being installed.  She has since hard reset the phone (I think yesterday).
The FBI is not helping because she hasn't actually lost any $$ so far because of the vigilance of the banks, but it seems like it's only a matter of time before they clean her out unless she can defeat whatever access they have.
 
Any ideas?  Thanks!

A:Employee under attack, but what kind of attack and what to do?

Has she contacted local police? At least to the point of making a report of the activity you have documented thus far. It can show pattern of behavior. In the unfortunate event she does lose access to her funds or loses them completely.

Read other 3 answers
RELEVANCY SCORE 37.6

I'm being DDoS attacked. My ping was been spiking from 50 to 250+. I've tried changing my IP multiple times and I still was attacked (Note: I own 3 computers and 1 tablet). I've tried disabling startup processes, av scans, and basic rootkit scans and found nothing. However, after I uninstalled Akamai Net Session Downloader, FlashGet, and Tornado Force 2 (a chinese version of the game "Soldier Front 2"), it seems as though the attacks stopped. I'm not sure if they will come back or of something is infected but I'd appreciate some help to make sure everything is fine and not infected. EDIT: I'm still seeing these attacks pop up in the logs

This is what my NETGEAR Router was showing in the logs:

[admin login] from source 192.168.0.3, Friday, June 14,2013 18:25:12
[DoS attack: ACK Scan] from source: 208.47.185.65:80, Friday, June 14,2013 18:24:12
[DoS attack: ACK Scan] from source: 69.168.106.22:80, Friday, June 14,2013 18:22:58
[DoS attack: RST Scan] from source: 50.17.180.125:80, Friday, June 14,2013 18:11:49
[DoS attack: ACK Scan] from source: 208.47.185.65:80, Friday, June 14,2013 18:09:37
[DoS attack: ACK Scan] from source: 208.47.185.65:80, Friday, June 14,2013 18:09:11
[DoS attack: ACK Scan] from source: 69.168.106.22:80, Friday, June 14,2013 18:08:00
[DHCP IP: (192.168.0.4)] to MAC address 00:26:2D:3A:44:7D, Friday, June 14,2013 18:01:50
[DoS attack: ACK Scan] from source:... Read more

A:DDoS Attack, Changed IPs Still Under Attack

Do you own a Domain Name/Website?

Read other 9 answers
RELEVANCY SCORE 37.2

Hi,

Symptoms:
"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.


Hijakthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:39:12, on 17.04.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOW... Read more

A:windows security alert "Windows has detected an Internet attack attempt

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

--------------------------------------------------------... Read more

Read other 19 answers
RELEVANCY SCORE 37.2

"Windows has detected an Internet attack attempt...Protect your PC from Internet attacks, click here to download spyware remover ...

Symptoms:

1)Virus pop-up alerts. Says it?s a ?Windows Security Alert? warning:
windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to download spyware remover for total protection
This happens very often.

2) Icons for ?Error Cleaner? ?Privacy Protector? and ?Spyware & Malware protection? all of which link to addresses starting ?viruswebprotect.com.?

3) Another pop-up, Spyware Alert ?Security Warning!? it reads:
security warning! worm.win32.netsky detected on your machine. this virus is distributed via the internet through e-mail and active-x objects. the worm has its own smtp engine wich means it gathers e-mails from your local computerand re-distributes itself. In worst cases this worm can allow attackers to access your computer, stealing passwords and personal data. This process should be removed from your system.

[U]HIJACK THIS LOGFILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:06 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\servi... Read more

A:windows security alert "Windows has detected an Internet attack attempt.repl me soon

Hello and welcome to TSF


Apologises for the delay getting to your log. The helpers here are all volunteers and we have been very busy lately. If you are still having malware problems,follow instructions below.

============

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:C:\Deckard\System Scanner\extra.txt

Click Upload.
What DSS will do: create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

======... Read more

Read other 1 answers
RELEVANCY SCORE 37.2

the main thing is each and every install  windows update just searches forever and nothing happens after diagnostic tool it says Datastore.edb is corrupted and cant be repaired and each time it download the corrupted Datastore.edb
can they at leats give a proper service pack 2 for windows 7  64 bit ultimate that is then uptodate with working windows update that works after a direct standalone install of sp1 i use windows 7 ultimate 64 bit and i reinstalled the system allready
 5 times each and every time the same problame that Datastore.edb is corrupted and windows update just gets stuck!
i how you can either releasse a service pack 2 so that windows update works again after a direct install of service pack 1
or a windows update that doesnt use data store cause its yepp Not working,
i use a amd 6 core with a amd hd 6700 readon and 8 gb ram
both asus motherboard and grafic
as it is now windows update is with windows 7 service pack 1= not useable !!!!
sincierly Christian Madjari

Read other answers
RELEVANCY SCORE 37.2

I purchased a new notebook with Windows 7 in October. During the first weeks I uninstalled McAfee and replaced the harddrive. Since November Windows Update fails with error messages and defender does not start anymore. I made several virus scans (complete) with multiple antivirus programs but nothing showed up.Since it took my days to install various software, I do not want to re-install W7. I also have no good backup that I could restore. I am really surprised that there is not even a single entry regarding the error code in the Microsoft Knowledge base or elsewhere.I really would appreciate help. 

A:Windows Update does not work, Windows Standalone Update Installer stops with error 0xc8000247 (Windows 7 Home Premium on Acer Aspire 1810TZ notebook)

 
Got it !!!!
If You are using notebooks with with hard drive larger than 700 GB you probably should update Intel Rapid Storage Technology Driver.
Here is solution :
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c02219204&cc=nl&lc=en&dlc=en&product
Download and install it.

Read other 97 answers
RELEVANCY SCORE 36.4

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

A:Windows 7 Recovery Attack - Help

Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!Gringo

Read other 3 answers
RELEVANCY SCORE 36.4

Hello guys,

I have three questions about Ccleaner v2.

1. When should i run it?

2. does this program attack my windows?

3. Is this program necessary to be on my windows for ever?

A:does Ccleaner attack my windows?

CCleaner is good to use before defragmenting your HDD. There's no security risk in using it or having it on your system.

Read other 9 answers
RELEVANCY SCORE 36.4

The place where I work has three Windows 7 installations. There is about 50 Linux/Zorin OS 5 installations, 5 Red Flag Linux installations, and 4 Ubuntu installations. All machines are standard, i. e., everybody has to use the same configuration. The problems with Windows 7 are

(1) It is very slow. In general, in the same machine, it is 5 times slower than Zorin or Red Flag. When I try to uninstall Microsoft software (for instance, when I try to uninstall Visual Studio) it takes at least a couple of hours to answer the uninstall command.

(2) I thought that virus was a thing of the past. Zorin people told me that I didn't need to worry about virus. I hoped that Windows 7 would be immune to virus as well. People here tested the hypothesis in one of the machines and in a couple of weeks it was virus ridden.

(3) When one install an antivirus in Windows 7, it becomes even slower. What is worse, the antivirus report a lot of false positives.

I contacted Microsoft. A woman tried to solve the problem by phone. Finally, she gave me the address of a Microsoft Solution Provider. The MSP was the person who recommended the Zorin OS. He said that it is much faster than Windows, it is virus immune, and ease to install. However, I would like to have a Windows solution, since many people who deal with us still use Windows.

A:My Windows 7 is slow, and under attack

If you want that everything is fast again do a clean Windows Installation this is the best solution

Read other 2 answers
RELEVANCY SCORE 36.4

For over the past month my computer is continuing to get attacked by viruses. I have all the Free Downloadable programs like AVG, Avast, Spybot, Ad-Aware. I update them daily and typically it would work, but this time....I have something that won't go away. No matter how much I scan. I don't have 4 hours to scan because I work alot online and on deadlines.

1. What is the best program I can purchase to protect my computer.

2. What is the best way to take out this virus and clean my computer?

Thank you for your advice.

Marjorie

A:Windows XP-Virus Attack

<<1. What is the best program I can purchase to protect my computer.>>There is no "best proram." Computer/system security involves varied factors, including: a. Proper installation of O/S critical updates that have issued. b. Proper use of a firewall to provide one layer of defense. c. Installation, updating, and routine use of a reliable AV program. d. Installation, updating, and routine use of at least 2 (IMO) malware defense programs. I suggest Malwarebytes and SUPERAntiSpyware. e. User employment of practices summarized in the concept "safe computing."<<2. What is the best way to take out this virus and clean my computer?>>IMO...don't assume that you can do what needs to be done. Employ resources such as BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ to get assistance from those who know how to counteract the impacts of malware.Louis

Read other 1 answers
RELEVANCY SCORE 36.4

Hello All,

I downloaded Spyhunter and I was able to remove the Windows 7 Recovery virus\trojan or whatever it is. Now I need to restore my desktop. I am posting the results of systemlook below. I am running Windows 7 Premium Home. Thanks in advance.

Bill

SystemLook 04.09.10 by jpshortstuff
Log created at 19:41 on 06/06/2011 by Patterson_Desktop
Administrator - Elevation successful

========== dir ==========

C:\Users\PATTER~1\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\PATTER~1\AppData\Local\Temp\smtmp\1 d--h--- [20:48 05/06/2011]
Default Programs.lnk --ah--- 1282 bytes [05:01 14/07/2009] [05:01 14/07/2009]
desktop.ini --ahs-- 442 bytes [04:49 14/07/2009] [05:01 14/07/2009]
Windows Update.lnk --ah--- 1266 bytes [04:49 14/07/2009] [04:49 14/07/2009]

C:\Users\PATTER~1\AppData\Local\Temp\smtmp\1\Programs d--h--- [20:48 05/06/2011]
Adobe Help.lnk --ah--- 997 bytes [23:10 03/07/2010] [13:08 05/07/2010]
Adobe Reader 9.lnk --ah--- 2441 bytes [10:38 15/10/2010] [14:29 13/03/2011]
Apple Software Update.lnk --ah--- 2519 bytes [03:07 12/01/2011] [03:07 12/01/2011]
desktop.ini --ahs-- 1130 bytes [04:54 14/07/2009] [23:40 01/01/2010]
Media Center.lnk --ah--- 1345 bytes [23:40 01/01/2010] [23:40 01/01/2010]
Sidebar.lnk --ah--- 1330 bytes [04:57 14/07/2009] [04:57 14/07/2009]
Vuze.lnk --ah--- 1852 bytes [20:28 03/01/2010] [23:05 11/05... Read more

A:WIndows 7 Recovery Attack

Before we go there...Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Read other 13 answers
RELEVANCY SCORE 36.4

(contributed by Paul Thurrott, [email protected])

* MICROSOFT SECURITY VULNERABILITY: FACT OR FICTION?
Yet another Microsoft controversy is in the news this week. This controversy involves a so-called Windows Shatter Attack that is "unfixable" because the only reliable solution reportedly requires functionality that Windows doesn't have. Predictably, several news agencies have latched onto the story, foretelling the upcoming demise of Windows. But as Microsoft points out, for the Shatter Attack to do any damage, an intruder must gain access to a user's system. And, according to the company's Ten Immutable Laws of Security (see URL below), after this situation occurs, the user's system already has been exploited. Thus, Microsoft says, the Shatter Attack doesn't represent a Windows vulnerability but illustrates what can happen when users ignore basic security practices.

Programmer Chris Paget authored an online white paper that describes the Shatter Attack and other attack methods (see the second URL below). According to Paget, Microsoft Group Vice President Jim Allchin's comments during the company's antitrust trial inspired Paget's research. Allchin said that certain flaws in Windows were so serious that if the company revealed the Windows source code, information about the flaws would threaten national security. Allchin then mentioned the Windows message-queuing subsystem, and Paget got to work looking for flaws. The Shatter Attack is apparently one ... Read more

A:Windows Shtter Attack

Pretty major flaw in the source code - easy to do , there will probably be a script out in a month that makes it easy for any script kiddie to hack windows..

Read other 1 answers
RELEVANCY SCORE 36

My problem appears to be identical to the one in .../593307-virus-troubles.html.

I continually get a Windows like message stating "Windows has detected an Internet attack attempt. Somebody's trying to infect your PC.....". I also get Syware Alert box that states "Worm.win32.netsky detected on your machine....." And my IE home page keeps changing to //softwarereferral.com/......

Norton Anitvirus found nothing. OnLine Trend Housecall found some stuff, but did not fix this problem. Superantispyware found stuff, but did not fix this problem. HiJack this shows the obvious problem of the IE homepage, but fixingit doesn't fix it.

I'm presently on my 2nd SAS complete scan with only "Close browsers before scanning", "Scan for tracking cookies", and "Terminate memory threats before quarantining" checked.

I kept telling the SAS popup to not allow the IE home page to change for the longest time, but could not even get many keystrokes in before it asked again. I finally allowed it. Even if I close IE entirely, it occassionally launches spontaneously and I hear radio clips that are not from my computer.

I can not find on my computer nor in the hijackthis logs MSDDX.DLL or MSQNX.DLL.

But I do see BOKPKOV.DLL and ALTVXVM.DLL in the logs. Should I use Avenge to delete these?

I'm access this thread from a different computer. Once SAS finishes, I'll go back to the infected machine and post the SAS and Hijackthi... Read more

A:Windows has detected an internet attack

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/12/2008 at 05:47 PM

Application Version : 4.0.1154

Core Rules Database Version : 3417
Trace Rules Database Version: 1409

Scan type : Complete Scan
Total Scan Time : 01:36:32

Memory items scanned : 584
Memory threats detected : 0
Registry items scanned : 7359
Registry threats detected : 1
File items scanned : 117572
File threats detected : 20

Adware.Tracking Cookie
C:\Documents and Settings\Songbird\Cookies\[email protected][4].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][3].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][1].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][1].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][4].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][1].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][1].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][1].txt
C:\Documents and Settings\Songbird\Cookies\[email protected][2].txt

Browser Hijacker.Internet Explore... Read more

Read other 2 answers
RELEVANCY SCORE 36

My comp is running on windows xp and i seen someone below my request is having the same problem as me. My comp was running fine until i tried updating my internet explorer to 8 but it didnt work right, by that i mean my comp started acting weird and wouldnt load any icons at the bottom next to the time so i uninstalled 8 and went back to what i had before ever since then i keep getting a fake antivirus attack with non stop pop ups saying a file is infected. it woulnt let me even open the task manager it said it was infected and could not load. Someone please help

edit - also i 4got to mention the fake antivirus thing says i have 34 viruses on my comp. dont know if its true or not but ill load a HJT log in a sec

edit -- i was going to but it wont load now, says its infected
 

A:Fake Antivirus Attack with pop up windows

whats the best malware remover out right now i could DL and try to remove this? anyone have any good programs they could recommend? I need to remove all my anti virus software anyway soon and get a new one thats really good something that detects more then viruses. I need something that can detect viruses,spyware, malware,trojans, worms, etc.
 

Read other 3 answers
RELEVANCY SCORE 36

Trouble I think. Windows 7 Ultimate Service Pack 1 (x64) with all recommended and critical updates applied. I regularly run Malwarebytes Pro and Bitdefender 2014 is on 24x7.
 
Please notice the "badguy.ipaddress.in.dot.notation. IP is on another continent in a country famous for bad guy hackers, great beer and starting world wars. The IP address does not reverse to a name. The "route print" command does NOT show this added route.
 
The 169.254.0.0 address is explained here. I have a static IP address though a DCHP server is running on my router/firewall. (DD-WRT v24-sp2).
 
Is my outgoing traffic being redirected to the bad guys IP address and I have a "man in the middle"? How can I remove the added route. I DO NOT have a known good system checkpoint. Is this an attack and should I do a scratch re-install? I am also running NetBalancer.
 
Relevant portion of MiniToolBox.exe's Result.txt follows:
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled sourceroutingbehavior=drop
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=badguy.ipaddress.in.dot.notation  metric=1 publish=Yes
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.???.??? metric=1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=192.168.1.1 publish=Yes
set interface interface="Local Area Connection 2" forwardin... Read more

A:Possible Man In The Middle Network Attack in Windows 7 SP1?

Not a Man In the Middle Attack but an old VPN that was setup. Please ignore.

Read other 1 answers
RELEVANCY SCORE 36

My Dell coputer is running Windows Vista and having major problems.
I have windows poping up saying my computer is infected and asking if I want to activate antivirus software and also a window keeps coming up that says the rundll32.exe file is infected.
It started a couple of days ago and I ran Malwarebytes and it said it had cleaned a couple of things, but today it is much worse and I really could use some help.
thanks in advance.
 

A:Fake Antivirus Attack with pop up windows

Read other 16 answers
RELEVANCY SCORE 36

I have a Windows XP machine that I am trying to repair for a friend.

Symptoms:

When computer loads XP and logs on and you go to load Windows Explorer, Internet Explorer, control panel etc, the machine just blinks and reloads the desktop. There may be a virus causing it.

Things I have done:

I was able to install Symantec corporate edition version 8 but it will not scan the disk.
I took the drive out and plugged it in another Xp machine as a slave and ran the Symantec virus scan and it found only the Sasser worm. Ran the Sasser tool and fixed that problem.
Placed the drive back in the machine and same problem.
Took it out again and did the trendmicro online scanner. Found seven files infected with 5 trojans and two adware. Deleted those items.
Placed it again and problem still exists.
I tried a network virusscan and that didn't work. (pc appears on network fine).
Even installed XP SP2 to see if that would help and to no avail.
The pc works except that no program will run from the start menu. The data is there but no virus scanner will detect a virus.
I even tried a repair via the XP cd and it only hangs when trying to detect a previous Windows XP installation.

I am at my wits end. A few friends had this problem a few months back and ended up reinstalling.

Has anyone experienced this and knows a solution. Would like to avoid a reinstall.
 

A:Unknown virus attack on Windows XP pc

I downloaded adaware personal edition and scanned pc. Fixed all problems and now it is working. Hope this helps.
 

Read other 3 answers
RELEVANCY SCORE 36

Excuse Me , i want ask about , what characteristic if my our pc using DDoS Attack or not (i mean Become Zombie to do DDoS Attack or not), i accidently click the link lookslike is anonymous using for DDoS Attack, i afraid that will harm my Notebook , and i don't want do criminal thing too, can someone tell me how to prevent become Puppet or Zombie to do DDoS Attack?
Afraid doing this thing , need solution ASAP!

Thanks for Reply
Regards sle3pingz

A:Help Want Ask about DDoS Attack Characteristic at Windows 7

Hi, sle3pingz.

For background, see Time to check your DNS settings? | ESET ThreatBlog. Then go to DNSChanger-Check - dnschanger.eu to check if your computer had been affected by that botnet.

Otherwise, if your computer scans clean by your security software, you have security updates installed, have an up-to-date antivirus software, a firewall and third-party software us updated, your computer is not part of a botnet involved in a DDoS attack.

Read other 1 answers
RELEVANCY SCORE 36

Hello, and thanks very much for this!

I received a BitDefender message that multiple viruses were detected. I've been getting blue screens, auto shutdowns, and on startup different small executables have been reported as failing to start.

I had much trouble getting GMER to start, had to use the SASSAFERUN.COM app.

I ran Malware Bytes in Safe mode, but it didn't catch anything.

Any help you can give would be greatly apprectiated....

The DDS log follows:

.
DDS (Ver_2011-06-12.02) - NTFSAMD64 MINIMAL
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18
Run by Steve at 17:26:01 on 2011-06-12
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.4062.3506 [GMT -4:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkS... Read more

A:Malware attack - hiding as Windows exe

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 11 answers
RELEVANCY SCORE 36

(Hello,

Yesterday, when my kids surfered the internet with a labtop loaded with Windows Vista, a message pops-up: "You have fun, suckers! your files will be deleted". They tried to run Norton's Anti-virus, it did not go through all process and the PC was shut down by itself. Right now I only can start the PC at safe mode.

Enclosed is HajachThis of the PC. Please help me to solve the problem.
I really appreciate it.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:54 PM, on 5/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
H:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = ... Read more

Read other answers
RELEVANCY SCORE 36

I was able to get rid of the virus ok, but after getting rid of it it removed the background, removed the programs pined to the taskbar, and the Start screen is completely empty of programs and apps. When I use Combofix it fixes everything, but after a shutdown or restart everything is missing again. Can anyone please help me?

A:Need help with fixing Windows 8 after virus Attack.

Please?!

Read other 6 answers
RELEVANCY SCORE 36

Windows XP ATMs under malware attack.

The cash machine network may be open to a serious hacking attack, banks have been warned. Approximately 20 ATMs have been compromised, mostly in Eastern Europe. Security outfit TrustWave warns that the attack is merely a test and is very likely to spread to the US and other regions of the world.

-- Tom

P.S. More links on this story:

Cybercriminals Refine ATM Data-Sniffing Software.

and Cybercriminals Refine ATM Data-Sniffing Software.
 

A:Windows XP ATMs under malware attack

LOL
I was going to ask you to post this in the malware removal thread .
 

Read other 1 answers
RELEVANCY SCORE 36

Okay, well, I recently had a severe bout with a web hijacker. After about four downloaded spyware removers, including Adaware, Spybot, and Spysweeper, I've managed to get it gone.

Except for one little residual problem.

Every time I try to open Windows Media Player, instead of the program, I instead get a little pop-up that says 'Browser Enhancement Installation: Good News! A free browser enhancement is available to be installed on your system immediately free of charge. By installing our software you agree to the terms and conditions stated here.' Then there's a little check-box which appears automatically checked and a button that says 'close this window'. There's nothing else in the box.

All I do is uncheck the box and click 'Close This Window'. But it still comes back every single time I go to open WMP, therby preventing me from accessing it.

Help please?

A:Attack on Windows Media Player (Help me!)

Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.Download HijackThis from:HijackThis Download SiteSave this file into the directory you made previously and then run the program named hijackthis.exe. When the program opens click on the Config button, then click on the Misc Tools button, and click on the Check for update online button. When it completes checking/applying updates press the back button.Now click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.Create a reply to this post here and right click in message area and select paste to paste the log into the post.Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.To see a tutorial with screenshots on using HijackThis you can click on the link below:How to use HijackThis to remove Browser Hijackers, Malware, & Spyware

Read other 3 answers
RELEVANCY SCORE 36

I have an ASUS laptop - K52F. Fitted with a french version of family windows 7.
I (unknowningly) put an infected USB stick into my computer. It asked to repair the stick. I said yes. Then my up-to-date MSE told me it had destroyed a virus ("yeltminky"something). Now the computer runs very very slowly and sometimes just switches itself off. It can still do some things (sometimes), provided I ask for one thing at a time and then WAIT a long time.
I installed BitDefender and it couldn't find the virus.
I have no discs delivered with the computer.
Can I repair it? If I can, will I loose everything on it?
Another point: I live in a very dusty environment and another computer has begun overheating and stopping. The laptop fan makes lots of noise. Could it be a coincidence or do I have a virus?
I have been using another laptop but now must give it back and so will effectively be without a computer, if I can't repair my Asus. I will return to England and not the France. I still need to be able to type in french, so perhaps I can't use an English version??

A:can I reinstall windows 7 after virus attack?

Hello machanrahan and welcome to Seven Forums.

First thing to worry about is to find out if your computer is malware free. Some malware can start working even before Windows 7 boots. So you need a malware scanner that can start scanning your computer before it boots. Microsoft has a free tool called Windows Defender Offline that can do this (not to be confused with the Windows Defender that comes as part of Windows 7.) Microsoft suggests creating the media on a computer that's not infected.

What is Windows Defender Offline&#63;

The scan can take a long time (over an hour or longer depending on size of hard drive.) Be patient and don't interrupt the scan. Follow any prompts that might be given. If the scan doesn't find any malware problems I suggest running at least two more free on-demand scanners because no anti-malware program is 100% effective 100% of the time. (If there was such a thing we'd all be using it.) Two products I recommend are Malwarebytes and ESET. Two more are Hitman Pro and Superantispyware.

Please post back the scan results and if your computer is still running slow. There are other things that can be done to try to repair a slow machine but let's work on the malware issue first.

As far as you second machine overheating and stopping, did you use the same infected USB stick on it? If yes, then it can be infected too. If no, and if you don't use it to visit torrent sites, "adult" sites, etc then it might not be infected and just suf... Read more

Read other 4 answers
RELEVANCY SCORE 36

I run a legit copy of XP home. I wasn't actually dumb enough to download WPP, but I was stupid not to check that damned torrent. It was supposed to be a skype plugin.

-I downloaded and ran the fake exe
-This strange thing called "Windows Police Pro" starts running.
-I am suspicious, so I open the task manager and kill the process.
-After doing this, the computer gives me one of those annoying messages, saying it will shut down in 60 seconds. (It all happened so fast, I did not write down any specific error messages)
-Not knowing what happened, I try to boot into safe mode with networking and get a blue screen. Not I am terrified. This computer has a few years of specific programs I do not know how to find again, and important documents from my office.

On a whim, I try to start windows normally and find that it does in fact boot, but WPP is right there.
I have booted 2 or 3 times, but did not leave the system on for more than a minute each time. The last time, I could not even see my desktop.

Is there anything I can try short of the dreaded windows reinstall?
Is it safe to access the hard drive and remove documents?
Is it safe to plug my flash drive in or can this malware jump from system to system via usb stick?

I hope my description is clear. Any help would be very much appreciated!

A:Windows Police Pro attack, no desktop

Hello someguy1Lets see whats going on withhh this program http://www.malwarebytes.org/MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. * Make sure you are connected to the Internet. * Double-click on mbam-setup.exe to install the application. * When the installation begins, follow the prompts and do not make any changes to default settings. * When installation has finished, make sure you leave both of these checked: o Update Malwarebytes' Anti-Malware o Launch Malwarebytes' Anti-Malware * Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. * If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. * If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab: * Make sure the "Perform Quick Scan" option is selected. * Then click on the Scan button. * If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. * The scan will begin and "Scan in progress" will show at the top. It may take... Read more

Read other 4 answers
RELEVANCY SCORE 36

Hi Guys.New to this forum.I hope you can help. I am having pages being taken over with porn. Pages warning of viruses etc...Offering PC Cleaner and PC Privacy Protector and others.I have run HJTThese are the results.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:27: VIRUS ALERT!, on 26/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\RTHDCPL.EXEC:\HP\KBD\KBD.EXEC:\Program Files\HP\HP Software Update\HPwuSchd2.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\PROGRA~1\AVG\AVG8\avgtray.exeC:\Program Files\antiviirus.exeC:\WINDOWS\sy... Read more

A:Windows Has Detected An Internet Attack

Hi,I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!This is somewhat suicidal in today's digital world.That's why I want you to install one first!!* Please install Avira Antivirus: http://www.free-av.com/This is a free Antivirus.Perform a full scan with Avira and let it delete everything it is finding.Then reboot.After reboot, open your Avira and select "reports".There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Read other 5 answers
RELEVANCY SCORE 36

I have been getting a land attack ( kapersky firewall noticed it ) when I open a bit torrent port for azureus.

I am running windows xp sp2 ( the default windows installed from disk I think, I didn't find the sp2 pack
install/uninstall in windows updates on remove software from the run, appwiz.cpl box

I am able to keep out the attack by closing the port in port settings, but I cannot run the full program.

The only patch I found at microsoft.com was for windows 95.

Were can I find a current patch for this newly remodeled attack?

Read other answers
RELEVANCY SCORE 36

I, too, have been bitten by the Windows System Restore malware. Several days ago, I noticed the same "virus scanner" running on my computer. I did *not* click the link, just because it was so obviously a fishy "scam". But I did try to reboot -- which I probalby shouldn't have. Immediately I saw the same symptoms as everyone else -- the system booted to what appeared to be a blank (black) screen with no desktop icons at all. The Start Menu had no programs on it. My Favorites were completely gone. Same story as I'm hearing everywhere.I did read through many of the other answers, and I believe this to be the best forum to help me out. I'm basically trying to decide whether to completely re-image my system, or try to recover the (hundreds of) programs and other files that I hope are still here.I did do some "manual" investigation, and tried some intermediate "fixes". For example, I did make several Registry changes noted in another forum, and I can now bring up the Task Manager. I selected my Desktop, and looked at Properties, and discovered that basically everything on my C: drive was set to Hidden. So I "unhid" everything (I thought); but only a small portion came back. I now have about half (or a little more) of my desktop icons showing. (Needless to say, they are the icons in my personal Desktop folder, not the "All Users" Desktop folder.) After making the folders visible again, I navigated ... Read more

A:Yet another Windows Vista Restore attack

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these stepsDownload and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Under the Custom Scan box paste this in

%TEMP%\smtmp&... Read more

Read other 26 answers
RELEVANCY SCORE 35.6

Hey, I've got an hp laptop with windows 7, microsoft security essentials started reporting and alureon infection, tried removing it, but it could not be deleted. After this, i eventually restarted the computer, but it refused to boot, after the windows loading screen, it just restarts.

i've seen other ppl solved similar problems using the farbar tool from the command prompt in the recovery console, im posting the frst.txt log to try to speed up the process a bit. any help would be very appreciated. i just can't figure out how to use the log to come up with the commands for fixlist.txt
Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-02-08 19:52:55
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlet... Read more

A:Alureon attack, windows 7 64bit won't boot

Hello jevolution,Welcome to this forum.Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt
start
HKLM-x32\...\Winlogon: [Userinit] c:\windows\syswow64\userinit.exe,
SubSystems: [Windows] ==> ZeroAccess
1 fwjpphww; \??\C:\Windows\system32\drivers\fwjpphww.sys [x]
1 pknnbejy; \??\C:\Windows\system32\drivers\pknnbejy.sys [x]
1 zndvjnjs; \??\C:\Windows\system32\drivers\zndvjnjs.sys [x]
end
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemNow please enter System Recovery Options and select Command Prompt.Run FRST64 and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.Also restart, let it boot normally and tell me how it went.

Read other 2 answers
RELEVANCY SCORE 35.6

I've been posting for ages now trying to sort out a malware trojan type thing http://www.bleepingcomputer.com/forums/ind...p;#entry1735654I've already paid a professional to fix it, but they didn't. All they did was a system restore..where vundo was hiding out!Now I can't launch any exe properly and my lightroom (very important as I'm a photographer) won't export at all. I get Win32 API error -2147221003 ("Application not found") when calling ShellExecuteExW from AgWorkspace.shellExecute now even if I clean my computer is my computer still buggered? I am concerned my windows has been damaged. Is there any point in waiting about for help?I don't have a windows disc as I gave in my old pc when I bought this one. They said they can transfer the licence or something.So I was never given a disc.Needless to say I am saving up for a mac...I've been so so careful and keep everything updated, don't download anything on here (I use a knackered old laptop for that).I hate wasting weeks on cleaning up malware attacks. If I ever got my hands on the people that make it..tia

A:Massive malware attack..is my Windows damaged?

Because you have this log posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.Good luck with your log.

Read other 3 answers
RELEVANCY SCORE 35.6

When I go to log on to Windows, I get the following problem, which occurs immediately after my Windows chime and desktop wallpaper appears in the background, but prior to any of the programs/processes for Windows 2000 to run:

"Spyware Attack Alert". It has (what appears to be a fake) Windows Defender logo on the side and tells me that Spyware Attack has been detected. I am pretty certain it is one of these fake Spyware defender sites. No action is allowed, except for a)clicking on a hyperlink in the message that sends me to a google search page (which, of course does not work) b) ctl+alt+delete. When I open the tsk mgr, 1 program "scanner" is running. If I end the task, the window closes, my desktop wallpaper sits blankly on the screen, and windows never finalizes the startup, so I am stuck. Problem is: The same thing happens in SAFE MODE! Can anyone help?

A:False Spyware Attack - Windows will not statup!

Update: One thing that I figured out that I can do is run msconfig at the Command prompt in Safe Mode startup. However, I do not know what to do from here. Thanks,

Read other 2 answers
RELEVANCY SCORE 35.6

i need help to remove this off my pc

can anyone please help me....iam sufferin sooooooo much
 

A:windows has detected an internet attack attempt..

Hi Welcome to TSG.

I have edited your post and would like to remind you this is a family site and language such as that is not appropriate.

Your first post was made 1 hour ago and this is a very busy site! You may need to wait 24 hours to get assistance.
 

Read other 1 answers
RELEVANCY SCORE 35.6

Hi everybody :
I was doing some research online, and I came across the term 'Sandbox Attack'. I an everyday scenario, a sandbox is something that "contains" something....correct ? How does a 'Sandbox Attack' work ?
garystan
 

A:Sandbox Attack (Moved from Windows 7 forum)

Is this what your looking for? http://cocland.com/tricks-and-tips/xmodgames-best-tool-for-clash-of-clans
 

Read other 1 answers