Over 1 million tech questions and answers.

"Your computer (IP: xx.xxx.xxx.xxx) generates an attacking DOS requests at our servers. This attack was provoked by the spy...

Q: "Your computer (IP: xx.xxx.xxx.xxx) generates an attacking DOS requests at our servers. This attack was provoked by the spy...

DDS (Ver_09-01-18.01) - NTFSx86
Run by Kay at 21:41:16.29 on Sun 01/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.318 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Kay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Connection Wizard,ShellNext = hxxp://g.live.com/1rewlsup/WinInstaller
uInternet Settings,ProxyOverride = *.local;localhost
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311t\wlancfg5.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.8.7.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kay\applic~1\mozilla\firefox\profiles\lvjixk59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\kay\application data\mozilla\firefox\profiles\lvjixk59.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\components\iamfamous.dll
FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-18 11840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-8 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-8 26824]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-18 52032]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-18 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-18 151297]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-8 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-8 76040]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-6 24652]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-8 875288]

=============== Created Last 30 ================

2009-01-18 20:59 <DIR> --d----- c:\program files\Lavasoft
2009-01-18 20:59 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-18 20:38 <DIR> --d----- c:\program files\Avira
2009-01-18 20:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-14 21:23 <DIR> --d----- c:\docume~1\kay\applic~1\Serif
2009-01-14 21:19 <DIR> --d----- c:\program files\Serif
2009-01-08 21:07 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-08 21:07 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-08 21:07 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-08 21:07 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-08 21:07 <DIR> --d----- c:\program files\AVG
2009-01-08 20:59 <DIR> --dshr-- C:\resycled
2009-01-08 16:14 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-01-08 16:14 21,504 a------- c:\windows\system32\hidserv.dll
2009-01-08 16:14 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-01-08 16:14 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-01-08 16:13 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-01-08 16:13 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-08 16:13 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-01-08 16:13 10,368 a------- c:\windows\system32\drivers\hidusb.sys

==================== Find3M ====================

2008-12-15 15:33 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-12-15 15:33 361,600 a------- c:\windows\system32\drivers\TCPIP.SYS
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2005-09-20 10:05 456,768 a------- c:\windows\inf\wg311t\WG311T13.sys
2004-10-19 18:58 35,232 a------- c:\windows\inf\wg311t\ME_INST.EXE
2004-10-19 18:58 26,112 a------- c:\windows\inf\wg311t\install.exe
2008-08-06 00:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 21:41:35.56 ===============

RELEVANCY SCORE 200
Preferred Solution: "Your computer (IP: xx.xxx.xxx.xxx) generates an attacking DOS requests at our servers. This attack was provoked by the spy...

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: "Your computer (IP: xx.xxx.xxx.xxx) generates an attacking DOS requests at our servers. This attack was provoked by the spy...

Hi

If you still need help post a fresh DDS log, please.

Read other 2 answers
RELEVANCY SCORE 73.6

Ok. So i got the defense center virus recently and was able to easily remove it with MBAM. however, after removal, my computer would get symptoms of virus )google search results redirecting, random internet windows popping up) then defense center would just come right back after a few days of that. And it seems that it gets harder to remove it with each and every attack,for example the most recent defense center attack was really hard to remove (and it seems that they get harder everytime an attack happens again.) When i tried to run mbam and superantispyware in safemode for example, it gave me an error ( i forgot what it said) and it also prevented me from going to malwarebytes.org or superantispyware's website (but i was able to visit the sites on an uninfected computer, so i know its not because their servers are down)so i had to reinstall from cnet. It also prevented malwarebytes from updating after i downloaded it. I finally removed it by reinstalling Superantispyware and miracously it passed thru a loophole and was able to remove it. But now the same pattern (as i had described before) of random websites coming up is back again, and i fear in the next few days defense center is gonna come back and this time prevent superantispyware from deleting it. Please save me from this repeated attacks its really killing my comps performance and is really killing me. Any help would be appreciated thanks!Fellow moderator Orange Blossom had told me to post logs and follow so... Read more

A:Defense Center keeps re-attacking computer after removal. With every attack harder to remove

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 2 answers
RELEVANCY SCORE 58.4

During the evening of Monday, 21 October 2002, 13 vital pieces of Internet infrastructure suffered an hour-long attack that almost brought them to their virtual knees.
The domain name system, or DNS, allows users to type mnemonic names (such as "www.extremetech.com") instead of cryptic IP addresses (such as 63.111.13.100). It's structured as a distributed database. Each level of the name -- from the ".com" backward to the "www" -- may be determined by a different server in a different part of the world.

The 13 DNS "root servers" lie at the top of the hierarchy, and are the first stop when your ISP's equipment looks up the name preceding the ".com" for you. For example, your ISP might go to the root servers to find the address of the name server responsible for the domain "extremetech.com". It then goes to that name server to find out the address of the host "www" within the domain "extremetech.com". Your ISP saves, or caches, the addresses associated with names that were recently looked up, so you might not even notice a brief outage in the root servers. But if those servers were to stop running for more than a short while, the Internet would grind nearly to a halt.

A Washington Post article gives a general description of the attacks. Other sources say that the attack consisted of ICMP packets -- the kind used by the "ping" network utility. (An attack that overwhelms a machine ... Read more

A:DNS servers survive attack...

I disagree about the "internet being brought to its knees" This is just sensationalism in order to sell newspapers and get people to watch the news.

The root servers are certainly very important. However, DNS is designed to cache information at a lower level to minimize requests to the root servers.

I doubt anyone noticed a problem on Monday with not being able to reach any webpages while the attack was occurring.

Now, I have thought it would be a cool movie about terroritsts attacking the root servers and holding them hostage, blah, blah, blah - but if that occurred, I'm sure they have hot mirror sites which they could fail over too (or I would hope). Anyway, check out this NSLOOKUP response and see that the lookup to www.extremetech.com didn't hit the root servers - UUNet had it cached on two different DNS servers.


Quote:




> www.extremetech.com
Server: DNS.x.com
Address: 216.x.x.x

------------
SendRequest(), len 52
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
www.extremetech.com.x.com, type = A, class = IN

------------
------------
Got answer (126 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority re... Read more

Read other 2 answers
RELEVANCY SCORE 54.4

 
Several critical vulnerabilities in the protocol implementation used to synchronize clock settings over the Internet are putting countless servers at risk of remote hijacks until they install a security patch, an advisory issued by the federal government warned.
The remote-code execution bugs reside in versions of the network time protocol prior to 4.2.8, according to an advisory issued Friday by the Industrial Control Systems Cyber Emergency Response Team. In many cases, the vulnerabilities can be exploited remotely by hackers with only a low level of skill.
"Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code with the privileges of the [network time protocol daemon] process," the advisory warned. Exploit code that targets the vulnerabilities is publicly available. It's not clear exactly what privileges NTP processes get on the typical server, but a handful of knowledgeable people said they believed it usually involved unfettered root access. Even if the rights are limited, it's not uncommon for hackers to combine exploits with privilege elevation attacks, which increase the system resources a targeted app has the ability to control.

 

Attack code exploiting critical bugs in net time sync puts servers at risk
 

Read other answers
RELEVANCY SCORE 54

A couple weeks ago or so, I had been screen recording and the subseqeunt files just about maxed out one of my ssd's. I thought this could have caused the random freezing that I was getting. The freezing seemed to be very similar to how it is currently freezing.
After I deleted the massive file, it froze one more time and then stopped for ever since until the other day.
It seems to be completely unprovoked. I've manually shut it down and re-started it about 7 times trying to figure out what could be causing it. One of the time's, I wasn't doing anything on it, I left for a couple hours and it still froze by the time I came back.
When it freeze's, I only remember one time when the clock froze with it. The other times, the clock seems to still be working fine. Also, the internet cache seems to work fine as well, but anything new or on windows, just wont respond.
I know how to get to the event viewer, I just don't know what I should be looking for?
Any help is much appreciated! Thanks
Build:
ASUS M5A99FX PRO R2.0 AM3+ AMD 990FX + SB950 7 x SATA 6Gb/s USB 3.0 ATX AMD Motherboard with UEFI BIOS
APEVIA ATX-AQ700W-BK 700W ATX12V / EPS12V
GIGABYTE GV-N660OC-2GD G-SYNC Support GeForce GTX 660 2GB 192-Bit GDDR5 PCI Express 3.0 x16
AMD FX-8350 Black Edition Vishera 8-Core 4.0GHz (4.2GHz Turbo) Socket AM3+ 125W
2X Kingston SSDNow V300 Series SV300S37A/120G 2.5" 120GB SATA III
2X Crucial Ballistix Sport 8GB 240-Pin DDR3 SDRAM DDR3 1600 (PC3 12800)
Seagate Barr... Read more

A:Random un-provoked freezing?

Is Trim activated properly ? Without it, SSD (if it's it's fault), can't actually delete files permanently and has to really delete them at the time it has to write new data in it's place. You can activate Trim manually and leave it at idle overnite. "Garbage collection" built in SSD's FW will permanently delete those leftovers and leave cells ready for direct writing to.

Read other 4 answers
RELEVANCY SCORE 51.6

Hi, It seems my computer has been infected by virus/malware. Here are the symptoms. When I start up my PC "Windows Security Alert" asks me to block a program from accessing internet connections. The name of the file that the "Security Center" is trying to block keeps changing, the format being nnnn.exe (where nnnn is some randomly generated number). Also the "Microsoft Security Essentials" displays an attention message asking me to clean the computer. When I clean the computer the effect lasts only for the current session and when I start up the computer next time, I am back to the same problem discussed above. In addition to these symptoms, there is another that needs to be discussed. When I access "Windows Task Manager", it shows two entries in the "Applications" tab named "project1". I don't have any application named project1 running on my computer, so this seems to me like some application running in background. I have run HijackThis and I am attaching the log file. Please help to clean my computer. My operating system is windows xp and I am using "Microsoft Security Essentials" as my anti-malware.I am attaching the following files1. After-StartUp.GIF (The deskop after starting my PC)2. Cleaned-Up-Items.GIF (Microsoft Security Essentials log after cleaning up the computer)3. TaskManager.GIF (The application entries named "project1" can be seen)4. HijackThis.log (The HijackThis log).regar... Read more

A:Computer infected by virus that generates .exe programs at start up

Hi,Please do the following:Please download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTDownload GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable. Double click the exe file. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Read other 1 answers
RELEVANCY SCORE 50.4

I have so many popups that my computer is attacking me. That is when it starts up after like 8-10 minutes of wating. I have run spyware and adware and hijack this. I just need help with my log. Please help it is taking me all day just to type this message because of the popups.
Logfile of HijackThis v1.99.1
Scan saved at 10:43:46 PM, on 5/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\RBEnhance\rbenh.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\msiexec.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet ... Read more

A:Computer Is attacking me

Read other 9 answers
RELEVANCY SCORE 50.4

Ok.
Toshiba
Windows Vista
Laptop
Windows started normally until i logged on and there was a black screen (not black screen virus) And there was a window stating that there was a worm on my computer that takes passwords and personal infomation i tried using task manager But a another window came up stating that windows task maneger has stoped working i closed the window then restarted my computer and went into Safe Mode with networking I then downloaded Spyware Doctor onto the computer and bought the full version it scan the conputer telling me i had 471 infections i then clicked fixed problem after that was compleated i restarted the computer again and went into regular mode but the problem was still not fixed . I searched on the computer what to do and it told me to System restore i did that on safemode and it still did not work .Rebooting is not an option because i dont have a cd and i do not believe it would work anyway. the only way i am able to get on the internet on normal mode is to Press shift 5 times to activate sticky key (what does sticky keys have to do with it you may ask) there is a link on the sticky keys window that states (Go to the ease access center to disable the keybosrd shortcut)i clicked on that which opened a windows internet explore PLEASE HELP ME IT WAS A CHRITMAS PREZENT
Note:Used MAlwarebytes Spyware Doctor and System restore

A:Something is attacking my computer

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 50.4

I just got a odd little notification from Norton's firewall of a "high level intrustion attempt by Me-PC" So... why is my computer seemingly attacking itself? Or am I just reading this wrong?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:42 AM, on 3/31/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Users\Dice\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Searc... Read more

Read other answers
RELEVANCY SCORE 50

Hi thre and thanks for helping.
I downloaded an infected torrent a few days ago and it infected me with what the spybot S&D found as virtumonde.dll, It also claimed to remove it but Then asked to reboot for a new scan and even in the new scan that came right after windows log on it kept asking for a reboot.
As the attack came I denied any changes for the registry and blocked all the connection attempts (every 10-30 seconds attempt).
My computer keep taking me to micro antivirus and advise me to install it I killed iexplor process every time it happend.

This is the Hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 14:57:35, on 20/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system... Read more

A:virtumonde attacking my computer :(

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 

Read other 1 answers
RELEVANCY SCORE 50

Ok.
Toshiba
Windows Vista
Laptop
Windows started normally until i logged on and there was a black screen (not black screen virus) And there was a window stating that there was a worm on my computer that takes passwords and personal infomation i tried using task manager But a another window came up stating that windows task maneger has stoped working i closed the window then restarted my computer and went into Safe Mode with networking I then downloaded Spyware Doctor onto the computer and bought the full version it scan the conputer telling me i had 471 infections i then clicked fixed problem after that was compleated i restarted the computer again and went into regular mode but the problem was still not fixed . I searched on the computer what to do and it told me to System restore i did that on safemode and it still did not work .Rebooting is not an option because i dont have a cd and i do not believe it would work anyway. the only way i am able to get on the internet on normal mode is to Press shift 5 times to activate sticky key (what does sticky keys have to do with it you may ask) there is a link on the sticky keys window that states (Go to the ease access center to disable the keybosrd shortcut)i clicked on that which opened a windows internet explore PLEASE HELP ME IT WAS A CHRITMAS PREZENT

A:Can you help me somthing is attacking my computer

Hi and welcome to TSF

Please follow our pre-posting process outlined here:
http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, please post the requested logs in the Virus/Trojan/Spyware Help forum, not here.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.


BG

Read other 3 answers
RELEVANCY SCORE 50

Hello,Since 2 days ago norton is giving me every 30 minutes or so the same message. Saying that a recent attack on my computer was blocked.Here an example of the message:Does some1 have any idea how to fix this problem ?Full scans didnt find any infections.I also get the same message about my SVCHOST.exe.

A:Some1 is attacking my computer ?

Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

Read other 3 answers
RELEVANCY SCORE 50

My grandparents got a call the other day from their ISP saying that their server was being attacked by their computer. When I called they suggested a botnet.

I'm not sure how they could've gotten a virus, because all they know is how to open hotmail... but maybe it was an email attachment or something. Anyways, the ISP has shut off their internet so I was not able to download anything and did not have my own computer with me.

I ran their antivirus (AVG) but it didn't find anything. What would be the best program to use to find the problem?

A:My computer is attacking ISP server

This is a good free scanner.http://www.malwarebytes.org/

Read other 1 answers
RELEVANCY SCORE 50

Hello, there is something wrong with my computer. I have run Ad-aware and Norton AV and still something wrong.

Here is the HJT log:

Please Help!!

Logfile of HijackThis v1.99.1
Scan saved at 4:13:24 PM, on 11.28.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\poin... Read more

A:Solved: What is attacking my computer? HJT Log

Read other 16 answers
RELEVANCY SCORE 50

This is my first time posting here. I did a search for the site that seems to be hijacking my browser, but found no results.

As of last night, two sites have been redirecting me to:
http://www.atspace.com/dedicated-web-server-hosting-domain-articles-news/index.html
(the index.html sometimes shows as web_hosting.html or seo.html or a few others)

I can load my homepage google.com just fine, and most sites don't give me any trouble. However, "www.special-ops.us" and "www.photobucket.com" have both begun to redirect me to the aforementioned site(s)! Special-ops was the first one to do it last night, and now today both of those sites are doing it.

So far, I have run CCleaner and cleaned everything, including the registry. Also, I have run a virus scan with Avast! Home edition. I am currently running a second scan just in case it's missed something, and I've made sure it was updated a few moments before I ran both scans. I've had friends go to those websites, just to be sure it isn't the sites themselves, and they don't get the same redirect that I do.
I'm not sure where or even WHAT is hijacking these webpages. I should note this occurs on both Firefox and IE, though I use Firefox 99% of the time. Can someone help me? If it helps, I'll post my HJT log:

-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:30 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.60... Read more

A:Hijacker attacking computer

Update: Last night, I ran Windows in safe mode so I could run CCleaner and run Spybot, CWShredder, SuperAntiSpyware, and MalwareBytes' Anti-Malware. And then scheduled a boot-time scan with Avast! Anti-virus. Of course, I updated the definitions for each of those programs before I loaded into safe mode, and ran a complete scan if it was available instead of quick scans.

CWShredder found: one object and removed it (It was really late, though, and unfortunately I didn't document what it was)
Spybot found: "Virtumonde.generic" and "Microsoft.WindowsSecurityCenter.AntivirusOverride" and removed them. (though the latter sounds like a false positive)
SuperAntiSpyware found: "Adware.Vundo Variant/Rel" in my registry as well as a bunch of tracking cookies, and removed them.
MBAM found: nothing..
Avast! found: 3 Horst-AAF Trojans and 3 TratBHO Trojans, and quarantined them.

However, I tested my system out today after work, and I'm still getting redirected on Photobucket.com and Special-Ops.us !
So despite finding all those baddies, my system is still infected.
 

Read other 1 answers
RELEVANCY SCORE 50

i keep getting a IE pop-up with either C:\Documents and Settings\Bballa\k.html as the address or C:\Documents and Settings\Bballa\staff.html along with a cmd.exe dos window. What can i do to fix it. Here is my log file form hijack thisLogfile of HijackThis v1.98.2Scan saved at 10:19:35 AM, on 10/13/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\WINDOWS\wanmpsvc.exeC:\Program Files\WebDrive\wdService.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Sony\HotKey Utility\HKserv.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\System32\ezSP_Px.exeC:\program files\support.com&#... Read more

A:HELP! Yeakukz is attacking my computer

Hi,

Having a look.

Read other 5 answers
RELEVANCY SCORE 50

Hi there
I recently accepted a file from a friends msn messenger.

I now have a virus attacking my computer. i have the lastest updated Norton.

Can someone help me?
 

A:msn virus attacking computer

Read other 7 answers
RELEVANCY SCORE 50

First topicAs explained and showed with a screenshot in my first topic.. Norton is saying some1 or something is attacking my computer.I followed the guide as you said... and got 3 logs out of the scans. Im not very good with this.. so I hope you understand it.Thanks,

A:Some1 is attacking my computer ?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 20 answers
RELEVANCY SCORE 50

and what damage will it to to my computer?
 

A:I have a worm attacking my computer how do i get rid of it?

with anti virus protection.

the computer may become unusable.
 

Read other 2 answers
RELEVANCY SCORE 50

After I downloaded a file from limewire(i learned my lesson, don't trust limewire) it infected my computer with a virus and shut it down, after turning the computer off when the peeping sound went off, I restarted my pc, everything was ok, but then the "This application has failed to start because framedyn.dll was not found.
Reinstalling the application may fix this problem.And when I pressed ok the desktop files dissapeared and so did the start line, and then the error popped up again and I pressed again and that went on for awhile, not allowing me to access my files, so I managed to access my browser "Safari" indirectly using the ctrl+alt+shift+delete and run, then I found on the internet how to fix the framedyn.dll error, and so I managed to fix it even with the pop up,also I deleted the virus that kaspersky beta found, the pop doesn't show up anymore and it doesn't restart like previously, but all the desktop files and the start line aren't still showing up, I don't really now what to do. Right now I'm doing a scan of the C disk, but what other actions should I take to get back my start line and the desktop files?
P.S.Thanks in advance, I really need answers.
 

Read other answers
RELEVANCY SCORE 50

Svshost.exe started attacking my computer 3 weeks ago then 10 mins after my internet went down including my wireless internet so i disconnected my modem and router but i need my internet and computer working and i think someone might have tried to hack my computer for info so i want to be sure they can't get to it because all my personal info is saved in the my browser and want to see if they put a tracker in my computer as well. Plus I don't want this too happen again so how can i prevent this from happening.
 

Read other answers
RELEVANCY SCORE 50

I know a lot of people have posted about their problems with this nasty bug. I just want to make sure I follow all the right steps in order to fix my computer. I've tried everything (CWShredder, Spybot, Adaware, etc.) but nothing has worked. It's even affecting my Adobe Acrobat Reader and I'm not able to run any virus scans. Here's my HijackThis log. All I need are detailed instructions....I'm very computer literate. Thanks so much!

Running: Windows 98 SE

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BAUSB.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\BOSTON ACOUSTICS\BOSTON USB AUDIO SYSTEM\BOSTON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Default_Search_URL = http://0-OL1OIZ-XOLXII1-OXLI10OZL1L...0OIL-OL.COM/725ca17629/97681342/ogsearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Interne... Read more

A:About:Blank attacking my computer

Read other 14 answers
RELEVANCY SCORE 49.6

I have looked EVERYWHERE but it seems like i'm the only one getting this problem.
 
 Two days before, my computer started showing these weird russian ads out of nowhere. At first i thought it was a normal thing, but then i noticed that i was running adblock and so, it shouldn't be possible for those ads to be there. I started looking into it and found that every single web browser in my computer was showing these ads. I have run Avast, Adaware, Ccleaner, Malwarebytes and found nothing at all, yet the ads are still there. Worth mentioning that these ads wont pop up on google pages like youtube, nor in facebook. And somehow my phone has the same issue! I'm really desperate right now... please help
 
 How it looks: http://i.imgur.com/Kt7smTy.png

A:Rare adware attacking my computer

Hello,I advise you to uninstall Adaware.1/Download Adwcleaner from this link : http://www.bleepingcomputer.com/download/adwcleaner/ onto your desktop.Double click on AdwCleaner.exe to run the tool.Press the Scan Button, Once its finish scanning press the Clean Button.A logfile will automatically open after the scan has finished.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S0].txt as well.2/Domnload ZHPCleaner onto your desktop from this link :https://www.how-to-remove.com/?did=8370&vp_edd_act=show_downloadSelect ZHPCleaner.exe with right mouse click and Run as Administrator.Accept the user agreement.Click on the Repair button.Reboot your computer.copy/paste the report [email protected]+

Read other 2 answers
RELEVANCY SCORE 49.6

Lately computer has been acting weird and Eset is constantly popping up with "address has been blocked" with weird site names like clkh71yhks66.com and zl00zxcv1.com and a few others. clkh71yhks66.com when I open my browser and zl00zxcv1.com when I run any search (like on Google). I've also recently been having issues with Firefox and IE crashing or locking up my computer entirely and haven't been able to go to Microsofts update page telling me that the connection was reset (I have tried visiting on different days and times and always get the same message). Thank you for taking the time to look at this.Please Excuse the other post by me. Firefox errored and it kept posting when I was trying to preview. Sorry for any confusion or troubleDDS (Ver_10-03-17.01) - NTFSx86 Run by Shannon at 1:10:40.64 on Mon 07/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.724 [GMT -4:00]AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\sys... Read more

A:Weird sites keep attacking my computer

Hello garnetfaerie, My names Syler and I will be helping you to solve your malware issues.Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I would appreciate if you would let me no so I can close this topic. Go to Kaspersky and Download TDSSKiller.zip. Extract the contents of TDSSKiller.zip to your Desktop. Double click on TDSSKiller.exe to run it. If it finds something and asks you what to do, follow the instructions to type in "delete". When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav%systemroot%\*. /mp /s%SYSTEMDRIVE%\*.exenetsvcsmsconfigdrivers32CREATERESTOREPOINTPush the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedThen please post back here with the following logs: TDSSKiller.txt OTL.txt Extra.txtThanks

Read other 9 answers
RELEVANCY SCORE 49.6

Today a when i log onto a virtual game i have notice a black window, with text appears running allsorts of text. Everytime i click it off or the game i notice they both disappear.

I am worried this might be a virus attacking my computer. I'm not techinically minded and i dont know much about computers. I really need your help.

thank-you
 

A:I am worried this might be a virus attacking my computer.

Hi and welcome to TSG.
Let us know what Anti-virus and Spyware programs you have installed.
And have you scanned your Pc with them?

Only post one question per problem.
Post your reply here.
 

Read other 3 answers
RELEVANCY SCORE 49.6

I use windows xp. This malware keeps popping up and keeps coming back after I use superantispy. Can anyone please help.
Here are the logs.Logfile of HijackThis v1.99.1
Scan saved at 7:39:16 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\All Users\Appli... Read more

A:Need Help Badly Don't Know Whats Attacking My Computer

Closing duplicate thread, please continue here: http://forums.techguy.org/security/586563-virus-help.html
 

Read other 1 answers
RELEVANCY SCORE 49.6

Hello all, recently my computer has become infected by a large amount of virus,trojans, etc. Recently these have been halting my ability to download updates from microsoft and also the popup that my antivirus program is outdated is persistant. I am also unable to change my autoupdate downloads from microsoft to on, even though it is telling me it is turned on via the control panel it is still considered off from the destop icon and the pop up. I am also unable to access certain sites on both internet explorer and firefox and recieve popups in both browsers. You guys helped me out before way back in 2006 and any new help will once again be appreciated. Thank You you in advance for the help and I hope someone can help me to thrwart these evil programs.------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, May 31, 2008 6:03:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 31/05/2008 Kaspersky Anti-Virus database records: 818692-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\ E:\Scan Statistics: Total number of scanned objects: 90317 Number of viruses found: 11 Number of infected objects: 17 Number of susp... Read more

A:Viral Cocktail Attacking Computer

Hello kaizen,Welcome back to Bleeping Computer I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! After ComboFix has completed you can reenable them all, then come back online to post the reports. Thanks!This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.1. Download this file - combofix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe2. Double click combofix.exe & follow the prompts.3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.Note:Do not mouseclick combofix's window while it's running. That may cause it to stall.Thanks,tea

Read other 8 answers
RELEVANCY SCORE 49.6

Hi there,

I have Windows Vista and am experiencing two "anti-virus" software programs going berserk. One is called "Spy Ware" and the other is called AV security Suite. They seem to be making my computer question everything I do. Whenever I go to a website, a screen pops up and says that the website is unsecure and needs my permission to continue on. Sometimes random "adult" websites will pop up and I have never been to these sites before. Another thing it is doing is creating a bunch of "updates" that are not real and when I go to click on them on my bottom tool bar they disappear.

I am receiving a bunch of Windows Security Alerts and Antivirus software alerts as well. Any thoughts?

Thanks,
Jeff
 

Read other answers
RELEVANCY SCORE 48.8

Hello! I am currently on a desktop and using Windows XP HOME. So I was watching some internet TV the other day...and out of nowhere my AVG FREE tells me I have been infected by trojan horse downloaders. Since then, I have tried running system restore and multiple virus scans...and it seems like the problem is getting worse... There are constant pop-ups, IE will close automatically and sometimes when I click links, the browser takes me to an advertisement instead. Any help would be appreciated...Thanks!!!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:33:08 AM, on 8/2/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Emsisoft Anti-Malware\a2service.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Bonjour... Read more

A:Multiple trojans and malware are attacking my computer!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 48.8

So yesterday I downloaded a torrent, and, stupidly, when I went to watch the video after I'd downloaded it, it told me I had to download something to get it to work, so I did. My Firefox browser then opened a bunch of different tabs, and then the computer got a blue screen involving "IRQL_NOT_LESS_OR_EQUAL." It then restarted, and when I tried to log in again, the same same blue screen came up and crashed the computer again.

It then started to work the next time I logged in, but my Norton Anti-Virus kept telling me that I was being attacked, from something originating in "firefox.exe", and that it had been blocked from doing so. I then uninstalled Firefox and installed Google Chrome, but Norton kept telling me I was being attacked. The difference is that this time I was being attacked by "svchost.exe". I have attached a picture of the message Norton sent me.

So now whenever I log on, I keep getting these same messages from Norton, and every so often, when I go on the internet, Norton tells me that whatever browser I am using at the time, its .exe file is also attacking my computer.

I also got an error report type thing that told me what happened during the last crash:

"Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 4105

Additional information about the problem:
BCCode: a
BCP1: 0000000000000040
BCP2: 0000000000000002
BCP3: 0000000000000001
BCP4: FFFFF80002C79CD8
OS Version: 6_1_7600
Serv... Read more

A:svchost.exe and web browsers attacking and crashing computer

Hello thanks, I moved this from Windows 7 to the Am I Infected forum.As this may also have other malware with Please run MBAM also.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If... Read more

Read other 1 answers
RELEVANCY SCORE 48.8

my computer has gone extremely slow, and pop ups keep coming up quite often. A toolbar called security toolbar 7.1 installed on its own in explorer.

please could someone help me remove the virus, below is me hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 22:49:38, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files... Read more

A:Solved: need urgent help, trojan attacking computer

Read other 13 answers
RELEVANCY SCORE 48.8

Ever since yesterday, my norton antivirus keeps on telling me (at a varying interval of about 5~20 minutes) that a recent attack on the computer has been blocked. When I look for more info, it says that "https tidserv request 2" is causing the problem. Frantic to get rid of it, I saw a post on here that dealt with a similar problem and I followed what they were advised to do, which was to download ComboFix and run it through. After the combofix, I looked at the "Preparation Guide for Use Before Using Malware Removal Tools and Requesting Help" and decided to do everything they told me.(So all of the gmer and dds stuff were done AFTER the ComboFix.)I'll attach all of my logs (DDS, GMER) to this entry, and it would be great if you could help out as soon as possible!Thank you in advance.p.s. Also, there were 2 logs that popped up after I ran DDS, so I'll attach them both, since I'm not sure which one that you need.p.p.s. I have noticed that any entries containing ComboFix logs will be ignored, so should I refrain from posting my CF log? (I haven't included it as part of this entry)p.p.p.s. Sorry about the long ps, but after this problem has been happening, sometimes the internet explorer will freeze completely and I can't do anything except for move my mouse around. (ctrl+alt+del or any other things like that wouldn't work) So I had to manually shut down the computer a couple of times. Would this be caused by this "tidserv requ... Read more

A:https TidServ Request 2 attacking my computer

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 16 answers
RELEVANCY SCORE 48.8

Heres the deal. A week ago I had this fake Antivirus Scan telling me that my computer was full of virus's. I ran Avast Antivirus and got rid of some stuff and ran Malwarebytes and got rid of alot more.

Problem came back within a few days. Did the same thing this weekend and the computer seems to be running ok but is there something I can do to make sure that I got rid of everything for good?

Any help is appreciated.

A:have Antivirus Scan virus attacking computer

Hello,I have deleted your duplicate topics on this issue. As I advised in a previous topic:Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 48.8

Lately computer has been acting weird and Norton is constantly popping up with "address has been blocked" with weird site names like clkh71yhks66.com and zl00zxcv1.com and a few others. clkh71yhks66.com when I open my browser and zl00zxcv1.com when I run any search (like on Google). I've also recently been having issues with Firefox and IE crashing or locking up my computer entirely

dont know what to do -.-

please guys help me

Read other answers
RELEVANCY SCORE 48.8

My husband's laptop is infected with the Antivirus Monitor virus. He has windows xp. I found instructions on my laptop that tell you how to remove it, but we are still unable to do so. Here is the problem...he started his computer in Safe mode with networking(step 1), then he opened internet explorer while offline and reset internet explorer proxy options(step 2). Step 3 was to download a program called hijackThis, but that is where the problems begin. Even though he reset internet explorer proxy options, he is still unable to connect to the internet and get online. Whenever he tries to open any program or get online it still pops up an alert that says..Virus Alert! Application can't be started! This file unsecapp.exe is damaged. Do you want to activate your antivirus software now?..(or a variation of the same) every time he tries to open anything on he computer. How can we remove the virus if we cannot download the programs needed to remove it? He already had Malwarebytes' Anti-malware program on his computer(step 4) but he cannot open it either. Please help....we do not know what to do. Thank you so much!!
 

Read other answers
RELEVANCY SCORE 48.4

i suspect the cause was a trojan infection by an external drive inserted by my schoolmate earlier this afternoon, of which i was not with her at the time of her logon.. she didnt scan the device because i think she was on a hurry, leaving my computer vulnerable to autoruns.. she put my computer to hibernate, and when i opened it, the browser was open [i opened it before the infection or her logon, which was left open because my laptop ran out of battery and had to hibernate, which was then followed by her logon] on the side was my kaspersky AV dialog prompt waiting for user but was ignored, and another AV dialog stating that the system needs advanced disinfection due to an autorun.gen virus accessed by windows host service.. so i chose disinfect.. for a while i thought all was going well.. but after i closed my browser, and reopened it, it stated "Google Chrome is not a valid win32 application".. i opened task manager and same response.. but all the while, the AV disinfected the system which in the end found nothing [probably because the drive was already ejected].. when i tried to find my virus removal tools, the system shut down with a dialog box saying error codes at some parameters.. and then lastly it said bad image with some error codes.. there was no blue screen message or black screen, just a dialog box with error codes.. i force shutdown the computer and initialized it in safe mode..the logon was ok, so i started malwarebytes and did a full system scan.. w... Read more

A:help! trojan [probably] virus attacking computer system processes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464093 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 48

Hi,

I wonder if some kind soul can help with my computer issue. When in IE, the computer runs very slow and on commercial sites, incluing ebay, I get pop ups asking for bank and ATM PIN details. I have never had either problem before.

I have run various virus checkers including McAfee, Malwarebytes, and Superantispyware, all to no avail.

As instructed, the log files from Hijack and DDS are pasted below. The DDS attach file is attached.

Thanks in advance.

Regards,
Chez

Hijack file:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:57, on 04/04/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9088
R1 - HKCU\Software\Microsoft\Internet Explorer\... Read more

A:Slow computer & requests for ATM PIN

Read other 8 answers
RELEVANCY SCORE 48

Hello,after dealing with spontaneous and random computer slowness for a day or two i decided to run a few virus scans to see if a virus could be flooding my cpu usage. and there it was, viruses! i believe it must have happened from when my kids were on the internet one day. im usually careful, but kids, nsm. well i went through a process myself to see if i can rid the viruses and all went well except for RootRepeal. It was scanning fine, but when it finished a error window popped open and it said:RootRepeal Error"Exception Address: 0x004eca19"it also created created a log on its own and placed it on the desktop titled "RootRepeal_crash_######'s"not sure what happened but rather than not saying anything or not posting the RootRepeal log i will attach this error log. in addition to the log it created, it also placed two files on my desktop..settings.dat and RootRepeal.dmp, no icons, and cannot open....weird.I ran tests with MBAM, superantispyware (log wouldnt upload), combofix, MGtools, and rootrepeal (failed). thank you for your assistance, i have attached logs for you to look at,Steve Solo

A:Multiple virus attacking computer speed, smitfraud and trojans

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 21 answers
RELEVANCY SCORE 48

I recently started getting weird popups in my internet explorer browser and thought that was queer because i use Firefox not internet explorer. my virus protection is Antivir and i looked at it and it was turned off. so i ran a virus scan with it and i got bombarded with warning messages of the same few viruses until it slowed down my computer to the point i had to restart it. the virus names i can remember are hamidita.dll, ziloyoya.dll, mebasugu.dll, and the one that is causing the most problems seems to be rujisovo.dll. i think i deleted most of the viruses but i know i can't delete rujisovo, i used a few different unlocker programs on it and deleter programs and nothing works. it says that every one of my processes, even my winlogon.exe program is blocking it from being deleted. i clicked unlock all button just to see if it would work and it turned off my winlogon.exe process which gave me a blue screen error that i had to manually restart my computer to get off the screen. i used msconfig when i rebooted and turned off the programs from my startup programs which seems to have fixed the popups from coming up but one program will not stay off my startup programs, it automatically puts itself back there. it doesn't seem to effect anything but just to make sure my computer isn't being searched or something from an outside source, i need help getting it off! here is my dds report:DDS (Ver_09-05-14.01) - NTFSx86 Run by Steven at 18:18:01.46 on Fri 06/19/2009Internet Expl... Read more

A:infected with a series of .dll programs attacking my computer with internet explorer pop-ups

Hi mother fatherI see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure. This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program. If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis. Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please post the contents of that document. Please download Malwarebytes' Anti-Malware from one of these places:http://download.cnet.com/Malwarebytes-Anti...&tag=buttonhttp://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/mbam/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Full Scan", then click Scan. * The scan may... Read more

Read other 10 answers
RELEVANCY SCORE 47.2

Outside malicious individuals are viciously attacking my computer. They steal documents off of my computer. They alter documents, change formatting, change settings in order to interfere with my progress. This goes on every day. This has been occurring for years.

I have purchased and installed Norton 360 every year and it does not help. I have windows 7 and windows firewall. Should I use both Windows firewall and Nortons at the same time? What other programs can I add to keep these vicious parties out of my computer?

1. How can I keep them from accessing my computer? They must have my computer numbers.

2. What steps can I take?

3. I lose hours every day, this goes on daily, while I am trying to work, because of the constantly alterred settings. I must unravel the problems every day. This is viciousness to the 1000th degree. Appreciate any assistance. Have a one year old computer and cannot and will not replace it.

4. How can I report this to Microsoft or who ever is in charge of these matters? What information do I need? I do not believe I can provide exact information, such as the other parties p.c.

Any assistance would be highly appreciated. Thanks
 

A:Outside parties maliciously attacking my computer, stealing documents, altering work

Not a good idea to have more than one kernel-level antivirus driver installed. They may interfere with one another, reducing your safety level.

I'd suggest you disconnect from the internet and put the machine in a locked room.

If this problem has occurred for "years", then surely you have sought advice before. What have others, including your family and close friends, told you to do?
 

Read other 2 answers
RELEVANCY SCORE 46.8

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:18:08 PM, on 6/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Internet Everywhere 3G+\Internet Everywhere 3G+.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - H... Read more

A:hijackthis log, my computer is sending automated requests

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 3 answers
RELEVANCY SCORE 46.4

I have 24X7 internet on my computer. At times, I leave my computer unattended. Is there a way for me to find out logs that can tell me what all URLs/IPs is being requested by softwares in my computer. Is there any sort of good (open source) software available for this? Is there a log on my computer already? Your help requested!
 

Read other answers
RELEVANCY SCORE 45.6

Greetings,

My company's network isn't being monitored!
I was given the task of identifying the services that run in DHCP, DNS and Print Servers that need and should to be monitored.
A list of the various services would be what I'm looking for, because then I could google each one and "learn them".
The question is assuredly vague, but I would appreciate any kind of assistance and explanation.

About the DNS Server services I found something like this, if it helps (probably wrong):
Thank you very much.
Primo

Edit 1:

Our infrastructure is Windows Server 2012 and Windows Server 2016.
CPU and Storage are already being monitored.
I'm trying to promote an idea. I am trying to monitor the availability of the DHCP, Print, DNS servers but I need to know the running services/processes of each server that should be monitored.
 

A:Unmonitored Servers! Services that must be monitored in DHCP, DNS, Print Servers?

If by "monitoring" you mean setting up firewall, then short and easy answer is:
Any service that is involved in networking should be monitored.
especially those services which are listeners, which are opening up network sockets on machine.

first thing haxors usually do is scan for listening services, that the first step toward discovering vulnerabilities.
 

Read other 1 answers
RELEVANCY SCORE 44

My apologies in advance if I'm in the wrong place but I came across this site and am desperate for help. I'm not that great when it comes to tech issues but I've tried to do some of the things I've read here and I'm still in big trouble. Here's the story:

Yesterday I see a message from my Symantec saying that they found something. I've seen that before and usually run a scan with Symantec and then run Malwarebytes anti-malware and things get cleaned up. But not this time. Both programs found some stuff and cleaned it out but I'm having crazy problems now. First, if I try to turn my computer on normally, when it loads up windows i get a light blue screen and cursor and that's it. So I'm forced to reboot and get a screen offering me the option of safe mode, safe mode with network, log in under last stable time, and a few other options. I tried getting in to the safe mode but my username and password aren't accepted so I can't get in there. When I choose to log in using the last time things were stable I get in and all looks okay. For 2 seconds. Then I get found new hardware message popping up. I can't get rid of them unless I go into my system and disable or uninstall the hardware with question marks (there are like 20 of them listed, which weren't there before). And no matter what I do the new hardware message comes back the next time I reboot. I also get messages popping up from Symantec saying that I have an HTTP Tidse... Read more

Read other answers
RELEVANCY SCORE 43.6

Hey everyone I have a little problem with my Windows 10 Professional computers not seeing either one of my server's both servers are Microsoft Windows Server 2012 R2 Standard. What I was trying to do is set up a domain log in on 3 computers one mine and two of my kids and have a network drive mapped when they log into the domain server but I can't seem to get Windows to see any of my servers on my network map. I've tried to reboot my servers and computers and check my server config and everything seems to be set up correctly as I've had them working about a month ago but I had to move. I did have them working months ago when I was running Novell Suse and using Novell login and they would map the network drives no problem. Any idea's anyone?

Thanks
Joe

Read other answers
RELEVANCY SCORE 43.6

Hi all,

My computer tends to time out when it is connected to servers (P2P apps like Limewire or game servers like WoW). None of the other computers I've used on this connection have had this problem. I run with nVidia firewall and AVG anti virus. Disabling these does not help the problem any. My driver for the ethernet port is up to date. Suggestions? I will provide more information if needed.
 

Read other answers