Over 1 million tech questions and answers.

Strange malware issue - unable to use detection tools or virus scanners

Q: Strange malware issue - unable to use detection tools or virus scanners

I've got a really strange problem, that makes it really difficult to post any diagnostic information about the problem. I've tried running HiJackThis, MalwareBytes anti-malware, Trendnet housecall online scanner, GMER, ad-aware, Spybot S&D, RootRepeal and dds.scr. The results are pretty much the same for all of these programs. The scan/analysis starts, sometimes it gets partway through scanning, and then the application window gets closed. After this happens, in the case of .exe files, the resulting program is rendered useless, in that further attempts to launch it result in a "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." and you also cannot rename, or delete the file.

Trend-net housecall is also pretty interesting, in that it runs inside the browser, and after it was terminated (part way through the scan) iexplore.exe now exhibits the same error in not being able to launch. This not being able to launch persists across reboots also. I then installed firefox.exe on the system, was using it for a brief period, tried trend-net housecall and now it too is showing the error in not being able to launch.

dds.scr is able to be to be re-launched, and it brings up the black command window type screen, but never brings up the notepad windows. It seems unaffected by the termination behaviour, and is able to be re-launched.

I was able to run A2 anti-trojan, and do have a log of what it did, it quarantined about 10 trojans, and I do have a log of what it did, if that would be useful.

I'm pretty much committed to re-installing windows after some data recovery on this system, but for interests sake, I was looking into this as an academic exercise.

Does anybody have any ideas on what I should try next?

Tom.

RELEVANCY SCORE 200
Preferred Solution: Strange malware issue - unable to use detection tools or virus scanners

I recommend downloading and running DRP. It's a recovery tool that has been proven to recover files that most other programs have no luck with. I've even recovered files from freshly formatted or partitioned drives.

You can download it direct from this link http://goo.gl/v51TwD. (This link will automatically start a download of DRP that you can save to your computer.)

A: Strange malware issue - unable to use detection tools or virus scanners

Hi Thomas Lovie,Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.I share your academic interest. So let's have a go at it.Download and run Win32kDiag: Download Win32kDiag from any of the following locations and save it to your Desktop. Download Win32kDiag (Win32kDiag.exe) - #1 Download Win32kDiag (Win32kDiag.exe) - #2 Download Win32kDiag (Win32kDiag.exe) - #3 Double-click Win32kDiag.exe to run Win32kDiag and let it finish. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.Next......

Also post the A2 anti-trojan log.

Read other 30 answers
RELEVANCY SCORE 84.8

I have recently encountered a strange problem with my Windows XP Pro PC. Any kind of search or scan engine terminates immediately or mid-scan. Additionally, when I perform a google search, and then click on a link, often I am led to another site that is clearly not legit. Anyway, I would appreciate some help. I tried running virus scans (avira), spybot, malwarebytes, housecall, etc but all scans and searches terminate. I also tried it in safe mode to no avail.DDS:DDS (Ver_09-05-14.01) - NTFSx86 Run by User1 at 11:51:59.93 on Tue 06/23/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.513 [GMT -7:00]AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00E3-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8... Read more

A:Strange infjection. Virus/malware scanners are being terminated

So I ran ComboFix and it seems to have fixed most of my problems. I'm not sure if something is still there that I cannot see, but MBAM revealed no issues after a quick scan. Here is the HJT log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:30:06 AM, on 6/25/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Lexmark X1100 Series\lxbkbmgr.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Windows Live\Messenge... Read more

Read other 9 answers
RELEVANCY SCORE 75.2

Currently i have used malwarebytes due to its ability to install and run in safemode and have loved it.

But i here that some things can get past some av.

any way i was wondering if there was a chart showing all the detection rates of different FREE av's

My system is malwarebytes, spybot s&d Edit: i also chose them as they do not conflict with other av"s

I was also interested in bootable av's i heard that they exist. What are some free ones of those that i may research on.

Thanks.

A:Research on FREE virus scanners (Detection rates and other fun stuff)

AV-Comparatives - Independent Tests of Anti-Virus Software - Welcome to AV-Comparatives.org

they don't just test free software, but include commercial stuff too.

Read other 9 answers
RELEVANCY SCORE 74

Hi,
 
I am unable to install updates for Windows Defender, Windows itself and various anti-virus and anti-malware tools.
Sometimes the anti-virus and anti-malware tools even refuse to download and/or install at all.
 
When I do succeed in installing them, something is blocking the virus definition updates.
The programs do run, but can never update them after the initial installation. Result: I'm running with massively outdated virus definitions.
 
I'd like to avoid having to wipe the disk and re-install windows from scratch.
 
 
contents of the FRST.txt file:
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 27-11-2016
Gestart door Minke (Beheerder) op PC-MINKE (30-11-2016 12:24:58)
Gestart vanaf D:\
Geladen Profielen: Minke (Beschikbare Profielen: Minke)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebyte... Read more

Read other answers
RELEVANCY SCORE 74

Hi,
 
I am unable to install updates for Windows Defender, Windows itself and various anti-virus and anti-malware tools.
Sometimes the anti-virus and anti-malware tools even refuse to download and/or install at all.
 
When I do succeed in installing them, something is blocking the virus definition updates.
The programs do run, but can never update them after the initial installation. Result: I'm running with massively outdated virus definitions.
 
I'd like to avoid having to wipe the disk and re-install windows from scratch.
 
 
contents of the FRST.txt file:
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 27-11-2016
Gestart door Minke (Beheerder) op PC-MINKE (30-11-2016 12:24:58)
Gestart vanaf D:\
Geladen Profielen: Minke (Beschikbare Profielen: Minke)
Platform: Windows 10 Pro Versie 1511 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Edge)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebyte... Read more

Read other answers
RELEVANCY SCORE 68.4

Hi everyone,

I am having a strange Error #132 while trying to launch World of Warcraft. The game basically crashes and shows me the error. I read up on forums that it may be memory related, so I used the Windows Memory Test, booted from a floppy drive and let all tests run and no errors. Another thread said this may be a virus or malware that is running the memory to death and not allowing WOW to get enough memory to launch.

Here is my HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:12 PM, on 5/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Linksys\WMP110\gtwpssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\sys... Read more

A:Strange Game Crashes, possible virus/malware issue

I don't wanna bump, but would anyone like to help me out?
 

Read other 2 answers
RELEVANCY SCORE 66.4

I hope I am posting the right information in the right place. I have Windows XP. Recently I have been unable to open many of the programs on my computer. First I became unable to open Microsoft Works, receiving this message "Works cannot find the files needed to complete the task. The files may be missing or corrupted. Reinstall works ". Spyware Doctor tries to start, but never actually manages to open, instead offering a 30 second countdown which simply starts over at 0. On my Start menu, "All Programs" no longer opens. Upon opening my "Add and Remove Programs" window, I found that only a handful of programs were even listed. Thereafter I tried to install AVG, but upon opening the AVG installer, I get sent to this website: http://www.avg.com/us-en/platforms and cannot see where to go. I tried to restore to the last saved point but got an error both in and out of safe mode. Then I resorted to my factory Restore CD, which also gave me an error. I don't know precicely what the errors were when I tried to restore, but if they are necessary, I will try to restore again and get them. Help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:36 PM, on 11/15/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.e... Read more

A:Unable to instal or run virus scanners

Anybody able to help?
 

Read other 1 answers
RELEVANCY SCORE 65.6

I have a default Yoog Search in my Search Engines, i try to remove it and set it as google but it would again default to Yoog. Next thing is I just cannot run 'sybot search & destroy' and doesnt let me open any anti-malware related sites. I cant download any anti malware apps. I am just stuck. I saw a post " Win 2K hijack issue - unable to run malware apps!". I have exactly the same case on my system.

 

Read other answers
RELEVANCY SCORE 65.6

I was recently checking some of my old websites and one of them ended up shutting down my computer instantly and when I opened it back up, I find myself having the "Your Computer Is Infected!" problem (the one with the red circle and an X in the middle). I had this problem before, and had the programs to remove it (I assume), but when I went to my virus scanners suddenly none of them are working!

I need help! I tried to make a HijackThis! log but that's not working too...what is wrong with my computer?

A:Unable to open my Virus Scanners, and the Red X Circle

Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.Make sure that ev... Read more

Read other 14 answers
RELEVANCY SCORE 65.6

have found viruses with AVG and AVG wont clean them because they are white-listed. The virus is win32/heur it has attached itself to all my svhost files. There is another win32/heur I think the file it effects is c:\windows\system32\drivers\etc\host. There is alot more going on. I will not mention other things now because I don't want to scare anyone off. I feel like I am being tricked into believing my system is safe. I have AVG antivirus only. my firewall is VISTA and I am convinced it is compromised. Can any one please offer me some insight. I am currently running safe mode with networking to see if I can access any online scanner. I have tried Kaspersky, Housecall (trendMicro), PandaSoft, Norton (Symantec), and Mcafffe. I cannot connect to any of them online. But I get my google home page. I can type in anything else and browse any other websites. I have dds and hjt reports waiting and avg reports.

A:Unable to connect to any online virus scanners

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 64.8

So, for the last week or so I've been having trouble with downloaders. Every day Microsoft Security Essentials has a new batch of Trojan.Downloaders in quarantine, and it's let a few actually slip through. The thing is I'm not downloading anything, which obviously  means I must already have a downloader somewhere on my computer, right?
 
The thing is... I don't. At least I don't seem to.
 
I've gone through my computer and uninstalled/deleted anything "sketchy." It's still happening.
 
I've done a scan with Microsoft Security Essentials. it turned up nothing.
 
I've done a scan with AdwCleaner. It turned up nothing.
 
I've done a scan with MalwareBytes. It turned up nothing.
 
I've done a scan with Spybot S&D. It turned up nothing.
 
All programs are up to date.
 
So how do I ind this thing? Surely someone's experienced this before.
 
If it helps I'm running Windows 7.

A:Help, virus invisible to malware scanners.

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll dow... Read more

Read other 3 answers
RELEVANCY SCORE 64.8

Hello,

I hope you will be able to help me with this.

I seem to have a virus of some sort that's preventing me from running any of my Anti-Virus, Anti-Malware or Anti-Spyware programs

Whenever I try to run one of them, the program will just close half way through without any warning messages. If I try to open to open the program again, I get an error message saying

Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.Click to expand...

The programs that I have tried to run and have had this problem with are:

AVG AntiVirus
MalwareBytes' Anti-Malware
GMER
SuperAntiSpyware
HiJackThis

Because HiJackThis has been affected as well, I'm unable to provide you with a log. I'm hoping it won't be a problem when it comes to helping me get rid of the virus.

Many thanks

Roz
 

Read other answers
RELEVANCY SCORE 64

Alright, so a little setup. I have a hp pavilion that runs windows 7 and mcafee running as protection (what a waste of money that proved to be). I don't download anything illegal. My computer normally runs smoothly and fast.

Now some shady things started happening all at once, but i'm not sure if they're related to what's going on now.

First, my google search bar got hijacked- sometimes I'd search something, and when i clicked on a response, it took me to different websites instead. Mcafee said it found something and removed it. I left it alone.

Then i started getting run dll errors. Then stuff hit the fan and my screen got crowded with fake virus warning signs and av guard somehow downloaded itself onto my computer.

I ran malaware bytes and it found a staggering 10,000 infected items. it removed a lot of stuff (seemingly av guard amonf them), and i no longer saw av guard but my computer remained clearly infected.

I can't open up firefox or google chrome (but internet explorer continues to work for some reason). When I tried to run mcafee scans and firewall automatically gets turned off. My computers running slower than it did just a day ago before this all started. I also tried system restore, which is always futile, and was futile again here.

Now here's the frustrating part: I have run malaware bites, panda cloud, mcafee, and avast (preboot scan and regular scan). All of them detect absolutely nothing. not a single infected file. But there's clearly something ... Read more

A:Puzzling virus goes undetected in malware scanners

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 64

It appears my system has been hijacked. I've tried a few old tricks from years ago to clean things up, and of course they don't work now. Windows defender has been disabled and I can't enable it, Malwarebytes can't find anything after running Rkill, Avast cannot load or update and I have drive by pop ups all over the place.

Here are the . DDS logs

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.14393.953 BrowserJavaVersion: 11.101.2
Run by Owner at 7:28:10 on 2017-04-15
Microsoft Windows 10 Home 10.0.14393.0.1252.1.1033.18.2005.1127 [GMT -6:00]
.
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Enabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ================
.
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\DllHost.exe
C:\Windows\helppane.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.ex... Read more

Read other answers
RELEVANCY SCORE 64

A couple of days ago, my computer was fixed up and restored. A few days after that, it was hit with a nasty Trojan dropper that gave me false notifications saying that my computer (and its numerous programs) were infected. Using Malwarebytes, I scanned and got rid of these viruses.
However, for the past couple of days, I found that I was unable to update my Malwarebytes (receiving error code 732) OR my SUPERAntiSpyware. I changed my LAN settings and my Firefox browser network options, as some people recommended, but they still can't update. I also tried uninstalling and re-installing Malwarebytes, but to no cigar.

Additionally, my Firefox browser crashes at least 5 times every time I use the computer for no apparent reason. This never happened to me before.

I'm wondering whether this is because I have a couple remnants of the Trojan from before. Is there anything I can do?

Read other answers
RELEVANCY SCORE 64

I have a strange problem that just appeared on my computer that I am hoping you can help resolve. When I search out a topic and click on the link I get redirected to an unrelated website. I tried running my virus scan and it would not allow me to access that program. In addition I also notices a new icon on my desktop AV Care, which I attempted to uninstall to try and resolve the problem. Can you help.
Chris

A:Strang Malware Issue - Searches are being redirected and unable to use virus scan

Moved from HJT to a more appropriate forum. Tw

Read other 2 answers
RELEVANCY SCORE 63.6

Here is the link to my initial post in the other forum section http://www.bleepingcomputer.com/forums/topic410658.html. It contains details on my actions so far.

All the virus/malware scanners I have been using are now coming up clean but the google redirect remains. Sometimes I will get one or two google search links to work but then the redirect comes back. I have also discovered that I cannot start windows defender. I never use it but I have seen it as a sympton in infections other people are experiencing. As requested I will paste the contents of the following logs

DDS
GMER
aswMBR
TDSSKiller

Each will have to be in a separate post as they cannot all fit in one.

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Collins at 12:34:19 on 2011-07-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3325.1994 [GMT 10:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32�... Read more

A:Rootkit Infection - Virus Malware Scanners Clean

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-23 13:08:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005f WDC_WD50 rev.01.0
Running: ildqwsfo.exe; Driver: C:\Users\Collins\AppData\Local\Temp\pxtiafod.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x812F7F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x812F8230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x812F79D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x812F852C]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ... Read more

Read other 4 answers
RELEVANCY SCORE 62.8

Hey there,

I'm working on my dad's computer and am having a helluva time trying to fix whatever is wrong with it.

Its not letting me run and malware programs. For example, if I run Malwarebytes (or TDSSkiller, Spybot, GMER) I get: Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am logged in as Admin and get the same result if I right click > run as admin.

I was able to get DDS to run and heres the log:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by <removed> at 8:21:53 on 2011-07-28
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2557.1192 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Window... Read more

A:Redirect and Unable to run malware tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on http://www.bleepingcomputer.com/logreply/411710 and follow the instructions there. If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following inf... Read more

Read other 30 answers
RELEVANCY SCORE 61.6

Yesterday, I had troubles with Windows live messenger where it (still) says:

"Windows Live Communications Platform has encountered a problem and needs to close. We are sorry for the inconvenience. "

although, the problem isnt about MSN. I found out that this problem was caused by having Malware on your computer. Hence, i decided to run a scan using Malwarebytes Anti-Malware (MBAM).

I noticed that my Avast was disabled and if i try enable it, it comes up with a window saying: the operation could not be completed.

My google searches also SOMETIMES get redirected to links that is clearly out of topic.
like if i google search the terms "malware wikipedia" and i click on the wikipedia link but i get redirected to some Myspace/Anz credit card crap.

Then this happened.
MBAM CRASHED after 2 mins of scanning -> tried to re-run MBAM but a window came up saying:
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
I ran several other programs such as:
HJT -> scanned for 2 mins, then crashed (no logs were made)
SUPERAntiSpyware (SAS) -> scanned for 2 mins, then crashed
and same goes for any other programs that searched for any malware.
The only program that worked was TROJANHUNTER and came up with a couple of false positives
I also tried using Avira's Rescue CD (the one where you boot up with it and it does a scan)
A scan using Avira was also successful but failed to... Read more

A:Malware/Anti-virus tools wont run due to a rootkit/trojan/malware

i am having the exact same problem!
i have no clue what to do, any help would be amazing!

Read other 2 answers
RELEVANCY SCORE 61.6

I have scanned with AVG with the latest updates. On top of that insidious google redirect I get random pop ups even when I don't already have IE or Firefox running. Also getting sounds in the background like I'm clicking on a link, surfing the net when I'm not. And SYSTEM in task manager is hogging a ton of memory.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:52:42 PM, on 8/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exeC:\... Read more

A:persistent malware undetected by virus scans and malware removal tools

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 61.2

Hi, apologies If I have not done this correctly.... First post.

I am unable to run Combofix in Safe Mode or Unsafe, Spybot and Malwarebytes, I can click the .exe shortcuts but nothing happens. I realised I had a problem when my google started redirecting to other sites then just crashing or going to blank screens. See my scan below, and attached unfortunatley unable to run any other screeners etc as I cant get them to startup.

Not sure how complex this problem is but it would allowme to login or register to your site on the problem pc, when I clicked agree to terms it came up you didn't agree etc. Then when I registered on the other comp I still could'nt and can't login on the problem pc....

Thanks in advance for any support
Kevin
DDS (Ver_09-02-01.01) - NTFSx86
Run by kev at 16:52:41.02 on 22/02/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.536 [GMT 0:00]
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EX... Read more

A:Unable to Run any Malware removal tools Combofix Spybot etc

My Combofix log after running, I got this running after changing the name.

ComboFix 09-02-21.01 - kev 2009-02-23 22:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.701 [GMT 0:00]
Running from: c:\documents and settings\kev\Desktop\ComboFix1.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_006126_.tmp.dll
c:\windows\system32\_006127_.tmp.dll
c:\windows\system32\_006128_.tmp.dll
c:\windows\system32\_006129_.tmp.dll
c:\windows\system32\_006135_.tmp.dll
c:\windows\system32\_006136_.tmp.dll
c:\windows\system32\_006137_.tmp.dll
c:\windows\system32\_006138_.tmp.dll
c:\windows\system32\_006139_.tmp.dll
c:\windows\system32\_006141_.tmp.dll
c:\windows\system32\_006142_.tmp.dll
c:\windows\system32\_006145_.tmp.dll
c:\windows\system32\_006146_.tmp.dll
c:\windows\system32\_006148_.tmp.dll
c:\windows\system32\_006149_.tmp.dll
c:\windows\system32\_006150_.tmp.dll
c:\windows\system32\_006152_.tmp.dll
c:\windows\system32\_006155_.tmp.dll
c:\windows\system32\_006156_.tmp.dll
c:\windows\system32\_006160_.tmp.dll
c:\windows\system32\_006161_.tmp.dll
c:\windows\system32\_006163_.tmp.dll
c:\windows\system32\_006166_.tmp.dll
c:\windows\system32\_006168_.tmp.dll
c:\windows\system32\_006169_.tmp.dll
c:\windows\system32\_006170_.tmp.dll
c:\windows\system32... Read more

Read other 3 answers
RELEVANCY SCORE 61.2

Sana plans stand-alone antivirus product News Story by Robert McMillanSEPTEMBER 20, 2005Most antivirus products identify malicious software by comparing the software being run to pieces of known worm and virus code, called signatures. Primary Response, however, determines whether software is malicious based on a mathematical analysis of what it's trying to do.This means that, unlike other products, Primary Response can protect users even from unreported viruses,...computerworld.com/securitytopics

Read other answers
RELEVANCY SCORE 61.2

Malware Detection TechniquesSignature Based or Pattern Matching or String or Mask or Fingerprinting TechniqueA signature is an algorithm or hash (a number derived from a string of text) that uniquely identifies a specific virus. Depending on the type of scanner being used, it may be a static hash which, in its simplest form, is a calculated numerical value of a snippet of code unique to the virus. Or, less commonly, the algorithm may be behavior-based. A single signature may be consistent among a large number of viruses. A virus signature is the viral code. To identify viruses and other malware, antivirus software compares the contents of a file to a dictionary of virus signatures.Heuristic Analysis or Pro-Active DefenseRest of content can be seen here: http://forum.kaspersky.com/index.php?showtopic=234997&view=findpost&p=1845013Topic edited to conform to fair use laws and avoid copyright infringement. ~ Animal

A:Malware/Virus Detection Techniques

There are other malware checks which are not discussed in public to safeguard the program from malware writers who would use that information for nefarious purposes.

Read other 1 answers
RELEVANCY SCORE 60.4

I previously had a topic opened on this. That post I bumped twice and didn't receive any answer to my questions, so trying once again.

I have an application infected issue that is preventing me from running any EXE files as well as the GMER and DDS applications outlined in the Sticky Thread. I received a response to run the Rkill application but that thread was closed out before I could ask any additional questions.

I'm not well versed when it comes this stuff so I wasn't sure if I was executing the Rkill application correctly because I'm still unable to execute the analysis tools.

Any help on this would be greatly appreciated, If I need to execute the Rkill on the infected machine please let me know and walk me through that process with a little detail if at all possible. Also, I'm not able to connect to the internet or boot up in Safe mode on the infected machine, just an FYI.

Again, any help is greatly appreciated.

A:Trying this one More time - Application infected issue unable to run analysis tools

Hi -

You've apparently been living with this for quite a long time. It might have been easier and certainly faster to do a restore from recovery disks or recovery partition by now.

It's very difficult for us to assist in this medium without any logs to work from. We just have no way of knowing what's on the machine otherwise. What operating system is this? Your profile indicates XP, but sometimes folks don't always post for the same OS as in their profile.

You said you tried to use rkill. Did you try all 4 versions? If so, what happened when you did so?

amateur's instructions here are really all there is to it

http://www.techsupportforum.com/f100...ml#post2522746

Did you see a black command window open when you ran the rkill tool? Did explorer.exe cycle (all desktop icons disappear and return)? Did you receive a message from the infection that rkill was infected? Did you leave that message open and ignore it, then run rkill again and again?

Does a browser open, such as Firefox ? It doesn't necessarily matter right now if the internet connects, I just want to know if it opens.

Please take your time, and try to answer all the questions as best you can.

Read other 19 answers
RELEVANCY SCORE 60.4

C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Tall Emu\Online Armor\oasrv.exeC:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Tall Emu\Online Armor\oaui.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exeC:\Progra... Read more

A:Virus/Malware not being detected by Spyware Detection

Hello and welcome to Bleeping Computer.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest ve... Read more

Read other 2 answers
RELEVANCY SCORE 60

Full Antivirus Programs


Avira Antivir (downloadable free software)
Avira is one of the best Antivirus vendors on the market. ((AV-comparative 2008)

Avast! (Alwil) (downloadable free software)
Free Home Edition antimalware progam.

AVG Antivirus (downloadable free software)
Free home Edition single computer use-non commercial use

Not free, but highly recommended ( free 30 day trials)

Eset NOD32 4.0
Avira Premium/Pro
Kaspersky
Norton 2009

*Best Antivirus Products (Certification by AV-Comparatives/Virus Bulletin VB100)

Free Windows Diagnostic Tool

SysInspector
ESET SysInspector is a free, state of the art diagnostic tool for Windows systems.
It peers into your operating system and captures details such as running processes, registry content, startup items and network connections. Once a snapshot of the system is made, ESET SysInspector applies heuristics to assign a risk level for each object logged. Its intuitive graphical user interface enables the user to easily slice through the large volume of data using a slider to select objects of a particular color coded risk level for closer examination. ESET SysInspector is a convenient utility for the tool box of every IT expert and first responder.


Free Online Scanners/Cleaners

ESET NOD32 Online Scanner
The ESET Online Scanner is the Web's best free virus scan. A user-friendly, powerful tool, online antivirus utility can remove malware—viruses, spyware, adware, worms, trojans, and more—from any PC u... Read more

A:Antivirus Scanners & Internet Security Tools

Cheers Rive0108,

Steven

Read other 15 answers
RELEVANCY SCORE 59.6

Hey folks,
 
As the title states I ran a routine AVG scan today and at around the 45% mark it came up with 11 detections, then a pop up immediately appeared saying Windows would shut down in one minute and I should close all programs. The PC then froze forcing me to do a manual hard reset. I've run Malwarebytes and that completed but showed nothing amiss. I've also tried re-installing AVG using a random name for the exe file. This made no difference and the same thing occured -11 file detections, warning, freeze. The only thing I've done recently that's out of the ordinary is install Geforce Experience (basically a graphic driver updater) manually after the auto-update failed and appeared to damage the program. This appeared to be as expected. I'm running windows 10, fully updated. I'm now at a bit of a loss as to how to proceed so any advice would be useful. Thanks

A:Windows 10 forced shutdown on malware/virus detection

Just an update. I managed to get Avast (Free) anti virus to install using a completely random name for the exe file. It turned up nothing when I ran it (although I'm not convinced it's the best anti-virus out there so still not convinced I've got a clean bill of health). I also installed spybot and that came up clean apart from the usual cookies and core registery files it likes to be rid of. 

Read other 0 answers
RELEVANCY SCORE 59.6

I just want to hear others thoughts on this subject. I have read a couple of articles that state the possibility of Anti Virus software providing and cleaning viruses that were never there just to appear to be doing its job. I personally think that is a stretch. I mean what development company has time to provide for this kinda functionality?

Anyway, What do you think??
 

A:False Hits on Virus and Malware detection software

Read other 6 answers
RELEVANCY SCORE 59.6

Vista Ult. 32-bit, core2 2ghz proc, 2GB ram.
With all antivirus/etc uninstalled and rebooted,

dds.scr initially runs but does not scan or produce logs even after 10 minutes and locks up the machine.

Arc.txt log is 3.87MB and will not attach because its too big, yes it is a txt file.

aswMBR.txt is attached.

Please advise,
Doug
 aswMBR.txt   1.77KB
  1 downloads

A:Unknown Virus/Malware Defies Detection/Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

Read other 2 answers
RELEVANCY SCORE 58.8

For the last few weeks, I (my daughter) has been unable to update her anti-virus program which was AVG Free. She told me of the issue about a week ago and I have been working on it since. She recently moved her computer in her room and didn't really notice that the wireless reception was poor. She needed to adjsut her antennae (802.11n). Unfortunatetly, her automatic updates were failing so her AVG was about 2 weeks out of date.

When I tried to update AVG, I would get a message indicating that update computer was unavailable. I searched the AVG website and found what looked like a solution but it did not work. I tried to download a new version of AVG and install it knowing that it would be the most update. This was unscessful. I unistalled AVG and installed Avast Anti-Virus program. I was also unable to update Avast with an 'update package broken' message.

I next trid SpyBot Search and Destroy (Free). It found a few things as did Avast as the scan ran but it did not fixe the issue.

I next ran MalwareByte Malware product. In the past, this has been successful but this time not so much.

I next ran the Avira boot disk. This was the first time I had used the product. It found no threats.

I next ran Hijack This and this is where I'm at. I uploaded the log file to TrendSecure. I am assuming that you can access it there.

My daughter informs me that a few times the pc has just shut down when she rebooted it. I have also found that I cannot bring up the ... Read more

Read other answers
RELEVANCY SCORE 58.4

Well can't figure this one out. Hijack this won't even remove the entries I have tried to remove. Here is the log for the experts. Windows won't open "uninstall program" or "IE". Office seems to be messed up thinking it's now a trial version. Most other things seem to work.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:22:36 PM, on 11/9/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJ... Read more

A:Malware of Virus - Have tried all the tools

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/427104 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 58.4

Hello --
 
I have Windows 7 Home Premium, Service Pack 1, and believe I have the same type of issue that has been described in these links in your forum:
 
http://www.bleepingcomputer.com/forums/t/504908/infected-with-zeroaccess-rootkit-google-redirects/
http://www.bleepingcomputer.com/forums/t/504418/cant-download-anything-or-start-windows-security-center/
 
 
I don't believe that any new software has been installed on this pc, but I have recently begun receiving that "Windows Security Center Service can't be started" error, and I am not able to download any tools that might be able to help here...
 
I've read through the above 2 threads, and think I have an idea as to where to start here, but I know that every situation could be unique, and so I'm hoping that someone might be able to give me some guidance here...
 
I have Malwarebytes installed, and I did run it a couple of times...it found 50+ instances each time, and I removed them, but I still have the same issue...I have the 2 log files attached, and I'll be happy to provide any additional info that is needed...
 
Thank you in advance for the help, and I look forward to hearing from someone in the near future...
 
 
    Rob
    [email protected]

A:Malware Issue - Help Needed: Security Center Can't Start & Can't Download Tools

Hello rogerp77 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

Read other 4 answers
RELEVANCY SCORE 58

Hi guys,This has been after me for a few days now. Security tools virus keeps installing and putting pop ups/blue screen on my desktop background. Can't get rid of it at all. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:41:31 AM, on 10/11/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\Explorer.EXEC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Del... Read more

A:Security Tools Malware/Virus

hi mcintost,

Sorry for the delay, no shortage of posters. If you still need help, reply to my post and we will start.

Read other 1 answers
RELEVANCY SCORE 57.2

I have the security system 2009 virus (or is it system security?) and I can't run any of the anti-spyware fixes I've seen in various blogs and at various sites (Malware Bytes, Spyhunter, etc). I can do limited things in safe mode but nothing at all in regular mode. Firefox is almost useless even in safe mode, as anything I download using it generally won't run or install. I'd downloaded 3.5 right before getting the virus and was having some issues with the program right before and after the update. IE has seemingly random pop-ups in safe mode and sometimes will totally ignore commands and do its own thing. I did the hijack scan but upon reading the blog found that there is another process to follow. I'm hoping since the hijack program directed me to this blog that I may have enough information in the log because I have to leave for work so I can't at the moment. I also had some issues on the computer from prior viruses that I could never seem to get rid of completely so some of that may be in the log. I don't know what other information is needed but I hope I've given something of use. I've been up all night so I'm pretty discombobulated so I apologize for the scattered message. Thanks for any and all help and advice!

A:System Security 2009 Virus - unable to run removal tools

Hi My name is Extremeboy (or EB for short), and I will be helping you with your log.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.If you do not make a reply in 5 days, we will need to close your topic.You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Even if things appear to be better, it might not mean we... Read more

Read other 8 answers
RELEVANCY SCORE 57.2

My assistant somehow got ThinkPoint installed on her computer (the Norton AV software was expired) through a pop-up window while on Ask.com. Now i can't get it off. I can't install any of the removal tools - a window pops up which reads "***.exe is not a valid win32 application" whenever I try to install them. With MBAM, I even tried saving the program under a different name and file extension, but to no avail. Any help would be appreciated. I'm running rootrepeal right now, and will post the log when it's done. In the mean time, i've attached the requested scan logs and the following is the DDS.txt log:

DDS (Ver_10-10-21.02) - NTFSx86
Run by Arlene at 11:38:43.25 on Thu 10/28/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.323 [GMT -6:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Fi... Read more

A:ThinkPoint virus-can't remove with malware tools

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 57.2

Here is article of the best anti-virus and malware remover tools of 2012 !!

http://www.pcmag.com/article2/0,2817,2372370,00.asp
Note Kaspersky did not do to well this year like the years before .

If you have Kaspersky you should install free AVG they got the best detection and removal of free anti-virus and malware remover !! And AVG is light so should have no problem along with Kaspersky .
 

A:Best anti-virus and malware remover tools

An interesting read. Why isn't MSE on the list somewhere?
 

Read other 3 answers
RELEVANCY SCORE 57.2

Dear BleepingComputer.com gurus,

My father-in-law's XP (Sp3) machine has had a history of issues over the past few months, to the point of constant blue-screens, random shutdowns, had a 'professional' look at it. Then noticed some odd things:

-McAfee's Real-Time Scanning was shut off. When starting it, it turns on for a few seconds, then switches back to being 'Off'.
-Windows Update constantly shows the same update available for download (the current month's malicious software removal tool). Click to download and install it, it 'installs' quickly, and then about a minute later, the yellow shield/exclamation point is back, notifying me of the same update I just installed! (Tried windowsupdate.microsoft.com, and the filesize of this update that never goes away is '0 KB', very fishy.)
-Tried to install malwarebytes: on install, updated definitions with no problem, program boots up, but when you initiate a scan, the program dies and just disappears after a few seconds. When I click on mbam.exe again, I get the error:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
...So, I downloaded malwarebytes and installed on my laptop, copied the mbam.exe to my flash drive, renamed it, and pasted the renamed file into the expected path of mbam.exe. On first attempt to run it, the program starts. As soon as I initiate any kind of scan, the program dies... Read more

A:Cannot run any anti-virus or malware scanning tools

Hello Victim, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Please run the following Scanners and post there logs also:1.Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.

Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
you can get a free one from here - http://www.7-zip.org/
Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents o... Read more

Read other 62 answers
RELEVANCY SCORE 57.2

My info: Win XP SP2, Kaspersky internet security suite 2009, webroot SpySweeper.
Im not sure if I have a virus/malware so I thought I would download HJT & submit it. The guide on this forum says to first use spybot S&D and Ad-Aware. Can I download & use Spybot S&D and Ad-Aware without causing conflicts with kaspersky and webroot spysweeper? I've tried to find this combo in the forum with search feature but too many different combos posted & just started getting confused about which programs conflict with which. There seem to be better reviews on this site for superantispyware as opposed to spybot. any recommendation on this issue given i use KIS and Webroot spysweeper?
411: I've found nothing new with Kaspersky or Webroot, except Webroot quarantined a riskier malware- dialer (i.e., beyond the usual low risks it usually finds). Still having my one problem Which is by the way that MS word is really slow opening and saving files-extremely slow like something is wrong. Excel, Internet, Windows Explorer all working fine. Also, have deleted temp files, defragmented already & still have problem. Thanks in advance for any helpful advice.
 

A:regarding using multiple virus/malware tools on 1 computer

Spybot and Ad-aware can both co-exist with the webroot and kaspersky that you have.
 

Read other 2 answers
RELEVANCY SCORE 56.8

SASSER REMOVAL TOOLSWhile I hope no one needs this, here are several tools and techniques for removing the Sasser worm. All of these tools are excellent. I prefer the Microsoft Removal Tool instructions (listed first), which includes the MS04-011 security patch required to avoid reinfections.Microsoft Removal Toolhttp://support.microsoft.com/?kbid=841720McAfee Stingerhttp://vil.nai.com/vil/stinger/Symantec Removal Toolshttp://www.symantec.com/avcenter/venc/data...moval.tool.htmlF-Secure Removal Tools ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.zip ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.exe ftp://ftp.f-secure.com/anti-virus/tools/f-sasser.txt Before using the tool please read the disinfection instructions from 'f-sasser.txt'. Trend Micro Removal Toolshttp://www.trendmicro.com/download/dcs.aspMicrosoft - Manual Disinfection To manually disinfect an infected system, first apply the Microsoft patch MS04-011, then use Task Manager to kill the "avserve2.exe" process, then delete the file AVSERVE2.EXE from your Windows directory and reboot. Steps from Microsoft's site (includes test button and tools): http://www.microsoft.com/security/incident/sasser.aspManual Removal steps for Technical Users http://www.microsoft.com/technet/Security/alerts/sasser.mspxNETWORK LSASS SCANNING TOOLSeEye offers free scanning network tool -- As a service to the network security community, eEye has announced the availability of a free tool to scan network computers and detec... Read more

A:Sasser - Removal & Detection Tools

Thank you for the warning. It seems like it is spreading quickly, as I have seen them talking about it on the news.

Well done!

Read other 6 answers
RELEVANCY SCORE 56.4

So I had a virus that I thought I had gotten rid of a month ago, but it seems to have returned last night while I was asleep. It now freezes or shuts down anytime I start the computer normally, so I have to start it in Safe Mode to get anything running. It won't let me install Malwarebytes or SUPERspyware removal or anything like that. Ad-aware removed a few things but when I rebooted I couldnt start my computer normally. I have McAfree, but I can no longer start it. Most removal programs I try to install don't work. And when I start a firefox browser, even in safe mode, it tells me "The procedure entry point [email protected]@Z could not be located in the dynamic link library msvcrt.dll." So here is my HijackThis log from Safe Mode:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:21:53 PM, on 5/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wbem\unsecapp.exeC:\WINDOWS... Read more

A:Virus that prevents malware removal tools (malwarebytes, etc.)

Sorry, here is my dds file

Read other 3 answers
RELEVANCY SCORE 56.4

My computer experienced Police Pro and/or Antivirus 2010 which disabled AVG 8.5 along with Malwarebytes, Norman Malware remover, spy doctor and Hijack This ... I have manually removed all registry items and files that I could locate and the computer does not show any sign of the virus while in safe mode, however it still will not run AVG scans or any other malware removal tools, so my assumption is that there is something still running that I am not seeing.

I tried to run RootRepeal, but it crashes if I request Files to be scanned. I then ran Win32kDiag and it appears to have run below is the log. Any help in getting AVG and a Malware removal tool running would be greatly appreciated!!!!!
Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINNT'...

Found mount point : C:\WINNT\$hf_mig$\KB925454\KB925454

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB944533\KB944533

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\$hf_mig$\KB956390\KB956390

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINNT\&... Read more

A:Anti-virus and malware removal tools disabled

Hello vjc,Please refrain from making any changes to your system (updating, installing, removing, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) "%userprofile%\desktop\win32kdiag.exe" -f -r into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Read other 55 answers
RELEVANCY SCORE 56.4

i cant even get Hijack this to work as soon as i run it it disappears so i cant even post that here to show whats going on with my computer.. im using windows XP... i keep getting redirected when i try to search on yahoo or google... using mozilla firefox. ive also tried to run in safe mode but i keep getting a blue error screen and cant move past that.

A:advanced virus removal / security tools malware?

Let's see if we can get a scan to workIf this works, go ahead and repost in the HJT forum. If not, post back hereRun this application and then immediately run your scanPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again

Read other 8 answers
RELEVANCY SCORE 56.4

DDS (Ver_10-11-10.01) - NTFSx86
Run by Janey at 13:23:39.50 on Mon 11/15/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.2939.1226 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Win... Read more

A:PC acting strangely;malware and virus tools disabled

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 3 answers
RELEVANCY SCORE 56.4

I have run Free AVG, Trendmicro Houscall, AdAware, Spyware blaster, And spybot search and destroy. They all found things. I ran them multiple times and it seems like they keep finding and cleaning things (sometimes the same,sometimes different things). Free AVG is saying that there was a trojan downloader - it has been cleaned but there still seems to some type of trojan. I am in an unproductive cycle of running these products and cleaning then infections and then rechecking, only to find that there is more to be cleaned. I have been going around in circles for many hours at this point any help that you can provide will be greatly appreciated. I have installed an old version of Zone Alarm (2.6.88)- (the more recent versions are much larger and use more resources because they do things that I don't need/want). I can't get updates though so not sure if there are vulnerabilites.I'm afraid to install XP SP2 on this laptop as Gateway does not have any info on if it will tolerate it.Thanks in advance.Here are the logsLogfile of HijackThis v1.99.1Scan saved at 8:35:31 PM, on 7/30/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WIN... Read more

A:Malware Infection - Spy And Virus Tools Fail To Remove

Hi there and welcome to Bleeping Computer!As you may have noticed already, the forums are very busy at the moment and i have noticed your log has gone unanswered so far!We look at the oldest logs first, and we were wondering that if you still need help.Please start by posting a new HijackThis log in this topic and i will then be able to take a look!Sorry for the delay - when you reply to the thread I will get a notification and will answer as soon as possible.Thanks very much!David

Read other 1 answers
RELEVANCY SCORE 56

Observation and question for the group...
 
It seems to me that installing or running an antivirus/malware scanner on a possibly infected machine and expecting it to work correctly is a big gamble.  If the wrong trojan/exploit/worm is running it can interfere with the scanner functions.  And often does.
 
What is the groups observations and experiences with the free commercial live bootable Antivirus rescue tools?  
 
I am helping a friend with an infected Windows computer.  I downloaded and installed five different products one at a time and removed a total of 6 actual infections.  Then they found no more infections.  Then I ran a common and well rated linux based scanner.  It found a total of five more.  After removing them the computer now appears to be working correctly.  I do plan to ask for assistance and see what the group finds.  But thoughts in general on the effectiveness of these point and click bootable scanners?
 
Thank you!
 
 

A:Live Bootable Anti-virus/malware Rescue Tools...?

Dr.Web and ESET are best in my opinion. Dr.Web is great against Sality or patching viruses because it has slow but great disinfection capabilities.

Read other 6 answers
RELEVANCY SCORE 56

Followed steps stated in "Please, Read This Before Posting A Hijackthis Log":

Observations:

Ad-aware: Failed to finish deep scan of C until IE cache was manually deleted. Found numerious items after that. Upon reboot, still finding items in safe mode

Spybot S&D: found many malware items including smitfraud and alexa. Keeps on finding new items in safe mode upon multiple reboots.

CWShredder: found nothing

Installed Avast, updated to latest defs, ran a number of pre-boot scans, found many items, and will post the log in a sepearate post to this thread since it took up to man lines.

Ran Trendmicro Housecall, found a number of adware/malware items, some items unable to clean becuase the "pattern" wasn't able to.

STRANGE OBSERVANCE:

When trying to run panda software scan, Avast on access scanner found a trojan trying to be loaded from the HTTP path of the panda scan. Not sure of what to make of this. I clicked on "abort" within the avast pop-up, and it ended the Panda scan.

Manually Uninstalled the Viewpoints media player and toolbar.

Unable to delete "Temporary Internet files" from Tools>Internet Options> Delete files. I manually deleted the folders after booting into the DOS command prompt.

Other Details:

It looks like there was a failed uninstallation of Norton AV 2004, becuase Avast still detects is when trying to run some "on access" features. Not looking forward to manuall... Read more

A:unable to thouroughly clean LT; tons of malware, strange behavior

Avast Log:

07/02/2006 21:15
Scan of all local drives
File C:\Documents and Settings\Owner\Application Data\m\data.oct is infected by Win32:Beagle-LD [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mue.exe is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Application Data\m\muk.exe is infected by Win32:Beagle-LS [Wrm], Deleted
File C:\Documents and Settings\Owner\Application Data\m\mzuek.exe is infected by Win32:Beagle-KR [Wrm], Deleted
File C:\Documents and Settings\Owner\Local Settings\Application Data\8af7697e.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\6.dlb is infected by Win32:Small-AJB [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\7.dlb is infected by Win32:Small-AJC [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\4348.tmp is infected by Win32:Trojan-gen. {Other}, Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\901S5176A36\980.tmp is infected by Win32:Tiny-O [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\clumpmfl.dll is infected by Win32:Trojano-1165 [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\h91746.exe is infected by Win32:Small-ADK [Trj], Deleted
File C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\UWAS6_0001_N69M0903NetInstaller.exe is infected by Win32:FakeAlert [Trj], Deleted
File C:\... Read more

Read other 13 answers